Time and VPN problems

[FreddyJones]

I am having issues with a T22P running 7.72.0.51 and openvpn. I think I have it narrowed down to a time issue. The phone display shows the current local time, but looking at the what is being logged by syslog the openvpn daemon is using GMT so it thinks it is 6 hours ahead. In the settings I have DHCP time disabled, and the ntp servers are set to us.pool.ntp.org. How do I get openvpn process to use localtime so that it can establish connection?

Any one have any suggestions what I'm doing wrong ?

[James_Yealink]

Hi Freddy,

The syslog won't include the GMT time. It will only display a time with 0 timezone.

I think the problem may not related to time.
Would you mind sending us your tar file for a check? You can delete the remote ip address in cnf file or just mark it as xx,

Regards,
James

[FreddyJones]

(11-06-2014 09:03 PM)Yealink_James Wrote:  Hi Freddy,

The syslog won't include the GMT time. It will only display a time with 0 timezone.

I think the problem may not related to time.
Would you mind sending us your tar file for a check? You can delete the remote ip address in cnf file or just mark it as xx,

Regards,
James

Here is a short excerpt from my syslog. These messages came with in 30 seconds of each other at ~ 9:43 localtime:

Nov 7 09:43:53 SIP [439]: SUA <3+error > [000] [Server0]: try reg again after (30) s
Nov 7 15:44:14 phone1 openvpn[445]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 7 15:44:14 phone1 openvpn[445]: TLS Error: TLS handshake failed
Nov 7 15:44:14 phone1 openvpn[445]: TCP/UDP: Closing socket

Here is the vpn.cnf, pretty simple:

client
rport 1193
dev tun
remote XXX.XXX.XXX.XXX
tls-client
ca /yealink/config/openvpn/keys/cacert.pem
cert /yealink/config/openvpn/keys/phone1.crt
key /yealink/config/openvpn/keys/phone1.key
pull
verb 5
script-security 2
ping 30
persist-tun
comp-lzo
resolv-retry infinite

Here is the output from the openvpn trying to connect:

Nov 7 15:58:59 phone1 openvpn[445]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 7 15:58:59 phone1 openvpn[445]: TLS Error: TLS handshake failed
Nov 7 15:58:59 phone1 openvpn[445]: TCP/UDP: Closing socket
Nov 7 15:58:59 phone1 openvpn[445]: SIGUSR1[soft,tls-error] received, process restarting
Nov 7 15:58:59 phone1 openvpn[445]: Restart pause, 2 second(s)
Nov 7 15:59:01 phone1 openvpn[445]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Nov 7 15:59:01 phone1 openvpn[445]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 7 15:59:01 phone1 openvpn[445]: WARNING: file '/yealink/config/openvpn/keys/phone1.key' is group or others accessible
Nov 7 15:59:01 phone1 openvpn[445]: LZO compression initialized
Nov 7 15:59:01 phone1 openvpn[445]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Nov 7 15:59:01 phone1 openvpn[445]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Nov 7 15:59:01 phone1 openvpn[445]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Nov 7 15:59:01 phone1 openvpn[445]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Nov 7 15:59:01 phone1 openvpn[445]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Nov 7 15:59:01 phone1 openvpn[445]: Local Options hash (VER=V4): '41690919'
Nov 7 15:59:01 phone1 openvpn[445]: Expected Remote Options hash (VER=V4): '530fdded'
Nov 7 15:59:01 phone1 openvpn[445]: UDPv4 link local (bound): [undef]:1194
Nov 7 15:59:01 phone1 openvpn[445]: UDPv4 link remote: XXX.XXX.XXX.XXX:1193
Nov 7 15:59:01 phone1 openvpn[445]: TLS: Initial packet from XXX.XXX.XXX.XXX:1193, sid=994d83a6 57ef8d40
Nov 7 15:59:02 phone1 openvpn[445]: VERIFY OK: depth=1, /C=US
Nov 7 15:59:02 phone1 openvpn[445]: VERIFY OK: depth=0, /C=US

Here is the remainder after the timeout:

Nov 7 16:01:53 phone1 openvpn[445]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 7 16:01:53 phone1 openvpn[445]: TLS Error: TLS handshake failed


I can attach to the same VPN connection with a pc without any problems.

Thanks for the help.

[James_Yealink]

Hi Freddy,

Can you change the cacert.pem to a cacert.crt format and try again?

Regards,
James

[FreddyJones]

(11-14-2014 08:08 PM)Yealink_James Wrote:  Hi Freddy,

Can you change the cacert.pem to a cacert.crt format and try again?

Regards,
James

When I do this It looks like openvpn isn't even trying to run any more. I no longer get any information in the logs about openvpn.

[Karl_Yealink]

(12-03-2014 02:06 AM)FreddyJones Wrote:  

(11-14-2014 08:08 PM)Yealink_James Wrote:  Hi Freddy,

Can you change the cacert.pem to a cacert.crt format and try again?

Regards,
James

When I do this It looks like openvpn isn't even trying to run any more. I no longer get any information in the logs about openvpn.

Hi,

About your T23G issue, I had sent email to you, do you receive? If not, please tell me your email address, I will give you respond.