TLS Error: reading acknowledgement record from packet
Getting this?
Dec 28 04:16:28 DD-WRT-INTERNET-ASUS daemon.notice openvpn[18115]: TCP connection established with [AF_INET]192.168.0.76:64101
Dec 28 04:16:29 DD-WRT-INTERNET-ASUS daemon.notice openvpn[18115]: 192.168.0.76:64101 TLS: Initial packet from [AF_INET]192.168.0.76:64101, sid=6624e5bc bebf0a81
Dec 28 04:16:29 DD-WRT-INTERNET-ASUS daemon.err openvpn[18115]: 192.168.0.76:64101 TLS Error: reading acknowledgement record from packet
Dec 28 04:16:29 DD-WRT-INTERNET-ASUS daemon.err openvpn[18115]: 192.168.0.76:64101 Fatal TLS error (check_tls_errors_co), restarting
Dec 28 04:16:29 DD-WRT-INTERNET-ASUS daemon.notice openvpn[18115]: 192.168.0.76:64101 SIGUSR1[soft,tls-error] received, client-instance restarting
Enable TLS on the server:
Copy paste the ta.key contents into the TLS Auth Key box of the DD-WRT router. Ensure your .ovpn config file also contains this:
# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1
Ensure the ovpn.conf file on the DD-WRT router has the following config:
root@DD-WRT-INTERNET-ASUS:/tmp/openvpn# cat openvpn.conf
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 3
mute 3
syslog
writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 1194
proto tcp4-server
cipher aes-256-cbc
auth sha256
client-connect /tmp/openvpn/clcon.sh
client-disconnect /tmp/openvpn/cldiscon.sh
client-config-dir /jffs/etc/openvpn/ccd
comp-lzo adaptive
tls-server
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
client-to-client
push "redirect-gateway def1"
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
tcp-nodelay
tun-mtu 1500
mtu-disc yes
server 10.1.1.0 255.255.255.0
dev tun2
tls-auth /tmp/openvpn/ta.key 0
push "dhcp-option DNS 192.168.0.224"
push "dhcp-option DNS 192.168.0.44"
push "dhcp-option DNS 192.168.0.154"
push "route 192.168.0.0 255.255.255.0"
root@DD-WRT-INTERNET-ASUS:/tmp/openvpn#
Cheers,
TK