Michael, You could try -- OpenVPN Server -- Raw Commands: duplicate-cn -- and see if that helps. But you need to understand if you really need "multiple clients using the same certificate or username to concurrently connect".
Is there a OpenVPN client you forgot about ? Are any sharing a username ? I can generate the "duplicate-cn" log myself by connecting, disconnect and re-connecting using the same client. But it all works, no issues. Lonnie On Sep 10, 2017, at 9:22 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > Ah I did remember seeing something in the logs about this: > Mon Sep 11 11:26:06 2017 us=913475 MULTI: new connection by client > '001565F4634C' will cause previous active sessions by this client to be > dropped. Remember to use the --duplicate-cn option if you want multiple > clients using the same certificate or username to concurrently connect. > > Is this a complaint? Should I just enable it anyway? > I assume I add it to the RAW Commands? > > Regards > Michael Knill > > -----Original Message----- > From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> > Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> > Date: Monday, 11 September 2017 at 11:52 am > To: AstLinux List <astlinux-users@lists.sourceforge.net> > Subject: Re: [Astlinux-users] OpenVPN on Yealink phones not very reliable > > Michael, > > Judging from your error log the Yealink's client CN (Common Name) did not > match any of the allowed (non-checked) Clients in the server. As long as you > are certain the Yealink client cert is good. > > You are not "sharing" a client certificate are you ? If you are do you have > the "duplicate-cn" raw command added ? From the OpenVPN docs ... > > --duplicate-cn > Allow multiple clients with the same common name to concurrently connect. In > the absence of this option, OpenVPN will disconnect a client instance upon > connection of a new client having the same common name. > > Sounds a little like what you are describing. > > else ... > > Is your Yealink running the latest (or recent) firmware ? > > AstLinux is using the latest OpenVPN series 2.4.x. > > You can increase the Log Verbosity: to High on the server and see if that > helps to find a clue. > > Lonnie > > > On Sep 10, 2017, at 8:08 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > >> Hi Lonnie >> >> Do you mean Client Name? Yes I do have one disabled if so but it is not the >> one I was having problems with. >> >> After testing I can now confirm that this issue occurs when I configure up a >> new phone and it goes away (and VPN establishes) when I restart the OpenVPN >> server. >> Can you think why this could be happening? >> >> Regards >> Michael Knill >> >> -----Original Message----- >> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> >> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> >> Date: Monday, 11 September 2017 at 9:55 am >> To: AstLinux List <astlinux-users@lists.sourceforge.net> >> Subject: Re: [Astlinux-users] OpenVPN on Yealink phones not very reliable >> >> Michael, >> >> On your OpenVPN Server configuration (at the bottom), you must have at least >> one CommonName disabled. >> >> Client Certificates and Keys: -> Disabled checked (correct ?) >> >> This will define the variable OVPN_VALIDCLIENTS and is checked with the >> /usr/sbin/openvpn-tls-verify script >> >> Is your Yealink using one of the "Disabled" CommonNames ? >> >> Lonnie >> >> >> On Sep 10, 2017, at 6:34 PM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >>> I am having some issues with setting up OpenVPN on my Yealink phones. It >>> used to be easy to set up but now it's a bit flakey. >>> Once its up it seems to be fine but getting it to that stage is an issue. >>> >>> I noticed that I am getting these in the logs: >>> Mon Sep 11 08:05:39 2017 us=888912 115.187.181.61:36531 WARNING: Failed >>> running command (--tls-verify script): external program exited with error >>> status: 1 >>> >>> Im not sure what they mean? What could the problem be? >>> >>> Regards >>> Michael Knill >>> ------------------------------------------------------------------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! >>> http://sdm.link/slashdot_______________________________________________ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
