11-08-2013, 05:43 AM
Hi Guys,
I am using PFsense with a Yealink-T38G, Firmware 38.70.150.2.
I Created the Pfsense Side according to the Yealink Documentation, with the Wizard and with sscardefield´s really,really Great Documentation - but nothing works.
I have even reinstalled Pfsense from Scratch....
I have found three things which doesnt´t work if you use the Export Utility
1. You have to unpack and repack the generated client.tar with 7zip on Windows - if you don´t your Phone wouldn´t import the File.
2. If you leave the Line "verify-x509-name PhoneServer name" in the generated vpn.cnf the Phone can´t import the file either.
3. There seems to be a problem with the generated Certificates, the Phone (If you set Phone >Configuration > Log Level to 6 you get a usable Logfile which you can export)
It shows the following Error:
Nov 7 21:20:48 openvpn[289]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Nov 7 21:20:48 openvpn[289]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Nov 7 21:20:48 openvpn[289]: Re-using SSL/TLS context
Nov 7 21:20:48 openvpn[289]: LZO compression initialized
Nov 7 21:20:48 openvpn[289]: UDPv4 link local (bound): [undef]:1194
Nov 7 21:20:48 openvpn[289]: UDPv4 link remote: 213.221.100.187:1194
Nov 7 21:20:48 openvpn[289]: VERIFY ERROR: depth=1, error=certificate signature failure: /C=DE/ST=Hessen/L=Floersheim/O=Lorenzgroup/emailAddress=support@lorenzgroup.com/CN=PhoneCA
Nov 7 21:20:48 openvpn[289]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Nov 7 21:20:48 openvpn[289]: TLS Error: TLS object -> incoming plaintext read error
Nov 7 21:20:48 openvpn[289]: TLS Error: TLS handshake failed
IOS, Android and PC Clients connect without Problems,i am now really out of Ideas - Anybody else please?!
I am using PFsense with a Yealink-T38G, Firmware 38.70.150.2.
I Created the Pfsense Side according to the Yealink Documentation, with the Wizard and with sscardefield´s really,really Great Documentation - but nothing works.
I have even reinstalled Pfsense from Scratch....
I have found three things which doesnt´t work if you use the Export Utility
1. You have to unpack and repack the generated client.tar with 7zip on Windows - if you don´t your Phone wouldn´t import the File.
2. If you leave the Line "verify-x509-name PhoneServer name" in the generated vpn.cnf the Phone can´t import the file either.
3. There seems to be a problem with the generated Certificates, the Phone (If you set Phone >Configuration > Log Level to 6 you get a usable Logfile which you can export)
It shows the following Error:
Nov 7 21:20:48 openvpn[289]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Nov 7 21:20:48 openvpn[289]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Nov 7 21:20:48 openvpn[289]: Re-using SSL/TLS context
Nov 7 21:20:48 openvpn[289]: LZO compression initialized
Nov 7 21:20:48 openvpn[289]: UDPv4 link local (bound): [undef]:1194
Nov 7 21:20:48 openvpn[289]: UDPv4 link remote: 213.221.100.187:1194
Nov 7 21:20:48 openvpn[289]: VERIFY ERROR: depth=1, error=certificate signature failure: /C=DE/ST=Hessen/L=Floersheim/O=Lorenzgroup/emailAddress=support@lorenzgroup.com/CN=PhoneCA
Nov 7 21:20:48 openvpn[289]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Nov 7 21:20:48 openvpn[289]: TLS Error: TLS object -> incoming plaintext read error
Nov 7 21:20:48 openvpn[289]: TLS Error: TLS handshake failed
IOS, Android and PC Clients connect without Problems,i am now really out of Ideas - Anybody else please?!