Ah I did remember seeing something in the logs about this:
Mon Sep 11 11:26:06 2017 us=913475 MULTI: new connection by client 
'001565F4634C' will cause previous active sessions by this client to be 
dropped.  Remember to use the --duplicate-cn option if you want multiple 
clients using the same certificate or username to concurrently connect.

Is this a complaint? Should I just enable it anyway? 
I assume I add it to the RAW Commands?

Regards
Michael Knill

-----Original Message-----
From: Lonnie Abelbeck <li...@lonnie.abelbeck.com>
Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net>
Date: Monday, 11 September 2017 at 11:52 am
To: AstLinux List <astlinux-users@lists.sourceforge.net>
Subject: Re: [Astlinux-users] OpenVPN on Yealink phones not very reliable

Michael,

Judging from your error log the Yealink's client CN (Common Name) did not match 
any of the allowed (non-checked) Clients in the server.  As long as you are 
certain the Yealink client cert is good.

You are not "sharing" a client certificate are you ?  If you are do you have 
the "duplicate-cn" raw command added ?  From the OpenVPN docs ...

--duplicate-cn
Allow multiple clients with the same common name to concurrently connect. In 
the absence of this option, OpenVPN will disconnect a client instance upon 
connection of a new client having the same common name.

Sounds a little like what you are describing.

else ...

Is your Yealink running the latest (or recent) firmware ?

AstLinux is using the latest OpenVPN series 2.4.x.

You can increase the Log Verbosity: to High on the server and see if that helps 
to find a clue.

Lonnie


On Sep 10, 2017, at 8:08 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> 
wrote:

> Hi Lonnie
> 
> Do you mean Client Name? Yes I do have one disabled if so but it is not the 
> one I was having problems with.
> 
> After testing I can now confirm that this issue occurs when I configure up a 
> new phone and it goes away (and VPN establishes) when I restart the OpenVPN 
> server.
> Can you think why this could be happening?
> 
> Regards
> Michael Knill
> 
> -----Original Message-----
> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com>
> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Date: Monday, 11 September 2017 at 9:55 am
> To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Subject: Re: [Astlinux-users] OpenVPN on Yealink phones not very reliable
> 
> Michael,
> 
> On your OpenVPN Server configuration (at the bottom), you must have at least 
> one CommonName disabled. 
> 
> Client Certificates and Keys: -> Disabled checked    (correct ?)
> 
> This will define the variable OVPN_VALIDCLIENTS and is checked with the 
> /usr/sbin/openvpn-tls-verify script
> 
> Is your Yealink using one of the "Disabled" CommonNames ?
> 
> Lonnie
> 
> 
> On Sep 10, 2017, at 6:34 PM, Michael Knill 
> <michael.kn...@ipcsolutions.com.au> wrote:
> 
>> I am having some issues with setting up OpenVPN on my Yealink phones. It 
>> used to be easy to set up but now it's a bit flakey.
>> Once its up it seems to be fine but getting it to that stage is an issue.
>> 
>> I noticed that I am getting these in the logs:
>> Mon Sep 11 08:05:39 2017 us=888912 115.187.181.61:36531 WARNING: Failed 
>> running command (--tls-verify script): external program exited with error 
>> status: 1
>> 
>> Im not sure what they mean? What could the problem be?
>> 
>> Regards
>> Michael Knill
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! 
>> http://sdm.link/slashdot_______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>> 
>> Donations to support AstLinux are graciously accepted via PayPal to 
>> pay...@krisk.org.
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
> 
> 


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to