I have just created a fresh pi-hole/Open VPN install on a Linode server running Ubuntu Focal. I am using a pfsense box to connect t the VPN, so the whole household automatically connects to pihole via OpenVPN. This seems to be working OK. There are no errors in the pfsense OpenVPN client logs.
However, if I look at the openvpn-server logs on my pi-hole server I see lots of:
Aug 04 16:44:30 pihole openvpn[5725]: TLS Error: tls-crypt unwrapping failed from [AF_INET]92.40.182.146:1073
Aug 04 16:44:34 pihole openvpn[5725]: tls-crypt unwrap error: packet authentication failed
If it's just my computer, or my phone connecting, I don't see these errors. It looks as though it's some other computer/phone in the house that's causing this. However, they are all connecting via pfsense, so if it was an error in the pfsense client configuration I would expect to see this error all the time.
Log from pfsense client:
| Aug 4 17:44:28 | openvpn | 62253 | NOTE: the current --script-security setting may allow this configuration to call user-defined scripts |
|---|---|---|---|
| Aug 4 17:44:28 | openvpn | 62253 | TCP/UDP: Preserving recently used remote address: [AF_INET]176.58.126.71:1194 |
|Aug 4 17:44:28|openvpn|62253|UDPv4 link local (bound): [AF_INET]192.168.1.171:0|
|Aug 4 17:44:28|openvpn|62253|UDPv4 link remote: [AF_INET]176.58.126.71:1194|
|Aug 4 17:45:28|openvpn|62253|[UNDEF] Inactivity timeout (--ping-restart), restarting|
|Aug 4 17:45:28|openvpn|62253|SIGUSR1[soft,ping-restart] received, process restarting|
Debug token: https://tricorder.pi-hole.net/45uscrlq6u
Please follow the below template, it will help us to help you!
If you are Experiencing issues with a Pi-hole install that has non-standard elements (e.g you are using nginx instead of lighttpd, or there is some other aspect of your install that is customised) - please use the Community Help category.
Expected Behaviour:
[Replace this text with what you think should be happening. Please include as much detail as possible including, but not limited to:
-operating system
-hardware]
Actual Behaviour:
[replace this text with what is actually happening]
Debug Token:
[Replace this text with the debug token provided from running pihole -d (or running the debug script through the web interface]