diff --git a/internal/server/auth.go b/internal/server/auth.go
index 3ae5ef0..fcaa2cf 100644
--- a/internal/server/auth.go
+++ b/internal/server/auth.go
@@ -60,6 +60,7 @@ func decryptClientInfo(fragments authFragments, serverTime time.Time) (info Clie
 
 var ErrReplay = errors.New("duplicate random")
 var ErrBadProxyMethod = errors.New("invalid proxy method")
+var ErrBadDecryption = errors.New("decryption/authentication faliure")
 
 // AuthFirstPacket checks if the first packet of data is ClientHello or HTTP GET, and checks if it was from a Cloak client
 // if it is from a Cloak client, it returns the ClientInfo with the decrypted fields. It doesn't check if the user
@@ -79,7 +80,7 @@ func AuthFirstPacket(firstPacket []byte, transport Transport, sta *State) (info
 	info, err = decryptClientInfo(fragments, sta.WorldState.Now())
 	if err != nil {
 		log.Debug(err)
-		err = fmt.Errorf("transport %v in correct format but not Cloak: %v", transport, err)
+		err = fmt.Errorf("%w: %v", ErrBadDecryption, err)
 		return
 	}
 	if _, ok := sta.ProxyBook[info.ProxyMethod]; !ok {