Yealink Forums

Full Version: can't setup openvpn with t48g
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Running 35.80.0.95. Found a great guide on your site for setup, but I am encountering a problem. I go to network / advanced on the web interface, and I see the VPN section at the bottom. I select Browse, and then navigate to the tar file. When I select it, the dialog box box immediately changes to the text "C:\fakepath\openvpn.tar" This is especially bad since I am running Linux. When I press upload, I (very quickly) get a "JavaScript Upload Success!" popup window (with no real indication that anything was actually uploaded). When I try to enable the VPN (by pressing confirm), I get a pop up window that says: "JavaScript Please upload VPN config file first!" I have not been able to figure out what is really going on, and how to get around it.

Thank you in advance
Can you send the configuration files to me check here?
Not sure exactly what files you want. Can you be more specific? I certainly don't want to post certificates and keys into a public forum (I couldn't find a way to send an attachment in a private message). Here is vpn.conf:

Code:
auth-nocache
auth-retry nointeract
auth-user-pass
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key
cipher AES-256-CBC
client
comp-lzo no
dev tun
dev-type tun
explicit-exit-notify 2
ifconfig-nowarn
mute 20
nobind
persist-key
persist-tun
rcvbuf 100000
remote vpn-provider.net 53 udp
reneg-sec 604800
route 0.0.0.0 0.0.0.0
route-delay 2
route-method exe
setenv SERVER_POLL_TIMEOUT 4
sndbuf 100000
tls-auth vpn-provider.key 1
verb 3
the line below have something wrong.
remote vpn-provider.net 53 udp

the correct is
remote vpn-provider.net
port 53
proto udp

Please change the file then test again.
If the problem still persist, please send the configuration file to me(karl@yealink.com)
The configuration file is the one you upload to phone side.
Please add the link of this forum in email, so I can know the problem detail.
I have the same problem.My phone is W52P and my vpn.cnf file is as follow

client
dev tun
remote 212.2Xx.xxx.xxx
proto udp
port 1194
float
comp-lzo adaptive
keepalive 15 60
auth-user-pass
ns-cert-type server
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key
resolv-retry infinite
nobind


Do you see any problem here. ls the paths are okeyfor W52P

One me re thing, for cert and keyfiles is below sample is ok. Ihave begin and end like below

-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANDHuqP
-----END PRIVATE KEY-----
Need help pls.
Same here i can't make openvpn work (see no request on the server site to connect).

My config:
-----
client
dev tun
remote XXX.XXX.XXX.XXX
port 1443
proto tcp
tls-remote "/C=de/L=Attenkirchen/O=eXyrium_GmbH/CN=hq.exyrium.com/emailAddress=infrastructure-admin@exyrium.com"
##############################################################
# Use this tls-remote option if you use openvpn-2.3 or later
#tls-remote "C=de, L=Attenkirchen, O=eXyrium GmbH, CN=hq.exyrium.com, emailAddress=infrastructure-admin@exyrium.com"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/user.crt
key /config/openvpn/keys/user.key
auth-user-pass
cipher AES-256-CBC
auth SHA512
comp-lzo
route-delay 4
verb 3
reneg-sec 0
-----
Hi there

I'm facing the same problem, however, first of I'd like to say that I don't think it's good anymore that users are forced to split up the remote line into remote, port and proto. The all-in-one line remote ADDR PORT PROTO has been in ovpn for years.

Any way, I can't get to upload my config either. In Linux after selecting the file, the path in the form is altered to c:\fakepath (the same happens from windows). In Linux I get a JS popup that says upload successfull and then the page gets refreshed, openvpn deactivated again.

Yealink T48G:
Firmware version: 35.81.0.110
Hardware Version: 35.1.0.2.1.0.0

My config looks like this:

Code:
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun

key-direction 1

cipher BF-CBC

ns-cert-type server
verb 5
mute 50

comp-lzo

remote REMOTE_ADDR
port 1195
proto udp

sndbuf 0
rcvbuf 0

<ca>
-----BEGIN CERTIFICATE-----
[....]
-----END CERTIFICATE-----
</ca>
<cert>
[....]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
[....]
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
[....]
-----END OpenVPN Static key V1-----
</tls-auth>

Is the problem that I have certs and key in the config itself?
Is the problem that I use a 2048bit TLS key?
Ok, I finally managed to get it to run. My problem was, that I always named it "vpn.conf" and not "vpn.cnf" in the tar ball.

Also I can confirm that TLS Auth and Inline Keys/Certs work fine.

If have attached my current config with integrated tls-auth and inline keys.

The verb level could possibly be tuned down a bit to 3.
Hi,

First of all, I'd like to thank SJ for providing a complete working config and Karl for pointing out that, contrary to Yealink documentation, the "remote" parameter needs to be split up.

The documentation on Yealink openVPN setup is so poor that it should be either completely rewritten (so that it actually matches the reality) OR removed altogether and replaced with this thread.

Adding to previous comments, I'm also sharing my working config in a hope that someone might come across it before they find the official documentation and waste time:

Code:
client
dev tun
proto udp
remote [SERVER_IP]
port [SERVER_PORT]
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
key-direction 1
cipher AES-128-CBC
auth SHA256
comp-lzo
verb 3

<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>
Reference URL's