+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Configuration (/forumdisplay.php?fid=24)
+--- Thread: Openvpn configuration (/showthread.php?tid=2791)
Openvpn configuration - takos120 - 11-18-2014 05:31 AM
Hello, the server configuration is this
port 1194
proto udp
dev tap
dev-node TAP
ca ca.crt
cert server.crt
key server.key # Este archivo debe ser SECRETO!
dh dh1024.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.1.205 255.255.255.0 192.168.1.226 192.168.1.230
server-bridge
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
And the client configuration is this
Quote:client
nobind
remote xxx.xxx.xxx.xxx
port 1194
proto udp
dev tap
comp-lzo
verb 3
ca /yealink/config/openvpn/keys/ca.crt
cert /yealink/config/openvpn/keys/cliente.crt
key /yealink/config/openvpn/keys/cliente.key
The server configuration work with pc's but don't work in phone. This is the log when the phone is connect
Quote:Mon Nov 17 22:23:44 2014 xxx.xxx.xxx.xxx:1026 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1026, sid=9934d9f6 54934050
Mon Nov 17 22:23:47 2014 xxx.xxx.xxx.xxx:1026 VERIFY OK: depth=1, C=ES, ST=MA, L=Madrid, O=OpenVPN, OU=changeme, CN=xxxxxx, name=xxxxx, emailAddress=xxxxx
Mon Nov 17 22:23:47 2014 xxx.xxx.xxx.xxx:1026 VERIFY OK: depth=0, C=ES, ST=MA, L=Madrid, O=OpenVPN, OU=changeme, CN=cliente, name=xxxxx, emailAddress=xxxxx
Mon Nov 17 22:23:48 2014 xxx.xxx.xxx.xxx:1026 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 17 22:23:48 2014 xxx.xxx.xxx.xxx:1026 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 17 22:23:48 2014 xxx.xxx.xxx.xxx:1026 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 17 22:23:48 2014 xxx.xxx.xxx.xxx:1026 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 17 22:23:48 2014 xxx.xxx.xxx.xxx:1026 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Nov 17 22:23:48 2014 xxx.xxx.xxx.xxx:1026 [cliente] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1026
Mon Nov 17 22:23:48 2014 cliente/xxx.xxx.xxx.xxx:1026 MULTI_sva: pool returned IPv4=192.168.1.227, IPv6=(Not enabled)
Mon Nov 17 22:23:49 2014 cliente/xxx.xxx.xxx.xxx:1026 PUSH: Received control message: 'PUSH_REQUEST'
Mon Nov 17 22:23:49 2014 cliente/xxx.xxx.xxx.xxx:1026 send_push_reply(): safe_cap=940
Mon Nov 17 22:23:49 2014 cliente/xxx.xxx.xxx.xxx:1026 SENT CONTROL [cliente]: 'PUSH_REPLY,route-gateway 192.168.1.205,ping 10,ping-restart 120,ifconfig 192.168.1.227 255.255.255.0' (status=1)
Mon Nov 17 22:23:49 2014 cliente/xxx.xxx.xxx.xxx:1026 MULTI: Learn: 00:ff:f1:76:f2:c4 -> cliente/xxx.xxx.xxx.xxx:1026
Mon Nov 17 22:24:59 2014 xxx.xxx.xxx.xxx:1024 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1024, sid=6d1346bd 7c77b3de
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 VERIFY OK: depth=1, C=ES, ST=MA, L=Madrid, O=OpenVPN, OU=changeme, CN=xxxxx, name=xxxxx, emailAddress=xxxxx
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 VERIFY OK: depth=0, C=ES, ST=MA, L=Madrid, O=OpenVPN, OU=changeme, CN=cliente, name=xxxxx, emailAddress=xxxxx
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Nov 17 22:25:08 2014 xxx.xxx.xxx.xxx:1024 [cliente] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1024
Mon Nov 17 22:25:08 2014 MULTI: new connection by client 'cliente' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Mon Nov 17 22:25:08 2014 MULTI_sva: pool returned IPv4=192.168.1.227, IPv6=(Not enabled)
Mon Nov 17 22:25:11 2014 cliente/xxx.xxx.xxx.xxx:1024 PUSH: Received control message: 'PUSH_REQUEST'
Mon Nov 17 22:25:11 2014 cliente/xxx.xxx.xxx.xxx:1024 send_push_reply(): safe_cap=940
Mon Nov 17 22:25:11 2014 cliente/xxx.xxx.xxx.xxx:1024 SENT CONTROL [cliente]: 'PUSH_REPLY,route-gateway 192.168.1.205,ping 10,ping-restart 120,ifconfig 192.168.1.227 255.255.255.0' (status=1)
Mon Nov 17 22:25:11 2014 cliente/xxx.xxx.xxx.xxx:1024 MULTI: Learn: 00:ff:75:ce:30:cc -> cliente/xxx.xxx.xxx.xxx:1024
What can i change in the configuration? Thanks
RE: Openvpn configuration - cptjack - 11-18-2014 06:18 AM
Hi takos120. Please rename the client certificate and key to client.crt and client.key as these filenames are required in the tar file like that. So not cliente.key, just client.key
Please try again with the renamed key and certificate. The configuration file seems fine to me. Make sure it is named exactly vpn.cnf though.
An example of an openvpn.tar file can also be found in this thread.
RE: Openvpn configuration - James_Yealink - 11-18-2014 02:42 PM
Thanks for yoru reply cptjack.
Hi Takos120,
Change the name of certificate as cptjack said and try again.
BTW, what's your phone model and firmware?
Regards,
James
RE: Openvpn configuration - takos120 - 11-19-2014 01:46 AM
(11-18-2014 06:18 AM)cptjack Wrote: Hi takos120. Please rename the client certificate and key to client.crt and client.key as these filenames are required in the tar file like that. So not cliente.key, just client.key
Please try again with the renamed key and certificate. The configuration file seems fine to me. Make sure it is named exactly vpn.cnf though.
An example of an openvpn.tar file can also be found in this thread.
Hello, thanks for the help, but the problem continue. The renamed key and certificate not solve the problem. The phone model is a T20 with firmware 9.72.0.80. If you need any log ask me. Thanks.
RE: Openvpn configuration - James_Yealink - 11-19-2014 10:12 AM
Yes takos120,
Please send us the level 6 syslog and your .tar fle.(You can change or mask private inforamtion in tar file, we just check the format)
Regards,
James
RE: Openvpn configuration - takos120 - 11-19-2014 08:34 PM
(11-19-2014 10:12 AM)Yealink_James Wrote: Yes takos120,Hello, I attach the syslog of phone.
Please send us the level 6 syslog and your .tar fle.(You can change or mask private inforamtion in tar file, we just check the format)
Regards,
James
Thanks.
RE: Openvpn configuration - jind - 02-08-2015 05:53 PM
hi everybody any one can help me to how to find working host to make free internet with openvpn.thanks