[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
problem with openvpn with W52p ip phone ?!!
Author Message
drvirus Offline
Junior Member
**

Posts: 4
Joined: Sep 2014
Reputation: 0
Post: #1
Sad problem with openvpn with W52p ip phone ?!!
Hi , all
i have a problem with openvpn with phone w52p
i have the version of :
Firmware Version 25.50.23.2
Hardware Version 25.1.0.0.0.0.0
===========
the problem that i have is with the OPENVPN , i can see the icon of VPN on the phone , but there is no registeringin the PBX andi see some erros in vpn server log.
==========================
vpn.cnf file :
client
setenv SERVER_POLL_TIMEOUT 4
nobind
remote xxxxx 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-retry nointeract
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key
========================================
i had creted openvpn folder and i put with it vpn.cnf file above
then created keys folder and puit with it the 3 files ca.crt , client.crt , client.key
========================================

uploaded with tar file to the phone and rebooted.

my server.conf on the openvpn server is :
==============================================
[root@pbx1 ~]# cat /etc/openvpn/server.conf
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
#tun-mtu-extra 0
#link-mtu 1542
mssfix 1450
reneg-sec 0
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
#plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS
##plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS
#client-cert-not-required
#username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3
#defauklt ver 3 , i changed it for troubelshooting
#comp-lzo adaptive
#Aug 28 06:27:08 pbx1 openvpn[18127]: 176.58.65.30:65028 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1574', remote='link-mtu 1542'
#Aug 28 06:27:08 pbx1 openvpn[18127]: 176.58.65.30:65028 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
push "explicit-exit-notify 3"
============================================

more details about OS:
[root@pbx1 ~]# openvpn --version
OpenVPN 2.2.0 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Originally developed by James Yonan
Copyright © 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>

$ ./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --disable-dependency-tracking --program-prefix= --enable-iproute2 --enable-pkcs11 --enable-password-save

Compile time defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PASSWORD_SAVE ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_PKCS11 USE_SSL
[root@pbx1 ~]#
[root@pbx1 ~]# uname -a
Linux pbx1.VVV.com 2.6.18-371.11.1.el5 #1 SMP Wed Jul 23 15:12:55 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@pbx1 ~]# cat /etc/redhat-release
CentOS release 5.10 (Final)
[root@pbx1 ~]#

========================
THE LOGS on the server when the phone try to log is :


Sep 29 21:41:25 pbx1 openvpn[17591]: event_wait : Interrupted system call (code=4)
Sep 29 21:41:25 pbx1 openvpn[17591]: TCP/UDP: Closing socket
Sep 29 21:41:25 pbx1 openvpn[17591]: /sbin/ip route del 10.8.0.0/24
Sep 29 21:41:25 pbx1 openvpn[17591]: Closing TUN/TAP interface
Sep 29 21:41:25 pbx1 openvpn[17591]: /sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2
Sep 29 21:41:25 pbx1 openvpn[17591]: SIGTERM[hard,] received, process exiting
Sep 29 21:41:25 pbx1 openvpn[17591]: SIGTERM[hard,] received, process exiting
Sep 29 21:41:27 pbx1 openvpn[17665]: OpenVPN 2.2.0 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Jun 6 2011
Sep 29 21:41:27 pbx1 openvpn[17665]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sep 29 21:41:27 pbx1 openvpn[17665]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 29 21:41:27 pbx1 openvpn[17665]: Diffie-Hellman initialized with 1024 bit key
Sep 29 21:41:27 pbx1 openvpn[17665]: TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sep 29 21:41:27 pbx1 openvpn[17665]: Socket Buffers: R=[129024->131072] S=[129024->131072]
Sep 29 21:41:27 pbx1 openvpn[17665]: ROUTE default_gateway=192.168.1.1
Sep 29 21:41:27 pbx1 kernel: tun0: Disabled Privacy Extensions
Sep 29 21:41:27 pbx1 openvpn[17665]: TUN/TAP device tun0 opened
Sep 29 21:41:27 pbx1 openvpn[17665]: TUN/TAP TX queue length set to 100
Sep 29 21:41:27 pbx1 openvpn[17665]: /sbin/ip link set dev tun0 up mtu 1500
Sep 29 21:41:27 pbx1 openvpn[17665]: /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sep 29 21:41:27 pbx1 openvpn[17665]: /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sep 29 21:41:27 pbx1 openvpn[17665]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sep 29 21:41:27 pbx1 openvpn[17673]: UDPv4 link local (bound): [undef]:1194
Sep 29 21:41:27 pbx1 openvpn[17673]: UDPv4 link remote: [undef]
Sep 29 21:41:27 pbx1 openvpn[17673]: MULTI: multi_init called, r=256 v=256
Sep 29 21:41:27 pbx1 openvpn[17673]: IFCONFIG POOL: base=10.8.0.4 size=62
Sep 29 21:41:27 pbx1 openvpn[17673]: Initialization Sequence Completed
Sep 29 21:41:27 pbx1 openvpn[17665]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sep 29 21:41:27 pbx1 openvpn[17665]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 29 21:41:27 pbx1 openvpn[17665]: Diffie-Hellman initialized with 1024 bit key
Sep 29 21:41:27 pbx1 openvpn[17665]: TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sep 29 21:41:27 pbx1 openvpn[17665]: Socket Buffers: R=[129024->131072] S=[129024->131072]
Sep 29 21:41:27 pbx1 openvpn[17665]: ROUTE default_gateway=192.168.1.1
Sep 29 21:41:27 pbx1 kernel: tun0: Disabled Privacy Extensions
Sep 29 21:41:27 pbx1 openvpn[17665]: TUN/TAP device tun0 opened
Sep 29 21:41:27 pbx1 openvpn[17665]: TUN/TAP TX queue length set to 100
Sep 29 21:41:27 pbx1 openvpn[17665]: /sbin/ip link set dev tun0 up mtu 1500
Sep 29 21:41:27 pbx1 openvpn[17665]: /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Sep 29 21:41:27 pbx1 openvpn[17665]: /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Sep 29 21:41:27 pbx1 openvpn[17665]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sep 29 21:41:27 pbx1 openvpn[17673]: UDPv4 link local (bound): [undef]:1194
Sep 29 21:41:27 pbx1 openvpn[17673]: UDPv4 link remote: [undef]
Sep 29 21:41:27 pbx1 openvpn[17673]: MULTI: multi_init called, r=256 v=256
Sep 29 21:41:27 pbx1 openvpn[17673]: IFCONFIG POOL: base=10.8.0.4 size=62
Sep 29 21:41:27 pbx1 openvpn[17673]: Initialization Sequence Completed





Sep 29 21:41:45 pbx1 openvpn[17673]: MULTI: multi_create_instance called
Sep 29 21:41:45 pbx1 openvpn[17673]: 83.137.253.206:53360 Re-using SSL/TLS context
Sep 29 21:41:45 pbx1 openvpn[17673]: 83.137.253.206:53360 LZO compression initialized
Sep 29 21:41:45 pbx1 openvpn[17673]: 83.137.253.206:53360 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sep 29 21:41:45 pbx1 openvpn[17673]: 83.137.253.206:53360 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sep 29 21:41:45 pbx1 openvpn[17673]: 83.137.253.206:53360 Local Options hash (VER=V4): '530fdded'
Sep 29 21:41:45 pbx1 openvpn[17673]: 83.137.253.206:53360 Expected Remote Options hash (VER=V4): '41690919'
Sep 29 21:41:45 pbx1 openvpn[17673]: 83.137.253.206:53360 TLS: Initial packet from 83.137.253.206:53360, sid=3992882a bbc76a09
Sep 29 21:41:45 pbx1 openvpn[17673]: 83.137.253.206:53360 Expected Remote Options hash (VER=V4): '41690919'
Sep 29 21:41:45 pbx1 openvpn[17673]: 83.137.253.206:53360 TLS: Initial packet from 83.137.253.206:53360, sid=3992882a bbc76a09
Sep 29 21:41:48 pbx1 openvpn[17673]: MULTI: multi_create_instance called
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 Re-using SSL/TLS context
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 LZO compression initialized
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 Local Options hash (VER=V4): '530fdded'
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 Expected Remote Options hash (VER=V4): '41690919'
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 TLS: Initial packet from 83.137.253.206:58873, sid=154b5080 ee0485fd
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 LZO compression initialized
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 Local Options hash (VER=V4): '530fdded'
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 Expected Remote Options hash (VER=V4): '41690919'
Sep 29 21:41:48 pbx1 openvpn[17673]: 83.137.253.206:58873 TLS: Initial packet from 83.137.253.206:58873, sid=154b5080 ee0485fd
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=a/emailAddress=a@a
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=newclient1/name=changeme/emailAddress=mail@host.domain
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 [newclient1] Peer Connection Initiated with 83.137.253.206:58873
Sep 29 21:41:49 pbx1 openvpn[17673]: newclient1/83.137.253.206:58873 MULTI: Learn: 10.8.0.6 -> newclient1/83.137.253.206:58873
Sep 29 21:41:49 pbx1 openvpn[17673]: newclient1/83.137.253.206:58873 MULTI: primary virtual IP for newclient1/83.137.253.206:58873: 10.8.0.6
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sep 29 21:41:49 pbx1 openvpn[17673]: 83.137.253.206:58873 [newclient1] Peer Connection Initiated with 83.137.253.206:58873
Sep 29 21:41:49 pbx1 openvpn[17673]: newclient1/83.137.253.206:58873 MULTI: Learn: 10.8.0.6 -> newclient1/83.137.253.206:58873
Sep 29 21:41:49 pbx1 openvpn[17673]: newclient1/83.137.253.206:58873 MULTI: primary virtual IP for newclient1/83.137.253.206:58873: 10.8.0.6
Sep 29 21:41:52 pbx1 openvpn[17673]: newclient1/83.137.253.206:58873 PUSH: Received control message: 'PUSH_REQUEST'
Sep 29 21:41:52 pbx1 openvpn[17673]: newclient1/83.137.253.206:58873 SENT CONTROL [newclient1]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,explicit-exit-notify 3,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)


Sep 29 21:42:45 pbx1 openvpn[17673]: 83.137.253.206:53360 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sep 29 21:42:45 pbx1 openvpn[17673]: 83.137.253.206:53360 TLS Error: TLS handshake failed
Sep 29 21:42:45 pbx1 openvpn[17673]: 83.137.253.206:53360 SIGUSR1[soft,tls-error] received, client-instance restarting
Sep 29 21:45:47 pbx1 openvpn[17673]: newclient1/83.137.253.206:58873 Replay-window backtrack occurred [2]
Sep 29 21:45:47 pbx1 openvpn[17673]: newclient1/83.137.253.206:58873 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #21 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings




=================================
it seems the error @ the end of the log file is the error !!

anyhelp ?

regards
09-30-2014 09:40 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
James_Yealink Offline
Administrator
*******

Posts: 1,159
Joined: Aug 2014
Reputation: 8
Post: #2
RE: problem with openvpn with W52p ip phone ?!!
Hi Drvirus,

Sorry for the late, we have a National Holiday from 10.1 to 10.7.
Firstly, can you upgrade to V73 firmware and check again?
Firmware link:
ftp://James:494qh65Z@ftp.yealink.com/fir...3.23.1.rom

If the problem persist please export a phone level 6 syslog to us.
Login into phone web interface, go to Phone-> Configuration, set the syslog level to 6, reproduce the issue and then export syslog.

Thanks,
James
10-11-2014 05:48 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  W52P Firmware upgrade aunijaffer@gmail.com 5 2,082 09-07-2021 11:42 PM
Last Post: complex1
  W52P Repeater RT10/rt20/RT30 schnell-yealink 1 2,056 06-16-2021 02:55 AM
Last Post: complex1
  W52P 2 handsets DAZZLING 1 2,154 06-01-2021 09:55 PM
Last Post: complex1
  W52P Openvpn with mikrotik info@quantiss.com 4 10,626 04-11-2021 06:25 AM
Last Post: Harms_Kubiak
  Using a non Yealink DECT phone ttquattroman 1 3,184 01-16-2021 09:05 PM
Last Post: complex1
  Is there no call history in web management panel in W52P? poznaniak 1 3,909 08-10-2020 12:49 PM
Last Post: complex1
  Openvpn connection reset mrdibb 4 6,945 07-08-2020 02:05 PM
Last Post: mrdibb
  W52P factory reset without password ralph 1 5,265 04-02-2020 03:05 AM
Last Post: Yisroel_MongoTEL
  W52p Repair Aliaksandr 10 15,855 02-10-2020 10:30 PM
Last Post: RobertoDSM
  Action URI in W52P RRC_Support 1 4,594 10-22-2019 01:27 PM
Last Post: Garry_Yealink

Forum Jump:


User(s) browsing this thread:

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication