Yealink Forums

Full Version: trying to setup VPN on T29G/46.82
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
We are having trouble setting up the VPN from the phone to our Watchguard (via SSL)

syslog shows:

<29>Nov 7 00:00:09 openvpn[1182]: OpenVPN 2.2.1 arm-linux [SSL] [LZO2] [EPOLL] built on Jun 30 2017
<28>Nov 7 00:00:09 openvpn[1182]: WARNING: file '/config/openvpn/auth.txt' is group or others accessible
<28>Nov 7 00:00:09 openvpn[1182]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
<28>Nov 7 00:00:09 openvpn[1182]: WARNING: file '/config/openvpn/keys/client.key' is group or others accessible
<29>Nov 7 00:00:09 openvpn[1182]: Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
<29>Nov 7 00:00:09 openvpn[1182]: Socket Buffers: R=[87380->131072] S=[16384->131072]
<29>Nov 7 00:00:09 openvpn[1182]: Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
<29>Nov 7 00:00:09 openvpn[1182]: Local Options hash (VER=V4): 'b60e7885'
<29>Nov 7 00:00:09 openvpn[1182]: Expected Remote Options hash (VER=V4): 'fbeb66e6'
<29>Nov 7 00:00:09 openvpn[1190]: Attempting to establish TCP connection with (myIP):44344 [nonblock]
<27>Nov 7 00:00:09 openvpn[1190]: TCP: connect to (myIP):44344 failed, will try again in 5 seconds: Network is unreachable
<29>Nov 7 00:00:09 openvpn[1190]: SIGUSR1[soft,init_instance] received, process restarting
<29>Nov 7 00:00:09 openvpn[1190]: Restart pause, 5 second(s)


ive uploaded a OpenVPN.tar file containing the following:
auth.txt
vpn.cnf
keys\ca.crt
keys\client.crt
keys\client.key


my vpn.cnf file shows

dev tap
client
proto tcp
remote-cert-eku "TLS Web Server Authentication"
remote x.x.x.x 44344 (ive removed the correct ip)
remote x.x.x.x 44344
persist-key
persist-tun
verb 3
mute 20
keepalive 10 60
cipher AES-256-CBC
auth SHA1
float 1
reneg-sec 3660
nobind
mute-replay-warnings
auth-user-pass /config/openvpn/auth.txt
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key

we have this method working on older phones but am struggling with this model

thanks
Dear Mikeļ¼Œ

May i know which old model and firmware the method is working well?

We need you provide the detial llevel 6 syslog files, config.bin and pace trace and the OpenVPN.tar to do debug when you connect the VPN server.
Refer to the FAQ to collect the three files:
http://support.yealink.com/faq/faqInfo?id=313

Please note, to make a comparision, we need you provide all of the files for both the T29G and the older phones.

Besides, how many phones in total? And how many of them have the issue?
(You can send the files to Lucia@yealink.com with link of this post)

BR
Lucia
thanks Lucia , ive now fixed this - it seemed to be trying to use the second remote address rather than the first so after removing the entry now connected. but now for some reason the account registration fails. Ive tried with the same details on a softphone (VPN > softphone) which works fine. which would be the best log file to trouble shoot the account registration process

thanks
Mike
If is the refister fail issue, then provide the level 6 syslog, config.bin and pace trace will be OK.
Refer to the FAQ to collect the three files:
http://support.yealink.com/faq/faqInfo?id=313

BTW, what is the softphone? Can you also attached the syslog of the softphone for us to make a comparision?

BR
Lucia
Reference URL's