Yealink Forums

Yealink Forums > IP Phone Series > T4x Series > OpenVPN tunnel disconnects frequently
Full Version: OpenVPN tunnel disconnects frequently
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Ozy

10-31-2018, 01:48 AM
Hi team,

we are having an issue with T4x phones on V82 with OpenVPN.

We are using the pfSense in-built OpenVPN server and the Client Export wizard T38(2) option. VPN tarball loads fine and phones connect and work fine.
Sites with just one T4x phone, the tunnel is stable over weeks.
Sites with multiple T4x phones often re-establish the tunnel, in general under 24 hours. Randomly this re-connect fails all together and the tunnel is down. Only way to fix this is to restart the phone.
We have run syslog with verb 6, however I can't see anything that indicates the problem.

Has anyone come across this issue?

OpenVPN config is as per Yealink whitepaper.
Quote:dev ovpns3
verb 6
dev-type tun
tun-ipv6
dev-node /dev/tun3
writepid /var/run/openvpn_server3.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher BF-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 203.174.129.186
tls-server
server 192.168.55.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server3
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'TQMS-OpenVPNServer' 1"
lport 4194
management /var/etc/openvpn/server3.sock unix
max-clients 500
push "route 192.168.254.0 255.255.255.0"
push "dhcp-option DOMAIN tqms.net.au"
ca /var/etc/openvpn/server3.ca
cert /var/etc/openvpn/server3.cert
key /var/etc/openvpn/server3.key
dh /etc/dh-parameters.1024
persist-remote-ip
float
topology net30
push "route 192.168.11.0 255.255.255.0"

Thanks for any pointers that let us fix this.

jolouis

10-31-2018, 01:49 PM
(10-31-2018 01:48 AM)Ozy Wrote: [ -> ]lport 4194

That's your issue, you are specifying in the OpenVPN configuration the local port for the client to use. Since you are setting it explicitly to 4194, that means all phones on the network will try to use the same local port as source to connect to the VPN server.

The problem is that since your phone are behind a PFSense firewall, I assume you are doing NAT on the firewall. Most default NAT configurations get confused by multiple devices talking to same remote server/port from the same origin port.

Try either removing the lport setting, or specifying it to 0 (which means use random port instead of defined one). That should resolve the issue.

dannylarsen

11-01-2018, 08:09 PM
On PfSense set your Outbound NAT to manual
Then make a rule for the port used 1194 UDP or 4194 UDP whatever you use
Then make sure you have the "Static Port" unchecked
Same goes for SIP traffic ports 5060 for example if you are not using vpn
Yealink Forums > IP Phone Series > T4x Series > OpenVPN tunnel disconnects frequently
Reference URL's