Yealink Forums

Full Version: Multiple OpenVPN connections needed
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
I need to know if Yealink has developed the ability to have more than one OpenVPN connection per phone.

We have users who have Yealink phones for business use. They are multi-line phones.

They need line #1 to go to VOIP server #1. VOIP Server #1 is behind a firewall. The only way to connect to VOIP Server #1 is by using an OpenVPN connection.

They need line #2 to go to VOIP server #2. VOIP Server #2 is behind a DIFFERENT firewall. The only way to connect to VOIP Server #2 is by using a DIFFERENT OpenVPN connection.

Without the ability to have multiple OpenVPN connections, these phones become SINGLE LINE phones.

How can we overcome that limitation?

Does Yealink have a solution?
(07-08-2013 11:54 PM)caldwell Wrote: [ -> ]I need to know if Yealink has developed the ability to have more than one OpenVPN connection per phone.

We have users who have Yealink phones for business use. They are multi-line phones.

They need line #1 to go to VOIP server #1. VOIP Server #1 is behind a firewall. The only way to connect to VOIP Server #1 is by using an OpenVPN connection.

They need line #2 to go to VOIP server #2. VOIP Server #2 is behind a DIFFERENT firewall. The only way to connect to VOIP Server #2 is by using a DIFFERENT OpenVPN connection.

Without the ability to have multiple OpenVPN connections, these phones become SINGLE LINE phones.

How can we overcome that limitation?

Does Yealink have a solution?

There is a fair amount of information on the internet relative to OPENVPN and multiple servers however it tends to be related to having access to multiple servers for redundancy purposes. I think you'd be bumping up against OPENVPN and phone limitations. Even if you get access to multiple servers by specifying them in the vpn.cnf - .opvn file the phone is still going to be served or have access to only one IP address at a time.

The type of thing you want to do is normally address via the OPENVPN servers configuration which could send packets to multiple VOIP servers behind the firewall which may be on multiple subnets.

There are few phones that do VPN and less that do OPENVPN so finding one that can operate as almost a separate phone (per line button) is a tall order.

Another solution is to essentially add a specially configured "router" or run a Pfsense - OPENVPN server at each of the locations that need to use one of the phones.

A raspberry PI for example can run OPENVPN....

Perhaps someone else will comment on an alternate solution.
Re: using a common endpoint to try and connect to multiple firewalls, the reason this is not a good solution is that User Bob may be in one state and needs to connect to two separate providers using two instances of OpenVPN. User Joe may be in another state and may need to connect to three totally different providers or VOIP servers using OpenVPN. While in a single office setting, there may be a common need to connect to the same carriers, we can't assume that about every user scattered around the globe.

For the solution, it could be a matter of simply running another INSTANCE of OpenVPN with its own configuration file pointing to VPN server #2.

All that requires is adding it to the firmware. It could run on a separate port if needed.

Yealink response on that idea?
Hi Caldwell,
Sorry, currently Yealink phone don't support Multiple OpenVPN connections.
Which phone are you using? In our T2X V71 firmware, the phone can support Server Redundancy feature.
------------------
Server redundancy is often required in VoIP deployments to ensure continuity of phone service, for events where the server needs to be taken offline for maintenance, the server fails, or the connection between the IP phone and the server fails.
------------------
Hope this is helpful for you.
Thanks.
(07-09-2013 11:30 AM)Yealink Support Wrote: [ -> ]Hi Caldwell,
Sorry, currently Yealink phone don't support Multiple OpenVPN connections.
Which phone are you using? In our T2X V71 firmware, the phone can support Server Redundancy feature.
------------------
Server redundancy is often required in VoIP deployments to ensure continuity of phone service, for events where the server needs to be taken offline for maintenance, the server fails, or the connection between the IP phone and the server fails.
------------------

How hard would it be to add this functionality?

Server redundancy is nice for those who need it, but the inability to actually use a multi-line phone for multiple VOIP providers who require a VPN connection limits the phones to being single line.

What would it take to at least support 2 or 3 instances of OpenVPN so that users could at least have 2 or 3 VPN-secured VOIP connections to different providers or different servers?
Hi Caldwell,
If you want to have this feature, please contact local distributor, then they will talk with Yealink about this new request for you. And they also have higher priority than Forum.
Thanks.
I'd vote for this feature too.

I don't actually need to have two vpns active but even with one vpn active it appears that using the other accounts that don't need the vpn wont work.

As soon as I activate the vpn I get no audio on the other accounts that don't need the vpn. So it seems that its either all accounts via vpn or none.
(07-26-2013 03:08 PM)davidywilson Wrote: [ -> ]I'd vote for this feature too.

I don't actually need to have two vpns active but even with one vpn active it appears that using the other accounts that don't need the vpn wont work.

As soon as I activate the vpn I get no audio on the other accounts that don't need the vpn. So it seems that its either all accounts via vpn or none.

Hi Davidywilson,
It seems that your VPN server didn't configure client-to-client, could you check for this?
Suggestion purchase a Microtik RB750, flash it with openwrt and load openvpn and use that as your gateway to connect to multiple VPNS...

Thanks
(08-01-2013 10:38 AM)Yealink Support Wrote: [ -> ]
(07-26-2013 03:08 PM)davidywilson Wrote: [ -> ]I'd vote for this feature too.

I don't actually need to have two vpns active but even with one vpn active it appears that using the other accounts that don't need the vpn wont work.

As soon as I activate the vpn I get no audio on the other accounts that don't need the vpn. So it seems that its either all accounts via vpn or none.

Hi Davidywilson,
It seems that your VPN server didn't configure client-to-client, could you check for this?

I have similar problem.
I use Yealink SIP-T32G fw ver 32.70.0.130
The first line of my phone connected to our internal office IP PBX (asterisk on 192.168.182.0/24 network), the phone internal IP is 192.168.182.192
The second line of my phone connected to remote IP PBX over the OpenVPN. The second line works just fine!
How ever the first line has the same "no audio" problem.
CLI [sip show peer] for this line looks like this -

Quote: * Name : 200
Secret : <Set>
MD5Secret : <Not set>
Remote Secret: <Not set>
Context : from-internal
Subscr.Cont. : <Not set>
Language :
AMA flags : Unknown
Transfer mode: open
CallingPres : Presentation Allowed, Not Screened
Callgroup : 10
Pickupgroup : 10
MOH Suggest :
Mailbox : 200@default
VM Extension : *97
LastMsgsSent : 32767/65535
Call limit : 2147483647
Max forwards : 0
Dynamic : Yes
Callerid : "200" <200>
MaxCallBR : 384 kbps
Expire : 3593
Insecure : port,invite
Force rport : Yes
ACL : Yes
DirectMedACL : No
T.38 support : Yes
T.38 EC mode : FEC
T.38 MaxDtgrm: -1
DirectMedia : Yes
PromiscRedir : No
User=Phone : No
Video Support: No
Text Support : Yes
Ign SDP ver : No
Trust RPID : Yes
Send RPID : Yes
Subscriptions: Yes
Overlap dial : Yes
DTMFmode : rfc2833
Timer T1 : 500
Timer B : 32000
ToHost : 192.168.182.192
Addr->IP : 192.168.182.192:14926
Defaddr->IP : (null)
Prim.Transp. : TLS
Allowed.Trsp : TLS
Def. Username: 200
SIP Options : (none)
Codecs : 0x191f (g723|gsm|ulaw|alaw|g726|g729|g726aal2|g722)
Codec Order : (ulaw:20,alaw:20,gsm:20,g722:20,g723:30,g726:20,g729:20,g726aal2:20)
Auto-Framing : No
Status : OK (35 ms)
Useragent : Yealink SIP-T32G 32.70.0.130
Reg. Contact : sip:200@10.8.3.197:14926;transport=TLS
Qualify Freq : 60000 ms
Sess-Timers : Accept
Sess-Refresh : uas
Sess-Expires : 1800 secs
Min-Sess : 90 secs
RTP Engine : asterisk
Parkinglot :
Use Reason : No
Encryption : Yes

Obviously, the error is here - Reg. Contact : sip:200@10.8.3.197:14926;transport=TLS

the ip address of 10.8.3.197 is incorrect, it is belong to the tun interface;
as a result all RTP traffic from PBX to my phone looks like this

Quote:sip*CLI> rtp set debug ip 10.8.3.197
RTP Debugging Enabled for address: 10.8.3.197:0
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
-- Executing [*97@from-internal:1] Answer("SIP/200-0000247c", "") in new stack
-- Executing [*97@from-internal:2] Wait("SIP/200-0000247c", "1") in new stack
Sent RTP packet to 10.8.3.197:11782 (type 00, seq 035451, ts 000160, len 000170)
Sent RTP packet to 10.8.3.197:11782 (type 00, seq 035452, ts 000320, len 000170)

RTP packets are not reaching my phone, because PBX does not know anything about 10.8.3.197 ip address.
The quick solution I use is adding this route on PBX server.
Quote: Destination Gateway Netmask Interface
10.8.3.197 192.168.182.192 255.255.255.255 eth0
How ever, this is very inconvenient, because if ip addresses change, I will have to add new route on the server box!

Any other solution from Yealink???
Pages: 1 2
Reference URL's