(11-06-2014 09:03 PM)Yealink_James Wrote: [ -> ]Hi Freddy,
The syslog won't include the GMT time. It will only display a time with 0 timezone.
I think the problem may not related to time.
Would you mind sending us your tar file for a check? You can delete the remote ip address in cnf file or just mark it as xx,
Regards,
James
Here is a short excerpt from my syslog. These messages came with in 30 seconds of each other at ~ 9:43 localtime:
Nov 7 09:43:53 SIP [439]: SUA <3+error > [000] [Server0]: try reg again after (30) s
Nov 7 15:44:14 phone1 openvpn[445]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 7 15:44:14 phone1 openvpn[445]: TLS Error: TLS handshake failed
Nov 7 15:44:14 phone1 openvpn[445]: TCP/UDP: Closing socket
Here is the vpn.cnf, pretty simple:
client
rport 1193
dev tun
remote XXX.XXX.XXX.XXX
tls-client
ca /yealink/config/openvpn/keys/cacert.pem
cert /yealink/config/openvpn/keys/phone1.crt
key /yealink/config/openvpn/keys/phone1.key
pull
verb 5
script-security 2
ping 30
persist-tun
comp-lzo
resolv-retry infinite
Here is the output from the openvpn trying to connect:
Nov 7 15:58:59 phone1 openvpn[445]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 7 15:58:59 phone1 openvpn[445]: TLS Error: TLS handshake failed
Nov 7 15:58:59 phone1 openvpn[445]: TCP/UDP: Closing socket
Nov 7 15:58:59 phone1 openvpn[445]: SIGUSR1[soft,tls-error] received, process restarting
Nov 7 15:58:59 phone1 openvpn[445]: Restart pause, 2 second(s)
Nov 7 15:59:01 phone1 openvpn[445]: WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Nov 7 15:59:01 phone1 openvpn[445]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 7 15:59:01 phone1 openvpn[445]: WARNING: file '/yealink/config/openvpn/keys/phone1.key' is group or others accessible
Nov 7 15:59:01 phone1 openvpn[445]: LZO compression initialized
Nov 7 15:59:01 phone1 openvpn[445]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Nov 7 15:59:01 phone1 openvpn[445]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Nov 7 15:59:01 phone1 openvpn[445]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 7 15:59:01 phone1 openvpn[445]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Nov 7 15:59:01 phone1 openvpn[445]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Nov 7 15:59:01 phone1 openvpn[445]: Local Options hash (VER=V4): '41690919'
Nov 7 15:59:01 phone1 openvpn[445]: Expected Remote Options hash (VER=V4): '530fdded'
Nov 7 15:59:01 phone1 openvpn[445]: UDPv4 link local (bound): [undef]:1194
Nov 7 15:59:01 phone1 openvpn[445]: UDPv4 link remote: XXX.XXX.XXX.XXX:1193
Nov 7 15:59:01 phone1 openvpn[445]: TLS: Initial packet from XXX.XXX.XXX.XXX:1193, sid=994d83a6 57ef8d40
Nov 7 15:59:02 phone1 openvpn[445]: VERIFY OK: depth=1, /C=US
Nov 7 15:59:02 phone1 openvpn[445]: VERIFY OK: depth=0, /C=US
Here is the remainder after the timeout:
Nov 7 16:01:53 phone1 openvpn[445]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 7 16:01:53 phone1 openvpn[445]: TLS Error: TLS handshake failed
I can attach to the same VPN connection with a pc without any problems.
Thanks for the help.