Yealink Forums
SIP-T32G OpenVPN Missing? - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Configuration (/forumdisplay.php?fid=24)
+--- Thread: SIP-T32G OpenVPN Missing? (/showthread.php?tid=1613)



SIP-T32G OpenVPN Missing? - raggamofin - 04-19-2014 04:37 AM

I currently have an OpenVPN server working using Snom SIP phones. I am trying to configure my first Yealink phone (T32G), but I'm not having much luck.

I increased the log level to 6 and exported the log, however I do not see any OpenVPN errors. The log file does not have OpenVPN in the process list which makes me wonder if the OpenVPN service is running on the T32G.

Any ideas as to what I may be missing?


openvpn.tar
\vpn.cnf
\keys\ca.crt
\keys\vpn.crt
\keys\vpn.key

[vpn.cnf]
client
dev tun
proto udp
remote X.X.X.X 61010
remote-random
resolv-retry infinite
auth-retry nointeract
nobind
tun-mtu 1500
fragment 1300
mssfix
persist-key
persist-tun
ca /phone/config/openvpn/keys/ca.crt
cert /phone/config/openvpn/keys/client.crt
key /phone/config/openvpn/keys/client.key
ns-cert-type server
verb 5


RE: SIP-T32G OpenVPN Missing? - Yealink Support - 04-19-2014 09:39 AM

1. Do you upload to T32G successful?
2. Can you share your server.conf or server.ovpn for me that i can debug?
3. Do you use the certificate using SHA1 or MD5 (encryption algorithm)?


RE: SIP-T32G OpenVPN Missing? - raggamofin - 04-22-2014 11:22 PM

1. Yes, I uploaded the client configuration and then vpn to active. I also confirmed that vpn was set to active on the phone itself.

2. I am using OpenVPN on Vyatta. Here's the config from there...

openvpn vtun0 {
local-port 61010
mode server
openvpn-option "--tun-mtu 1500 --fragment 1300 --mssfix" [this line was put in for the Snom phones]
protocol udp
server {
push-route 192.168.0.0/16
push-route 10.0.0.0/8
push-route 172.16.0.0/12
subnet 172.17.21.0/24
}
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/mymachine.domain.com.crt
crl-file /config/auth/crl-v2.pem
dh-file /config/auth/dh1024.pem
key-file /config/auth/mymaching.domain.com.key


3. SHA1


RE: SIP-T32G OpenVPN Missing? - Yealink Support - 04-23-2014 08:47 PM

Please use "/config/openvpn/keys/ " but not "/config/auth/".


RE: SIP-T32G OpenVPN Missing? - raggamofin - 04-24-2014 12:03 AM

The /config/auth/ is in the server configuration and is relative to the server and not the client.

Is there something else I could try?

(04-23-2014 08:47 PM)Yealink Support Wrote:  Please use "/config/openvpn/keys/ " but not "/config/auth/".



RE: SIP-T32G OpenVPN Missing? - Yealink Support - 04-24-2014 07:54 PM

\keys\ca.crt
\keys\vpn.crt
\keys\vpn.key

Red color should be the same .
ca /phone/config/openvpn/keys/ca.crt
cert /phone/config/openvpn/keys/client.crt
key /phone/config/openvpn/keys/client.key


RE: SIP-T32G OpenVPN Missing? - raggamofin - 04-24-2014 10:47 PM

Ah!!!!! Sorry. I completely missed that! Let me fix that and let you know what happens.


RE: SIP-T32G OpenVPN Missing? - gdewey - 07-11-2014 05:27 AM

I configured several T48G and now I got some new T32G

using the cert path /phone/config/openvpn/keys/

but when I do the upload the file wont be taken. it shows as if nothing happened. name of files are fine and all certs also..

client.tar
\vpn.cnf
\keys\ca.crt
\keys\client.crt
\keys\client.key
\keys\ta.key

any ideas ? I followed about 20 times the same procedure with other model .. took me some time to get the right configs but it just wont work on this model


RE: SIP-T32G OpenVPN Missing? - pasha - 01-12-2015 05:41 PM

I'm having some issues getting openvpn going on my t32 as well. I know that openvpn (or any vpn software for that matter) is quite dependant on system time / date, I would make sure that on your end that is set correctly. In my case for some reason ntp was not working even though I set it to multiple free ntp servers, it sets it to march of 2013, I have a feeling as soon as I resolve this issue vpn will start functioning. As a test I tested the client config on my ubuntu laptop and was successfully able to make the vpn tunnel as well as login to the pbx through it, so it is likely the date. I thought I'd mention that as the date is quite easy to overlook.

Hope it helps someone.