General Description

After importing OpenVPN configuration file to the phone, the phone can’t connect to OpenVPN server, and the OpenVPN error log in the syslog needs to be checked.

Troubleshooting

1. Cipher algorithm 'AES-256-GCM' not found

Confirm the phone version, since phones before version 2.42.6.x.x don’t support AES-256-GCM.

2. tls-crypt unwrap error: packet too short

Phone versions before than 2.42.6.x.x should use tls-auth; phone versions after it, support tls-crypt.

While using tls-auth, there needs to be differentiation between configuration in server and client;

on the server side, configuration should be written as tls-auth ta.key 0;

on the client side, it should be written as tls-auth ta.key 1;

As for tls-crypt, it directly uses tls-crypt ta.key in server and client's configuration.

3. Verify nsCertType ERROR: xxxx, require nsCertType=SERVER

Check if there’s ns-cert-type server in client.ovpn; if there is, replace it with remote-cert-tls server.

Further Support

If the problem remains, please contact Htek Support (support@htek.com).

IP Phones

OpenVPN Issue