Hello,
Pulling my hair out trying to get a D60 phone to work with OpenVPN and FreePBX 17. I put the same OpenVPN client config on a Windows 10 system and was able to connect.
I’ve tried firmware 2.7.0 and 2.29.27.
I’ve tried forcing TLS to 1.3 on both the server and the phone.
I’m using the VPN server inside FreePBX with configs generated by FreePBX.
The error:
2026-01-29 16:30:31 107.138.161.132:41431 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2026-01-29 16:30:31 107.138.161.132:41431 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2026-01-29 16:30:31 107.138.161.132:41431 TLS_ERROR: BIO read tls_read_plaintext error
2026-01-29 16:30:31 107.138.161.132:41431 TLS Error: TLS object → incoming plaintext read error
2026-01-29 16:30:31 107.138.161.132:41431 TLS Error: TLS handshake failed
Server:
log /var/log/openvpn.log
port 1194
proto udp
dev tun
topology subnet
ca sysadmin_ca.crt
dh sysadmin_dh.pem
crl-verify sysadmin_crl.pem
cert sysadmin_server1.crt
key sysadmin_server1.key
tls-version-min 1.3
tls-version-max 1.3
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
client-config-dir ccd
ccd-exclusive
status sysadmin_server1-status.log 10
status-version 3
script-security 2
reneg-sec 3600
server 10.200.198.0 255.255.255.0
push “redirect-gateway def1 bypass-dhcp”
Client:
client
dev tun
proto udp
resolv-retry 60
nobind
persist-key
persist-tun
remote-cert-tls server
ca sysadmin_ca.crt
cert sysadmin_client624.crt
key sysadmin_client624.key
tls-version-min 1.3
tls-version-max 1.3
comp-lzo
verb 3
reneg-sec 3600
remote xxx.xxx.xxx.xxx 1194