[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[SOLVED] OpenVPN not doing anything T42G V83
Author Message
Danariel Offline
Junior Member
**

Posts: 3
Joined: Jul 2019
Reputation: 0
Post: #1
[SOLVED] OpenVPN not doing anything T42G V83
Hello,
I've been searching in the forum and Google about how to configure properly the server and the phone to connect using OpenVPN.

The server is running OpenVPN 2.4.4
I've created the keys using easy-rsa3 with the option nopass and using the SHA1 method
As an additional information, the server is an AWS and I've tested to connect with a local openVPN client and the tunnel and IP assignation is done correctly
OpenSSL in the server is 1.0.2k

Code:
server.conf

local xx.xx.xx.xx
port 1194
proto udp
dev tun
tls-server
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh.pem
server 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
status openvpn-status.log
;log openvpn.log

The phone is a T42G running the firmware 29.83.0.50
From the logs, the version of OpenVPN running is 2.4.2

For the phone, I've created the folder keys, put the certs inside and the vpn.cnf outside. Then using tar -cvpf (as told in the PDF from yealink) I create the tar file and uploaded to the phone. After upload, the field changes to vpn.cnf
What I don't know if the certificates have been imported correctly because I don't know if there is a way to check the files structure of the phone and search them.


Code:
vpn.cnf

client
dev tun
proto udp
port 1194
remote xx.xx.xx.xx
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/phone.crt
key /config/openvpn/keys/phone.key
comp-lzo
verb3

As additional information, I've been writing the vpn.cnf line by line and uploading it to the phone and then rebooting to check the logs.
Errors appear only if the remote/port/proto and the keys are missing
After that, if the command is correct for OpenVPN, no error is shown except for the one below:
openvpn[1118]: OpenVPN 2.4.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] built on

I've seen the option
auth SHA1
I'm not sure if it's needed to specify the "auth SHA1" or it's the default

Hope that's all the information needed to explain my problem
Thanks in advance for any help
(This post was last modified: 08-02-2019 08:36 PM by Danariel.)
08-01-2019 12:34 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
jolouis Offline
Moderator
*****

Posts: 339
Joined: Oct 2013
Reputation: 6
Post: #2
RE: OpenVPN not doing anything T42G
What are you seeing on the server? i.e. does the server show the phone even trying to connect, is it rejecting it, or?
Turn logging up on the server, reload, then try and see what happens.

For the phone itself you can increase the overall log level under settings->Log Level. Turn that up to 6 and you should see all kinds of messages about OpenVPN doing stuff.

Check both of those and see if any obvious errors or messages stand out.
08-01-2019 05:38 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Danariel Offline
Junior Member
**

Posts: 3
Joined: Jul 2019
Reputation: 0
Post: #3
RE: OpenVPN not doing anything T42G
Thanks for the answer jolouis
the logs boot and sys at level 6 are showing:
Code:
<134>Aug  2 00:00:09 sys [939]: SYS <6+info  > run openvpn
<132>Aug  2 00:00:09 ATP [997]: ATP <4+warnin> Network check fail, sleep 1s
<134>Aug  2 00:00:09 sys [939]: LLDP<6+info  > proto LLDP, multicast filter for <add> success.
<134>Aug  2 00:00:09 sys [939]: LLDP<6+info  > proto CDPv2, multicast filter for <add> success.
<134>Aug  2 00:00:09 sua [1014]: APP <6+info  > [SIP] <IPC_rcv >:msg:0x00000004, wparam:0x00000001, lparam:0xc4097a18, id:Undefined recv msg string
<134>Aug  2 00:00:09 sua [1014]: APP <6+info  > [SIP] <IPC_rcv >:msg:0x00000084, wparam:0x00000013, lparam:0x00000000, id:Undefined recv msg string
<133>Aug  2 00:00:09 ipvp[1008]: IPVP<5+notice> 009.746.986:Message=0x00000004(0x00000001+0xc4097a18+0)
<133>Aug  2 00:00:09 ipvp[1008]: IPVP<5+notice> 009.936.253:Message=0x00000084(0x00000013+0x00000000+0)
<29>Aug  2 00:00:09 openvpn[1118]: OpenVPN 2.4.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] built on Oct 20 2017
<134>Aug  2 00:00:09 sua [1014]: APP <6+info  > [SIP] <IPC_rcv >:msg:0x00000004, wparam:0x00000000, lparam:0xc4097a18, id:Undefined recv msg string
<134>Aug  2 00:00:09 sua [1014]: APP <6+info  > [SIP] <IPC_rcv >:msg:0x00000085, wparam:0x00000013, lparam:0x00000000, id:Undefined recv msg string
<133>Aug  2 00:00:09 ipvp[1008]: IPVP<5+notice> 009.964.082:Message=0x00000004(0x00000000+0xc4097a18+0)
<133>Aug  2 00:00:09 ipvp[1008]: IPVP<5+notice> 009.964.777:Message=0x00000085(0x00000013+0x00000000+0)
<134>Aug  2 00:00:09 sys [939]: SRV <6+info  > arm_set_lan_port
<134>Aug  2 00:00:09 sys [939]: SYS <6+info  > close pc port
<134>Aug  2 00:00:09 sys [939]: SRV <6+info  > arm_set_port_speed
<134>Aug  2 00:00:09 sys [939]: SRV <6+info  > lan_link_mode 0
<131>Aug  2 00:00:09 sys [939]: SRV <3+error > set net 1 interface, bsp speed 100, level 4: bsw level success.
<132>Aug  2 00:00:09 sys [939]: SYS <4+warnin> set lan speed 100, level 4
<131>Aug  2 00:00:09 sys [939]: SRV <3+error > Command Failed, EMAC_SIOCG_SPEED

Other than that there is no mention of the certificate files, the ip of the VPN server or any info that I can link with an attempt to connect to the VPN

I've re-created all the certificates (the server's and phone's) and created a new conf file with the same content but using the port 1195 instead
The server is waiting incoming connections. Just showing the message "Initialization Sequence Complete". I've checked all the process to start the server an no error is visible. Then I tried to connect with the same certificates but from a laptop and the server receives the connection and assigns the tunnel and IP.
Both the laptop and the phone are in the same network and using the same public IP and router to go out to internet, so it's not a problem of firewall block or blocked IP from the other end.

Any other suggestion?
Downgrade the firmware and check if the V82 or V81 versions are working?

Thanks in advance

EDIT: I tested to edit the routes in the vpn.cnf file to see if there was any error message as "file not found" or something, but it's accepting all the routes:
- /yealink/config/openvpn/keys
- /config/openvpn/keys
- /openvpn/keys
- /keys

The error message about CA or crt file missing is only if there is no entry in the vpn.cnf and not a file checking?
In that way, if the file is not present you don't receive an error message?

I've also changed the name of the ca file to ca1 and there is no error message
(This post was last modified: 08-02-2019 02:11 PM by Danariel.)
08-02-2019 08:57 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Danariel Offline
Junior Member
**

Posts: 3
Joined: Jul 2019
Reputation: 0
Post: #4
RE: OpenVPN not doing anything T42G
I'm going to close the thread because I solved it just downgrading the firmware of the phone to the V82
I don't know if there is a workaround with the V83, but I'd not found it.
No explicit error message so no specific fix.
Thanks for the comment.
At least I'd learnt a lot about the commands to configure the server and client and now I know what commands are going to be deprecated (like the comp-lzo that is now compress -> V82 still needs comp-lzo)
08-02-2019 08:35 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
benaam433 Offline
Banned

Posts: 3
Joined: Aug 2019
Post: #5
RE: [SOLVED] OpenVPN not doing anything T42G V83
If you saw this problem in the future then you should try another VPN like X VPN Premium Version instead of updating the firmware of the phone. Because updaing the firmware takes a lot of time. So changing a VPN is an easy process.
Hope, it will help you in future if you saw this problem again.
Regards,
Benaam
(This post was last modified: 09-15-2019 11:36 AM by benaam433.)
09-15-2019 11:35 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
jamesg224 Offline
Junior Member
**

Posts: 1
Joined: Dec 2019
Reputation: 0
Post: #6
RE: [SOLVED] OpenVPN not doing anything T42G V83
I am also having this issues and a downgrade to 29.82.0.20 solved the problem. The issue appeared in all V83 firmware. Is there a different way of configuring the VPN for T42 V83?
03-27-2020 02:32 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Yealink T42S and T42G Phone stuck at Welcome Pierre06 7 3,897 01-10-2022 11:36 PM
Last Post: Pierre06
  Yealink T42G Phone stuck at Welcome LFC 8 18,770 11-18-2021 11:20 PM
Last Post: Pierre06
  T42G - Stuck at Welcome screen clevoip 1 2,040 10-15-2021 01:28 AM
Last Post: complex1
  T41P and OpenVPN coltarushalo 0 1,900 05-26-2021 02:58 AM
Last Post: coltarushalo
  Packet Capture - T4x w/OpenVPN coltarushalo 0 1,676 03-13-2021 01:15 AM
Last Post: coltarushalo
  OpenVPN issue with SIP/UDP fredoch 0 2,197 11-10-2020 03:47 PM
Last Post: fredoch
  Increase BLF Label Field T42G redmondsau 0 2,068 09-08-2020 11:12 PM
Last Post: redmondsau
  OpenVPN Version List coltarushalo 0 2,006 08-03-2020 08:35 PM
Last Post: coltarushalo
  T4xG no OpenVPN IP when using TAP Output101 2 5,656 04-11-2020 08:16 PM
Last Post: gordon0193
  T42G with firmware T42-29.83.0.120.rom compsos 1 4,452 02-03-2020 07:48 PM
Last Post: complex1

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication