[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Yealink SIP-T22P OpenVPN issue
Author Message
mahan77 Offline
Junior Member
**

Posts: 11
Joined: Mar 2014
Reputation: 0
Post: #1
Yealink SIP-T22P OpenVPN issue
Hello every one,

Need help please; I’m trying to connect Yealink SIP-T22P over OpenVPN with asterisk. No luck at all. I have enabled VPN option and upload the file. If I use softphone over OpenVPN from mac it’s working fine. How can I solve this issue?

Many thanks
sathees

vpn.cnf

client
dev tap
proto udp
remote 192.168.1.100 1194 udp
ca /yealink/config/openvpn/keys/ca.crt
cert /yealink/config/openvpn/keys/client-yealink.crt
key /yealink/config/openvpn/keys/client-yealink.key
resolv-retry infinite
nobind
persist-key
persist-tun mute-replay-warnings ns-cert-type server comp-lzo
verb 3
mute 10


server.conf

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
03-10-2014 09:22 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,683
Joined: Dec 2012
Reputation: 25
Post: #2
RE: Yealink SIP-T22P OpenVPN issue
Hi Please make sure "dev " is the same both in vpn.cnf and server.conf.
Do you want to use tun or tap?
03-11-2014 09:56 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
mahan77 Offline
Junior Member
**

Posts: 11
Joined: Mar 2014
Reputation: 0
Post: #3
RE: Yealink SIP-T22P OpenVPN issue
thank you.
the problem was easy-rsa
03-26-2014 11:23 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
mahan77 Offline
Junior Member
**

Posts: 11
Joined: Mar 2014
Reputation: 0
Post: #4
RE: Yealink SIP-T22P OpenVPN issue
Hello again,

I managed to solve the connection issue. After I upload the configuration file and reboot the device, I can’t access web page for setting. How can I solve this issue?
Many thanks
sathees

These are the logs from openvpn.log

Wed Mar 26 12:06:47 2014 192.168.1.74:1026 TLS: Initial packet from [AF_INET]192.168.1.74:1026, sid=be8c5adc 714c7286
Wed Mar 26 12:06:58 2014 192.168.1.74:1026 TLS: new session incoming connection from [AF_INET]192.168.1.74:1026
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=client, name=changeme, emailAddress=mail@host.domain
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 TLS: tls_multi_process: untrusted session promoted to semi-trusted
Wed Mar 26 12:07:01 2014 192.168.1.74:1026 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Mar 26 12:07:01 2014 192.168.1.74:1026 [client] Peer Connection Initiated with [AF_INET]192.168.1.74:1026
Wed Mar 26 12:07:01 2014 client/192.168.1.74:1026 MULTI_sva: pool returned IPv4=10.8.0.10, IPv6=(Not enabled)
Wed Mar 26 12:07:01 2014 client/192.168.1.74:1026 MULTI: Learn: 10.8.0.10 -> client/192.168.1.74:1026
Wed Mar 26 12:07:01 2014 client/192.168.1.74:1026 MULTI: primary virtual IP for client/192.168.1.74:1026: 10.8.0.10
Wed Mar 26 12:07:03 2014 client/192.168.1.74:1026 PUSH: Received control message: 'PUSH_REQUEST'
Wed Mar 26 12:07:03 2014 client/192.168.1.74:1026 send_push_reply(): safe_cap=940
Wed Mar 26 12:07:03 2014 client/192.168.1.74:1026 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.0.0.0 255.0.0.0,route 172.16.1.0 255.240.0.0,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' (status=1)
Wed Mar 26 12:11:03 2014 client/192.168.1.74:1026 [client] Inactivity timeout (--ping-restart), restarting
Wed Mar 26 12:11:03 2014 client/192.168.1.74:1026 SIGUSR1[soft,ping-restart] received, client-instance restarting


This is from the phone log
Mar 26 11:58:57 IPP[303]: IPP <4+warnin>137.470.293:unkown msg,00002006,00000000,00000000
Mar 26 11:58:57 IPP[303]: IPP <4+warnin>137.476.372:unkown msg,00002007,00000000,00000000
Mar 26 11:58:58 AUTP[342]: AUTP<3+error > network isn't complete, sleep 1s!
Mar 26 11:58:59 LIBD[342]: DANY<0+emerg > DANY=3
Mar 26 11:58:59 IPP[303]: IPP <4+warnin>139.347.641:unkown msg,000b0007,ffffffff,00000000
Mar 26 11:59:36 Log [365]: WEB <3+error > NOTE : readlan=[English]
Mar 26 11:59:36 Log [365]: WEB <3+error > NOTE : baklan=[1.English]
Mar 26 11:59:36 Log [365]: WEB <3+error > NOTE : lan=[1.English]
Mar 26 11:59:36 Log [396]: WEB <3+error > NOTE : readlan=[English]
Mar 26 11:59:36 Log [396]: WEB <3+error > NOTE : baklan=[1.English]
Mar 26 11:59:36 Log [396]: WEB <3+error > NOTE : lan=[1.English]
Mar 26 11:59:42 Log [365]: WEB <3+error > NOTE : readlan=[English]
Mar 26 11:59:42 Log [365]: WEB <3+error > NOTE : baklan=[1.English]
Mar 26 11:59:42 Log [365]: WEB <3+error > NOTE : lan=[1.English]
Mar 26 11:59:52 Log [396]: WEB <3+error > NOTE : readlan=[English]
Mar 26 11:59:52 Log [396]: WEB <3+error > NOTE : baklan=[1.English]
Mar 26 11:59:52 Log [396]: WEB <3+error > NOTE : lan=[1.English]
Mar 26 11:59:57 Log [365]: WEB <3+error > NOTE : readlan=[English]
Mar 26 11:59:57 Log [365]: WEB <3+error > NOTE : baklan=[1.English]
Mar 26 11:59:57 Log [365]: WEB <3+error > NOTE : lan=[1.English]
Mar 26 11:59:58 Log [396]: WEB <3+error > NOTE : readlan=[English]
Mar 26 11:59:58 Log [396]: WEB <3+error > NOTE : baklan=[1.English]
Mar 26 11:59:58 Log [396]: WEB <3+error > NOTE : lan=[1.English]
03-26-2014 08:22 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,683
Joined: Dec 2012
Reputation: 25
Post: #5
RE: Yealink SIP-T22P OpenVPN issue
1. Do you test to enter the webpage later? Can't you enter the webpage for ever?
2. Do you test in other browser?
3. Hi Please make sure "dev " is the same both in vpn.cnf and server.conf. TUN or TAP?
03-27-2014 05:07 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
siny Offline
Junior Member
**

Posts: 11
Joined: May 2014
Reputation: 0
Post: #6
RE: Yealink SIP-T22P OpenVPN issue
(03-26-2014 11:23 AM)mahan77 Wrote:  thank you.
the problem was easy-rsa

Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin
05-23-2014 04:18 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
mahan77 Offline
Junior Member
**

Posts: 11
Joined: Mar 2014
Reputation: 0
Post: #7
RE: Yealink SIP-T22P OpenVPN issue
(05-23-2014 04:18 PM)siny Wrote:  
(03-26-2014 11:23 AM)mahan77 Wrote:  thank you.
the problem was easy-rsa

Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin

Sorry for late replay I was busy with work.

You need public key MD5 for the Yealink phone. Latest easy-rsa uses deferent alga rhythm called sha256. I didn’t know to change back to MD5. Best way to do this use easy-rsa 2.2.0. Use openssl-1.0.0.cnf on your vars file, every think will be ok.

Many thanks
05-27-2014 12:20 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
siny Offline
Junior Member
**

Posts: 11
Joined: May 2014
Reputation: 0
Post: #8
RE: Yealink SIP-T22P OpenVPN issue
(05-27-2014 12:20 AM)mahan77 Wrote:  
(05-23-2014 04:18 PM)siny Wrote:  
(03-26-2014 11:23 AM)mahan77 Wrote:  thank you.
the problem was easy-rsa

Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin

Sorry for late replay I was busy with work.

You need public key MD5 for the Yealink phone. Latest easy-rsa uses deferent alga rhythm called sha256. I didn’t know to change back to MD5. Best way to do this use easy-rsa 2.2.0. Use openssl-1.0.0.cnf on your vars file, every think will be ok.

Many thanks

Thank you for your reply, but...

Actualy, I am using easy-rsa 2.0-rc1 (all of the other 20+ keys are made by it so I did not want to change).
in "openssl.cnf" there is this line:
default_md = md5
so I suppose that should be OK, right?

(just to compare, I have downloaded easy-rsa 2.2.2, and there it says "sha256")

It seems I shall wait for the webinar on Wednesday, maybe there will pop up something new: http://forum.yealink.com/forum/showthrea...ht=openvpn


Best regards,
Sinisa Bandin
05-27-2014 03:51 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
mahan77 Offline
Junior Member
**

Posts: 11
Joined: Mar 2014
Reputation: 0
Post: #9
RE: Yealink SIP-T22P OpenVPN issue
(05-27-2014 03:51 AM)siny Wrote:  
(05-27-2014 12:20 AM)mahan77 Wrote:  
(05-23-2014 04:18 PM)siny Wrote:  
(03-26-2014 11:23 AM)mahan77 Wrote:  thank you.
the problem was easy-rsa

Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin

Sorry for late replay I was busy with work.

You need public key MD5 for the Yealink phone. Latest easy-rsa uses deferent alga rhythm called sha256. I didn’t know to change back to MD5. Best way to do this use easy-rsa 2.2.0. Use openssl-1.0.0.cnf on your vars file, every think will be ok.

Many thanks

Thank you for your reply, but...

Actualy, I am using easy-rsa 2.0-rc1 (all of the other 20+ keys are made by it so I did not want to change).
in "openssl.cnf" there is this line:
default_md = md5
so I suppose that should be OK, right?

(just to compare, I have downloaded easy-rsa 2.2.2, and there it says "sha256")

It seems I shall wait for the webinar on Wednesday, maybe there will pop up something new: http://forum.yealink.com/forum/showthrea...ht=openvpn


Best regards,
Sinisa Bandin


Yes! it should be ok. Long as you have this default_md = md5 line in your .cnf it will work.

Many Thanks
Sathees
05-27-2014 03:56 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
siny Offline
Junior Member
**

Posts: 11
Joined: May 2014
Reputation: 0
Post: #10
RE: Yealink SIP-T22P OpenVPN issue
(05-27-2014 03:56 PM)mahan77 Wrote:  
(05-27-2014 03:51 AM)siny Wrote:  
(05-27-2014 12:20 AM)mahan77 Wrote:  
(05-23-2014 04:18 PM)siny Wrote:  
(03-26-2014 11:23 AM)mahan77 Wrote:  thank you.
the problem was easy-rsa

Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin

Sorry for late replay I was busy with work.

You need public key MD5 for the Yealink phone. Latest easy-rsa uses deferent alga rhythm called sha256. I didn’t know to change back to MD5. Best way to do this use easy-rsa 2.2.0. Use openssl-1.0.0.cnf on your vars file, every think will be ok.

Many thanks

Thank you for your reply, but...

Actualy, I am using easy-rsa 2.0-rc1 (all of the other 20+ keys are made by it so I did not want to change).
in "openssl.cnf" there is this line:
default_md = md5
so I suppose that should be OK, right?

(just to compare, I have downloaded easy-rsa 2.2.2, and there it says "sha256")

It seems I shall wait for the webinar on Wednesday, maybe there will pop up something new: http://forum.yealink.com/forum/showthrea...ht=openvpn


Best regards,
Sinisa Bandin


Yes! it should be ok. Long as you have this default_md = md5 line in your .cnf it will work.

Many Thanks
Sathees


Well, it is not OK Sad

I create .tar file, as instructed in docs, go to Network -> Advanced menu, Browse file, Upload it, get the message "Upload success!", then Enable the VPN and when I click Confirm, message says "Please upload VPN config file first!".

I have other clients working with same certificates, using Linux, Android, Mikrotik routers and Windows.


Best regards,
Sinisa Bandin
05-27-2014 04:47 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Yealink T48S URL Line Key jogi29 1 1,023 06-10-2024 08:12 PM
Last Post: jogi29
  Yealink T28 setup audible ring on 2nd incoming call JeffWilkinson 20 95,814 10-18-2023 12:59 PM
Last Post: sles
  keypad sequence for Forward & DND with Yealink W70B Base kargah 0 2,142 04-18-2023 10:07 PM
Last Post: kargah
  Yealink T27P -Incoming call issue rsarceno 0 1,931 01-25-2023 08:54 AM
Last Post: rsarceno
  Yealink T19 can not automatically hangup inbound calls giaopc94 0 2,408 08-01-2022 09:28 AM
Last Post: giaopc94
Question 3CX / Yealink passthrough VLAN issue (when phone is rebooted) maindriver 4 13,880 03-24-2022 10:25 PM
Last Post: maindriver
  Passing only LDAP traffic through OPENVPN Commensus 0 2,759 02-23-2022 09:47 PM
Last Post: Commensus
  Configuring OPENVPN with Yealink Commensus 0 3,253 02-23-2022 09:45 PM
Last Post: Commensus
  DHCP not working on T26P when OpenVPN is enabled. LandonL 11 40,048 05-12-2021 10:46 AM
Last Post: 1sae
  LDAPS Issue with Lets Encrypt Certificates rcmcdonald91 0 5,013 10-12-2020 05:57 PM
Last Post: rcmcdonald91

Forum Jump:


User(s) browsing this thread:

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication