01-08-2013, 12:51 AM
I am trying to configure a few T32G phones to connect with our 3CX server using OpenVPN for our home users. I keep getting a TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) when i try with the phone. I have tested my configuration with a laptop with OpenVPN installed (using the same router/network as the phone that is failing) and it works perfectly with the same configuration.
#Client Config
client
dev tun
persist-tun
persist-key
proto udp
nobind
remote x.x.x.x 1194
resolv-retry infinite
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key
Here are the server logs when the phone fails to connect (the public IP has been replaced with x.x.x.x):
Dec 31 14:20:14 openvpn[14850]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Dec 31 14:20:14 openvpn[14850]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 31 14:20:14 openvpn[14850]: TUN/TAP device /dev/tun1 opened
Dec 31 14:20:14 openvpn[14850]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Dec 31 14:20:14 openvpn[14850]: /sbin/ifconfig ovpns1 192.168.35.1 192.168.35.2 mtu 1500 netmask 255.255.255.255 up
Dec 31 14:20:14 openvpn[14850]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1541 192.168.35.1 192.168.35.2 init
Dec 31 14:20:14 openvpn[23033]: UDPv4 link local (bound): [AF_INET]192.168.30.243:1194
Dec 31 14:20:14 openvpn[23033]: UDPv4 link remote: [undef]
Dec 31 14:20:14 openvpn[23033]: Initialization Sequence Completed
Dec 31 14:40:44 openvpn[23033]: x.x.x.x:1024 Re-using SSL/TLS context
Dec 31 14:40:46 openvpn[23033]: x.x.x.x:1026 Re-using SSL/TLS context
Dec 31 14:40:50 openvpn[23033]: x.x.x.x:1028 Re-using SSL/TLS context
Dec 31 14:40:52 openvpn[23033]: x.x.x.x:1029 Re-using SSL/TLS context
Dec 31 14:41:44 openvpn[23033]: x.x.x.x:1024 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 31 14:41:44 openvpn[23033]: x.x.x.x:1024 TLS Error: TLS handshake failed
Dec 31 14:41:47 openvpn[23033]: x.x.x.x:1026 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 31 14:41:47 openvpn[23033]: x.x.x.x:1026 TLS Error: TLS handshake failed
Dec 31 14:41:50 openvpn[23033]: x.x.x.x:1028 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 31 14:41:50 openvpn[23033]: x.x.x.x:1028 TLS Error: TLS handshake failed
Dec 31 14:41:53 openvpn[23033]: x.x.x.x:1029 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 31 14:41:53 openvpn[23033]: x.x.x.x:1029 TLS Error: TLS handshake failed
Dec 31 14:41:58 openvpn[23033]: x.x.x.x:1029 Re-using SSL/TLS context
The 3CX server is 192.168.30.245, the OpenVPN server (PFSense) is 192.168.30.243, and the VPN subnet for the home users is 192.168.35.0. Everything works fine with the laptop, I can connect and ping each network/server, but when I try the same on the phone, it fails to connect. The TAR file seems to be fine, I don't get any errors when I compile it or upload it into the phone.
Anyone have any ideas I can try?
Thanks,
Jayme M.
#Client Config
client
dev tun
persist-tun
persist-key
proto udp
nobind
remote x.x.x.x 1194
resolv-retry infinite
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key
Here are the server logs when the phone fails to connect (the public IP has been replaced with x.x.x.x):
Dec 31 14:20:14 openvpn[14850]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Dec 31 14:20:14 openvpn[14850]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 31 14:20:14 openvpn[14850]: TUN/TAP device /dev/tun1 opened
Dec 31 14:20:14 openvpn[14850]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Dec 31 14:20:14 openvpn[14850]: /sbin/ifconfig ovpns1 192.168.35.1 192.168.35.2 mtu 1500 netmask 255.255.255.255 up
Dec 31 14:20:14 openvpn[14850]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1541 192.168.35.1 192.168.35.2 init
Dec 31 14:20:14 openvpn[23033]: UDPv4 link local (bound): [AF_INET]192.168.30.243:1194
Dec 31 14:20:14 openvpn[23033]: UDPv4 link remote: [undef]
Dec 31 14:20:14 openvpn[23033]: Initialization Sequence Completed
Dec 31 14:40:44 openvpn[23033]: x.x.x.x:1024 Re-using SSL/TLS context
Dec 31 14:40:46 openvpn[23033]: x.x.x.x:1026 Re-using SSL/TLS context
Dec 31 14:40:50 openvpn[23033]: x.x.x.x:1028 Re-using SSL/TLS context
Dec 31 14:40:52 openvpn[23033]: x.x.x.x:1029 Re-using SSL/TLS context
Dec 31 14:41:44 openvpn[23033]: x.x.x.x:1024 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 31 14:41:44 openvpn[23033]: x.x.x.x:1024 TLS Error: TLS handshake failed
Dec 31 14:41:47 openvpn[23033]: x.x.x.x:1026 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 31 14:41:47 openvpn[23033]: x.x.x.x:1026 TLS Error: TLS handshake failed
Dec 31 14:41:50 openvpn[23033]: x.x.x.x:1028 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 31 14:41:50 openvpn[23033]: x.x.x.x:1028 TLS Error: TLS handshake failed
Dec 31 14:41:53 openvpn[23033]: x.x.x.x:1029 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 31 14:41:53 openvpn[23033]: x.x.x.x:1029 TLS Error: TLS handshake failed
Dec 31 14:41:58 openvpn[23033]: x.x.x.x:1029 Re-using SSL/TLS context
The 3CX server is 192.168.30.245, the OpenVPN server (PFSense) is 192.168.30.243, and the VPN subnet for the home users is 192.168.35.0. Everything works fine with the laptop, I can connect and ping each network/server, but when I try the same on the phone, it fails to connect. The TAR file seems to be fine, I don't get any errors when I compile it or upload it into the phone.
Anyone have any ideas I can try?
Thanks,
Jayme M.