New Forum system requires email address which you used to apply for your account to replace your original username. Password stays the same.Please see this post for more details
http://forum.yealink.com/forum/showthread.php?tid=40344

Yealink Test Club has been officially launched. Please visit post below to get detail information. Come and join us!
http://forum.yealink.com/forum/announcements.php?aid=18

We just had the YMCS online and we are also working on the features plan on the future versions, in this regard we are need to hear your voice about the YMCS.
Please visit : http://forum.yealink.com/forum/showthread.php?tid=42322


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Yealink SIP-T22P OpenVPN issue
Author Message
mahan77 Offline
Junior Member
**

Posts: 11
Joined: Mar 2014
Reputation: 0
Post: #11
RE: Yealink SIP-T22P OpenVPN issue
(05-27-2014 04:47 PM)siny Wrote:  
(05-27-2014 03:56 PM)mahan77 Wrote:  
(05-27-2014 03:51 AM)siny Wrote:  
(05-27-2014 12:20 AM)mahan77 Wrote:  
(05-23-2014 04:18 PM)siny Wrote:  Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin

Sorry for late replay I was busy with work.

You need public key MD5 for the Yealink phone. Latest easy-rsa uses deferent alga rhythm called sha256. I didn’t know to change back to MD5. Best way to do this use easy-rsa 2.2.0. Use openssl-1.0.0.cnf on your vars file, every think will be ok.

Many thanks

Thank you for your reply, but...

Actualy, I am using easy-rsa 2.0-rc1 (all of the other 20+ keys are made by it so I did not want to change).
in "openssl.cnf" there is this line:
default_md = md5
so I suppose that should be OK, right?

(just to compare, I have downloaded easy-rsa 2.2.2, and there it says "sha256")

It seems I shall wait for the webinar on Wednesday, maybe there will pop up something new: http://forum.yealink.com/forum/showthrea...ht=openvpn


Best regards,
Sinisa Bandin


Yes! it should be ok. Long as you have this default_md = md5 line in your .cnf it will work.

Many Thanks
Sathees


Well, it is not OK Sad

I create .tar file, as instructed in docs, go to Network -> Advanced menu, Browse file, Upload it, get the message "Upload success!", then Enable the VPN and when I click Confirm, message says "Please upload VPN config file first!".

I have other clients working with same certificates, using Linux, Android, Mikrotik routers and Windows.


Best regards,
Sinisa Bandin

Send me your email address. I will send you the sample conf file. Then you can create your own.

Many thanks
Sathees
05-27-2014 05:08 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,684
Joined: Dec 2012
Reputation: 22
Post: #12
RE: Yealink SIP-T22P OpenVPN issue
Hi siny,

Please name keys directory as keys and vpn.cnf. Please don't change the name.
05-30-2014 05:36 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
siny Offline
Junior Member
**

Posts: 10
Joined: May 2014
Reputation: 0
Post: #13
RE: Yealink SIP-T22P OpenVPN issue
(05-30-2014 05:36 PM)Yealink Support Wrote:  Hi siny,

Please name keys directory as keys and vpn.cnf. Please don't change the name.

All of the names are right, but the phone won't accept the file.

Here is directory listing:
# dir
-rw-r--r-- 1 root root 20480 May 30 23:34 client.tar
drwxr-xr-x 2 root root 53 May 26 23:48 keys
-rw-r--r-- 1 root root 216 May 30 23:33 vpn.cnf


Client tar is made like this:
# tar cf client.tar vpn.cnf keys/


This is the content of keys/ directory:
# dir
-rw-r--r-- 1 root root 1192 May 26 23:47 ca.crt
-rw-r--r-- 1 root root 3711 May 26 23:48 client.crt
-rw------- 1 root root 912 May 26 23:48 client.key

I have also tried changing file mode to 0777 on everything, with same effects.


The contents of the vpn.cnf:
client
dev tun
dev-type tun
remote xx.xx.xx.xx 1194 udp
nobind
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key
ns-cert-type server
comp-lzo no
verb 3
mute 5



Can you see anything out of order?


Thank you and best regards,
Sinisa Bandin
(This post was last modified: 06-02-2014 09:24 PM by siny.)
06-01-2014 05:34 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,684
Joined: Dec 2012
Reputation: 22
Post: #14
RE: Yealink SIP-T22P OpenVPN issue
Hi Sinisa ,

Please refer to bleow post for more details.
[FAQ]Frequently Asked Questions of OpenVPN

In order to do more troubleshootings, please supply .tar server.conf and send to support@yealink.com or [email support.usa@yealink.com[/email]..
How to Get the Correct Syslog, Config.bin and Trace
(This post was last modified: 06-03-2014 02:13 PM by Yealink Support.)
06-03-2014 02:11 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
siny Offline
Junior Member
**

Posts: 10
Joined: May 2014
Reputation: 0
Post: #15
RE: Yealink SIP-T22P OpenVPN issue
I have (accidentally) solved the problem:

normally, I use Linux for all of my work, but yesterday tried to unpack client.tar in Windows using 7zip and saw an unexpected directory named "PaxHeaders.2950".

After some searching, found out that my GNU tar 1.26 is by default adding POSIX info to the tar file, so I tried to re/create archive with "-H gnu" and finally was able to successfully upload the file to the phone and see text "vpn.cnf" in the text box after upload (it used to be empty on previous attempts).

Everything worked after reboot, so I am a happy user now.

May I suggest adding this to the official guide?


But now I have another problem: when trying to Autoprovision phone from my TFTP server, I can set all of the parameters except VPN. Relevant part of the "0015xxxxxxxx.cfg" is this:

network.vpn_enable = 1
openvpn.url = http://192.168.11.2/client1.tar

If I put the same lines in "y000000000005.cfg" it downloads the .tar file from server, but does not enable VPN.


Best regards,
Sinisa Bandin

One more suggestion to the developers: I think it would be very good to see the VPN status in the Status screen: IP address, server's address (public and VPN), assigned routes....

Best regards,
Sinisa Bandin
(This post was last modified: 07-11-2014 08:16 PM by siny.)
07-11-2014 08:10 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
KNERD Offline
Junior Member
**

Posts: 38
Joined: Mar 2014
Reputation: 0
Post: #16
RE: Yealink SIP-T22P OpenVPN issue
I cannot get this garbage to work at all.

I gave followed various threads here (including this one), by Yealink, an FAQ by them ( http://forum.yealink.com/forum/showthrea...tid=1843), and their webinar information from this past May(http://forum.yealink.com/forum/showthrea...=openvpn). Still nothing after a working on this for a week.

There is no evidence the phone is trying to connect, looking in the openvpn.log, and using tcpdump watching port 1194.

Why is there no logging system on these phones so we can see what sort of error, if any, so we could correct the problem?

Any other suggestions?

I see I made a small typo in the client config file which was causing it to not connect. I see it trying to connect now, but still errors:


I am using MD5 in the key and getting this in the openvpn.log


Quote:Wed Aug 6 16:10:07 2014 us=992883 192.168.5.133:1027 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 6 16:10:07 2014 us=992977 192.168.5.133:1027 TLS Error: TLS handshake failed
Wed Aug 6 16:10:07 2014 us=993119 192.168.5.133:1027 SIGUSR1[soft,tls-error] received, client-instance restarting
(This post was last modified: 08-07-2014 05:13 AM by KNERD.)
08-07-2014 04:36 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
siny Offline
Junior Member
**

Posts: 10
Joined: May 2014
Reputation: 0
Post: #17
RE: Yealink SIP-T22P OpenVPN issue
(08-07-2014 04:36 AM)KNERD Wrote:  I cannot get this garbage to work at all.

I gave followed various threads here (including this one), by Yealink, an FAQ by them ( http://forum.yealink.com/forum/showthrea...tid=1843), and their webinar information from this past May(http://forum.yealink.com/forum/showthrea...=openvpn). Still nothing after a working on this for a week.

There is no evidence the phone is trying to connect, looking in the openvpn.log, and using tcpdump watching port 1194.

Why is there no logging system on these phones so we can see what sort of error, if any, so we could correct the problem?

Any other suggestions?

I see I made a small typo in the client config file which was causing it to not connect. I see it trying to connect now, but still errors:


I am using MD5 in the key and getting this in the openvpn.log


Quote:Wed Aug 6 16:10:07 2014 us=992883 192.168.5.133:1027 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 6 16:10:07 2014 us=992977 192.168.5.133:1027 TLS Error: TLS handshake failed
Wed Aug 6 16:10:07 2014 us=993119 192.168.5.133:1027 SIGUSR1[soft,tls-error] received, client-instance restarting

Since noone from Yealink support seems to be reading this, I will throw in my €¢2:

From the logs, it seems that you have enabled TLS on one side, and not on the other.
Or, there is a problem with NAT firewall, letting packets IN but not OUT (I have seen both of these before)

Could you post both server's and phone's .conf/.cfg files (without any sensitive data like IP's of course)?

Best regards,
Sinisa
08-10-2014 03:56 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
drvirus Offline
Junior Member
**

Posts: 4
Joined: Sep 2014
Reputation: 0
Post: #18
RE: Yealink SIP-T22P OpenVPN issue
hey we are on the same boat and im really stuck ...it works on my pc but i cant upload the config file !!

i used last version
http://www.yealink.com/Upload/W52P/V73/F...3.0.27.zip

same problem !!

plz help me what possible could be the problem
06-07-2015 08:09 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Multicast / Paging / Intercom - Yealink T58 Ryandh 19 12,331 08-11-2019 07:28 PM
Last Post: Chris708
  YEALINK AUTO PROVISION Dmitryche 1 116 08-09-2019 09:25 AM
Last Post: Paz_Yealink
Question 3CX / Yealink passthrough VLAN issue (when phone is rebooted) maindriver 3 178 08-01-2019 12:19 PM
Last Post: Evan_Yealink
  LDAP Directory Configuration Issue it_prevent 1 619 05-15-2019 05:55 AM
Last Post: Mike_Yealink
  OpenVPN and QoS/TOS roelvanmeer 0 495 02-19-2019 09:27 AM
Last Post: roelvanmeer
  Yealink Dialplan Alain 0 858 09-19-2018 05:10 PM
Last Post: Alain
  OpenVPN Timeout connecting p2xt 3 1,603 07-13-2018 07:37 PM
Last Post: jolouis
  Yealink T48S displays message "No service" David K L 1 2,039 04-17-2018 03:39 AM
Last Post: Paul_Yealink
  Yealink Dial Plan RobertCrawford 8 4,416 03-09-2018 06:38 AM
Last Post: Johnny88
  Yealink secure certificates and disabling ciphers Scot E. 1 1,478 12-29-2017 03:40 AM
Last Post: Lucia_Yealink

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication