[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
W52P Openvpn with mikrotik
Author Message
info@quantiss.com Offline
tedd
**

Posts: 4
Joined: Aug 2014
Reputation: 0
Post: #1
W52P Openvpn with mikrotik
Hello,

Seeking help on configuring the W52P (version 25.73.0.40 ) , openvpn features to connect to Mikrotik routerboard.

I have spent lots of time trying to figure out a working solution but all went into vain.
I was successful in making the W52P openvpn connect to Mikrotik however it is resetting every 72 seconds.
Even when it is connected the sip is not registering, there is no route from the W52P to my mikrotik.

My certificates were generated with openvpn and they were done according to Yealink manual.

The vpn.cnf file :
client
proto tcp
nobind
remote xxx.xxx.xxx.xxx
port 1194

dev tun
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key
auth-user-pass /config/openvpn/secret
comp-lzo
verb 6


I hope someone can help me with this task. My implementation depends on this feature.
(This post was last modified: 05-15-2016 01:32 AM by info@quantiss.com.)
05-15-2016 01:31 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
info@quantiss.com Offline
tedd
**

Posts: 4
Joined: Aug 2014
Reputation: 0
Post: #2
RE: W52P Openvpn with mikrotik
update.
I changed from tun tcp to tun tap the situation is better now however I seem to still have a routing problem

vpn.cnf configuration file :
------------
client
setenv SERVER_POLL_TIMEOUT 4
nobind
persist-key

remote xxx.xxx.xxx.xxx
port 1194
proto tcp
; dev tun
dev tap
; persist-tun

ns-cert-type server
tls-client
pull
reneg-sec 604800
;sndbuf 100000
;rcvbuf 100000
auth-retry nointeract
comp-lzo no
verb 3
ping 10
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client1.crt
key /config/openvpn/keys/client1.key
auth-user-pass /config/openvpn/secret
cipher aes-128-cbc
redirect-gateway def1
route xx.xx.xx.0 255.255.255.0 < my openvpn lan on mikrotik
route xx.xx.xx.xx 255.255.255.0 < my voip segment on remote lan
-------------------------

I still cannot ping the yealink openvpn address
The yealink is not able to register
My connection openvpn is now stable no disconnections
05-15-2016 06:13 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
enzain Offline
Junior Member
**

Posts: 3
Joined: Aug 2016
Reputation: 0
Post: #3
RE: W52P Openvpn with mikrotik
Hi,

Anythyng work on this device with mikrotik routers?
Wery need see example of working config on yealink and how configured mikrotik device
08-23-2016 09:17 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
info@quantiss.com Offline
tedd
**

Posts: 4
Joined: Aug 2014
Reputation: 0
Post: #4
RE: W52P Openvpn with mikrotik
Hi,
OVPN of yealink does not work with Mikrotik, that was confirmed by yealink.
They claim that Mikrotik is the cause, in my opinion that is a false excuse.

Yealink answer :
------------------------------------------------------------------------------
From the server side, to calculate the MTU, the length of Ethernet frame is 59(non-standard) instead of 60, and from Yealink, our engineer cannot set the VPN configuration or release a new firmware to make it compatible, suggest you buy the extra Mikrotik router to fix the issue, hope your understanding.

I have to say sorry, since we already tried to find the potential causes about the issue, and the provided solutions all with no luck.
Our engineer told me that we cannot dig further.
-----------------------------------------------------------------------------

In conclusion the OPEN VPN advertised by Yealink will not work with Mikrotik at least for now until they get some serious pressure from fellow users.
08-23-2016 09:52 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Harms_Kubiak Offline
Junior Member
**

Posts: 1
Joined: Apr 2021
Reputation: 0
Post: #5
RE: W52P Openvpn with mikrotik
Hi,

sorry for riviving this old thread, but I had almost the same problem.

Now (today, 4 1/2 years later) it is working. I just want to share my config to everyone who will find this thread.

My phone is "Enterprise IP Phone SIP-T42G", I know: another model! Firmware version "29.82.0.20"

The Routerboard/MikroTik I use is "hex" "Model: RB750Gr3" with Firmware version "RouterOS v6.47.7 (stable)"

The content of vpn.cfg is:

Code:
client
nobind
remote FQDN-of-Server 1200 tcp
dev tun
dev-type tun
verb 3
resolv-retry infinite
persist-key
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key
auth-user-pass /config/openvpn/keys/auth-user-pass.txt
# here is the pbx I want to register/use; setting up the route
route 192.168.0.0 255.255.255.0
cipher AES-256-CBC

Do not use
Code:
comp-lzo
which is not supported on MikroTik (and remember: encryption of compressed data is a "good base for a plain text attack")

Sure, improvements are needed. No Checking wether the server is the right is not a good way ... hint:
Code:
tls-remote / verify-x509-name
...

The MikroTik OpenVPN-Server settings are:

Code:
[admin@VPN-Router] > /interface ovpn-server server print
                     enabled: yes
                        port: 1200
                        mode: ip
                     netmask: 24
                 mac-address: FE:26:01:xx:xx:xx
                     max-mtu: 1500
           keepalive-timeout: 60
             default-profile: default-encryption
                 certificate: Name-of-certificate
  require-client-certificate: no
                        auth: sha1,md5
                      cipher: blowfish128,aes128,aes192,aes256

Code:
[admin@VPN-Router] > /ppp profile print
Flags: * - default
0 * name="default" use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=yes
     use-upnp=default address-list="" on-up="" on-down=""

1 * name="default-encryption" local-address=192.168.210.1 remote-address=pool-OpenVPN use-mpls=default
     use-compression=default use-encryption=yes only-one=default change-tcp-mss=yes use-upnp=default address-list=""
     on-up="" on-down=""

Code:
[admin@VPN-Router] > /ip pool print
# NAME                                                                                   RANGES
0 default-dhcp                                                                           192.168.88.10-192.168.88.254
1 pool-OpenVPN                                                                           192.168.210.10-192.168.210.99

Sure, improvements are possible ... like removing auth:md5; cipher:blowfish ... feel free. I tested many configurations and "here and there is some dirt ..."

Some hints about debugging (at least my way)
  • Instead of installing a syslog-server in my (windows)machine, I used "Wireshark". The phone (WebUI: Settings / Configuration / Syslog Server) was pointed to my machine and the Wireshark-capture-filter was set to "host IP-of-yealink" the display-filter was set to "syslog". So I got as less packets as possible . "syslog Level" has been set to "6" (instead of 3, default); "Enable" syslog ...
  • So I was able to read the "syslog-data" easily. In Syslog I get all what the openvpn process writes out. So I was able to tweak the config-file step-by-step / error-by-error / warning-by-warning
  • I "learned" to reboot the phone after uploading a new "openvpn.tar"-file

Problems on my way ...
  • The docs (pdf and support-site) of Yealink I read did not offer which version of OpenVPN is installed in which Firmware-version of the phone
  • I did not knew which certificate-signature-mechanism is "allowed/understood" in the implementation of Yealink. I have sha512. I know this is a problem in OpenVPN 2.3.6 (very old version)
  • There are different informations about "auth-user-pass"-compatiblity in Yealink. Some users write: impossible. I found: Yealink had an example. So it should work ... MikroTik needs user/pass!
  • Up to now I do not know wether it is possible to use <cert>...</cert>, <ca>...</ca> and <key>...</key> in the vpn.cfg instead of referencing the files in the /keys - folder . this is another test in the future.
  • I did not found a list of compatible ciphers (like
    Code:
    openvpn --show-ciphers
    on the command line). So I went backward to the default of OpenVPN (BF-CBC; which is "blowfish 128 cbc" and "insecure") and tested one cipher after the other ...



I spend many hours on this issue ...

... Now I have many different Yealink-phones to configure, cordless (dect), corded, ... Most of them are on a remote site ... Hopefully I will not loose the connection to the phones ...

Enjoy your own issue-digging ....
(This post was last modified: 04-11-2021 06:28 AM by Harms_Kubiak.)
04-11-2021 06:25 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  W56H with W52P Base dmvcomms 4 240 10-02-2022 05:09 PM
Last Post: complex1
  W52P Repeater RT10/rt20/RT30 schnell-yealink 3 5,005 04-20-2022 10:17 PM
Last Post: complex1
  W52P Firmware upgrade aunijaffer@gmail.com 5 7,054 09-07-2021 11:42 PM
Last Post: complex1
  W52P 2 handsets DAZZLING 1 4,397 06-01-2021 09:55 PM
Last Post: complex1
  Is there no call history in web management panel in W52P? poznaniak 1 5,945 08-10-2020 12:49 PM
Last Post: complex1
  Openvpn connection reset mrdibb 4 10,206 07-08-2020 02:05 PM
Last Post: mrdibb
  W52P factory reset without password ralph 1 7,257 04-02-2020 03:05 AM
Last Post: Yisroel_MongoTEL
  W52p Repair IPMATIKA-Bel 10 21,101 02-10-2020 10:30 PM
Last Post: RobertoDSM
  Action URI in W52P RRC_Support 1 6,171 10-22-2019 01:27 PM
Last Post: anonymous1664059072296
  W52P Sporadic behavior with auto answer csmith@ccexpert.net 2 11,152 09-27-2019 08:38 PM
Last Post: justingoldberg

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication