Log in

1sae · 07-18-2023 06:50 AM

Hi I know this phone is pretty old now, but I'm not in the habit of replacing business phones every few years. I have an off site employee that we gave a T28P phone to that has been connecting through openvpn for a couple of years now with no problem. My office firewall is pfSense and was using the 2.6 release with the yealink 2.73.0.50 firmware.

My issue came out when I updated pfSense to v2.7 that updated openvpn. Now I get the following error in the phone log:

Code:

Jul 17 22:16:33 openvpn[439]: TLS Error: TLS handshake failed

Jul 17 22:16:33 openvpn[439]: SIGUSR1[soft,tls-error] received, process restarting

Jul 17 22:16:35 openvpn[439]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Jul 17 22:16:35 openvpn[439]: Re-using SSL/TLS context

Jul 17 22:16:35 openvpn[439]: UDPv4 link local (bound): [undef]:1194

Jul 17 22:16:35 openvpn[439]: UDPv4 link remote: 76.XXX.XXX.XX:1197

and get this in my firewall log:

Code:

Jul 17 15:15:33     openvpn     55123     98.XXX.XXX.XXX:1194 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only

Jul 17 15:15:33     openvpn     55123     98.XXX.XXX.XXX:1194 OpenSSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol

Jul 17 15:15:33     openvpn     55123     98.XXX.XXX.XXX:1194 TLS_ERROR: BIO read tls_read_plaintext error

Jul 17 15:15:33     openvpn     55123     98.XXX.XXX.XXX:1194 TLS Error: TLS object -> incoming plaintext read error

Jul 17 15:15:33     openvpn     55123     98.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed

My guess is that the phone is using an old version of openvpn because the same configuration worked before. Here's a copy of my vpn.cnf:

Code:

remote XXX.XXXXX.com 1197 udp

dev tun

persist-tun

persist-key

##ncp-ciphers AES-128-CBC:AES-256-CBC

cipher AES-128-CBC

auth SHA1

tls-client

client

resolv-retry infinite

ca /yealink/config/openvpn/keys/ca.crt

cert /yealink/config/openvpn/keys/client1.crt

key /yealink/config/openvpn/keys/client1.key

remote-cert-tls server

explicit-exit-notify

auth-nocache

I've also tried a number of different ciphers that didn't work (BF-CBC, CF-CFB, AES-256-CBC, AES-128-GCM).

Any suggestions would be greatly appreciated!

Possibly Related Threads...
Thread:		Author	Replies:	Views:	Last Post
	T19PE2 openvpn?	bozko	0	5,149	10-11-2020 11:43 AM Last Post: bozko
	how to connect yealink T23G to mikrotik openvpn server	m.taghavi	4	13,960	10-11-2020 11:31 AM Last Post: bozko
	T28P foward call doesn´t work with 2.73.0.50	Tato	4	11,735	09-14-2020 03:49 PM Last Post: complex1
	Yealink T28P Firmware Upgrade Fails	Michelth	11	55,274	06-27-2020 10:13 AM Last Post: complex1
	T28P LDAP Problem	oguzhan	1	7,832	06-10-2020 01:14 PM Last Post: beldimon
	openvpn[1205]: RESOLVE: Cannot resolve host address: myfake.dns.net:1194	rafael.catelecom	2	8,032	11-07-2019 02:24 PM Last Post: rafael.catelecom
	T28P Handset Noise Problems	fdtcloud	18	62,715	01-14-2019 04:23 PM Last Post: dtgriscom
	T27G Load XML Browser URL Error	aciacci	0	5,690	11-14-2018 09:00 AM Last Post: aciacci
	Yealink Phones + OpenVPN	Ramkumar	0	5,497	05-28-2018 06:14 AM Last Post: Ramkumar
	T19 E2 with openvpn TLS handshake failed	Samcotec	2	10,110	04-28-2017 02:59 PM Last Post: Michael_Yealink

Threaded Mode \| Linear Mode T28P - OpenVPN TLS error: Unsupported protocol
Author	Message