Yealink Forums

Full Version: Yealink SIP-T22P OpenVPN issue
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
(05-27-2014 04:47 PM)siny Wrote: [ -> ]
(05-27-2014 03:56 PM)mahan77 Wrote: [ -> ]
(05-27-2014 03:51 AM)siny Wrote: [ -> ]
(05-27-2014 12:20 AM)mahan77 Wrote: [ -> ]
(05-23-2014 04:18 PM)siny Wrote: [ -> ]Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin

Sorry for late replay I was busy with work.

You need public key MD5 for the Yealink phone. Latest easy-rsa uses deferent alga rhythm called sha256. I didn’t know to change back to MD5. Best way to do this use easy-rsa 2.2.0. Use openssl-1.0.0.cnf on your vars file, every think will be ok.

Many thanks

Thank you for your reply, but...

Actualy, I am using easy-rsa 2.0-rc1 (all of the other 20+ keys are made by it so I did not want to change).
in "openssl.cnf" there is this line:
default_md = md5
so I suppose that should be OK, right?

(just to compare, I have downloaded easy-rsa 2.2.2, and there it says "sha256")

It seems I shall wait for the webinar on Wednesday, maybe there will pop up something new: http://forum.yealink.com/forum/showthrea...ht=openvpn


Best regards,
Sinisa Bandin


Yes! it should be ok. Long as you have this default_md = md5 line in your .cnf it will work.

Many Thanks
Sathees


Well, it is not OK Sad

I create .tar file, as instructed in docs, go to Network -> Advanced menu, Browse file, Upload it, get the message "Upload success!", then Enable the VPN and when I click Confirm, message says "Please upload VPN config file first!".

I have other clients working with same certificates, using Linux, Android, Mikrotik routers and Windows.


Best regards,
Sinisa Bandin

Send me your email address. I will send you the sample conf file. Then you can create your own.

Many thanks
Sathees
Hi siny,

Please name keys directory as keys and vpn.cnf. Please don't change the name.
(05-30-2014 05:36 PM)Yealink Support Wrote: [ -> ]Hi siny,

Please name keys directory as keys and vpn.cnf. Please don't change the name.

All of the names are right, but the phone won't accept the file.

Here is directory listing:
# dir
-rw-r--r-- 1 root root 20480 May 30 23:34 client.tar
drwxr-xr-x 2 root root 53 May 26 23:48 keys
-rw-r--r-- 1 root root 216 May 30 23:33 vpn.cnf


Client tar is made like this:
# tar cf client.tar vpn.cnf keys/


This is the content of keys/ directory:
# dir
-rw-r--r-- 1 root root 1192 May 26 23:47 ca.crt
-rw-r--r-- 1 root root 3711 May 26 23:48 client.crt
-rw------- 1 root root 912 May 26 23:48 client.key

I have also tried changing file mode to 0777 on everything, with same effects.


The contents of the vpn.cnf:
client
dev tun
dev-type tun
remote xx.xx.xx.xx 1194 udp
nobind
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key
ns-cert-type server
comp-lzo no
verb 3
mute 5



Can you see anything out of order?


Thank you and best regards,
Sinisa Bandin
Hi Sinisa ,

Please refer to bleow post for more details.
[FAQ]Frequently Asked Questions of OpenVPN

In order to do more troubleshootings, please supply .tar server.conf and send to support@yealink.com or [email support.usa@yealink.com[/email]..
How to Get the Correct Syslog, Config.bin and Trace
I have (accidentally) solved the problem:

normally, I use Linux for all of my work, but yesterday tried to unpack client.tar in Windows using 7zip and saw an unexpected directory named "PaxHeaders.2950".

After some searching, found out that my GNU tar 1.26 is by default adding POSIX info to the tar file, so I tried to re/create archive with "-H gnu" and finally was able to successfully upload the file to the phone and see text "vpn.cnf" in the text box after upload (it used to be empty on previous attempts).

Everything worked after reboot, so I am a happy user now.

May I suggest adding this to the official guide?


But now I have another problem: when trying to Autoprovision phone from my TFTP server, I can set all of the parameters except VPN. Relevant part of the "0015xxxxxxxx.cfg" is this:

network.vpn_enable = 1
openvpn.url = http://192.168.11.2/client1.tar

If I put the same lines in "y000000000005.cfg" it downloads the .tar file from server, but does not enable VPN.


Best regards,
Sinisa Bandin

One more suggestion to the developers: I think it would be very good to see the VPN status in the Status screen: IP address, server's address (public and VPN), assigned routes....

Best regards,
Sinisa Bandin
I cannot get this garbage to work at all.

I gave followed various threads here (including this one), by Yealink, an FAQ by them ( http://forum.yealink.com/forum/showthrea...tid=1843), and their webinar information from this past May(http://forum.yealink.com/forum/showthrea...=openvpn). Still nothing after a working on this for a week.

There is no evidence the phone is trying to connect, looking in the openvpn.log, and using tcpdump watching port 1194.

Why is there no logging system on these phones so we can see what sort of error, if any, so we could correct the problem?

Any other suggestions?

I see I made a small typo in the client config file which was causing it to not connect. I see it trying to connect now, but still errors:


I am using MD5 in the key and getting this in the openvpn.log


Quote:Wed Aug 6 16:10:07 2014 us=992883 192.168.5.133:1027 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 6 16:10:07 2014 us=992977 192.168.5.133:1027 TLS Error: TLS handshake failed
Wed Aug 6 16:10:07 2014 us=993119 192.168.5.133:1027 SIGUSR1[soft,tls-error] received, client-instance restarting
(08-07-2014 04:36 AM)KNERD Wrote: [ -> ]I cannot get this garbage to work at all.

I gave followed various threads here (including this one), by Yealink, an FAQ by them ( http://forum.yealink.com/forum/showthrea...tid=1843), and their webinar information from this past May(http://forum.yealink.com/forum/showthrea...=openvpn). Still nothing after a working on this for a week.

There is no evidence the phone is trying to connect, looking in the openvpn.log, and using tcpdump watching port 1194.

Why is there no logging system on these phones so we can see what sort of error, if any, so we could correct the problem?

Any other suggestions?

I see I made a small typo in the client config file which was causing it to not connect. I see it trying to connect now, but still errors:


I am using MD5 in the key and getting this in the openvpn.log


Quote:Wed Aug 6 16:10:07 2014 us=992883 192.168.5.133:1027 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 6 16:10:07 2014 us=992977 192.168.5.133:1027 TLS Error: TLS handshake failed
Wed Aug 6 16:10:07 2014 us=993119 192.168.5.133:1027 SIGUSR1[soft,tls-error] received, client-instance restarting

Since noone from Yealink support seems to be reading this, I will throw in my €¢2:

From the logs, it seems that you have enabled TLS on one side, and not on the other.
Or, there is a problem with NAT firewall, letting packets IN but not OUT (I have seen both of these before)

Could you post both server's and phone's .conf/.cfg files (without any sensitive data like IP's of course)?

Best regards,
Sinisa
hey we are on the same boat and im really stuck ...it works on my pc but i cant upload the config file !!

i used last version
http://www.yealink.com/Upload/W52P/V73/F...3.0.27.zip

same problem !!

plz help me what possible could be the problem
Pages: 1 2
Reference URL's