[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
OpenVPN tunnel disconnects frequently
Author Message
Ozy Offline
Junior Member
**

Posts: 4
Joined: Dec 2016
Reputation: 0
Post: #1
OpenVPN tunnel disconnects frequently
Hi team,

we are having an issue with T4x phones on V82 with OpenVPN.

We are using the pfSense in-built OpenVPN server and the Client Export wizard T38(2) option. VPN tarball loads fine and phones connect and work fine.
Sites with just one T4x phone, the tunnel is stable over weeks.
Sites with multiple T4x phones often re-establish the tunnel, in general under 24 hours. Randomly this re-connect fails all together and the tunnel is down. Only way to fix this is to restart the phone.
We have run syslog with verb 6, however I can't see anything that indicates the problem.

Has anyone come across this issue?

OpenVPN config is as per Yealink whitepaper.
Quote:dev ovpns3
verb 6
dev-type tun
tun-ipv6
dev-node /dev/tun3
writepid /var/run/openvpn_server3.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher BF-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 203.174.129.186
tls-server
server 192.168.55.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server3
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'TQMS-OpenVPNServer' 1"
lport 4194
management /var/etc/openvpn/server3.sock unix
max-clients 500
push "route 192.168.254.0 255.255.255.0"
push "dhcp-option DOMAIN tqms.net.au"
ca /var/etc/openvpn/server3.ca
cert /var/etc/openvpn/server3.cert
key /var/etc/openvpn/server3.key
dh /etc/dh-parameters.1024
persist-remote-ip
float
topology net30
push "route 192.168.11.0 255.255.255.0"

Thanks for any pointers that let us fix this.
(This post was last modified: 10-31-2018 01:55 AM by Ozy.)
10-31-2018 01:48 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
jolouis Offline
Moderator
*****

Posts: 339
Joined: Oct 2013
Reputation: 6
Post: #2
RE: OpenVPN tunnel disconnects frequently
(10-31-2018 01:48 AM)Ozy Wrote:  lport 4194

That's your issue, you are specifying in the OpenVPN configuration the local port for the client to use. Since you are setting it explicitly to 4194, that means all phones on the network will try to use the same local port as source to connect to the VPN server.

The problem is that since your phone are behind a PFSense firewall, I assume you are doing NAT on the firewall. Most default NAT configurations get confused by multiple devices talking to same remote server/port from the same origin port.

Try either removing the lport setting, or specifying it to 0 (which means use random port instead of defined one). That should resolve the issue.
10-31-2018 01:49 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
dannylarsen Offline
Junior Member
**

Posts: 7
Joined: Mar 2013
Reputation: 0
Post: #3
RE: OpenVPN tunnel disconnects frequently
On PfSense set your Outbound NAT to manual
Then make a rule for the port used 1194 UDP or 4194 UDP whatever you use
Then make sure you have the "Static Port" unchecked
Same goes for SIP traffic ports 5060 for example if you are not using vpn
11-01-2018 08:09 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Yealink T46U - OpenVPN to MikroTik Router isaiahsiewert 0 437 01-19-2024 12:04 AM
Last Post: isaiahsiewert
Bug T41P OpenVPN w/ PSK fails rnalrd 0 996 01-20-2023 10:52 PM
Last Post: rnalrd
  T41P and OpenVPN coltarushalo 0 3,228 05-26-2021 02:58 AM
Last Post: coltarushalo
  Packet Capture - T4x w/OpenVPN coltarushalo 0 2,917 03-13-2021 01:15 AM
Last Post: coltarushalo
  OpenVPN issue with SIP/UDP fredoch 0 3,738 11-10-2020 03:47 PM
Last Post: fredoch
  OpenVPN Version List coltarushalo 0 3,285 08-03-2020 08:35 PM
Last Post: coltarushalo
  T4xG no OpenVPN IP when using TAP Output101 2 7,825 04-11-2020 08:16 PM
Last Post: gordon0193
  [SOLVED] OpenVPN not doing anything T42G V83 Danariel 5 16,396 03-27-2020 02:32 PM
Last Post: jamesg224
  OpenVPN not working on T46S 66.83.0.35 _DJ 3 10,399 05-11-2019 07:54 AM
Last Post: complex1
  What cipher will T46G support in OpenVPN AndyInNJ 1 5,995 02-07-2019 01:32 PM
Last Post: jolouis

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication