Key mismatches
OpenVPN offers extra protection for its TLS control channel in the form of HMAC keys. These keys are exactly the same as the static "secret" keys used in Chapter 1, Point-to-Point Networks, for point-to-point style networks. For multi-client style networks, this extra protection can be enabled using the tls-auth
directive. If there is a mismatch between the client and the server related to this tls-auth
key, then the VPN connection will fail to get initialized.
Getting ready
Install OpenVPN 2.0 or higher on two computers. Make sure the computers are connected over a network. Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only Networks.. For this recipe, the server computer was running CentOS 5 Linux and OpenVPN 2.1.1. The client was running Fedora 13 Linux and OpenVPN 2.1.1. Keep the configuration file, basic-udp-server.conf
, from the Chapter 2 recipe Server-side routing at hand, as well as the client configuration file basic...