Ah I did remember seeing something in the logs about this: Mon Sep 11 11:26:06 2017 us=913475 MULTI: new connection by client '001565F4634C' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Is this a complaint? Should I just enable it anyway? I assume I add it to the RAW Commands? Regards Michael Knill -----Original Message----- From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Monday, 11 September 2017 at 11:52 am To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] OpenVPN on Yealink phones not very reliable Michael, Judging from your error log the Yealink's client CN (Common Name) did not match any of the allowed (non-checked) Clients in the server. As long as you are certain the Yealink client cert is good. You are not "sharing" a client certificate are you ? If you are do you have the "duplicate-cn" raw command added ? From the OpenVPN docs ... --duplicate-cn Allow multiple clients with the same common name to concurrently connect. In the absence of this option, OpenVPN will disconnect a client instance upon connection of a new client having the same common name. Sounds a little like what you are describing. else ... Is your Yealink running the latest (or recent) firmware ? AstLinux is using the latest OpenVPN series 2.4.x. You can increase the Log Verbosity: to High on the server and see if that helps to find a clue. Lonnie On Sep 10, 2017, at 8:08 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > Hi Lonnie > > Do you mean Client Name? Yes I do have one disabled if so but it is not the > one I was having problems with. > > After testing I can now confirm that this issue occurs when I configure up a > new phone and it goes away (and VPN establishes) when I restart the OpenVPN > server. > Can you think why this could be happening? > > Regards > Michael Knill > > -----Original Message----- > From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> > Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> > Date: Monday, 11 September 2017 at 9:55 am > To: AstLinux List <astlinux-users@lists.sourceforge.net> > Subject: Re: [Astlinux-users] OpenVPN on Yealink phones not very reliable > > Michael, > > On your OpenVPN Server configuration (at the bottom), you must have at least > one CommonName disabled. > > Client Certificates and Keys: -> Disabled checked (correct ?) > > This will define the variable OVPN_VALIDCLIENTS and is checked with the > /usr/sbin/openvpn-tls-verify script > > Is your Yealink using one of the "Disabled" CommonNames ? > > Lonnie > > > On Sep 10, 2017, at 6:34 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > >> I am having some issues with setting up OpenVPN on my Yealink phones. It >> used to be easy to set up but now it's a bit flakey. >> Once its up it seems to be fine but getting it to that stage is an issue. >> >> I noticed that I am getting these in the logs: >> Mon Sep 11 08:05:39 2017 us=888912 115.187.181.61:36531 WARNING: Failed >> running command (--tls-verify script): external program exited with error >> status: 1 >> >> Im not sure what they mean? What could the problem be? >> >> Regards >> Michael Knill >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! >> http://sdm.link/slashdot_______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
