Yealink Forums
T32G OpenVPN configuration - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Configuration (/forumdisplay.php?fid=24)
+--- Thread: T32G OpenVPN configuration (/showthread.php?tid=4221)



T32G OpenVPN configuration - GiHe - 08-06-2015 03:06 AM

Like others, I am having a hard time trying to get OpenVPN working and do not see any logging or confirmation in the "ps" output from the phone's syslog. My tar upload succeeds and contains vpn.cnf (and a keys directory with ca.crt, client.crt, and client.key) with the following content (except for the IP address which is anonymized below):

Code:
client
cipher AES-256-CBC
auth SHA256
remote aaa.bbb.ccc.ddd 1194
float
ns-cert-type server
proto udp
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
verb 5
mute 9
ca /config/openvpn/keys/ca.crt
key /config/openvpn/keys/client.key
cert /config/openvpn/keys/client.crt

These same files work on my laptop (with the "keys" paths changed) using a server with the following configuration:

Code:
server 10.0.0.0 255.255.0.0
dev tun
keepalive 10 120
proto udp
cipher AES-256-CBC
auth SHA256
persist-key
persist-tun

log server.log
status status.log
verb 4
mute 9

ifconfig-pool-persist ipp.txt

ca ca.crt
dh dh.pem
cert server.crt
key server.key

Does the OpenVPN implementation on the phone have limits regarding key sizes, etc. which I need to consider? Is there any way to get visibility into what the phone does not like about the configuration?

Please help!


RE: T32G OpenVPN configuration - Yealink_Michael - 08-06-2015 05:20 AM

(08-06-2015 03:06 AM)GiHe Wrote:  Like others, I am having a hard time trying to get OpenVPN working and do not see any logging or confirmation in the "ps" output from the phone's syslog. My tar upload succeeds and contains vpn.cnf (and a keys directory with ca.crt, client.crt, and client.key) with the following content (except for the IP address which is anonymized below):

Code:
client
cipher AES-256-CBC
auth SHA256
remote aaa.bbb.ccc.ddd 1194
float
ns-cert-type server
proto udp
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
verb 5
mute 9
ca /config/openvpn/keys/ca.crt
key /config/openvpn/keys/client.key
cert /config/openvpn/keys/client.crt

These same files work on my laptop (with the "keys" paths changed) using a server with the following configuration:

Code:
server 10.0.0.0 255.255.0.0
dev tun
keepalive 10 120
proto udp
cipher AES-256-CBC
auth SHA256
persist-key
persist-tun

log server.log
status status.log
verb 4
mute 9

ifconfig-pool-persist ipp.txt

ca ca.crt
dh dh.pem
cert server.crt
key server.key

Does the OpenVPN implementation on the phone have limits regarding key sizes, etc. which I need to consider? Is there any way to get visibility into what the phone does not like about the configuration?

Please help!


hi

thanks for your information

for the VPN issue, please check that the signature algorithm of your keys are SHA256 or not?

if yes, i am sorry that T32 doesn't support this, it should use SHA1 or MD5, please chaange it and then recreate the keys, you can change it in "openssl.cnf" file , change sentence :

"default_md = sha256"
change to :
"default_md = md5"

"openssl.cnf" file in windows: Open VPN --- easy-rsa --- the file begin with openssl, it may be openssl-1.1.1.cnf or some like this

"openssl.cnf" file in linux: easy-rsa or the subdirectories under it ,also begin with openssl


I have uploaded a sample Openvpn file(Openvpn_sample.tar) for your reference, please follow this format to create the .tar file.


Thank you!
Michael