Yealink Forums
[Solved] VPN with watchguard - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Phone specific topic (/forumdisplay.php?fid=12)
+---- Forum: T2xP Series (/forumdisplay.php?fid=21)
+---- Thread: [Solved] VPN with watchguard (/showthread.php?tid=2051)

Pages: 1 2


[Solved] VPN with watchguard - 5cservices - 07-10-2014 11:48 PM

Im attempting to connect a Yealink T20P over VPN to our watchguard.

Has anyone managed to successfully do this, or any good idea on how to do so ?


RE: VPN with wathguard - 5cservices - 07-23-2014 06:27 PM

Worked this out myself in the end.

Hopefully our experience may be of help to some others:

Create a stranded SSL-VPN user, Authenticating against Watchguard.

Depending on your Watchgaurd's Firmware go to https://<IP>/sslvpb.html and Download the Open VPN config file, Or Wathgaurd SSL VPN client if not available.


Create the bellow files & folders
/vpn.cnf
/auth.txt
/keys/ca.crt
/keys/client.crt
/keys/client.key


In auth.txt add username / password for VPN account on septate lines:
username
password


If using Open VPN conf file :
Copy / Paste certificates & key in to respective files in keys folder
Copy reaming info from .ovpn file into vpn.cnf

If using SSL vpn client:
Open client, and log into vpn, then close again.
Navigate to your user: \AppData\Roaming\WatchGuard\Mobile VPN
Replace files in keys folder with ca.crt, client.crt & client.pem files.
Rename client.pem to client.key
Copy contents of client.ovpn into vpn.conf



In vpn.cnf :

Change auth-user-pass to: auth-user-pass /yealink/config/openvpn/auth.txt

append the bellow lines:
ca /yealink/config/openvpn/keys/ca.crt
cert /yealink/config/openvpn/keys/client.crt
key /yealink/config/openvpn/keys/client.key


Add the Keys folder, vpn.cnf & auth.txt into a new .tar archive called OpenVPN
Upload archive to Phone, and active VPN.


RE: [Solved] VPN with wathguard - jits04 - 09-22-2016 04:12 PM

I'm using t23g phone. I have firebox t-10 (watchguard).

I'm using SSL vpn client so I follow your instructions.

I have loaded the .tar file successful, but log file tell me:

Sep 21 00:00:08 openvpn[539]: OpenVPN 2.2.1 arm-dspg-linux-uclibceabi [SSL] [LZO2] [EPOLL] built on Feb 2 2015
Sep 21 00:00:08 openvpn[539]: WARNING: cannot stat file '/yealink/config/openvpn/auth.txt': No such file or directory (errno=2)
Sep 21 00:00:08 openvpn[539]: Error opening 'Auth' auth file: /yealink/config/openvpn/auth.txt: No such file or directory (errno=2)
Sep 21 00:00:08 openvpn[539]: Exiting

Any idea?

William


RE: [Solved] VPN with wathguard - Kevin_Yealink - 09-23-2016 09:39 AM

Hi William

This is Kevin from Yealink support team, nice to know you.

Seems that you upload a auth.txt file into the vpn config while our phone don't support. Can you send the files to me,then i can test in my side. For more information about openvpn, you also can refe to the guide:
http://download.support.yealink.com/download?path=upload%2Fattachment%2F2015-7-12%2F3%2F2bcecc2a-1d60-4752-b8a7-23ea3b86021b%2FOpenVPN_Feature_on_Yealink_IP_Phones_V80_60.pdf

BR
Kevin


RE: [Solved] VPN with wathguard - jits04 - 09-23-2016 02:02 PM

Hi Kevin,

your colleague Klaus is already checking this problem, so if you want to try yourself ask him what kind of test he did to avoid waste of time (for save you time support).

5cservices user told to have had solved it, but it is very strange if your phone doesn't support it.

it will be wonderful to have this future working with watchguard products. I use always this as firewall

William


RE: [Solved] VPN with wathguard - jits04 - 09-26-2016 08:59 PM

Hi Kevin,

look at your faq:

http://support.yealink.com/faq/faqInfo?id=217

it is supported!

I have correct it with right folder, but same error

.... WARNING: cannot stat file '/config/openvpn/auth.txt': No such file or directory (errno=2)
.....Error opening 'Auth' auth file: /config/openvpn/auth.txt: No such file or directory (errno=2)

Bug?

Best regards

William


RE: [Solved] VPN with watchguard - meneersjon - 09-30-2016 05:10 PM

For the T27P SIP and a Firebox XTM330 it works!

Just be sure to use this syntax in the vpn.cnf file: auth-user-pass /config/openvpn/auth.txt
And in auth.txt, use account name and password both on their own line!


RE: [Solved] VPN with watchguard - jits04 - 10-05-2016 12:08 PM

Hi meneersjon,

I have open a ticket open with yealink support. I have done some tests. I have try to insert "auth-user-pass /config/openvpn/auth.txt", but it doesn't work. Would you mind to post your vpn.txt? Remove import information with XXX.

Thank you


RE: [Solved] VPN with watchguard - jits04 - 10-13-2016 03:29 PM

kevin,

This evening I'll try your test.tar file.

I'll keep you update.

Thank you very much

William


RE: [Solved] VPN with watchguard - jits04 - 10-14-2016 02:55 AM

Hi,

I moved the pwd to keys folder, otherwise the load failed, but I still receive the same error!

other suggest? Have you tried with t23g?

best regards

William