[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Openvpn question
Author Message
kronos911gr Offline
Junior Member
**

Posts: 6
Joined: Sep 2015
Reputation: 0
Post: #1
Openvpn question
Hello to all. I have setup an openvpn 2.3.9 server successfully. I have read the openvpn pdf and understand how to create the tar file. Before I upload it to a test phone I would like to clear up some questions I have. My T2x phones are running the 73.0.50 firmware version. I am using easyrsa 3 to generate the key pairs.

My questions are the following.

  1. Do the phones support the aes-128-cbc cipher or do I have to use the bf-cbc one.
  2. Do the phones support Cryptographic digest mb5 or do I have to change it to sha1, sha256. (easyrsa option set_var EASYRSA_DIGEST)
  3. Do the phones support tls-auth (I didn’t see it in the pdf example?)
  4. Do the phones support comp-lzo. In the server config it is enabled but in the client it is set to no.
  5. Can the phones connect to a vpn server that has topology set to subnet?
  6. What openvpn client version do the phones have loaded?


Thank you
12-19-2015 01:28 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink_Michael Offline
Administrator
*******

Posts: 382
Joined: Jul 2015
Reputation: 2
Post: #2
RE: Openvpn question
hi

thanks for your information and here are the answer for you

1. need to check with our R&D and will reply soon
2. for the present ,T2x with x.73.0.50 can only support sha1 and md5, but not sha256
3. yes,
4. yes
5. please describe the network topology more clear
6. phone need to upload the .tar file , no version is need, you can find a sample attached

TKS & BR

Michael
12-19-2015 06:07 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink_Michael Offline
Administrator
*******

Posts: 382
Joined: Jul 2015
Reputation: 2
Post: #3
RE: Openvpn question
(12-19-2015 06:07 AM)Yealink_Michael Wrote:  hi

thanks for your information and here are the answer for you

1. need to check with our R&D and will reply soon
2. for the present ,T2x with x.73.0.50 can only support sha1 and md5, but not sha256
3. yes,
4. yes
5. please describe the network topology more clear
6. phone need to upload the .tar file , no version is need, you can find a sample attached

TKS & BR

Michael


Attached File(s)
.tar  Openvpn_sample.tar (Size: 10.5 KB / Downloads: 26)
12-19-2015 06:08 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
kronos911gr Offline
Junior Member
**

Posts: 6
Joined: Sep 2015
Reputation: 0
Post: #4
RE: Openvpn question
(12-19-2015 06:07 AM)Yealink_Michael Wrote:  hi

thanks for your information and here are the answer for you

1. need to check with our R&D and will reply soon
2. for the present ,T2x with x.73.0.50 can only support sha1 and md5, but not sha256
3. yes,
4. yes
5. please describe the network topology more clear
6. phone need to upload the .tar file , no version is need, you can find a sample attached

TKS & BR

Michael

Thank you for your response.
The openvpn topology subnet is explained, along with the other two supported openvpn topologies, at the following link.
12-19-2015 06:41 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
mkeuter Offline
Asterisk Integrator
***

Posts: 82
Joined: Jul 2013
Reputation: 3
Post: #5
RE: Openvpn question
@kronos911gr:

The "aes-128-cbc" cipher is definitely supported, as I use it for quite a while. I also use the OpenVPN "subnet" topology successfully.

@Yealink:
Interesting would be which phones support the SHA-256 Signature Algorithm in OpenVPN certifcates?
Also for SIP/TLS and HTTPS provisioning?
Is that hardware related or will it be supported in future firmwares (especially for the W52P).

Michael

http://www.mksolutions.info
(This post was last modified: 12-20-2015 07:39 PM by mkeuter.)
12-20-2015 01:26 AM
Visit this user's website Find all posts by this user    like0    dislike0 Quote this message in a reply
kronos911gr Offline
Junior Member
**

Posts: 6
Joined: Sep 2015
Reputation: 0
Post: #6
RE: Openvpn question
(12-20-2015 01:26 AM)mkeuter Wrote:  @kronos911gr:

The "aes-128-cbc" cipher is definitely supported, as I use it for quite a while. I also use the OpenVPN "subnet" topology successfully.

Interesting would be which phones support the SHA-256 Signature Algorithm in OpenVPN certifcates?
Also for SIP/TLS and HTTPS provisioning?
Is that hardware related or will it be supported in future firmwares (especially for the W52P).

Thank you for the information. Better safe than trying to unbrick a phone stuck in the init screen.
12-20-2015 05:42 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink_Michael Offline
Administrator
*******

Posts: 382
Joined: Jul 2015
Reputation: 2
Post: #7
RE: Openvpn question
hi all

1. aes-128-cbc cipher is supported

2. new models with V80 version can support sha256 like T41 T42 T46 T48

Michael
12-23-2015 02:54 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
kronos911gr Offline
Junior Member
**

Posts: 6
Joined: Sep 2015
Reputation: 0
Post: #8
RE: Openvpn question
Hello
While testing my setup I noticed the following.

Phone in DHCP Client mode.
VPN active and configured
Phone gets stuck on main screen with the Obtaining IP address.

If I disable VPN the phone boots up normally and get an IP.

With static ip and vpn phone boots up normally and logs in to vpn.

Is this normal or am I doing something wrong?

Test phone is a t26 with 73.0.50 firmware.
12-30-2015 10:43 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
mkeuter Offline
Asterisk Integrator
***

Posts: 82
Joined: Jul 2013
Reputation: 3
Post: #9
RE: Openvpn question
@kronos911gr

It definitely works with DHCP, all my VPN phones are configured with DHCP.
Maybe an issue with your DHCP server or an IP-address "reservation".

If you have the possibility, try to use "dhcpdump" (under Linux):
http://www.mavetju.org/unix/dhcpdump-man.php

Michael

http://www.mksolutions.info
12-30-2015 06:53 PM
Visit this user's website Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  T28P - OpenVPN TLS error: Unsupported protocol 1sae 0 921 07-18-2023 06:50 AM
Last Post: 1sae
  T19PE2 openvpn? bozko 0 5,066 10-11-2020 11:43 AM
Last Post: bozko
  how to connect yealink T23G to mikrotik openvpn server m.taghavi 4 13,730 10-11-2020 11:31 AM
Last Post: bozko
  openvpn[1205]: RESOLVE: Cannot resolve host address: myfake.dns.net:1194 rafael.catelecom 2 7,857 11-07-2019 02:24 PM
Last Post: rafael.catelecom
  Yealink Phones + OpenVPN Ramkumar 0 5,416 05-28-2018 06:14 AM
Last Post: Ramkumar
  T23 question n00604443 3 7,922 12-14-2017 02:53 AM
Last Post: anonymous1711612242218
  T19 E2 with openvpn TLS handshake failed Samcotec 2 9,986 04-28-2017 02:59 PM
Last Post: Michael_Yealink
  Yet another password question [FIXED] cpcnw 6 22,301 12-27-2016 05:55 AM
Last Post: Jensen_Yealink
  T21P E2 OpenVPN Disconnects acca 1 9,202 11-02-2016 07:53 PM
Last Post: acca
  T29G question ajerez 4 11,068 08-31-2016 10:32 PM
Last Post: ajerez

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication