T4xG VPN to Watchguard - Printable Version +- Yealink Forums (http://forum.yealink.com/forum) +-- Forum: IP Phone Series (/forumdisplay.php?fid=4) +--- Forum: T4x Series (/forumdisplay.php?fid=31) +--- Thread: T4xG VPN to Watchguard (/showthread.php?tid=3192) |
T4xG VPN to Watchguard - HiBit - 01-25-2015 04:00 AM Hello, did anyone get theese devices connected? I tried several settings in the box, but unfortunately I didn't get a connection from a T42G or T46G to my XTM Watchguard (Version 11.9.4 ) I saw several error messages: TLS Error: TLS handshake failed TLS Error: TLS object -> incoming plaintext read error TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed VERIFY nsCertType ERROR: /O=WatchGuard_Technologies/OU=Fireware/CN=Fireware_SSLVPN_Server, require nsCertType=SERVER VERIFY OK: depth=1, /O=WatchGuard_Technologies/OU=Fireware/CN=Fireware_SSLVPN__SN_V1C5000000000_2014-04-06_16:16:09_GMT__CA TLS: Initial packet from 1.2.3.4:444, sid=c85c67bc fadb0671 TCPv4_CLIENT link remote: 1.2.3.4:444 TCPv4_CLIENT link local: [undef] TCP connection established with 1.2.3.4:444 (I changed the correct IP above) Any suggestions to get it working? RE: T4xG VPN to Watchguard - tsukraw - 01-25-2015 10:40 AM Are you trying to get the VPN client on the phone its self to connect to the Watchguard SSL? If so that is a very interesting idea. Never thought of trying that but i would be very interested in if this would work. RE: T4xG VPN to Watchguard - HiBit - 01-25-2015 05:02 PM Hi tsukraw, yes, why not? The Watchgaurd supports openssl. If you connect to the box (htttps://<yourwatchgaurdip>:<theportyou confured>/sslvpn.html) your can login to a webinterface, where you can download the openssl config file. If you take a look at the configuration file you'll find the CA, the CERT and the KEY. At this moment, I figured out the following things, beside extracting the certificates and the key to separate files - CERT and KEY files has to be named to ext_<extension>.CRT and EXT_<extension>.KEY, it is necessary to crate an auth.txt (maybe this has also to be named auth_<extension>.txt, I didn't test it up to now) file with username and Password ( I saw this anywhere else in one posting). But I didn't get through, the VPN didn't came up. I set up a syslog server to get some more information from the phone and there I got the error messages, I posted before. I have several customers, which will be happy if I will solve this. |