[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
OpenVPN connection to Elastix failing
Author Message
l4telcom Offline
Junior Member
**

Posts: 6
Joined: Dec 2013
Reputation: 0
Post: #1
OpenVPN connection to Elastix failing
We have a test server running that has Elastix 2.4 with OpenVPN installed. I have confirmed that I can connect from a Windows PC running an OpenVPN client, but when I try to connect a T38, it fails.
The T38 is running firmware version 38.70.0.125 and the openvpn software running on the server is

Server config: server.conf
Code:
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/pbx102.crt
key /etc/openvpn/easy-rsa/keys/pbx102.key  
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 208.67.222.222"
client-to-client
keepalive 10 120
max-clients 10
persist-key
persist-tun
status /var/log/openvpn-status.log
log         /var/log/openvpn.log
log-append  /var/log/openvpn.log
verb 6

Windows PC client config: ext101.ovpn
Code:
client
setenv SERVER_POLL_TIMEOUT 4
nobind
remote xxx.xxx.xxx.xxx 1194 udp
remote xxx.xxx.xxx.xxx 443 tcp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-retry nointeract
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
# comp-lzo no
verb 3

ca "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\ext101.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\ext101.key"

T38 config: vpn.cnf
Code:
client
setenv SERVER_POLL_TIMEOUT 4
nobind
remote xxx.xxx.xxx.xxx 1194 udp
remote xxx.xxx.xxx.xxx 443 tcp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-retry nointeract
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3

ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/ext101.crt
key /config/openvpn/keys/ext101.key

On the server logs, the following is shown and just indefinitely repeats:
Code:
Wed Feb 26 17:10:12 2014 us=521050 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [114] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_V1 kid=0 [ ] pid=24 DATA len=100
Wed Feb 26 17:10:12 2014 us=521192 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [114] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Wed Feb 26 17:10:13 2014 us=611876 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [114] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_V1 kid=0 [ ] pid=22 DATA len=100
Wed Feb 26 17:10:14 2014 us=666310 xxx.xxx.xxx.xxx:1025 UDPv4 READ [14] from [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Feb 26 17:10:14 2014 us=666343 xxx.xxx.xxx.xxx:1025 TLS: new session incoming connection from [AF_INET]xxx.xxx.xxx.xxx:1025
Wed Feb 26 17:10:14 2014 us=666398 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [22] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_ACK_V1 kid=0 [ 0 ]
Wed Feb 26 17:10:15 2014 us=817441 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [114] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_V1 kid=0 [ ] pid=23 DATA len=100
Wed Feb 26 17:10:16 2014 us=968274 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [114] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_V1 kid=0 [ ] pid=24 DATA len=100
Wed Feb 26 17:10:17 2014 us=4181 xxx.xxx.xxx.xxx:1025 UDPv4 READ [14] from [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Feb 26 17:10:17 2014 us=4222 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [22] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_ACK_V1 kid=0 [ 0 ]
Wed Feb 26 17:10:20 2014 us=364755 xxx.xxx.xxx.xxx:1025 UDPv4 READ [14] from [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Feb 26 17:10:20 2014 us=364797 xxx.xxx.xxx.xxx:1025 TLS: new session incoming connection from [AF_INET]xxx.xxx.xxx.xxx:1025
Wed Feb 26 17:10:20 2014 us=364877 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [22] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_ACK_V1 kid=0 [ 0 ]

The phone log shows this:
Code:
Feb 26 22:13:49 openvpn[289]: LZO compression initialized
Feb 26 22:13:49 openvpn[289]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Feb 26 22:13:49 openvpn[289]: Socket Buffers: R=[112640->200000] S=[112640->200000]
Feb 26 22:13:49 openvpn[289]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Feb 26 22:13:49 openvpn[289]: Local Options hash (VER=V4): '41690919'
Feb 26 22:13:49 openvpn[289]: Expected Remote Options hash (VER=V4): '530fdded'
Feb 26 22:13:49 openvpn[289]: UDPv4 link local: [undef]
Feb 26 22:13:49 openvpn[289]: UDPv4 link remote: xxx.xxx.xxx.xxx:1194
Feb 26 22:13:49 openvpn[289]: TLS Error: Unroutable control packet received from xxx.xxx.xxx.xxx:1194 (si=3 op=P_ACK_V1)
Feb 26 22:13:51 openvpn[289]: TLS Error: Unroutable control packet received from xxx.xxx.xxx.xxx:1194 (si=3 op=P_ACK_V1)
Feb 26 22:13:53 openvpn[289]: Server poll timeout, restarting
Feb 26 22:13:53 openvpn[289]: TCP/UDP: Closing socket
Feb 26 22:13:53 openvpn[289]: SIGUSR1[soft,server_poll] received, process restarting
Feb 26 22:13:53 openvpn[289]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Feb 26 22:13:53 openvpn[289]: LZO compression initialized
Feb 26 22:13:53 openvpn[289]: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Feb 26 22:13:53 openvpn[289]: Socket Buffers: R=[87380->200000] S=[16384->200000]
Feb 26 22:13:53 openvpn[289]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Feb 26 22:13:53 openvpn[289]: Local Options hash (VER=V4): '69109d17'
Feb 26 22:13:53 openvpn[289]: Expected Remote Options hash (VER=V4): 'c0103fa8'
Feb 26 22:13:53 openvpn[289]: Attempting to establish TCP connection with xxx.xxx.xxx.xxx:443 [nonblock]
Feb 26 22:13:54 openvpn[289]: TCP connection established with xxx.xxx.xxx.xxx:443
Feb 26 22:13:54 openvpn[289]: TCPv4_CLIENT link local: [undef]
Feb 26 22:13:54 openvpn[289]: TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:443
Feb 26 22:13:54 openvpn[289]: Connection reset, restarting [0]
Feb 26 22:13:54 IPP[502]: IPP <4+warnin>834.575.431:unkown msg,00010102,00000000,00000000
Feb 26 22:13:54 openvpn[289]: TCP/UDP: Closing socket
Feb 26 22:13:54 openvpn[289]: SIGUSR1[soft,connection-reset] received, process restarting
Feb 26 22:13:54 openvpn[289]: Restart pause, 1 second(s)


To make things even more confusing, I setup the Windows PC to act as a server with the same configuration, just modifying the paths to the key files, and then I adjusted the phone's config to point to the Windows PC's IP address. The phone connected to that VPN without error.

Can anyone shed some light on what I'm missing?

Thanks.
(This post was last modified: 02-28-2014 12:38 AM by l4telcom.)
02-27-2014 06:37 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
OpenVPN connection to Elastix failing - l4telcom - 02-27-2014 06:37 AM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Passing only LDAP traffic through OPENVPN Commensus 0 1,963 02-23-2022 09:47 PM
Last Post: Commensus
  Configuring OPENVPN with Yealink Commensus 0 2,447 02-23-2022 09:45 PM
Last Post: Commensus
  DHCP not working on T26P when OpenVPN is enabled. LandonL 11 35,793 05-12-2021 10:46 AM
Last Post: 1sae
  Solved Openvpn.tar creating the right size file compsos 3 8,155 08-20-2020 06:49 AM
Last Post: complex1
  OpenVPN and QoS/TOS roelvanmeer 0 4,518 02-19-2019 09:27 AM
Last Post: roelvanmeer
  OpenVPN Timeout connecting p2xt 3 10,040 07-13-2018 07:37 PM
Last Post: jolouis
  Network Directory gives Connection Error TelNet Worldwide_Support 1 6,491 09-15-2017 02:59 AM
Last Post: Lucia_Yealink
  openvpn w52p setup rafael 4 18,928 08-10-2017 02:03 PM
Last Post: indicato
  can't setup openvpn with t48g zzz 8 24,025 07-18-2017 09:04 AM
Last Post: sj
  BLF Trunk Monitor Elastix Ricardo111 1 6,376 12-30-2016 10:13 AM
Last Post: Jensen_Yealink

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication