[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Yealink SIP-T22P OpenVPN issue
Author Message
mahan77 Offline
Junior Member
**

Posts: 11
Joined: Mar 2014
Reputation: 0
Post: #11
RE: Yealink SIP-T22P OpenVPN issue
(05-27-2014 04:47 PM)siny Wrote:  
(05-27-2014 03:56 PM)mahan77 Wrote:  
(05-27-2014 03:51 AM)siny Wrote:  
(05-27-2014 12:20 AM)mahan77 Wrote:  
(05-23-2014 04:18 PM)siny Wrote:  Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin

Sorry for late replay I was busy with work.

You need public key MD5 for the Yealink phone. Latest easy-rsa uses deferent alga rhythm called sha256. I didn’t know to change back to MD5. Best way to do this use easy-rsa 2.2.0. Use openssl-1.0.0.cnf on your vars file, every think will be ok.

Many thanks

Thank you for your reply, but...

Actualy, I am using easy-rsa 2.0-rc1 (all of the other 20+ keys are made by it so I did not want to change).
in "openssl.cnf" there is this line:
default_md = md5
so I suppose that should be OK, right?

(just to compare, I have downloaded easy-rsa 2.2.2, and there it says "sha256")

It seems I shall wait for the webinar on Wednesday, maybe there will pop up something new: http://forum.yealink.com/forum/showthrea...ht=openvpn


Best regards,
Sinisa Bandin


Yes! it should be ok. Long as you have this default_md = md5 line in your .cnf it will work.

Many Thanks
Sathees


Well, it is not OK Sad

I create .tar file, as instructed in docs, go to Network -> Advanced menu, Browse file, Upload it, get the message "Upload success!", then Enable the VPN and when I click Confirm, message says "Please upload VPN config file first!".

I have other clients working with same certificates, using Linux, Android, Mikrotik routers and Windows.


Best regards,
Sinisa Bandin

Send me your email address. I will send you the sample conf file. Then you can create your own.

Many thanks
Sathees
05-27-2014 05:08 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,683
Joined: Dec 2012
Reputation: 25
Post: #12
RE: Yealink SIP-T22P OpenVPN issue
Hi siny,

Please name keys directory as keys and vpn.cnf. Please don't change the name.
05-30-2014 05:36 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
siny Offline
Junior Member
**

Posts: 11
Joined: May 2014
Reputation: 0
Post: #13
RE: Yealink SIP-T22P OpenVPN issue
(05-30-2014 05:36 PM)Yealink Support Wrote:  Hi siny,

Please name keys directory as keys and vpn.cnf. Please don't change the name.

All of the names are right, but the phone won't accept the file.

Here is directory listing:
# dir
-rw-r--r-- 1 root root 20480 May 30 23:34 client.tar
drwxr-xr-x 2 root root 53 May 26 23:48 keys
-rw-r--r-- 1 root root 216 May 30 23:33 vpn.cnf


Client tar is made like this:
# tar cf client.tar vpn.cnf keys/


This is the content of keys/ directory:
# dir
-rw-r--r-- 1 root root 1192 May 26 23:47 ca.crt
-rw-r--r-- 1 root root 3711 May 26 23:48 client.crt
-rw------- 1 root root 912 May 26 23:48 client.key

I have also tried changing file mode to 0777 on everything, with same effects.


The contents of the vpn.cnf:
client
dev tun
dev-type tun
remote xx.xx.xx.xx 1194 udp
nobind
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key
ns-cert-type server
comp-lzo no
verb 3
mute 5



Can you see anything out of order?


Thank you and best regards,
Sinisa Bandin
(This post was last modified: 06-02-2014 09:24 PM by siny.)
06-01-2014 05:34 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,683
Joined: Dec 2012
Reputation: 25
Post: #14
RE: Yealink SIP-T22P OpenVPN issue
Hi Sinisa ,

Please refer to bleow post for more details.
[FAQ]Frequently Asked Questions of OpenVPN

In order to do more troubleshootings, please supply .tar server.conf and send to support@yealink.com or [email support.usa@yealink.com[/email]..
How to Get the Correct Syslog, Config.bin and Trace
(This post was last modified: 06-03-2014 02:13 PM by Yealink Support.)
06-03-2014 02:11 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
siny Offline
Junior Member
**

Posts: 11
Joined: May 2014
Reputation: 0
Post: #15
RE: Yealink SIP-T22P OpenVPN issue
I have (accidentally) solved the problem:

normally, I use Linux for all of my work, but yesterday tried to unpack client.tar in Windows using 7zip and saw an unexpected directory named "PaxHeaders.2950".

After some searching, found out that my GNU tar 1.26 is by default adding POSIX info to the tar file, so I tried to re/create archive with "-H gnu" and finally was able to successfully upload the file to the phone and see text "vpn.cnf" in the text box after upload (it used to be empty on previous attempts).

Everything worked after reboot, so I am a happy user now.

May I suggest adding this to the official guide?


But now I have another problem: when trying to Autoprovision phone from my TFTP server, I can set all of the parameters except VPN. Relevant part of the "0015xxxxxxxx.cfg" is this:

network.vpn_enable = 1
openvpn.url = http://192.168.11.2/client1.tar

If I put the same lines in "y000000000005.cfg" it downloads the .tar file from server, but does not enable VPN.


Best regards,
Sinisa Bandin

One more suggestion to the developers: I think it would be very good to see the VPN status in the Status screen: IP address, server's address (public and VPN), assigned routes....

Best regards,
Sinisa Bandin
(This post was last modified: 07-11-2014 08:16 PM by siny.)
07-11-2014 08:10 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
KNERD Offline
Junior Member
**

Posts: 39
Joined: Mar 2014
Reputation: 0
Post: #16
RE: Yealink SIP-T22P OpenVPN issue
I cannot get this garbage to work at all.

I gave followed various threads here (including this one), by Yealink, an FAQ by them ( http://forum.yealink.com/forum/showthrea...tid=1843), and their webinar information from this past May(http://forum.yealink.com/forum/showthrea...=openvpn). Still nothing after a working on this for a week.

There is no evidence the phone is trying to connect, looking in the openvpn.log, and using tcpdump watching port 1194.

Why is there no logging system on these phones so we can see what sort of error, if any, so we could correct the problem?

Any other suggestions?

I see I made a small typo in the client config file which was causing it to not connect. I see it trying to connect now, but still errors:


I am using MD5 in the key and getting this in the openvpn.log


Quote:Wed Aug 6 16:10:07 2014 us=992883 192.168.5.133:1027 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 6 16:10:07 2014 us=992977 192.168.5.133:1027 TLS Error: TLS handshake failed
Wed Aug 6 16:10:07 2014 us=993119 192.168.5.133:1027 SIGUSR1[soft,tls-error] received, client-instance restarting
(This post was last modified: 08-07-2014 05:13 AM by KNERD.)
08-07-2014 04:36 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
siny Offline
Junior Member
**

Posts: 11
Joined: May 2014
Reputation: 0
Post: #17
RE: Yealink SIP-T22P OpenVPN issue
(08-07-2014 04:36 AM)KNERD Wrote:  I cannot get this garbage to work at all.

I gave followed various threads here (including this one), by Yealink, an FAQ by them ( http://forum.yealink.com/forum/showthrea...tid=1843), and their webinar information from this past May(http://forum.yealink.com/forum/showthrea...=openvpn). Still nothing after a working on this for a week.

There is no evidence the phone is trying to connect, looking in the openvpn.log, and using tcpdump watching port 1194.

Why is there no logging system on these phones so we can see what sort of error, if any, so we could correct the problem?

Any other suggestions?

I see I made a small typo in the client config file which was causing it to not connect. I see it trying to connect now, but still errors:


I am using MD5 in the key and getting this in the openvpn.log


Quote:Wed Aug 6 16:10:07 2014 us=992883 192.168.5.133:1027 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 6 16:10:07 2014 us=992977 192.168.5.133:1027 TLS Error: TLS handshake failed
Wed Aug 6 16:10:07 2014 us=993119 192.168.5.133:1027 SIGUSR1[soft,tls-error] received, client-instance restarting

Since noone from Yealink support seems to be reading this, I will throw in my €¢2:

From the logs, it seems that you have enabled TLS on one side, and not on the other.
Or, there is a problem with NAT firewall, letting packets IN but not OUT (I have seen both of these before)

Could you post both server's and phone's .conf/.cfg files (without any sensitive data like IP's of course)?

Best regards,
Sinisa
08-10-2014 03:56 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
drvirus Offline
Junior Member
**

Posts: 4
Joined: Sep 2014
Reputation: 0
Post: #18
RE: Yealink SIP-T22P OpenVPN issue
hey we are on the same boat and im really stuck ...it works on my pc but i cant upload the config file !!

i used last version
http://www.yealink.com/Upload/W52P/V73/F...3.0.27.zip

same problem !!

plz help me what possible could be the problem
06-07-2015 08:09 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Yealink T48S URL Line Key jogi29 1 1,096 06-10-2024 08:12 PM
Last Post: jogi29
  Yealink T28 setup audible ring on 2nd incoming call JeffWilkinson 20 96,151 10-18-2023 12:59 PM
Last Post: sles
  keypad sequence for Forward & DND with Yealink W70B Base kargah 0 2,178 04-18-2023 10:07 PM
Last Post: kargah
  Yealink T27P -Incoming call issue rsarceno 0 1,970 01-25-2023 08:54 AM
Last Post: rsarceno
  Yealink T19 can not automatically hangup inbound calls giaopc94 0 2,428 08-01-2022 09:28 AM
Last Post: giaopc94
Question 3CX / Yealink passthrough VLAN issue (when phone is rebooted) maindriver 4 13,969 03-24-2022 10:25 PM
Last Post: maindriver
  Passing only LDAP traffic through OPENVPN Commensus 0 2,773 02-23-2022 09:47 PM
Last Post: Commensus
  Configuring OPENVPN with Yealink Commensus 0 3,274 02-23-2022 09:45 PM
Last Post: Commensus
  DHCP not working on T26P when OpenVPN is enabled. LandonL 11 40,244 05-12-2021 10:46 AM
Last Post: 1sae
  LDAPS Issue with Lets Encrypt Certificates rcmcdonald91 0 5,049 10-12-2020 05:57 PM
Last Post: rcmcdonald91

Forum Jump:


User(s) browsing this thread:

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication