configuration error

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mahan77
OpenVpn Newbie
Posts: 1
Joined: Wed Mar 12, 2014 7:45 pm

configuration error

Post by mahan77 » Tue Mar 25, 2014 12:44 am

Hi,
I can connect Openvpn from my mac using Tunnelblick with out any problem. But when I try to connect Yealink t22p IP phone wont work. Any help please?

Server.conf
local 192.168.1.100
port 1194
proto udp
dev tun
dev-type tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server100.crt
key /etc/openvpn/easy-rsa/keys/server100.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "route 10.0.0.0 255.0.0.0"
push "route 172.16.1.0 255.240.0.0"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
user nobody
group nobody
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 5

client vpn.cnf
setenv SERVER_POLL_TIMEOUT 4
remote 192.168.1.100 1194 udp
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-retry nointeract
comp-lzo no
verb 5
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/ClYealink.crt
key /config/openvpn/keys/ClYealink.key


This is the log from server
WRRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRMon Mar 24 23:04:32 2014 us=735964 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WRRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWWWWRMon Mar 24 23:04:34 2014 us=177487 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WWWWWRWWWWWRMon Mar 24 23:04:38 2014 us=314288 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WWWWWRWWRMon Mar 24 23:04:42 2014 us=475804 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WRWWWWRMon Mar 24 23:04:46 2014 us=983234 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WWWWWWRWRMon Mar 24 23:04:50 2014 us=425564 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WRWRMon Mar 24 23:04:55 2014 us=254589 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WRWRMon Mar 24 23:05:00 2014 us=106497 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WWRWWWRMon Mar 24 23:05:03 2014 us=533291 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WWWWWRWWRMon Mar 24 23:05:08 2014 us=7679 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WRWRMon Mar 24 23:05:11 2014 us=586712 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WRWRMon Mar 24 23:05:15 2014 us=796357 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WRWRMon Mar 24 23:05:20 2014 us=416680 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WRWRMon Mar 24 23:05:24 2014 us=935218 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WRWRMon Mar 24 23:05:28 2014 us=767963 192.168.1.74:1194 TLS: new session incoming connection from [AF_INET]192.168.1.74:1194
WRMon Mar 24 23:05:31 2014 us=31763 192.168.1.74:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Mar 24 23:05:31 2014 us=31795 192.168.1.74:1194 TLS Error: TLS handshake failed
Mon Mar 24 23:05:31 2014 us=31964 192.168.1.74:1194 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Mar 24 23:05:33 2014 us=402199 MULTI: multi_create_instance called
Mon Mar 24 23:05:33 2014 us=402282 192.168.1.74:1194 Re-using SSL/TLS context
Mon Mar 24 23:05:33 2014 us=402320 192.168.1.74:1194 LZO compression initialized
Mon Mar 24 23:05:33 2014 us=402444 192.168.1.74:1194 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Mar 24 23:05:33 2014 us=402472 192.168.1.74:1194 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Mar 24 23:05:33 2014 us=402690 192.168.1.74:1194 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Mar 24 23:05:33 2014 us=402712 192.168.1.74:1194 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Mar 24 23:05:33 2014 us=402748 192.168.1.74:1194 Local Options hash (VER=V4): '530fdded'
Mon Mar 24 23:05:33 2014 us=402778 192.168.1.74:1194 Expected Remote Options hash (VER=V4): '41690919'
RMon Mar 24 23:05:33 2014 us=402841 192.168.1.74:1194 TLS: Initial packet from [AF_INET]192.168.1.74:1194, sid=16b403a5 fffa7b56


This is from yealink log
Mar 24 23:01:39 openvpn[447]: Local Options hash (VER=V4): '41690919'
Mar 24 23:01:39 openvpn[447]: Expected Remote Options hash (VER=V4): '530fdded'
Mar 24 23:01:39 openvpn[447]: UDPv4 link local (bound): [undef]:1194
Mar 24 23:01:39 openvpn[447]: UDPv4 link remote: 192.168.1.100:1194
Mar 24 23:01:39 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_ACK_V1)
Mar 24 23:01:40 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_CONTROL_V1)
Mar 24 23:01:41 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_CONTROL_V1)
Mar 24 23:01:41 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_ACK_V1)
Mar 24 23:01:44 openvpn[447]: Server poll timeout, restarting
Mar 24 23:01:44 openvpn[447]: TCP/UDP: Closing socket
Mar 24 23:01:44 openvpn[447]: SIGUSR1[soft,server_poll] received, process restarting
Mar 24 23:01:44 openvpn[447]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mar 24 23:01:44 openvpn[447]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mar 24 23:01:44 openvpn[447]: WARNING: file '/yealink/config/openvpn/keys/ClYealink.key' is group or others accessible
Mar 24 23:01:44 openvpn[447]: LZO compression initialized
Mar 24 23:01:44 openvpn[447]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mar 24 23:01:44 openvpn[447]: Socket Buffers: R=[114688->200000] S=[114688->200000]
Mar 24 23:01:44 openvpn[447]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mar 24 23:01:44 openvpn[447]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mar 24 23:01:44 openvpn[447]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mar 24 23:01:44 openvpn[447]: Local Options hash (VER=V4): '41690919'
Mar 24 23:01:44 openvpn[447]: Expected Remote Options hash (VER=V4): '530fdded'
Mar 24 23:01:44 openvpn[447]: UDPv4 link local (bound): [undef]:1194
Mar 24 23:01:44 openvpn[447]: UDPv4 link remote: 192.168.1.100:1194
Mar 24 23:01:44 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_ACK_V1)
Mar 24 23:01:46 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_ACK_V1)
Mar 24 23:01:49 openvpn[447]: Server poll timeout, restarting
Mar 24 23:01:49 openvpn[447]: TCP/UDP: Closing socket
Mar 24 23:01:49 openvpn[447]: SIGUSR1[soft,server_poll] received, process restarting
Mar 24 23:01:49 openvpn[447]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mar 24 23:01:49 openvpn[447]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mar 24 23:01:49 openvpn[447]: WARNING: file '/yealink/config/openvpn/keys/ClYealink.key' is group or others accessible
Mar 24 23:01:49 openvpn[447]: LZO compression initialized
Mar 24 23:01:49 openvpn[447]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mar 24 23:01:49 openvpn[447]: Socket Buffers: R=[114688->200000] S=[114688->200000]
Mar 24 23:01:49 openvpn[447]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mar 24 23:01:49 openvpn[447]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mar 24 23:01:49 openvpn[447]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mar 24 23:01:49 openvpn[447]: Local Options hash (VER=V4): '41690919'
Mar 24 23:01:49 openvpn[447]: Expected Remote Options hash (VER=V4): '530fdded'
Mar 24 23:01:49 openvpn[447]: UDPv4 link local (bound): [undef]:1194
Mar 24 23:01:49 openvpn[447]: UDPv4 link remote: 192.168.1.100:1194
Mar 24 23:01:49 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_ACK_V1)
Mar 24 23:01:51 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_CONTROL_V1)
Mar 24 23:01:51 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_ACK_V1)
Mar 24 23:01:52 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_CONTROL_V1)
Mar 24 23:01:53 openvpn[447]: Server poll timeout, restarting
Mar 24 23:01:53 openvpn[447]: TCP/UDP: Closing socket
Mar 24 23:01:53 openvpn[447]: SIGUSR1[soft,server_poll] received, process restarting
Mar 24 23:01:53 openvpn[447]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mar 24 23:01:53 openvpn[447]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mar 24 23:01:53 openvpn[447]: WARNING: file '/yealink/config/openvpn/keys/ClYealink.key' is group or others accessible
Mar 24 23:01:53 openvpn[447]: LZO compression initialized
Mar 24 23:01:53 openvpn[447]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mar 24 23:01:53 openvpn[447]: Socket Buffers: R=[114688->200000] S=[114688->200000]
Mar 24 23:01:53 openvpn[447]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mar 24 23:01:53 openvpn[447]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mar 24 23:01:53 openvpn[447]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mar 24 23:01:53 openvpn[447]: Local Options hash (VER=V4): '41690919'
Mar 24 23:01:53 openvpn[447]: Expected Remote Options hash (VER=V4): '530fdded'
Mar 24 23:01:53 openvpn[447]: UDPv4 link local (bound): [undef]:1194
Mar 24 23:01:53 openvpn[447]: UDPv4 link remote: 192.168.1.100:1194
Mar 24 23:01:53 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_ACK_V1)
Mar 24 23:01:54 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_CONTROL_V1)
Mar 24 23:01:54 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_CONTROL_V1)
Mar 24 23:01:55 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_CONTROL_V1)
Mar 24 23:01:55 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_CONTROL_V1)
Mar 24 23:01:55 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_ACK_V1)
Mar 24 23:01:56 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_CONTROL_V1)
Mar 24 23:01:57 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_CONTROL_V1)
Mar 24 23:01:57 openvpn[447]: Server poll timeout, restarting
Mar 24 23:01:57 openvpn[447]: TCP/UDP: Closing socket
Mar 24 23:01:57 openvpn[447]: SIGUSR1[soft,server_poll] received, process restarting
Mar 24 23:01:57 openvpn[447]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mar 24 23:01:57 openvpn[447]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mar 24 23:01:57 openvpn[447]: WARNING: file '/yealink/config/openvpn/keys/ClYealink.key' is group or others accessible
Mar 24 23:01:57 openvpn[447]: LZO compression initialized
Mar 24 23:01:57 openvpn[447]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mar 24 23:01:57 openvpn[447]: Socket Buffers: R=[114688->200000] S=[114688->200000]
Mar 24 23:01:57 openvpn[447]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mar 24 23:01:57 openvpn[447]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mar 24 23:01:57 openvpn[447]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mar 24 23:01:57 openvpn[447]: Local Options hash (VER=V4): '41690919'
Mar 24 23:01:57 openvpn[447]: Expected Remote Options hash (VER=V4): '530fdded'
Mar 24 23:01:57 openvpn[447]: UDPv4 link local (bound): [undef]:1194
Mar 24 23:01:57 openvpn[447]: UDPv4 link remote: 192.168.1.100:1194
Mar 24 23:01:57 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_ACK_V1)
Mar 24 23:01:57 Log [367]: WEB <3+error > NOTE : readlan=[English]
Mar 24 23:01:57 Log [367]: WEB <3+error > NOTE : baklan=[1.English]
Mar 24 23:01:57 Log [367]: WEB <3+error > NOTE : lan=[1.English]
Mar 24 23:01:58 Log [374]: WEB <3+error > NOTE : readlan=[English]
Mar 24 23:01:58 Log [374]: WEB <3+error > NOTE : baklan=[1.English]
Mar 24 23:01:58 Log [374]: WEB <3+error > NOTE : lan=[1.English]
Mar 24 23:01:59 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_ACK_V1)
Mar 24 23:02:01 Log [367]: WEB <3+error > NOTE : readlan=[English]
Mar 24 23:02:01 Log [367]: WEB <3+error > NOTE : baklan=[1.English]
Mar 24 23:02:01 Log [367]: WEB <3+error > NOTE : lan=[1.English]
Mar 24 23:02:01 openvpn[447]: Server poll timeout, restarting
Mar 24 23:02:01 openvpn[447]: TCP/UDP: Closing socket
Mar 24 23:02:01 openvpn[447]: SIGUSR1[soft,server_poll] received, process restarting
Mar 24 23:02:01 openvpn[447]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mar 24 23:02:01 openvpn[447]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mar 24 23:02:02 openvpn[447]: WARNING: file '/yealink/config/openvpn/keys/ClYealink.key' is group or others accessible
Mar 24 23:02:02 openvpn[447]: LZO compression initialized
Mar 24 23:02:02 openvpn[447]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mar 24 23:02:02 openvpn[447]: Socket Buffers: R=[114688->200000] S=[114688->200000]
Mar 24 23:02:02 openvpn[447]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mar 24 23:02:02 openvpn[447]: Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mar 24 23:02:02 openvpn[447]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mar 24 23:02:02 openvpn[447]: Local Options hash (VER=V4): '41690919'
Mar 24 23:02:02 openvpn[447]: Expected Remote Options hash (VER=V4): '530fdded'
Mar 24 23:02:02 openvpn[447]: UDPv4 link local (bound): [undef]:1194
Mar 24 23:02:02 openvpn[447]: UDPv4 link remote: 192.168.1.100:1194
Mar 24 23:02:02 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_ACK_V1)
Mar 24 23:02:03 Log [374]: WEB <3+error > NOTE : readlan=[English]
Mar 24 23:02:03 Log [374]: WEB <3+error > NOTE : baklan=[1.English]
Mar 24 23:02:03 Log [374]: WEB <3+error > NOTE : lan=[1.English]
Mar 24 23:02:04 openvpn[447]: TLS Error: Unroutable control packet received from 192.168.1.100:1194 (si=3 op=P_ACK_V1)
Mar 24 23:02:05 Log [367]: WEB <3+error > NOTE : readlan=[English]
Mar 24 23:02:05 Log [367]: WEB <3+error > NOTE : baklan=[1.English]
Mar 24 23:02:05 Log [367]: WEB <3+error > NOTE : lan=[1.English]

stefano
OpenVpn Newbie
Posts: 1
Joined: Mon Jun 21, 2021 3:28 am

Re: configuration error

Post by stefano » Mon Jun 21, 2021 3:49 am

HI there,

the root of the problem is that the T22P will not authenticate other than with md5 or sha1;

clearly it's a problem, one to which I don't have a solution yet;

according to this document https://support.yealink.com/forward2dow ... PI/Gl0AFiX

the client.crt must be created using md5 or sha1;

so, the question is:

how do I create it with md5 or sha1 for that particular client, given that nowadays (June 2021) the defauts are very different?

If you have solved this issue in the meantime, pease share.

300000
OpenVPN Expert
Posts: 561
Joined: Tue May 01, 2012 9:30 pm

Re: configuration error

Post by 300000 » Mon Jun 21, 2021 9:11 am

You need to run an instant of openvpn with that very old md5 on your server. there is no other way if you like to use over 10 years old phone with new up to date software or buy new router with support openvpn and make it work for you.

I have old grandstream
phone with very old openvpn client so I must create very old one to make it work .

Post Reply