T28P - OpenVPN TLS error: Unsupported protocol - Printable Version +- Yealink Forums (http://forum.yealink.com/forum) +-- Forum: IP Phone Series (/forumdisplay.php?fid=4) +--- Forum: Phone specific topic (/forumdisplay.php?fid=12) +---- Forum: T2xP Series (/forumdisplay.php?fid=21) +---- Thread: T28P - OpenVPN TLS error: Unsupported protocol (/showthread.php?tid=46774) |
T28P - OpenVPN TLS error: Unsupported protocol - 1sae - 07-18-2023 06:50 AM Hi I know this phone is pretty old now, but I'm not in the habit of replacing business phones every few years. I have an off site employee that we gave a T28P phone to that has been connecting through openvpn for a couple of years now with no problem. My office firewall is pfSense and was using the 2.6 release with the yealink 2.73.0.50 firmware. My issue came out when I updated pfSense to v2.7 that updated openvpn. Now I get the following error in the phone log: Code: Jul 17 22:16:33 openvpn[439]: TLS Error: TLS handshake failed and get this in my firewall log: Code: Jul 17 15:15:33 openvpn 55123 98.XXX.XXX.XXX:1194 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only My guess is that the phone is using an old version of openvpn because the same configuration worked before. Here's a copy of my vpn.cnf: Code: remote XXX.XXXXX.com 1197 udp I've also tried a number of different ciphers that didn't work (BF-CBC, CF-CFB, AES-256-CBC, AES-128-GCM). Any suggestions would be greatly appreciated! |