Задать вопрос
Krotesk
@Krotesk
Инженер техподдержки телефонии на основе Asterisk

Почему не идет подключение телефона Yealink к OpenVPN?

Пытаюсь подогнать новый сертификат для подключения старых моделей Yealink к OpenVPN:
Неудачно:
Fri Sep  8 17:30:04 2023 us=340109 MULTI: multi_create_instance called
Fri Sep  8 17:30:04 2023 us=340153 Re-using SSL/TLS context
Fri Sep  8 17:30:04 2023 us=340161 LZO compression initializing
Fri Sep  8 17:30:04 2023 us=340198 Control Channel MTU parms [ L:1624 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Fri Sep  8 17:30:04 2023 us=340209 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 AF:3/1 ]
Fri Sep  8 17:30:04 2023 us=340232 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Sep  8 17:30:04 2023 us=340238 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Fri Sep  8 17:30:04 2023 us=340253 TCP connection established with [AF_INET]10.10.150.1:4941
Fri Sep  8 17:30:04 2023 us=340258 TCPv4_SERVER link local: (not bound)
Fri Sep  8 17:30:04 2023 us=340262 TCPv4_SERVER link remote: [AF_INET]10.10.150.1:4941
Fri Sep  8 17:30:05 2023 us=348223 10.10.150.1:4941 TLS: Initial packet from [AF_INET]10.10.150.1:4941, sid=6bcc8e77 8fec1aab
Fri Sep  8 17:30:05 2023 us=450254 10.10.150.1:4941 Connection reset, restarting [0]
Fri Sep  8 17:30:05 2023 us=450282 10.10.150.1:4941 SIGUSR1[soft,connection-reset] received, client-instance restarting
Fri Sep  8 17:30:05 2023 us=450325 TCP/UDP: Closing socket

Успешное подключение:
Fri Sep  8 17:32:35 2023 us=752703 10.10.150.1:3013 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Fri Sep  8 17:32:35 2023 us=752723 10.10.150.1:3013 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Sep  8 17:32:35 2023 us=752729 10.10.150.1:3013 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep  8 17:32:35 2023 us=752764 10.10.150.1:3013 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Fri Sep  8 17:32:35 2023 us=752769 10.10.150.1:3013 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Sep  8 17:32:35 2023 us=752773 10.10.150.1:3013 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep  8 17:32:35 2023 us=752777 10.10.150.1:3013 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
WRwrWRwrWrWRwrWRwRwrWRwRFri Sep  8 17:32:35 2023 us=857201 10.10.150.1:3013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Sep  8 17:32:35 2023 us=857232 10.10.150.1:3013 [client] Peer Connection Initiated with [AF_INET]10.10.150.1:3013
Fri Sep  8 17:32:35 2023 us=857250 client/10.10.150.1:3013 MULTI_sva: pool returned IPv4=10.8.0.19, IPv6=(Not enabled)
Fri Sep  8 17:32:35 2023 us=857273 client/10.10.150.1:3013 MULTI: Learn: 10.8.0.19 -> client/10.10.150.1:3013
Fri Sep  8 17:32:35 2023 us=857278 client/10.10.150.1:3013 MULTI: primary virtual IP for client/10.10.150.1:3013: 10.8.0.19
Fri Sep  8 17:32:38 2023 us=290482 client/10.10.150.1:3013 PUSH: Received control message: 'PUSH_REQUEST'
Fri Sep  8 17:32:38 2023 us=290514 client/10.10.150.1:3013 SENT CONTROL [client]: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.19 255.255.255.0' (status=1)

Что ещё необходимо поправить? Не пойму что не нравится в первом случае.
  • Вопрос задан
  • 265 просмотров
Подписаться 1 Простой 8 комментариев
Пригласить эксперта
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы