Yealink Forums
Yealink T22 Openvpn - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Phone specific topic (/forumdisplay.php?fid=12)
+--- Thread: Yealink T22 Openvpn (/showthread.php?tid=2644)



Yealink T22 Openvpn - mali - 10-28-2014 04:04 AM

Hi,

We have T22 T42 and T46

I have successful setup openvpn on T42 and T46 witj no problem at all

But with the t22 it is driving me crazy, I have the firmware 7.72.0.80 on the phone

and reading the OpenVPN_Feature_on_Yealink_IP_Phones on the yealink site it say that: "SIP-T2xP and SIP-T3xG IP phones with the latest V71 firmware (or later) are
compatible with above information. We recommend you to use the unified
“/config/openvpn/keys/”."

So here is my config file:

client
dev tun
proto udp
remote 200.6.xxx.xxx 1194
remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
cipher AES-128-CBC
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key ca.crt
ns-cert-type server
comp-lzo
verb 3

but the vpn don't want to come up, when I check the error log on the phone it show this:

Oct 27 00:00:19 openvpn[409]: Cannot load certificate file /yealink/config/openvpn/keys/client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use

I also try the /yealink/config/openvpn/keys/ but with no luck


RE: Yealink T22 Openvpn - James_Yealink - 10-28-2014 03:21 PM

Hi Mail,

Do you mean that a same tar file can't work in T22 but work in T42 and T46?

Can you reset the phone and check again?
If it still doesn't work would you mind sending the tar file to us for a local test? We will delete it as soon as we finish the test.
You can send it to my mail James@yealink.com.

Regards,
James


RE: Yealink T22 Openvpn - mali - 10-31-2014 04:08 AM

exactly, it work fine in t42 and t46, but when I can the file fot the ca to fit the one for t22 ass describe on your site: “/config/openvpn/keys/”."
is not working


(10-28-2014 03:21 PM)Yealink_James Wrote:  Hi Mail,

Do you mean that a same tar file can't work in T22 but work in T42 and T46?

Can you reset the phone and check again?
If it still doesn't work would you mind sending the tar file to us for a local test? We will delete it as soon as we finish the test.
You can send it to my mail James@yealink.com.

Regards,
James



RE: Yealink T22 Openvpn - dgoiko - 03-25-2015 06:06 PM

Working config:
Quote:# Specify that this is a client configuration:
client
# Check whether the server is using a TUN or TAP interface, use the same here:
dev tun
# Check whether the server is using TCP or UDP protocol, use the same here:
proto tcp
# Specify the host name and OpenVPN port of the server:
remote not-your-business 0000
# Specify the file names of your certificates and key - these should not need changing.
# The path names must be exactly as detailed below:
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/telefonoAlfaro1.crt
key /config/openvpn/keys/telefonoAlfaro1.key
#
# NOTE: For Yealink-T2X phone with old firmware,add the initial /yealink directory , like this:
#
# ca /config/openvpn/keys/ca.crt
# cert /config/openvpn/keys/client1.crt
# key /config/openvpn/keys/client1.key
# The rest of these settings should be unchanged:
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 3
mute 10

Also remember to put the certs inside a /key folder within the tar.

I found what looks like a mistake in your config file:
Quote:key /config/openvpn/keys/client.key ca.crt
Shouldn't it be:
Quote:key /config/openvpn/keys/client.key

By the way, your phone says "Cannot load certificate file /yealink/config/openvpn/keys/client.crt" which does not match the provided configuration. Is it possible that you had a previous configuration and it did not flush? Or maybe the error corresponds to your later tries?
Anyway, if your config is not flushing, in order to upload a new file you must do the following steps, in that exact order:

1.- Disable VPN on your phone.
It will reboot afterwards, if not, make it.
2.- Upload the new .tar file
Apply changes.
3.- Enable the VPN
. The phone is suposed to reboot on its own

If everything is OK in the config you should be able to connect.

PS: I just noticed this post is 5 months old, so this will probable have no use after all. Anyways, It may help someone else solve the same problem, considering mali didn't post the answer he found.