OpenVPN packets are changed when passing NAT
I have set up OpenVPN (2.6.10) on a Linux server and configured a client on the other side of our router. I forward port 1195 on the router to 1194 (the standard OpenVPN port) on the Linux server, and UDP packets from the client reach the openvpn service; however, I see the following errors in the server log:
Authenticate/Decrypt packet error: packet HMAC authentication failed
TLS Error: incoming packet authentication failed from [AF_INET]80.76.58.95:43399
Authenticate/Decrypt packet error: packet HMAC authentication failed
TLS Error: incoming packet authentication failed from [AF_INET]80.76.58.95:43399
Authenticate/Decrypt packet error: packet HMAC authentication failed
TLS Error: incoming packet authentication failed from [AF_INET]80.76.58.95:43399
Tracing the UDP packets with tcpdump both on the client and the server, I see the packets the reach the server, are corrupted
# cat zorn.txt
No. Time Source Destination Protocol Length Info
1 0.000000 80.76.58.95 192.168.50.111 OpenVPN 96 MessageType: P_CONTROL_HARD_RESET_CLIENT_V2[Malformed Packet]
Frame 1: 96 bytes on wire (768 bits), 96 bytes captured (768 bits)
Ethernet II, Src: Tp-LinkT_56:25:fc (28:ee:52:56:25:fc), Dst: ASRockIn_c0:b6:03 (a8:a1:59:c0:b6:03)
Internet Protocol Version 4, Src: 80.76.58.95, Dst: 192.168.50.111
User Datagram Protocol, Src Port: 43500, Dst Port: 1194
OpenVPN Protocol
[Malformed Packet: OpenVPN]
...
Which settings on the router could have that effect?