Yealink Forums
Phone logs and OpenVPN - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Configuration (/forumdisplay.php?fid=24)
+--- Thread: Phone logs and OpenVPN (/showthread.php?tid=2195)



Phone logs and OpenVPN - KNERD - 08-06-2014 08:48 AM

Why does the phones have NO logs to tell what is going on with the phone? What sort of insanity is this?

I have been going through this FAQ
http://forum.yealink.com/forum/showthread.php?tid=1843

, and other threads on OpenVPN, and I am coming up with nothing on why the phone is not even attempting to connect to the openVPN server.

What else is one to do without logs of why the phone is failing?


RE: Phone logs and OpenVPN - AndyInNYC - 08-10-2014 09:16 AM

Knerd,

I have been having OpenVPN issues as well. My last round ended up being 'bad' certificates. They worked everywhere except on the phone (other PCs, iPhones, etc. could use them just fine). I used certificates created on another machine and ported them to the server.

Prior to that I had an issue many have had - the .tar file must been in a very specific format:

vpn.cnf (the 'client.conf' everywhere else)
a keys subdirectory
\keys\client.crt
\keys\client.key
\keys\ca.crt (I think from memory)

The vpn.cnf must reference the certificates as though they were in another directory - like this:
ca /config/openvpn/keys/ca.crt

Here is my working vpn.cnf (client side) file:
client
persist-tun
persist-key
cipher BF-CBC
auth SHA1
tls-client
ns-cert-type server
remote X.Y.Z.A # You fill in your VPN address here
nobind
port 1190
proto udp
dev tun
comp-lzo
verb 3
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client1.crt
key /config/openvpn/keys/client1.key

Here is the working server.conf file:

local X.Y.Z.A # Fill in your IP address here
port 1194
proto udp
dev tun
# added based on pbxinaflaah.com
daemon
persist-tun
persist-key
cipher BF-CBC
tls-server
#end added

mode server
server 10.8.0.0 255.255.255.0
push "route 10.2.1.0 255.255.255.0"
push "dhcp-option DNS 10.2.1.1"
keepalive 20 60
client-to-client
duplicate-cn
comp-lzo
verb 3
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
log-append /etc/openvpn/openvpn.log

I'm using iptables on my machine, you need to open the firewall - here's what I have as additions

-A INPUT -s 10.8.0.0/16 -j ACCEPT
-I INPUT -p udp --dport 1194 -j ACCEPT

in the *nat section as the very first line:

-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Hope this helps you. You can look at the created openvpn.log file (now in /etc/openvpn) to see if your phone is at least trying to hit the VPN.

Andrew