Yealink Forums

Full Version: OpenVPN - Multiple Phones Loose VPN, never reconnect
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
We have a few clients with their Yealink phones behind their own firewalls... these phones each make an OpenVPN connection to our pfSense Firewalls at our datacenter which hosts their phone servers.

Every so often, their phone(s) loose their OpenVPN connections... Sometimes it is just one phone... sometimes it is both phones... they no longer have OpenVPN connections and are never seen again until the phone is powered off/on. Once powered on, no problems connecting / working.

What can I do so that the Yealink phones reestablish a connection, no matter how long their internet might go down for (no clue if this is the actual problem, is there a way to pull up the logs specifically for lost connections)? Any suggestions on how to keep things running smoothly?

Here is the .cfg file:

dev tun
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
remote 1197 udp
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client1.crt
key /config/openvpn/keys/client1.key
tls-auth /config/openvpn/keys/ta.key 1
ns-cert-type server
Hi cmariotti,

Someone has solved this problem and please refer to below forum.
(02-20-2014 12:57 PM)Yealink Support Wrote: [ -> ]Hi cmariotti,

Someone has solved this problem and please refer to below forum.

If I add the following to the vpn.cnf file (as the thread suggests):
proto udp
keepalive 20 30
script-security 2

It does not connect. If I remove the "keepalive 20 30", re-upload the .tar file, it connects.

The thread you reference has little explanation as to why they are using these parameters, but it specifically states that the keepalive is the solution, but that seems to be actually stopping the .tar from working.

Any advice? Will this be solved in a future Firmware update? Seems more like the fix should be there.
You should add this syntax in server.ovpn.
Reference URL's