Yealink VPN connects but cannot get a DHCP address
-
I feel like I'm hitting a wall....I can't really figure out where I need to go next to troubleshoot this.
I'm using a tap connection.
Using the "Client Export" to create a XP client I can connect to the VPN and obtain a DHCP IP address.
Using exactly the same settings but exporting it to a "T38G (2) / V83" I can connect the VPN but will never receive a DHCP address. [I did manually add the line "comp-lzo" to the client config because the OpenVPN logs conplained about missing comp-lzo along with MTU sizing issue w/o it ]
pfSense OpenVPN logs -
Mar 22 19:48:17 openvpn 75813 Ph1CN/104.224.54.102:1194 peer info: IV_TCPNL=1
Mar 22 19:48:17 openvpn 75813 Ph1CN/104.224.54.102:1194 peer info: IV_COMP_STUBv2=1
Mar 22 19:48:17 openvpn 75813 Ph1CN/104.224.54.102:1194 peer info: IV_COMP_STUB=1
Mar 22 19:48:17 openvpn 75813 Ph1CN/104.224.54.102:1194 peer info: IV_LZO=1
Mar 22 19:48:17 openvpn 75813 Ph1CN/104.224.54.102:1194 peer info: IV_LZ4v2=1
Mar 22 19:48:17 openvpn 75813 Ph1CN/104.224.54.102:1194 peer info: IV_LZ4=1
Mar 22 19:48:17 openvpn 75813 Ph1CN/104.224.54.102:1194 peer info: IV_PROTO=2
Mar 22 19:48:17 openvpn 75813 Ph1CN/104.224.54.102:1194 peer info: IV_PLAT=linux
Mar 22 19:48:17 openvpn 75813 Ph1CN/104.224.54.102:1194 peer info: IV_VER=2.4.2Yealink (OpenVPN) log entries -
<29>Mar 22 00:00:15 openvpn[1275]: TCP/UDP: Preserving recently used remote address: [AF_INET]104.224.54.101:1195
<29>Mar 22 00:00:15 openvpn[1275]: UDP link local (bound): [AF_INET][undef]:1194
<29>Mar 22 00:00:15 openvpn[1275]: UDP link remote: [AF_INET]104.224.54.101:1195
<27>Mar 22 00:00:15 openvpn[1275]: write UDP: Network is unreachable (code=101)
<29>Mar 22 00:00:15 openvpn[1275]: Network unreachable, restarting
<29>Mar 22 00:00:15 openvpn[1275]: tun/tap down--init.c, 1923----pfSense - 2.4.4-RELEASE-p3 (amd64)
Yealink (t46G) - FW 28.83.0.120Thanks!
-
Just want to close this out as this has a lot of moving parts (OpenVPN, pfSense, Yealink, OpenVPN client tool).
Seem to be an issue with Yealink's ability (actually lack of) to create a TAP adapter.
To see this go to the Yealink phone web interface and export the Log files. Search for "eth0" you'll see something like -
eth0 Link encap:Ethernet HWaddr 00:15:65:9C:68:6C
inet addr:192.168.0.102 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::215:65ff:fe9c:686c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5355 errors:0 dropped:0 overruns:0 frame:0
TX packets:283 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1024
RX bytes:1061157 (1.0 MiB) TX bytes:149980 (146.4 KiB)
Interrupt:8Right after "eth0" a TAP/TUN adapter should exist. The TAP adapter will never be created the TUN is created however.
This seem to be a T4xG issue as someone else had this same issue back in 2016.
http://forum.yealink.com/forum/archive/index.php?thread-22121.htmlThanks,
-
Perhaps I'm missing something here, but how do you connect a VPN, before getting an IP address???
-
The Yealink will consume a local IP just like any other device making a VPN connection it's the OpenVPN client's connection IP I was having issues with.
Thanks,
-
The address you get through the VPN is not DHCP. It's provided as configured on the tunnel. DHCP is a means of obtaining an address on the local LAN. Please don't confuse the addresses.
-
I'm going to restate you're response as I understand it.
Based on your experience the IP is configured on the tunnel and you don't understand why I'm implying the VPN connection would be receiving a DHCP address.
Based on my read of the Netgate documents it notes a TAP bridging setup would allow the VPN client to obtain a DHCP address on the network it's attaching to.
https://docs.netgate.com/pfsense/en/latest/book/openvpn/bridged-openvpn-connections.html
This wording seems to be similar to OpenVPN's -
**There are two methods for handling client IP address allocation:
Let OpenVPN manage its own client IP address pool using the server-bridge directive, or
configure the DHCP server on the LAN to also grant IP address leases to VPN clients.]**https://openvpn.net/community-resources/ethernet-bridging/
Also when one goes into the OpenVPN Server to edit it [if I remember correctly you do not see these options on creation]
Based on what I've read I believe I'm using the correct terminology in explaining what I'm trying to do. If you feel otherwise could you help me understand your perspective.
Thanks,
