New Forum system requires email address which you used to apply for your account to replace your original username. Password stays the same.Please see this post for more details
http://forum.yealink.com/forum/showthread.php?tid=40344

Yealink Test Club has been officially launched. Please visit post below to get detail information. Come and join us!
http://forum.yealink.com/forum/announcements.php?aid=18

We just had the YMCS online and we are also working on the features plan on the future versions, in this regard we are need to hear your voice about the YMCS.
Please visit : http://forum.yealink.com/forum/showthread.php?tid=42322


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Multiple OpenVPN connections needed
Author Message
caldwell Offline
Junior Member
**

Posts: 11
Joined: Jul 2013
Reputation: 0
Post: #1
Multiple OpenVPN connections needed
I need to know if Yealink has developed the ability to have more than one OpenVPN connection per phone.

We have users who have Yealink phones for business use. They are multi-line phones.

They need line #1 to go to VOIP server #1. VOIP Server #1 is behind a firewall. The only way to connect to VOIP Server #1 is by using an OpenVPN connection.

They need line #2 to go to VOIP server #2. VOIP Server #2 is behind a DIFFERENT firewall. The only way to connect to VOIP Server #2 is by using a DIFFERENT OpenVPN connection.

Without the ability to have multiple OpenVPN connections, these phones become SINGLE LINE phones.

How can we overcome that limitation?

Does Yealink have a solution?
07-08-2013 11:54 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
briankelly63 Offline
Member
***

Posts: 55
Joined: Jul 2013
Reputation: 1
Post: #2
RE: Multiple OpenVPN connections needed
(07-08-2013 11:54 PM)caldwell Wrote:  I need to know if Yealink has developed the ability to have more than one OpenVPN connection per phone.

We have users who have Yealink phones for business use. They are multi-line phones.

They need line #1 to go to VOIP server #1. VOIP Server #1 is behind a firewall. The only way to connect to VOIP Server #1 is by using an OpenVPN connection.

They need line #2 to go to VOIP server #2. VOIP Server #2 is behind a DIFFERENT firewall. The only way to connect to VOIP Server #2 is by using a DIFFERENT OpenVPN connection.

Without the ability to have multiple OpenVPN connections, these phones become SINGLE LINE phones.

How can we overcome that limitation?

Does Yealink have a solution?

There is a fair amount of information on the internet relative to OPENVPN and multiple servers however it tends to be related to having access to multiple servers for redundancy purposes. I think you'd be bumping up against OPENVPN and phone limitations. Even if you get access to multiple servers by specifying them in the vpn.cnf - .opvn file the phone is still going to be served or have access to only one IP address at a time.

The type of thing you want to do is normally address via the OPENVPN servers configuration which could send packets to multiple VOIP servers behind the firewall which may be on multiple subnets.

There are few phones that do VPN and less that do OPENVPN so finding one that can operate as almost a separate phone (per line button) is a tall order.

Another solution is to essentially add a specially configured "router" or run a Pfsense - OPENVPN server at each of the locations that need to use one of the phones.

A raspberry PI for example can run OPENVPN....

Perhaps someone else will comment on an alternate solution.
(This post was last modified: 07-10-2013 07:07 AM by briankelly63.)
07-09-2013 01:03 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
caldwell Offline
Junior Member
**

Posts: 11
Joined: Jul 2013
Reputation: 0
Post: #3
RE: Multiple OpenVPN connections needed
Re: using a common endpoint to try and connect to multiple firewalls, the reason this is not a good solution is that User Bob may be in one state and needs to connect to two separate providers using two instances of OpenVPN. User Joe may be in another state and may need to connect to three totally different providers or VOIP servers using OpenVPN. While in a single office setting, there may be a common need to connect to the same carriers, we can't assume that about every user scattered around the globe.

For the solution, it could be a matter of simply running another INSTANCE of OpenVPN with its own configuration file pointing to VPN server #2.

All that requires is adding it to the firmware. It could run on a separate port if needed.

Yealink response on that idea?
(This post was last modified: 07-09-2013 01:56 AM by caldwell.)
07-09-2013 01:07 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,684
Joined: Dec 2012
Reputation: 22
Post: #4
RE: Multiple OpenVPN connections needed
Hi Caldwell,
Sorry, currently Yealink phone don't support Multiple OpenVPN connections.
Which phone are you using? In our T2X V71 firmware, the phone can support Server Redundancy feature.
------------------
Server redundancy is often required in VoIP deployments to ensure continuity of phone service, for events where the server needs to be taken offline for maintenance, the server fails, or the connection between the IP phone and the server fails.
------------------
Hope this is helpful for you.
Thanks.
07-09-2013 11:30 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
caldwell Offline
Junior Member
**

Posts: 11
Joined: Jul 2013
Reputation: 0
Post: #5
RE: Multiple OpenVPN connections needed
(07-09-2013 11:30 AM)Yealink Support Wrote:  Hi Caldwell,
Sorry, currently Yealink phone don't support Multiple OpenVPN connections.
Which phone are you using? In our T2X V71 firmware, the phone can support Server Redundancy feature.
------------------
Server redundancy is often required in VoIP deployments to ensure continuity of phone service, for events where the server needs to be taken offline for maintenance, the server fails, or the connection between the IP phone and the server fails.
------------------

How hard would it be to add this functionality?

Server redundancy is nice for those who need it, but the inability to actually use a multi-line phone for multiple VOIP providers who require a VPN connection limits the phones to being single line.

What would it take to at least support 2 or 3 instances of OpenVPN so that users could at least have 2 or 3 VPN-secured VOIP connections to different providers or different servers?
07-09-2013 01:43 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,684
Joined: Dec 2012
Reputation: 22
Post: #6
RE: Multiple OpenVPN connections needed
Hi Caldwell,
If you want to have this feature, please contact local distributor, then they will talk with Yealink about this new request for you. And they also have higher priority than Forum.
Thanks.
07-09-2013 03:21 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
davidywilson Offline
Junior Member
**

Posts: 1
Joined: Jul 2013
Reputation: 0
Post: #7
RE: Multiple OpenVPN connections needed
I'd vote for this feature too.

I don't actually need to have two vpns active but even with one vpn active it appears that using the other accounts that don't need the vpn wont work.

As soon as I activate the vpn I get no audio on the other accounts that don't need the vpn. So it seems that its either all accounts via vpn or none.
(This post was last modified: 07-26-2013 03:10 PM by davidywilson.)
07-26-2013 03:08 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,684
Joined: Dec 2012
Reputation: 22
Post: #8
RE: Multiple OpenVPN connections needed
(07-26-2013 03:08 PM)davidywilson Wrote:  I'd vote for this feature too.

I don't actually need to have two vpns active but even with one vpn active it appears that using the other accounts that don't need the vpn wont work.

As soon as I activate the vpn I get no audio on the other accounts that don't need the vpn. So it seems that its either all accounts via vpn or none.

Hi Davidywilson,
It seems that your VPN server didn't configure client-to-client, could you check for this?
08-01-2013 10:38 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
dilly Offline
Junior Member
**

Posts: 9
Joined: Aug 2013
Reputation: 0
Post: #9
RE: Multiple OpenVPN connections needed
Suggestion purchase a Microtik RB750, flash it with openwrt and load openvpn and use that as your gateway to connect to multiple VPNS...

Thanks
08-01-2013 07:10 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
funchaser Offline
Junior Member
**

Posts: 2
Joined: Apr 2014
Reputation: 0
Post: #10
RE: Multiple OpenVPN connections needed
(08-01-2013 10:38 AM)Yealink Support Wrote:  
(07-26-2013 03:08 PM)davidywilson Wrote:  I'd vote for this feature too.

I don't actually need to have two vpns active but even with one vpn active it appears that using the other accounts that don't need the vpn wont work.

As soon as I activate the vpn I get no audio on the other accounts that don't need the vpn. So it seems that its either all accounts via vpn or none.

Hi Davidywilson,
It seems that your VPN server didn't configure client-to-client, could you check for this?

I have similar problem.
I use Yealink SIP-T32G fw ver 32.70.0.130
The first line of my phone connected to our internal office IP PBX (asterisk on 192.168.182.0/24 network), the phone internal IP is 192.168.182.192
The second line of my phone connected to remote IP PBX over the OpenVPN. The second line works just fine!
How ever the first line has the same "no audio" problem.
CLI [sip show peer] for this line looks like this -

Quote: * Name : 200
Secret : <Set>
MD5Secret : <Not set>
Remote Secret: <Not set>
Context : from-internal
Subscr.Cont. : <Not set>
Language :
AMA flags : Unknown
Transfer mode: open
CallingPres : Presentation Allowed, Not Screened
Callgroup : 10
Pickupgroup : 10
MOH Suggest :
Mailbox : 200@default
VM Extension : *97
LastMsgsSent : 32767/65535
Call limit : 2147483647
Max forwards : 0
Dynamic : Yes
Callerid : "200" <200>
MaxCallBR : 384 kbps
Expire : 3593
Insecure : port,invite
Force rport : Yes
ACL : Yes
DirectMedACL : No
T.38 support : Yes
T.38 EC mode : FEC
T.38 MaxDtgrm: -1
DirectMedia : Yes
PromiscRedir : No
User=Phone : No
Video Support: No
Text Support : Yes
Ign SDP ver : No
Trust RPID : Yes
Send RPID : Yes
Subscriptions: Yes
Overlap dial : Yes
DTMFmode : rfc2833
Timer T1 : 500
Timer B : 32000
ToHost : 192.168.182.192
Addr->IP : 192.168.182.192:14926
Defaddr->IP : (null)
Prim.Transp. : TLS
Allowed.Trsp : TLS
Def. Username: 200
SIP Options : (none)
Codecs : 0x191f (g723|gsm|ulaw|alaw|g726|g729|g726aal2|g722)
Codec Order : (ulaw:20,alaw:20,gsm:20,g722:20,g723:30,g726:20,g729:20,g726aal2:20)
Auto-Framing : No
Status : OK (35 ms)
Useragent : Yealink SIP-T32G 32.70.0.130
Reg. Contact : sip:200@10.8.3.197:14926;transport=TLS
Qualify Freq : 60000 ms
Sess-Timers : Accept
Sess-Refresh : uas
Sess-Expires : 1800 secs
Min-Sess : 90 secs
RTP Engine : asterisk
Parkinglot :
Use Reason : No
Encryption : Yes

Obviously, the error is here - Reg. Contact : sip:200@10.8.3.197:14926;transport=TLS

the ip address of 10.8.3.197 is incorrect, it is belong to the tun interface;
as a result all RTP traffic from PBX to my phone looks like this

Quote:sip*CLI> rtp set debug ip 10.8.3.197
RTP Debugging Enabled for address: 10.8.3.197:0
== Using SIP RTP TOS bits 184
== Using SIP RTP CoS mark 5
-- Executing [*97@from-internal:1] Answer("SIP/200-0000247c", "") in new stack
-- Executing [*97@from-internal:2] Wait("SIP/200-0000247c", "1") in new stack
Sent RTP packet to 10.8.3.197:11782 (type 00, seq 035451, ts 000160, len 000170)
Sent RTP packet to 10.8.3.197:11782 (type 00, seq 035452, ts 000320, len 000170)

RTP packets are not reaching my phone, because PBX does not know anything about 10.8.3.197 ip address.
The quick solution I use is adding this route on PBX server.
Quote: Destination Gateway Netmask Interface
10.8.3.197 192.168.182.192 255.255.255.255 eth0
How ever, this is very inconvenient, because if ip addresses change, I will have to add new route on the server box!

Any other solution from Yealink???
(This post was last modified: 04-24-2014 08:11 PM by funchaser.)
04-24-2014 08:10 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  V83 and openvpn problem avayax 6 1,464 05-10-2019 08:51 PM
Last Post: caldwell
  T27G openvpn systems 3 1,692 09-24-2018 05:49 PM
Last Post: caldwell
  OpenVPN and DNS Servers _DJ 1 1,722 10-16-2017 02:07 AM
Last Post: Kevin_Yealink
  Multiple Call Forward cjmitton 9 9,753 08-31-2017 07:47 AM
Last Post: schuster.tobias
  Yealink T23G openvpn pfsense freepbx one way audio Chen Kang 3 3,185 08-07-2017 01:20 AM
Last Post: Chen Kang
  Multiple Accounts 1 Device Tyler 4 3,461 06-22-2017 12:16 PM
Last Post: Jensen_Yealink
  OpenVPN on T41P enzain 2 2,737 09-06-2016 06:16 AM
Last Post: Karl_Yealink
  T21P E2 OpenVPN: After replacing the VPN Config it will not connect. vianneyjs 4 5,788 06-23-2016 08:20 PM
Last Post: jmoore
  T23G Multiple SIP accounts on Multiple SIP Servers sjit 5 4,498 02-24-2016 05:26 AM
Last Post: RUN_Support
  Openvpn.tar file name avayax 3 4,074 01-19-2016 04:07 AM
Last Post: Karl_Yealink

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication