+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Configuration (/forumdisplay.php?fid=24)
+--- Thread: openvpn w52p setup (/showthread.php?tid=11692)
openvpn w52p setup - rafael - 12-09-2015 01:22 PM
Hello trying to setup openvpn on the phone.
please help me may be i forget something
model w52p
Firmware Version 25.73.0.40
Hardware Version 25.1.0.0.0.0.0
openvpn.tar
--keys
----ca.crt
----oneclient.crt
----oneclient.key
----oneclient.scr
----ta.key
--vpn.cnf
client
remote IP.IP.IP.IP 1194
port 1194
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
tls-auth /config/openvpn/keys/ta.key 1
ca /config/openvpn/keys/ca.crt
key /config/openvpn/keys/oneclient.key
cert /config/openvpn/keys/oneclient.crt
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 3
mute 10
RE: openvpn w52p setup - Yealink_Michael - 12-09-2015 05:17 PM
hi
would you please try to modify /config/openvpn/keys/ta.key 1 to /config/openvpn/keys/ta.key and test again
then please check if the signature of the certificate is md5 or sha1?
W52P doesn't support SHA256, it should use SHA1 or MD5, please chaange it and then recreate the keys, you can change it in "openssl.cnf" file , change sentence :
"default_md = sha256"
change to :
"default_md = md5"
"openssl.cnf" file in windows: Open VPN --- easy-rsa --- the file begin with openssl, it may be openssl-1.1.1.cnf or some like this
"openssl.cnf" file in linux: easy-rsa or the subdirectories under it ,also begin with openssl
I have uploaded a sample Openvpn file(Openvpn_sample.tar) for your reference, please follow this format to create the .tar file.
Thank you!
Best Regards,
Michael
RE: openvpn w52p setup - mkeuter - 12-15-2015 05:51 AM
@Yealink_Michael:
is that limitation to SHA1 and MD5 hardware related or is it possible to support SHA256 in future firmwares of the W52P?
Would that also affect SIP/TLS certificates?
Next year many internet services will switch to SHA256 and deprecate SHA1.
RE: openvpn w52p setup - mkeuter - 12-16-2015 11:53 PM
@Yealink_Michael:
Here is more information about the SHA-1 deprecation :
https://blog.cloudflare.com/sha-1-deprecation-no-browser-left-behind/
Would auto-provisioning via https still work with SHA-256 certificates with the W52P?
Do other Yealink models (firmwares) also have this limitation to SHA1 and MD5?
RE: openvpn w52p setup - indicato - 08-10-2017 02:03 PM
Install the firmware for the w56p base station (compatible with the w52p base station) it is fixed there:
http://support.yealink.com/documentFront/forwardToDocumentDetailPage?documentId=110