+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Phone specific topic (/forumdisplay.php?fid=12)
+---- Forum: T2xP Series (/forumdisplay.php?fid=21)
+---- Thread: Openvpn question (/showthread.php?tid=11854)
Openvpn question - kronos911gr - 12-19-2015 01:28 AM
Hello to all. I have setup an openvpn 2.3.9 server successfully. I have read the openvpn pdf and understand how to create the tar file. Before I upload it to a test phone I would like to clear up some questions I have. My T2x phones are running the 73.0.50 firmware version. I am using easyrsa 3 to generate the key pairs.
My questions are the following.
- Do the phones support the aes-128-cbc cipher or do I have to use the bf-cbc one.
- Do the phones support Cryptographic digest mb5 or do I have to change it to sha1, sha256. (easyrsa option set_var EASYRSA_DIGEST)
- Do the phones support tls-auth (I didn’t see it in the pdf example?)
- Do the phones support comp-lzo. In the server config it is enabled but in the client it is set to no.
- Can the phones connect to a vpn server that has topology set to subnet?
- What openvpn client version do the phones have loaded?
Thank you
RE: Openvpn question - Yealink_Michael - 12-19-2015 06:07 AM
hi
thanks for your information and here are the answer for you
1. need to check with our R&D and will reply soon
2. for the present ,T2x with x.73.0.50 can only support sha1 and md5, but not sha256
3. yes,
4. yes
5. please describe the network topology more clear
6. phone need to upload the .tar file , no version is need, you can find a sample attached
TKS & BR
Michael
RE: Openvpn question - Yealink_Michael - 12-19-2015 06:08 AM
(12-19-2015 06:07 AM)Yealink_Michael Wrote: hi
thanks for your information and here are the answer for you
1. need to check with our R&D and will reply soon
2. for the present ,T2x with x.73.0.50 can only support sha1 and md5, but not sha256
3. yes,
4. yes
5. please describe the network topology more clear
6. phone need to upload the .tar file , no version is need, you can find a sample attached
TKS & BR
Michael
RE: Openvpn question - kronos911gr - 12-19-2015 06:41 PM
(12-19-2015 06:07 AM)Yealink_Michael Wrote: hi
thanks for your information and here are the answer for you
1. need to check with our R&D and will reply soon
2. for the present ,T2x with x.73.0.50 can only support sha1 and md5, but not sha256
3. yes,
4. yes
5. please describe the network topology more clear
6. phone need to upload the .tar file , no version is need, you can find a sample attached
TKS & BR
Michael
Thank you for your response.
The openvpn topology subnet is explained, along with the other two supported openvpn topologies, at the following link.
RE: Openvpn question - mkeuter - 12-20-2015 01:26 AM
@kronos911gr:
The "aes-128-cbc" cipher is definitely supported, as I use it for quite a while. I also use the OpenVPN "subnet" topology successfully.
@Yealink:
Interesting would be which phones support the SHA-256 Signature Algorithm in OpenVPN certifcates?
Also for SIP/TLS and HTTPS provisioning?
Is that hardware related or will it be supported in future firmwares (especially for the W52P).
RE: Openvpn question - kronos911gr - 12-20-2015 05:42 AM
(12-20-2015 01:26 AM)mkeuter Wrote: @kronos911gr:
The "aes-128-cbc" cipher is definitely supported, as I use it for quite a while. I also use the OpenVPN "subnet" topology successfully.
Interesting would be which phones support the SHA-256 Signature Algorithm in OpenVPN certifcates?
Also for SIP/TLS and HTTPS provisioning?
Is that hardware related or will it be supported in future firmwares (especially for the W52P).
Thank you for the information. Better safe than trying to unbrick a phone stuck in the init screen.
RE: Openvpn question - Yealink_Michael - 12-23-2015 02:54 PM
hi all
1. aes-128-cbc cipher is supported
2. new models with V80 version can support sha256 like T41 T42 T46 T48
Michael
RE: Openvpn question - kronos911gr - 12-30-2015 10:43 AM
Hello
While testing my setup I noticed the following.
Phone in DHCP Client mode.
VPN active and configured
Phone gets stuck on main screen with the Obtaining IP address.
If I disable VPN the phone boots up normally and get an IP.
With static ip and vpn phone boots up normally and logs in to vpn.
Is this normal or am I doing something wrong?
Test phone is a t26 with 73.0.50 firmware.
RE: Openvpn question - mkeuter - 12-30-2015 06:53 PM
@kronos911gr
It definitely works with DHCP, all my VPN phones are configured with DHCP.
Maybe an issue with your DHCP server or an IP-address "reservation".
If you have the possibility, try to use "dhcpdump" (under Linux):
http://www.mavetju.org/unix/dhcpdump-man.php