[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
T21P OpenVPN
Author Message
dlmc Offline
Junior Member
**

Posts: 10
Joined: Oct 2013
Reputation: 0
Post: #1
T21P OpenVPN
FW Version: 34.72.0.75

The Upload of openvpn.tar says it was successful.
The VPN=enable will not enable.

I have syslog enabled as level 6 (debug) and there is no indication of any problem that I can see.


$ tar -tf openvpn.tar
vpn.conf
keys/
keys/ca.crt (2048bit RSA SHA1 self-signed)
keys/client.key (2048bit RSA SHA1 signed with ca.crt)
keys/client.crt


How do you get the enable to work and better some diagnostic output with a real error ?
11-12-2014 11:51 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
James_Yealink Offline
Administrator
*******

Posts: 1,159
Joined: Aug 2014
Reputation: 8
Post: #2
RE: T21P OpenVPN
Hi Dlmc,

Can you attach the tar file and error syslog for a check?

Regards,
James
11-13-2014 12:15 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
dlmc Offline
Junior Member
**

Posts: 10
Joined: Oct 2013
Reputation: 0
Post: #3
RE: T21P OpenVPN
Hmm that makes no sense, the security data is meant to be private. I would need to generate a new CA and CLIENT certs to attach something.

The Yealink OpenVPN instructions are great and all, but what they really should consist of is a breakdown of the TAR file contents (with a working sample provided by Yealink) that can be used to prove an initial working state.

There is no clear indication of what feature set of OpenVPN is supported, like OpenVPN base version, what crypto support and version.

The instructions on how to compile kernels and OpenVPN and such are actually not very useful. I would not think many people do this but use a package manager to install openvpn.


The Web UI feedback about the upload of the file being successful is also not as useful a knowing the file uploaded, was processed and the contents found acceptable to install and then the installation succeeding.

The only thing in the syslog output is:

2014-11-12T15:52:45.432996+00:00 Log [357]: WEB <6+info > Upload VPN file success!

The other matter preventing enablement of OpenVPN support, after doing:
Login to Yealink T21P
Network -> Advanced
VPN [Upload VPN Config ... Browse]
Select the local path to the openvpn.tar file.
Click "Upload"
Get back browser alert dialog on screen "Upload VPN file success!" click "OK"
Click "OK" on the browser dialog above.
The web page now refreshes and reloads.

The problem here is that selecting
Network -> Advanced
VPN -> Active: Enabled
Clicking "Confirm"
Results in browser alert dialog "Please upload VPN config file first!"

This seems like JavaScript preventing the enable from being set. But due to the page reload between uploading the openvpn.tar and setting Active:Enabled it does not seen possible to enable it.

If I preform a system backup (Settings -> Configuration -> Export) the resulting "config.bin" file which is also a TAR file.

I can see my files with correct timestamp and file lengths in relation to my files, these are like factory/openvpn/vpn.conf and such.

Also note the ownership I set to root (uid=0) and root (gid=0) just in case there was an issue in that area.
Also the standard file permissions exist on the files, that is mode=0664 for vpn.conf, mode=0640 for *.crt and mode=0600 for *.key these are standard file system permissions for the files when they are created.
Providing the Yealink kernel runs openvpn client software as 'root' then everything should be fine.
(This post was last modified: 11-13-2014 03:32 AM by dlmc.)
11-13-2014 03:10 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
James_Yealink Offline
Administrator
*******

Posts: 1,159
Joined: Aug 2014
Reputation: 8
Post: #4
RE: T21P OpenVPN
Hi Dlmc,

I attach a tar file sample please check. It contains necessry parameter.
I think your tar file is not compressed correclty.

Of course you can change or mask the private information of your tar file and then send it us. We jsut want to check the format and parameter in it.

Regards,
James


Attached File(s)
.zip  Openvpn_sample.zip (Size: 3.7 KB / Downloads: 101)
11-13-2014 03:43 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
dlmc Offline
Junior Member
**

Posts: 10
Joined: Oct 2013
Reputation: 0
Post: #5
RE: T21P OpenVPN
My openvpn.tar is an uncompressed TAR file as .tar (not a compressed TAR file, such as .tar.gz or .tar.bz2). There is no compression in use, so it can not be compressed incorrectly.

Looking at the sample you provided is also an uncompressed TAR file just like mine. So I do not think this is the issue.
(This post was last modified: 11-13-2014 08:47 PM by dlmc.)
11-13-2014 08:46 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
dlmc Offline
Junior Member
**

Posts: 10
Joined: Oct 2013
Reputation: 0
Post: #6
RE: T21P OpenVPN
Ok the error is the filename "vpn.conf" in my TAR was wrong.

The file name needs to be "vpn.cnf".
11-13-2014 10:41 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
dlmc Offline
Junior Member
**

Posts: 10
Joined: Oct 2013
Reputation: 0
Post: #7
RE: T21P OpenVPN
The only issue now is the server side refusing to verify the client certificate as valid. I am using RSA-2048bit+SHA1 so this isn't an issue with the MD5 signature hash being revoked by OpenSSL tooling defaults, nor the RSA-1024 being revoked. Both of these things are considered insecure now. I am using RSA-2048bit+SHA1 which is still allowed at this time.

UPDATE: This issue was resolved by not using a binary data type for the issue serial number, OpenVPN does not like this, it works fine with an integer serial number.

Thanks
(This post was last modified: 11-17-2014 06:37 PM by dlmc.)
11-14-2014 02:34 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  T21P E2 firmware upgrade janp 0 663 01-27-2024 02:43 AM
Last Post: janp
  T28P - OpenVPN TLS error: Unsupported protocol 1sae 0 921 07-18-2023 06:50 AM
Last Post: 1sae
  T21P TLS - Trusted CA TheCourier 0 846 07-17-2023 04:34 PM
Last Post: TheCourier
  T21P E2 - Custom Ringtone Darleen 3 4,583 07-26-2022 10:40 PM
Last Post: complex1
  T21P Low headset volume rmatuda 14 44,974 11-02-2021 08:39 PM
Last Post: overlay
  Firmware upgrade fails on T21P E2 p.pasquino@technology4you.it 0 5,170 11-02-2021 04:42 PM
Last Post: p.pasquino@technology4you.it
  T21P Stuck on "Initializing" - Recovery Mode Fails` YCMJamie 5 13,242 08-24-2021 07:04 PM
Last Post: YCMJamie
  T21P E2 default Programmable Key label in V84 erictam 6 16,243 10-28-2020 10:32 PM
Last Post: GwenH
  T19PE2 openvpn? bozko 0 5,068 10-11-2020 11:43 AM
Last Post: bozko
  how to connect yealink T23G to mikrotik openvpn server m.taghavi 4 13,735 10-11-2020 11:31 AM
Last Post: bozko

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication