Truenas openvpn log shows tls-crypt unwrap error: packet too short

TrueNAS General
1

I am hoping to get openvpn working properly on my truenas server TrueNAS-12.0-U6.1. I am using tunnelblick 8.0 (build 6300) and openvpn Version 3.7.1 (5558) client on macos 15.5

My client.ovpn file shown below was generated by the truenas server from the procedure Services → OpenVPN Server → Download Client Config

What should I be checking and fixing please?

::: server side log

2025-08-06 08:12:37 TLS Error: tls-crypt unwrapping failed from [AF_INET]<IP>:58017
2025-08-06 10:00:20 tls-crypt unwrap error: packet too short

::: client side log

2025-08-06 20:49:34.863856 *Tunnelblick: openvpnstart log:
     Warning: Tunnelblick is using 'openvpn-down-root.so', so the route-pre-down script will not be used. You can override this by providing a custom route-pre-down script (which may be a copy of Tunnelblick's standard route-pre-down script) in a Tunnelblick VPN Configuration. However, that script will not be executed as root unless the 'user' and 'group' options are removed from the OpenVPN configuration file. If the 'user' and 'group' options are removed, then you don't need to use a custom route-pre-down script.
     OpenVPN started successfully.
     Command used to start OpenVPN (one argument per displayed line):
          /Library/Application Support/Tunnelblick/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.14-openssl-3.0.16/openvpn
          --daemon
          --log-append /Library/Application Support/Tunnelblick/Logs/-SUsers-Snoah-SLibrary-SApplication Support-STunnelblick-SConfigurations-SopenVPNClientConfig(1).tblk-SContents-SResources-Sconfig.ovpn.771_0_1_0_34652464.54492.openvpn.log
          --cd /Library/Application Support/Tunnelblick/Users/noah/openVPNClientConfig(1).tblk/Contents/Resources
          --machine-readable-output
          --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 6300 8.0 (build 6300)"
          --verb 3
          --config /Library/Application Support/Tunnelblick/Users/noah/openVPNClientConfig(1).tblk/Contents/Resources/config.ovpn
          --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/noah/openVPNClientConfig(1).tblk/Contents/Resources
          --verb 3
          --cd /Library/Application Support/Tunnelblick/Users/noah/openVPNClientConfig(1).tblk/Contents/Resources
          --management 127.0.0.1 54492 /Library/Application Support/Tunnelblick/Mips/openVPNClientConfig(1).tblk.mip
          --setenv IV_SSO webauth,crtext
          --management-query-passwords
          --management-hold
          --script-security 2
          --route-up "/Library/Application Support/Tunnelblick/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh" -9 -d -f -m -w -ptADGNWradsgnw
          --plugin /Library/Application Support/Tunnelblick/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.14-openssl-3.0.16/openvpn-down-root.so "/Library/Application Support/Tunnelblick/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh" -9 -d -f -m -w -ptADGNWradsgnw
2025-08-06 20:49:34.876144 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:59203
2025-08-06 20:49:34.913734 MANAGEMENT: CMD 'pid'
2025-08-06 20:49:34.913795 MANAGEMENT: CMD 'auth-retry interact'
2025-08-06 20:49:34.913824 MANAGEMENT: CMD 'state on'
2025-08-06 20:49:34.913848 MANAGEMENT: CMD 'state'
2025-08-06 20:49:34.914014 MANAGEMENT: CMD 'bytecount 1'
2025-08-06 20:49:34.914778 *Tunnelblick: Established communication with OpenVPN
2025-08-06 20:49:34.917448 *Tunnelblick: >INFO:OpenVPN Management Interface Version 5 -- type 'help' for more info
2025-08-06 20:49:34.918209 MANAGEMENT: CMD 'hold release'
2025-08-06 20:49:34.918461 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-08-06 20:49:34.918506 PLUGIN_INIT: POST /Library/Application Support/Tunnelblick/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.14-openssl-3.0.16/openvpn-down-root.so '[/Library/Application Support/Tunnelblick/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.14-openssl-3.0.16/openvpn-down-root.so] [/Library/Application Support/Tunnelblick/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh] [-9] [-d] [-f' intercepted=PLUGIN_UP|PLUGIN_DOWN 
2025-08-06 20:49:34.933523 TCP/UDP: Preserving recently used remote address: [AF_INET]<IP>:1194
2025-08-06 20:49:34.933589 Socket Buffers: R=[786896->786896] S=[9216->9216]
2025-08-06 20:49:34.933616 UDPv4 link local: (not bound)
2025-08-06 20:49:34.933629 UDPv4 link remote: [AF_INET]<IP>:1194
2025-08-06 20:49:34.933651 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2025-08-06 20:49:34.933673 MANAGEMENT: >STATE:1754538574,WAIT,,,,,,
2025-08-06 20:50:34.719473 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2025-08-06 20:50:34.720553 TLS Error: TLS handshake failed
2025-08-06 20:50:34.722815 SIGUSR1[soft,tls-error] received, process restarting
2025-08-06 20:50:34.722894 MANAGEMENT: >STATE:1754538634,RECONNECTING,tls-error,,,,,
2025-08-06 20:50:34.724845 *Tunnelblick: Delaying HOLD release for 1.000 seconds
2025-08-06 20:50:35.726035 MANAGEMENT: CMD 'hold release'
2025-08-06 20:50:35.726165 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-08-06 20:50:35.726506 TCP/UDP: Preserving recently used remote address: [AF_INET]<IP>:1194
2025-08-06 20:50:35.726588 Socket Buffers: R=[786896->786896] S=[9216->9216]
2025-08-06 20:50:35.726604 UDPv4 link local: (not bound)
2025-08-06 20:50:35.726616 UDPv4 link remote: [AF_INET]<IP>:1194
2025-08-06 20:50:35.726641 MANAGEMENT: >STATE:1754538635,WAIT,,,,,,
2025-08-06 20:50:50.436857 *Tunnelblick: Disconnecting; notification window disconnect button pressed
2025-08-06 20:50:50.768109 *Tunnelblick: Disconnecting using 'kill'
2025-08-06 20:50:50.935548 event_wait : Interrupted system call (fd=-1,code=4)
2025-08-06 20:50:50.937296 PLUGIN_CLOSE: /Library/Application Support/Tunnelblick/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.6.14-openssl-3.0.16/openvpn-down-root.so
2025-08-06 20:50:50.937887 SIGTERM[hard,] received, process exiting
2025-08-06 20:50:50.937933 MANAGEMENT: >STATE:1754538650,EXITING,SIGTERM,,,,,
2025-08-06 20:50:51.392680 *Tunnelblick: Expected disconnection occurred.

Here are my client.ovpn file contents

client
dev tun
proto udp4
port 1194
remote "<IP>"
user nobody
group nobody
persist-key
persist-tun

<ca>
.
.
.
</ca>
<cert>
.
.
.
</cert>
<key>
.
.
.

</key>
verb 3
remote-cert-tls server
auth SHA1
cipher AES-128-CBC
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
.
.
.
-----END OpenVPN Static key V1-----
</tls-crypt>