Yealink OpenVPN – cant connect

VitalPBX Community Support General Discussion Yealink OpenVPN – cant connect

  • Post
    reddata
    Participant

    newly installed VitalPBX, with OpenVPN, with Yealink phones….Server config is this:-

    port 1194
    proto udp
    dev tun
    ca /etc/openvpn/certificates/ca.crt
    cert /etc/openvpn/certificates/issued/server.crt
    key /etc/openvpn/certificates/private/server.key
    dh /etc/openvpn/certificates/dh.pem
    topology subnet
    server 10.8.0.0 255.255.255.0
    client-config-dir /etc/openvpn/ccd
    persist-key
    persist-tun
    status /var/log/openvpn-status.log
    log-append /var/log/openvpn.log
    keepalive 10 120
    cipher AES-256-CBC
    max-clients 100
    user openvpn
    group openvpn
    verb 3
    explicit-exit-notify 1
    script-security 3

     

    and I get this error (on the Yealink)

    Line 118: Dec 6 00:00:19 openvpn[586]: OpenVPN 2.2.1 arm-dspg-linux-uclibceabi [SSL] [LZO2] [EPOLL] built on Feb 2 2015
    Line 118: Dec 6 00:00:19 openvpn[586]: OpenVPN 2.2.1 arm-dspg-linux-uclibceabi [SSL] [LZO2] [EPOLL] built on Feb 2 2015
    Line 119: Dec 6 00:00:19 openvpn[586]: NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables
    Line 119: Dec 6 00:00:19 openvpn[586]: NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables
    Line 121: Dec 6 00:00:19 openvpn[586]: WARNING: file ‘/config/openvpn/keys/client2.key’ is group or others accessible
    Line 121: Dec 6 00:00:19 openvpn[586]: WARNING: file ‘/config/openvpn/keys/client2.key’ is group or others accessible
    Line 122: Dec 6 00:00:19 openvpn[586]: LZO compression initialized
    Line 123: Dec 6 00:00:19 openvpn[586]: Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Line 124: Dec 6 00:00:19 openvpn[586]: Socket Buffers: R=[112640->131072] S=[112640->131072]
    Line 125: Dec 6 00:00:19 openvpn[586]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
    Line 126: Dec 6 00:00:19 openvpn[586]: Local Options hash (VER=V4): ‘22188c5b’
    Line 127: Dec 6 00:00:19 openvpn[586]: Expected Remote Options hash (VER=V4): ‘a8f55717’
    Line 128: Dec 6 00:00:19 openvpn[589]: UDPv4 link local: [undef]
    Line 129: Dec 6 00:00:19 openvpn[589]: UDPv4 link remote: {WAN IP HERE – REMOVED}:1194
    Line 130: Dec 6 00:00:19 openvpn[589]: write UDPv4 []: Network is unreachable (code=101)
    Line 155: Dec 6 00:00:21 openvpn[589]: write UDPv4 []: Network is unreachable (code=101)

    this is the vpn.cnf i downloaded (as part of the tar)

    # OpenVPN Client Configuration generated by VitalPBX
    client
    dev tun
    proto udp
    topology subnet
    remote {WAN IP REMOVED} 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca /config/openvpn/keys/ca.crt
    cert /config/openvpn/keys/client1.crt
    key /config/openvpn/keys/client1.key
    remote-cert-tls server
    cipher AES-256-CBC
    verb 3
    comp-lzo

     

    thanks in advance…

    0
Viewing 15 replies - 1 through 15 (of 15 total)
  • Replies
    Rodrigo Cuadra
    Keymaster
    NI
    Up
    0
    Down

    Which Yealink phone model are you using?

    You have the NAT configured in the extension: force-comedia?

    Remember that you have to register the phone to IP 10.8.0.1

    0
    Up
    0
    Down

    Did you enable access to port 1194 in your router?

    0
    reddata
    Participant
    Up
    0
    Down
    Posted by: admin

    Which Yealink phone model are you using?

    You have the NAT configured in the extension: force-comedia?

    Remember that you have to register the phone to IP 10.8.0.1

    its a T46g and i tried a T49g too

    i dont know what you mean about force-comedia where is that?

    do you mean static IP on the openvpn client settings on vitalpbx? yes I have set an ip in there.

    0
    reddata
    Participant
    Up
    0
    Down
    Posted by: mrivera

    Did you enable access to port 1194 in your router?

    yes

    0
    Rodrigo Cuadra
    Keymaster
    NI
    Up
    0
    Down

    In VitalPBX when you create the extension, you need to change the NAT option to Force, Comedia (In Devices section).

    When you create a OpenVPN, the IP of the VitalPBX server for all VPN Cliente is 10.8.0.1, you need to set the Yealink phone Account to this address 10.8.0.1 (NOT the public IP of the server VitalPBX). 

    0
    reddata
    Participant
    Up
    0
    Down
    Posted by: admin

    In VitalPBX when you create the extension, you need to change the NAT option to Force, Comedia (In Devices section).

    When you create a OpenVPN, the IP of the VitalPBX server for all VPN Cliente is 10.8.0.1, you need to set the Yealink phone Account to this address 10.8.0.1 (NOT the public IP of the server VitalPBX). 

    Thanks, so I think I understand that, but if I create just an OpenVPN client (under add-ons) OpenVPN, Clients, then download the Tar, and upload to the phone, shouldn’t it dial up the VPN, regardless of any VitalPBX extension? or does creating an extension alter the OpenVPN tar file? and if so, how does it know which “OpenVPN” client to use?

     

     

    0
    Rodrigo Cuadra
    Keymaster
    NI
    Up
    0
    Down

    Once the VPN between the Phone and VitalPBX has been established, it does not matter which extension you configure in the phone, always and when creating the extension it registers in the IP 10.8.0.1

    In VitalPBX there is no relationship between OpenVPN and the extension.

    I recommend you to carefully see the following blog:

    0
    reddata
    Participant
    Up
    0
    Down
    Posted by: admin

    Once the VPN between the Phone and VitalPBX has been established, it does not matter which extension you configure in the phone, always and when creating the extension it registers in the IP 10.8.0.1

    In VitalPBX there is no relationship between OpenVPN and the extension.

    I recommend you to carefully see the following blog:

    OK, thanks.

    So i read the articles at the start, followed them to the letter, and have created the OpenVPN connection client, downloaded the TAR, uploaded to the Yealink ( I have tried 2 yealinks ) and this is the log file the Yealink spits out, so forgetting the “extension” it isn’t dialling the openVPN, which needs to come first, which is where i need the help?

    Is there OpenVPN log files on the vitalpbx I can look at somewhere, to check it is at least hitting the OpenVPN server? (looks like it is)

     

    Line 120: Dec 6 00:00:16 openvpn[585]: OpenVPN 2.2.1 arm-dspg-linux-uclibceabi [SSL] [LZO2] [EPOLL] built on Feb 2 2015
    Line 120: Dec 6 00:00:16 openvpn[585]: OpenVPN 2.2.1 arm-dspg-linux-uclibceabi [SSL] [LZO2] [EPOLL] built on Feb 2 2015
    Line 121: Dec 6 00:00:16 openvpn[585]: NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables
    Line 121: Dec 6 00:00:16 openvpn[585]: NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables
    Line 125: Dec 6 00:00:17 openvpn[585]: WARNING: file ‘/config/openvpn/keys/client3.key’ is group or others accessible
    Line 125: Dec 6 00:00:17 openvpn[585]: WARNING: file ‘/config/openvpn/keys/client3.key’ is group or others accessible
    Line 126: Dec 6 00:00:17 openvpn[585]: LZO compression initialized
    Line 127: Dec 6 00:00:17 openvpn[585]: Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Line 128: Dec 6 00:00:17 openvpn[585]: Socket Buffers: R=[112640->131072] S=[112640->131072]
    Line 129: Dec 6 00:00:17 openvpn[585]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
    Line 130: Dec 6 00:00:17 openvpn[585]: Local Options hash (VER=V4): ‘22188c5b’
    Line 131: Dec 6 00:00:17 openvpn[585]: Expected Remote Options hash (VER=V4): ‘a8f55717’
    Line 132: Dec 6 00:00:17 openvpn[589]: UDPv4 link local: [undef]
    Line 138: Dec 6 00:00:17 openvpn[589]: UDPv4 link remote: {removedWANIP}:1194
    Line 139: Dec 6 00:00:17 openvpn[589]: write UDPv4 []: Network is unreachable (code=101)
    Line 154: Dec 6 00:00:19 openvpn[589]: write UDPv4 []: Network is unreachable (code=101)
    Line 179: Dec 6 00:00:23 openvpn[589]: write UDPv4 []: Network is unreachable (code=101)

    0
    Up
    0
    Down

    You may check the openvpn log in the following path:

     /var/log/openvpn.log

    Or check in real time with the following command: 

    tail -n 50 -f /var/log/openvpn.log

     

    0
    Rodrigo Cuadra
    Keymaster
    NI
    Up
    0
    Down

    Do you have the latest firmware version installed on the Yealink phone?

    0
    reddata
    Participant
    Up
    0
    Down
    Posted by: admin

    Do you have the latest firmware version installed on the Yealink phone?

    Yes

    0
    reddata
    Participant
    Up
    0
    Down

    So, there is nothing in the /var/log/openvpn.log ?

    i notice on an ifconfig, that I am getting a 172.31.23.2 as the address? which isn’t the same as the IP address, Amazon EC2 shows as, that I am SSH’ing to…. When I try to look at the network settings in VitalPBX I get:-  sh: nmcli: command not found

    Surely the ifconfig should give me the IP that I am connecting to via SSH? i am confused!

    Can anyone help me get this working? Happy to pay.

    Thanks

    0
    reddata
    Participant
    Up
    0
    Down

    ah….hang one…. I checked/changed the NAT settings in the setup page, and now I see this in the log:-

     

    Mon Dec 10 08:54:44 2018 Diffie-Hellman initialized with 2048 bit key
    Mon Dec 10 08:54:44 2018 TUN/TAP device tun0 opened
    Mon Dec 10 08:54:44 2018 TUN/TAP TX queue length set to 100
    Mon Dec 10 08:54:44 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Mon Dec 10 08:54:44 2018 /sbin/ip link set dev tun0 up mtu 1500
    Mon Dec 10 08:54:44 2018 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
    Mon Dec 10 08:54:44 2018 /etc/openvpn/bin/vpn.up tun0 1500 1622 10.8.0.1 255.255.255.0 init
    success
    success
    Mon Dec 10 08:54:49 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET
    Mon Dec 10 08:54:49 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
    Mon Dec 10 08:54:49 2018 UDPv4 link local (bound): [AF_INET][undef]:1194
    Mon Dec 10 08:54:49 2018 UDPv4 link remote: [AF_UNSPEC]
    Mon Dec 10 08:54:49 2018 GID set to openvpn
    Mon Dec 10 08:54:49 2018 UID set to openvpn
    Mon Dec 10 08:54:49 2018 MULTI: multi_init called, r=256 v=256
    Mon Dec 10 08:54:49 2018 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
    Mon Dec 10 08:54:49 2018 Initialization Sequence Completed

    0
    reddata
    Participant
    Up
    0
    Down

    so, if I run…..  tcpdump -i eth0 port 1194

    Then I can see my WAN ip trying to connect and do something…so, it looks like something is trying to connect, but nothing in the openvpn logs:-

     

    [centos@ip-172-*-*-2 ~]$ sudo tcpdump -i eth0 port 1194
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
    09:39:10.334803 IP 78-141-*-*.xdsl.murphx.net.33747 > ip-172-*-*-2.eu-west-2.compute.internal.openvpn: UDP, length 14
    09:39:29.093802 IP 78-141-*-*.xdsl.murphx.net.36035 > ip-172-*-*-2.eu-west-2.compute.internal.openvpn: UDP, length 14
    09:39:31.134025 IP 78-141-*-*.xdsl.murphx.net.36035 > ip-172-*-*-2.eu-west-2.compute.internal.openvpn: UDP, length 14
    09:39:35.215056 IP 78-141-*-*.xdsl.murphx.net.36035 > ip-172-*-*-2.eu-west-2.compute.internal.openvpn: UDP, length 14

    0
    Up
    0
    Down

    You may try to follow this tutorial: https://hackernoon.com/using-a-vpn-server-to-connect-to-your-aws-vpc-for-just-the-cost-of-an-ec2-nano-instance-3c81269c71c2

    Due you are using Amazon VM, the task of configure the OpenVPN is a little more complex, I hope that the tutorial above help you to configure it successfully 

    0
Viewing 15 replies - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.