New Forum system requires email address which you used to apply for your account to replace your original username. Password stays the same.Please see this post for more details
http://forum.yealink.com/forum/showthread.php?tid=40344

Yealink Test Club has been officially launched. Please visit post below to get detail information. Come and join us!
http://forum.yealink.com/forum/announcements.php?aid=18

We just had the YMCS online and we are also working on the features plan on the future versions, in this regard we are need to hear your voice about the YMCS.
Please visit : http://forum.yealink.com/forum/showthread.php?tid=42322


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[SOLVED] OpenVPN not doing anything T42G V83
Author Message
Danariel Offline
Junior Member
**

Posts: 3
Joined: Jul 2019
Reputation: 0
Post: #1
[SOLVED] OpenVPN not doing anything T42G V83
Hello,
I've been searching in the forum and Google about how to configure properly the server and the phone to connect using OpenVPN.

The server is running OpenVPN 2.4.4
I've created the keys using easy-rsa3 with the option nopass and using the SHA1 method
As an additional information, the server is an AWS and I've tested to connect with a local openVPN client and the tunnel and IP assignation is done correctly
OpenSSL in the server is 1.0.2k

Code:
server.conf

local xx.xx.xx.xx
port 1194
proto udp
dev tun
tls-server
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh.pem
server 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
status openvpn-status.log
;log openvpn.log

The phone is a T42G running the firmware 29.83.0.50
From the logs, the version of OpenVPN running is 2.4.2

For the phone, I've created the folder keys, put the certs inside and the vpn.cnf outside. Then using tar -cvpf (as told in the PDF from yealink) I create the tar file and uploaded to the phone. After upload, the field changes to vpn.cnf
What I don't know if the certificates have been imported correctly because I don't know if there is a way to check the files structure of the phone and search them.


Code:
vpn.cnf

client
dev tun
proto udp
port 1194
remote xx.xx.xx.xx
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/phone.crt
key /config/openvpn/keys/phone.key
comp-lzo
verb3

As additional information, I've been writing the vpn.cnf line by line and uploading it to the phone and then rebooting to check the logs.
Errors appear only if the remote/port/proto and the keys are missing
After that, if the command is correct for OpenVPN, no error is shown except for the one below:
openvpn[1118]: OpenVPN 2.4.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] built on

I've seen the option
auth SHA1
I'm not sure if it's needed to specify the "auth SHA1" or it's the default

Hope that's all the information needed to explain my problem
Thanks in advance for any help
(This post was last modified: 08-02-2019 08:36 PM by Danariel.)
08-01-2019 12:34 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
jolouis Offline
Moderator
*****

Posts: 300
Joined: Oct 2013
Reputation: 5
Post: #2
RE: OpenVPN not doing anything T42G
What are you seeing on the server? i.e. does the server show the phone even trying to connect, is it rejecting it, or?
Turn logging up on the server, reload, then try and see what happens.

For the phone itself you can increase the overall log level under settings->Log Level. Turn that up to 6 and you should see all kinds of messages about OpenVPN doing stuff.

Check both of those and see if any obvious errors or messages stand out.
08-01-2019 05:38 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Danariel Offline
Junior Member
**

Posts: 3
Joined: Jul 2019
Reputation: 0
Post: #3
RE: OpenVPN not doing anything T42G
Thanks for the answer jolouis
the logs boot and sys at level 6 are showing:
Code:
<134>Aug  2 00:00:09 sys [939]: SYS <6+info  > run openvpn
<132>Aug  2 00:00:09 ATP [997]: ATP <4+warnin> Network check fail, sleep 1s
<134>Aug  2 00:00:09 sys [939]: LLDP<6+info  > proto LLDP, multicast filter for <add> success.
<134>Aug  2 00:00:09 sys [939]: LLDP<6+info  > proto CDPv2, multicast filter for <add> success.
<134>Aug  2 00:00:09 sua [1014]: APP <6+info  > [SIP] <IPC_rcv >:msg:0x00000004, wparam:0x00000001, lparam:0xc4097a18, id:Undefined recv msg string
<134>Aug  2 00:00:09 sua [1014]: APP <6+info  > [SIP] <IPC_rcv >:msg:0x00000084, wparam:0x00000013, lparam:0x00000000, id:Undefined recv msg string
<133>Aug  2 00:00:09 ipvp[1008]: IPVP<5+notice> 009.746.986:Message=0x00000004(0x00000001+0xc4097a18+0)
<133>Aug  2 00:00:09 ipvp[1008]: IPVP<5+notice> 009.936.253:Message=0x00000084(0x00000013+0x00000000+0)
<29>Aug  2 00:00:09 openvpn[1118]: OpenVPN 2.4.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] built on Oct 20 2017
<134>Aug  2 00:00:09 sua [1014]: APP <6+info  > [SIP] <IPC_rcv >:msg:0x00000004, wparam:0x00000000, lparam:0xc4097a18, id:Undefined recv msg string
<134>Aug  2 00:00:09 sua [1014]: APP <6+info  > [SIP] <IPC_rcv >:msg:0x00000085, wparam:0x00000013, lparam:0x00000000, id:Undefined recv msg string
<133>Aug  2 00:00:09 ipvp[1008]: IPVP<5+notice> 009.964.082:Message=0x00000004(0x00000000+0xc4097a18+0)
<133>Aug  2 00:00:09 ipvp[1008]: IPVP<5+notice> 009.964.777:Message=0x00000085(0x00000013+0x00000000+0)
<134>Aug  2 00:00:09 sys [939]: SRV <6+info  > arm_set_lan_port
<134>Aug  2 00:00:09 sys [939]: SYS <6+info  > close pc port
<134>Aug  2 00:00:09 sys [939]: SRV <6+info  > arm_set_port_speed
<134>Aug  2 00:00:09 sys [939]: SRV <6+info  > lan_link_mode 0
<131>Aug  2 00:00:09 sys [939]: SRV <3+error > set net 1 interface, bsp speed 100, level 4: bsw level success.
<132>Aug  2 00:00:09 sys [939]: SYS <4+warnin> set lan speed 100, level 4
<131>Aug  2 00:00:09 sys [939]: SRV <3+error > Command Failed, EMAC_SIOCG_SPEED

Other than that there is no mention of the certificate files, the ip of the VPN server or any info that I can link with an attempt to connect to the VPN

I've re-created all the certificates (the server's and phone's) and created a new conf file with the same content but using the port 1195 instead
The server is waiting incoming connections. Just showing the message "Initialization Sequence Complete". I've checked all the process to start the server an no error is visible. Then I tried to connect with the same certificates but from a laptop and the server receives the connection and assigns the tunnel and IP.
Both the laptop and the phone are in the same network and using the same public IP and router to go out to internet, so it's not a problem of firewall block or blocked IP from the other end.

Any other suggestion?
Downgrade the firmware and check if the V82 or V81 versions are working?

Thanks in advance

EDIT: I tested to edit the routes in the vpn.cnf file to see if there was any error message as "file not found" or something, but it's accepting all the routes:
- /yealink/config/openvpn/keys
- /config/openvpn/keys
- /openvpn/keys
- /keys

The error message about CA or crt file missing is only if there is no entry in the vpn.cnf and not a file checking?
In that way, if the file is not present you don't receive an error message?

I've also changed the name of the ca file to ca1 and there is no error message
(This post was last modified: 08-02-2019 02:11 PM by Danariel.)
08-02-2019 08:57 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Danariel Offline
Junior Member
**

Posts: 3
Joined: Jul 2019
Reputation: 0
Post: #4
RE: OpenVPN not doing anything T42G
I'm going to close the thread because I solved it just downgrading the firmware of the phone to the V82
I don't know if there is a workaround with the V83, but I'd not found it.
No explicit error message so no specific fix.
Thanks for the comment.
At least I'd learnt a lot about the commands to configure the server and client and now I know what commands are going to be deprecated (like the comp-lzo that is now compress -> V82 still needs comp-lzo)
08-02-2019 08:35 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
benaam433 Offline
Banned

Posts: 5
Joined: Aug 2019
Post: #5
RE: [SOLVED] OpenVPN not doing anything T42G V83
If you saw this problem in the future then you should try another VPN like X VPN Premium Version instead of updating the firmware of the phone. Because updaing the firmware takes a lot of time. So changing a VPN is an easy process.
Hope, it will help you in future if you saw this problem again.
Regards,
Benaam
(This post was last modified: 09-15-2019 11:36 AM by benaam433.)
09-15-2019 11:35 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Move from SfB to Teams with T42G helios.comms 0 264 05-21-2019 07:51 PM
Last Post: helios.comms
  OpenVPN not working on T46S 66.83.0.35 _DJ 3 1,168 05-11-2019 07:54 AM
Last Post: complex1
  What cipher will T46G support in OpenVPN AndyInNJ 1 560 02-07-2019 01:32 PM
Last Post: jolouis
  Echo when using headset on T46S and T42G IZT-crobinson 0 540 11-27-2018 02:25 AM
Last Post: IZT-crobinson
  T42G recovery files needed Global Data Systems 0 641 11-12-2018 09:15 PM
Last Post: Global Data Systems
  OpenVPN tunnel disconnects frequently Ozy 2 835 11-01-2018 08:09 PM
Last Post: dannylarsen
  Solved - T46G - Firmware issues - 28.83.0.50 B-C 1 1,218 10-13-2018 09:33 AM
Last Post: complex1
  T42G - Impossible to upgrade firmware psanmartin 5 1,983 08-22-2018 01:24 PM
Last Post: psanmartin
  SHA256 for OpenVPN maibua 0 582 07-23-2018 08:11 AM
Last Post: maibua
  T48G Webrequest Time Outs? Solved Attila 0 721 07-07-2018 06:41 AM
Last Post: Attila

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication