[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020

Yealink Forums » IP Phone Series » Configuration » OpenVPN & T28P - "connection refused"

Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
OpenVPN & T28P - "connection refused"
Author Message
KNERD Offline
Junior Member
**

Posts: 39
Joined: Mar 2014
Reputation: 0
Post: #1
OpenVPN & T28P - "connection refused"
This is the contents of openvpn.log concerning the phone:

Quote:Wed Aug 6 16:54:32 2014 us=313342 192.168.5.133:1024 Re-using SSL/TLS context
Wed Aug 6 16:54:32 2014 us=313771 192.168.5.133:1024 LZO compression initialized
Wed Aug 6 16:54:32 2014 us=318080 192.168.5.133:1024 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Aug 6 16:54:32 2014 us=318498 192.168.5.133:1024 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 6 16:54:32 2014 us=319522 192.168.5.133:1024 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Aug 6 16:54:32 2014 us=319603 192.168.5.133:1024 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Aug 6 16:54:32 2014 us=319867 192.168.5.133:1024 Local Options hash (VER=V4): '530fdded'
Wed Aug 6 16:54:32 2014 us=319932 192.168.5.133:1024 Expected Remote Options hash (VER=V4): '41690919'
RWed Aug 6 16:54:32 2014 us=320869 192.168.5.133:1024 TLS: Initial packet from 192.168.5.133:1024, sid=396cae71 e601aba6
WWRRWWWWRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWWWWed Aug 6 16:54:38 2014 us=59111 192.168.5.133:1024 write UDPv4 [ECONNREFUSED]: Connection refused (code=111)
WWWed Aug 6 16:54:38 2014 us=64097 read UDPv4 [ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)
RWed Aug 6 16:54:38 2014 us=448286 192.168.5.133:1024 TLS: new session incoming connection from 192.168.5.133:1024
WRRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWed Aug 6 16:54:40 2014 us=835859 192.168.5.133:1024 TLS: new session incoming connection from 192.168.5.133:1024
WWWWWWWWWWWWWWWWRWWWWWWWWWWWWWWWWWRWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWRWWWWWWWWWWW​WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWRWWWWWWWWWWWWWWWWWWWWWWWWW​WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW


Here is my vpn.cnf:

Quote:client
nobind
dev tun
remote 192.168.5.106
proto udp
port 1194
comp-lzo


ca /yealink/config/openvpn/keys/ca.crt
cert /yealink/config/openvpn/keys/client.crt
key /yealink/config/openvpn/keys/client.key
verb 5


Server.conf on CentOS:

Quote:local 192.168.5.106
port 1194
proto udp
dev tun
mode server
ca ca.crt
cert server.crt
key server.key ;This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
push "explicit-exit-notify 3"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
duplicate-cn
keepalive 20 60
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
comp-lzo
verb 5

The OpenVPN peeps are saying " Some packets are exchanged during TLS negotiation and then the far side rejects it and connects again 6 seconds later."

They say logs would help if the blasted phone had some sort of logging!


Okay so what is going on?
08-07-2014 06:06 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
KNERD Offline
Junior Member
**

Posts: 39
Joined: Mar 2014
Reputation: 0
Post: #2
RE: OpenVPN & T28P - TLS Error
I finally found the phone log and this is what I am finding. I have used md5 & sha1 hash on the keys (default_md in easy rsa)

Quote:Aug 7 00:51:48 openvpn[421]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Aug 7 00:51:48 openvpn[421]: TLS Error: TLS handshake failed
Aug 7 00:51:48 openvpn[421]: TCP/UDP: Closing socket
Aug 7 00:51:48 openvpn[421]: SIGUSR1[soft,tls-error] received, process restarting
Aug 7 00:51:48 openvpn[421]: Restart pause, 2 second(s)
Aug 7 00:51:50 openvpn[421]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Aug 7 00:51:50 openvpn[421]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Aug 7 00:51:50 openvpn[421]: WARNING: file '/yealink/config/openvpn/keys/client.key' is group or others accessible
Aug 7 00:51:50 openvpn[421]: LZO compression initialized
Aug 7 00:51:50 openvpn[421]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug 7 00:51:50 openvpn[421]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Aug 7 00:51:50 openvpn[421]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Aug 7 00:51:50 openvpn[421]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Aug 7 00:51:50 openvpn[421]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Aug 7 00:51:50 openvpn[421]: Local Options hash (VER=V4): '41690919'
Aug 7 00:51:50 openvpn[421]: Expected Remote Options hash (VER=V4): '530fdded'
Aug 7 00:51:50 openvpn[421]: UDPv4 link local: [undef]
Aug 7 00:51:50 openvpn[421]: UDPv4 link remote: 192.168.5.106:1194
Aug 7 00:51:50 openvpn[421]: TLS: Initial packet from 192.168.5.106:1194, sid=917082a6 73b5394b
Aug 7 00:51:51 openvpn[421]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=US/ST=CA/L=SanMateo/O=IPPBXSupport/OU=asterisk_server/CN=IPPBXSupport_CA/name=EasyRSA/emailAddress=support@ipppbxsupport.com
Aug 7 00:51:51 openvpn[421]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Aug 7 00:51:51 openvpn[421]: TLS Error: TLS object -> incoming plaintext read error
Aug 7 00:51:51 openvpn[421]: TLS Error: TLS handshake failed
Aug 7 00:51:51 openvpn[421]: TCP/UDP: Closing socket
Aug 7 00:51:51 openvpn[421]: SIGUSR1[soft,tls-error] received, process restarting
Aug 7 00:51:51 openvpn[421]: Restart pause, 2 second(s)
Aug 7 00:51:53 openvpn[421]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Aug 7 00:51:53 openvpn[421]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Aug 7 00:51:53 openvpn[421]: WARNING: file '/yealink/config/openvpn/keys/client.key' is group or others accessible
Aug 7 00:51:53 openvpn[421]: LZO compression initialized
Aug 7 00:51:53 openvpn[421]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug 7 00:51:53 openvpn[421]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Aug 7 00:51:53 openvpn[421]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Aug 7 00:51:53 openvpn[421]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Aug 7 00:51:53 openvpn[421]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Aug 7 00:51:53 openvpn[421]: Local Options hash (VER=V4): '41690919'
Aug 7 00:51:53 openvpn[421]: Expected Remote Options hash (VER=V4): '530fdded'
Aug 7 00:51:53 openvpn[421]: UDPv4 link local: [undef]
Aug 7 00:51:53 openvpn[421]: UDPv4 link remote: 192.168.5.106:1194
Aug 7 00:51:53 openvpn[421]: TLS: Initial packet from 192.168.5.106:1194, sid=47e7f385 66563d38
Aug 7 00:51:53 openvpn[421]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=US/ST=CA/L=SanMateo/O=IPPBXSupport/OU=asterisk_server/.......
Aug 7 00:51:53 openvpn[421]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Aug 7 00:51:53 openvpn[421]: TLS Error: TLS object -> incoming plaintext read error
Aug 7 00:51:53 openvpn[421]: TLS Error: TLS handshake failed
Aug 7 00:51:53 openvpn[421]: TCP/UDP: Closing socket
Aug 7 00:51:53 openvpn[421]: SIGUSR1[soft,tls-error] received, process restarting
Aug 7 00:51:53 openvpn[421]: Restart pause, 2 second(s)
Aug 7 00:51:55 openvpn[421]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Aug 7 00:51:55 openvpn[421]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Aug 7 00:51:55 openvpn[421]: WARNING: file '/yealink/config/openvpn/keys/client.key' is group or others accessible
Aug 7 00:51:55 openvpn[421]: LZO compression initialized
Aug 7 00:51:55 openvpn[421]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug 7 00:51:55 openvpn[421]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Aug 7 00:51:55 openvpn[421]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Aug 7 00:51:55 openvpn[421]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Aug 7 00:51:55 openvpn[421]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Aug 7 00:51:55 openvpn[421]: Local Options hash (VER=V4): '41690919'
Aug 7 00:51:55 openvpn[421]: Expected Remote Options hash (VER=V4): '530fdded'
Aug 7 00:51:55 openvpn[421]: UDPv4 link local: [undef]
Aug 7 00:51:55 openvpn[421]: UDPv4 link remote: 192.168.5.106:1194
08-07-2014 09:07 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Passing only LDAP traffic through OPENVPN Commensus 0 2,062 02-23-2022 09:47 PM
Last Post: Commensus
  Configuring OPENVPN with Yealink Commensus 0 2,562 02-23-2022 09:45 PM
Last Post: Commensus
  DHCP not working on T26P when OpenVPN is enabled. LandonL 11 36,310 05-12-2021 10:46 AM
Last Post: 1sae
  Solved Openvpn.tar creating the right size file compsos 3 8,380 08-20-2020 06:49 AM
Last Post: complex1
  OpenVPN and QoS/TOS roelvanmeer 0 4,614 02-19-2019 09:27 AM
Last Post: roelvanmeer
  OpenVPN Timeout connecting p2xt 3 10,210 07-13-2018 07:37 PM
Last Post: jolouis
  Network Directory gives Connection Error TelNet Worldwide_Support 1 6,630 09-15-2017 02:59 AM
Last Post: Lucia_Yealink
  openvpn w52p setup rafael 4 19,196 08-10-2017 02:03 PM
Last Post: indicato
  can't setup openvpn with t48g zzz 8 24,438 07-18-2017 09:04 AM
Last Post: sj
  OpenVPN in T27P arcsistemes 1 7,509 07-13-2016 04:50 PM
Last Post: Klaus_Yealink

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication