We have a test server running that has Elastix 2.4 with OpenVPN installed. I have confirmed that I can connect from a Windows PC running an OpenVPN client, but when I try to connect a T38, it fails.
The T38 is running firmware version 38.70.0.125 and the openvpn software running on the server is
Server config: server.conf
Code:
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/pbx102.crt
key /etc/openvpn/easy-rsa/keys/pbx102.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 208.67.222.222"
client-to-client
keepalive 10 120
max-clients 10
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 6
Windows PC client config: ext101.ovpn
Code:
client
setenv SERVER_POLL_TIMEOUT 4
nobind
remote xxx.xxx.xxx.xxx 1194 udp
remote xxx.xxx.xxx.xxx 443 tcp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-retry nointeract
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
# comp-lzo no
verb 3
ca "C:\\Program Files (x86)\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\config\\ext101.crt"
key "C:\\Program Files (x86)\\OpenVPN\\config\\ext101.key"
T38 config: vpn.cnf
Code:
client
setenv SERVER_POLL_TIMEOUT 4
nobind
remote xxx.xxx.xxx.xxx 1194 udp
remote xxx.xxx.xxx.xxx 443 tcp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-retry nointeract
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/ext101.crt
key /config/openvpn/keys/ext101.key
On the server logs, the following is shown and just indefinitely repeats:
Code:
Wed Feb 26 17:10:12 2014 us=521050 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [114] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_V1 kid=0 [ ] pid=24 DATA len=100
Wed Feb 26 17:10:12 2014 us=521192 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [114] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Wed Feb 26 17:10:13 2014 us=611876 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [114] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_V1 kid=0 [ ] pid=22 DATA len=100
Wed Feb 26 17:10:14 2014 us=666310 xxx.xxx.xxx.xxx:1025 UDPv4 READ [14] from [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Feb 26 17:10:14 2014 us=666343 xxx.xxx.xxx.xxx:1025 TLS: new session incoming connection from [AF_INET]xxx.xxx.xxx.xxx:1025
Wed Feb 26 17:10:14 2014 us=666398 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [22] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_ACK_V1 kid=0 [ 0 ]
Wed Feb 26 17:10:15 2014 us=817441 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [114] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_V1 kid=0 [ ] pid=23 DATA len=100
Wed Feb 26 17:10:16 2014 us=968274 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [114] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_V1 kid=0 [ ] pid=24 DATA len=100
Wed Feb 26 17:10:17 2014 us=4181 xxx.xxx.xxx.xxx:1025 UDPv4 READ [14] from [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Feb 26 17:10:17 2014 us=4222 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [22] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_ACK_V1 kid=0 [ 0 ]
Wed Feb 26 17:10:20 2014 us=364755 xxx.xxx.xxx.xxx:1025 UDPv4 READ [14] from [AF_INET]xxx.xxx.xxx.xxx:1025: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Wed Feb 26 17:10:20 2014 us=364797 xxx.xxx.xxx.xxx:1025 TLS: new session incoming connection from [AF_INET]xxx.xxx.xxx.xxx:1025
Wed Feb 26 17:10:20 2014 us=364877 xxx.xxx.xxx.xxx:1025 UDPv4 WRITE [22] to [AF_INET]xxx.xxx.xxx.xxx:1025: P_ACK_V1 kid=0 [ 0 ]
The phone log shows this:
Code:
Feb 26 22:13:49 openvpn[289]: LZO compression initialized
Feb 26 22:13:49 openvpn[289]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Feb 26 22:13:49 openvpn[289]: Socket Buffers: R=[112640->200000] S=[112640->200000]
Feb 26 22:13:49 openvpn[289]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Feb 26 22:13:49 openvpn[289]: Local Options hash (VER=V4): '41690919'
Feb 26 22:13:49 openvpn[289]: Expected Remote Options hash (VER=V4): '530fdded'
Feb 26 22:13:49 openvpn[289]: UDPv4 link local: [undef]
Feb 26 22:13:49 openvpn[289]: UDPv4 link remote: xxx.xxx.xxx.xxx:1194
Feb 26 22:13:49 openvpn[289]: TLS Error: Unroutable control packet received from xxx.xxx.xxx.xxx:1194 (si=3 op=P_ACK_V1)
Feb 26 22:13:51 openvpn[289]: TLS Error: Unroutable control packet received from xxx.xxx.xxx.xxx:1194 (si=3 op=P_ACK_V1)
Feb 26 22:13:53 openvpn[289]: Server poll timeout, restarting
Feb 26 22:13:53 openvpn[289]: TCP/UDP: Closing socket
Feb 26 22:13:53 openvpn[289]: SIGUSR1[soft,server_poll] received, process restarting
Feb 26 22:13:53 openvpn[289]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Feb 26 22:13:53 openvpn[289]: LZO compression initialized
Feb 26 22:13:53 openvpn[289]: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Feb 26 22:13:53 openvpn[289]: Socket Buffers: R=[87380->200000] S=[16384->200000]
Feb 26 22:13:53 openvpn[289]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Feb 26 22:13:53 openvpn[289]: Local Options hash (VER=V4): '69109d17'
Feb 26 22:13:53 openvpn[289]: Expected Remote Options hash (VER=V4): 'c0103fa8'
Feb 26 22:13:53 openvpn[289]: Attempting to establish TCP connection with xxx.xxx.xxx.xxx:443 [nonblock]
Feb 26 22:13:54 openvpn[289]: TCP connection established with xxx.xxx.xxx.xxx:443
Feb 26 22:13:54 openvpn[289]: TCPv4_CLIENT link local: [undef]
Feb 26 22:13:54 openvpn[289]: TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:443
Feb 26 22:13:54 openvpn[289]: Connection reset, restarting [0]
Feb 26 22:13:54 IPP[502]: IPP <4+warnin>834.575.431:unkown msg,00010102,00000000,00000000
Feb 26 22:13:54 openvpn[289]: TCP/UDP: Closing socket
Feb 26 22:13:54 openvpn[289]: SIGUSR1[soft,connection-reset] received, process restarting
Feb 26 22:13:54 openvpn[289]: Restart pause, 1 second(s)
To make things even more confusing, I setup the Windows PC to act as a server with the same configuration, just modifying the paths to the key files, and then I adjusted the phone's config to point to the Windows PC's IP address. The phone connected to that VPN without error.
Can anyone shed some light on what I'm missing?
Thanks.