I am trying to set up a new device to connect to my OpenVPN server. The new device is a Linux system without a GUI. I exported the configuration file from a desktop Linux system and made the necessary changes.
The desktop system can connect to the VPN. However, the new system cannot connect. The log reports that the TLS handshake timed out. On the server I see the following entries:
TLS Error: cannot locate HMAC in incoming packet from ...
This indicates that the client has not been configured for HMAC authentication but the server expects it. However, this config was exported from a client which works and has the HMAC key configured. This is the client config:
client
remote 'vpn.example.org'
ca 'ca.pem'
cert 'cert.pem'
key 'key.pem'
cipher AES-128-CBC
dev tun
proto udp
verify-x509-name 'vpn.example.org'
tls-auth 'hmackey.pem' 1
nobind
auth-nocache
script-security 2
persist-key
persist-tun
The HMAC key is identical on all systems. What is wrong?