Phone logs and OpenVPN - Printable Version +- Yealink Forums (http://forum.yealink.com/forum) +-- Forum: IP Phone Series (/forumdisplay.php?fid=4) +--- Forum: Configuration (/forumdisplay.php?fid=24) +--- Thread: Phone logs and OpenVPN (/showthread.php?tid=2195)

Phone logs and OpenVPN - KNERD - 08-06-2014 08:48 AM Why does the phones have NO logs to tell what is going on with the phone? What sort of insanity is this? I have been going through this FAQ http://forum.yealink.com/forum/showthread.php?tid=1843 , and other threads on OpenVPN, and I am coming up with nothing on why the phone is not even attempting to connect to the openVPN server. What else is one to do without logs of why the phone is failing? RE: Phone logs and OpenVPN - AndyInNYC - 08-10-2014 09:16 AM Knerd, I have been having OpenVPN issues as well. My last round ended up being 'bad' certificates. They worked everywhere except on the phone (other PCs, iPhones, etc. could use them just fine). I used certificates created on another machine and ported them to the server. Prior to that I had an issue many have had - the .tar file must been in a very specific format: vpn.cnf (the 'client.conf' everywhere else) a keys subdirectory \keys\client.crt \keys\client.key \keys\ca.crt (I think from memory) The vpn.cnf must reference the certificates as though they were in another directory - like this: ca /config/openvpn/keys/ca.crt Here is my working vpn.cnf (client side) file: client persist-tun persist-key cipher BF-CBC auth SHA1 tls-client ns-cert-type server remote X.Y.Z.A # You fill in your VPN address here nobind port 1190 proto udp dev tun comp-lzo verb 3 ca /config/openvpn/keys/ca.crt cert /config/openvpn/keys/client1.crt key /config/openvpn/keys/client1.key Here is the working server.conf file: local X.Y.Z.A # Fill in your IP address here port 1194 proto udp dev tun # added based on pbxinaflaah.com daemon persist-tun persist-key cipher BF-CBC tls-server #end added mode server server 10.8.0.0 255.255.255.0 push "route 10.2.1.0 255.255.255.0" push "dhcp-option DNS 10.2.1.1" keepalive 20 60 client-to-client duplicate-cn comp-lzo verb 3 ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key dh /etc/openvpn/dh1024.pem log-append /etc/openvpn/openvpn.log I'm using iptables on my machine, you need to open the firewall - here's what I have as additions -A INPUT -s 10.8.0.0/16 -j ACCEPT -I INPUT -p udp --dport 1194 -j ACCEPT in the *nat section as the very first line: -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE Hope this helps you. You can look at the created openvpn.log file (now in /etc/openvpn) to see if your phone is at least trying to hit the VPN. Andrew