VPN Setup - Network Unreachable


(Rich Gault) #1

Good morning. I have been trying to get my FreePBX server setup so I can connect my remote Yealink phones via VPN. When I attempt to connect to the FreePBX server, I get the following from the logs on the Yealink phone. I don’t see any connection attempts on the FreePBX.

<29>Nov 1 00:00:11 openvpn[1307]: TCP/UDP: Preserving recently used remote address: [AF_INET]45.77.119.144:1194
<29>Nov 1 00:00:11 openvpn[1307]: Socket Buffers: R=[112640->112640] S=[112640->112640]
<29>Nov 1 00:00:11 openvpn[1307]: UDP link local: (not bound)
<29>Nov 1 00:00:11 openvpn[1307]: UDP link remote: [AF_INET]45.xx.xx.xx:1194
<27>Nov 1 00:00:11 openvpn[1307]: write UDP: Network is unreachable (code=101)
<29>Nov 1 00:00:11 openvpn[1307]: Network unreachable, restarting
<29>Nov 1 00:00:11 openvpn[1307]: tun/tap down–init.c, 1923----
<133>Nov 1 00:00:11 ipvp[1176]: IPVP<5+notice> 811.586.614:Message=0x00000004(0x00000001+0xc401d8b4+0)
<133>Nov 1 00:00:11 ipvp[1176]: IPVP<5+notice> 811.607.451:Message=0x00020104(0x00000000+0x00000000+0)
<134>Nov 1 00:00:11 ipvp[1176]: IPVP<6+info > 811.608.059:unknown msg,0x00020104,from 0xc401da6c 0x00000000, 0x00000000
<29>Nov 1 00:00:11 openvpn[1307]: SIGUSR1[soft,network-unreachable] received, process restarting
<29>Nov 1 00:00:11 openvpn[1307]: Restart pause, 5 second(s)

I have verified that it’s not a firewall issue as I have even turned off the firewall during some of my testing. In my research, so people say it could be my local router so I have restarted it also several times. Anyone else see this before. I have yet to get the built in VPN server to work on FreePBX. I did purchase the Sys Admin module. Thanks in advance for you help with this…


#2

Run tcpdump on the PBX and see whether any packets are coming in to UDP port 1194 and what response, if any, is sent.

If nothing shows on the PBX, use Yealink’s pcap feature (in Settings -> Configuration) to see what it’s sending and what response (such as an ICMP error) it gets.

If Yealink is sending good stuff but the PBX isn’t receiving anything, check at the intervening routers.


(Rich Gault) #3

Using the Pcap option, I am seeing the Yealink phone connect via 5060 and registering to the FreePBX system, so I know it’s getting there on that port, but I am still not seeing anything on 1194.I tried rebooting the phone and watching the tcpdump on the FreePBX but there is so much data coming in from my SSH connection it’s hard to see anything else. Also… Just so you know. I built a CentOS server with OpenVPN on it for testing and was able to connect to it without any problems from my own laptop to the same cloud service, so I am almost certain that it’s an issue on the FreePBX system. In my reading, I see references that there should be a TUN interface on the FreePBX system, but I am not seeing that.


#4

Don’t ‘watch’ the tcpdump – send it to a file (tcpdump -w foo.pcap), copy it to your PC, open it in Wireshark and analyze it there.


(Rich Gault) #5

Thanks… I’m not a Linux guru yet.


(Rich Gault) #6

Ok. So I am seeing it hit the FreePBX server. I am seeing this in the log file. Just to let you know, I disabled my Yealink from registering to the FreePBX so I wouldn’t see connections on port 5060 and then rebooted the phone.

81 103.102961 65.xx.xx.xx 45.xx.xx.xx OpenVPN 56 MessageType: P_CONTROL_HARD_RESET_CLIENT_V2


#7

I would verify if you can connect to the VPN internally. There are some odd routers out there which just do not allow VPN traffic through even with the settings to permit. I have a Buffalo WZR-1750DHP (no longer using) which would allow VPN connections, but just would not allow any VPN traffic to pass through. That is, even with the settings to allow such traffic.


(Rich Gault) #8

Thanks for your reply. Because this was a new test server, I built another on side by side to this one I was having issues with and compared the two. The new server had no issues, were the original one I could not connect to it using the builtin OpenVPN server. After running a slue of different network port scanners, I found that the OpenVPN server on the original one wasn’t running properly. Port 1194/UDP wasn’t listening and there wasn’t anything I could do to get it started, including uninstalling and reinstalling it. But in my testing, I also noticed a couple of other things. When pulling the cert files down from the UCP, I noticed that there wasn’t a sysadmin_ca.crt file in with the zipped file. The new server I built has all 5 cert files. The new server also has port 1194/UDP answering requests and I was able to get one of my Yealink phones to connect. But… Looking at the log files from the Yealink, I am still seeing a “Network unreachable, restarting” several time during a startup, but eventually it just goes away and there isn’t any instances that I can find where it shows it connects to the OpenVPN server, even though it does.

So in closing. I just deleted the first server and am using the second one. Thank you all for your help. I hope this helps anyone in the future who has the same issues. - Rich Gault