New Forum system requires email address which you used to apply for your account to replace your original username. Password stays the same.Please see this post for more details
http://forum.yealink.com/forum/showthread.php?tid=40344

Yealink Test Club has been officially launched. Please visit post below to get detail information. Come and join us!
http://forum.yealink.com/forum/announcements.php?aid=18

We just had the YMCS online and we are also working on the features plan on the future versions, in this regard we are need to hear your voice about the YMCS.
Please visit : http://forum.yealink.com/forum/showthread.php?tid=42322


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Yealink SIP-T22P OpenVPN issue
Author Message
mahan77 Offline
Junior Member
**

Posts: 11
Joined: Mar 2014
Reputation: 0
Post: #1
Yealink SIP-T22P OpenVPN issue
Hello every one,

Need help please; I’m trying to connect Yealink SIP-T22P over OpenVPN with asterisk. No luck at all. I have enabled VPN option and upload the file. If I use softphone over OpenVPN from mac it’s working fine. How can I solve this issue?

Many thanks
sathees

vpn.cnf

client
dev tap
proto udp
remote 192.168.1.100 1194 udp
ca /yealink/config/openvpn/keys/ca.crt
cert /yealink/config/openvpn/keys/client-yealink.crt
key /yealink/config/openvpn/keys/client-yealink.key
resolv-retry infinite
nobind
persist-key
persist-tun mute-replay-warnings ns-cert-type server comp-lzo
verb 3
mute 10


server.conf

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
03-10-2014 09:22 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,684
Joined: Dec 2012
Reputation: 22
Post: #2
RE: Yealink SIP-T22P OpenVPN issue
Hi Please make sure "dev " is the same both in vpn.cnf and server.conf.
Do you want to use tun or tap?
03-11-2014 09:56 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
mahan77 Offline
Junior Member
**

Posts: 11
Joined: Mar 2014
Reputation: 0
Post: #3
RE: Yealink SIP-T22P OpenVPN issue
thank you.
the problem was easy-rsa
03-26-2014 11:23 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
mahan77 Offline
Junior Member
**

Posts: 11
Joined: Mar 2014
Reputation: 0
Post: #4
RE: Yealink SIP-T22P OpenVPN issue
Hello again,

I managed to solve the connection issue. After I upload the configuration file and reboot the device, I can’t access web page for setting. How can I solve this issue?
Many thanks
sathees

These are the logs from openvpn.log

Wed Mar 26 12:06:47 2014 192.168.1.74:1026 TLS: Initial packet from [AF_INET]192.168.1.74:1026, sid=be8c5adc 714c7286
Wed Mar 26 12:06:58 2014 192.168.1.74:1026 TLS: new session incoming connection from [AF_INET]192.168.1.74:1026
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=client, name=changeme, emailAddress=mail@host.domain
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
Wed Mar 26 12:07:00 2014 192.168.1.74:1026 TLS: tls_multi_process: untrusted session promoted to semi-trusted
Wed Mar 26 12:07:01 2014 192.168.1.74:1026 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Mar 26 12:07:01 2014 192.168.1.74:1026 [client] Peer Connection Initiated with [AF_INET]192.168.1.74:1026
Wed Mar 26 12:07:01 2014 client/192.168.1.74:1026 MULTI_sva: pool returned IPv4=10.8.0.10, IPv6=(Not enabled)
Wed Mar 26 12:07:01 2014 client/192.168.1.74:1026 MULTI: Learn: 10.8.0.10 -> client/192.168.1.74:1026
Wed Mar 26 12:07:01 2014 client/192.168.1.74:1026 MULTI: primary virtual IP for client/192.168.1.74:1026: 10.8.0.10
Wed Mar 26 12:07:03 2014 client/192.168.1.74:1026 PUSH: Received control message: 'PUSH_REQUEST'
Wed Mar 26 12:07:03 2014 client/192.168.1.74:1026 send_push_reply(): safe_cap=940
Wed Mar 26 12:07:03 2014 client/192.168.1.74:1026 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.0.0.0 255.0.0.0,route 172.16.1.0 255.240.0.0,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9' (status=1)
Wed Mar 26 12:11:03 2014 client/192.168.1.74:1026 [client] Inactivity timeout (--ping-restart), restarting
Wed Mar 26 12:11:03 2014 client/192.168.1.74:1026 SIGUSR1[soft,ping-restart] received, client-instance restarting


This is from the phone log
Mar 26 11:58:57 IPP[303]: IPP <4+warnin>137.470.293:unkown msg,00002006,00000000,00000000
Mar 26 11:58:57 IPP[303]: IPP <4+warnin>137.476.372:unkown msg,00002007,00000000,00000000
Mar 26 11:58:58 AUTP[342]: AUTP<3+error > network isn't complete, sleep 1s!
Mar 26 11:58:59 LIBD[342]: DANY<0+emerg > DANY=3
Mar 26 11:58:59 IPP[303]: IPP <4+warnin>139.347.641:unkown msg,000b0007,ffffffff,00000000
Mar 26 11:59:36 Log [365]: WEB <3+error > NOTE : readlan=[English]
Mar 26 11:59:36 Log [365]: WEB <3+error > NOTE : baklan=[1.English]
Mar 26 11:59:36 Log [365]: WEB <3+error > NOTE : lan=[1.English]
Mar 26 11:59:36 Log [396]: WEB <3+error > NOTE : readlan=[English]
Mar 26 11:59:36 Log [396]: WEB <3+error > NOTE : baklan=[1.English]
Mar 26 11:59:36 Log [396]: WEB <3+error > NOTE : lan=[1.English]
Mar 26 11:59:42 Log [365]: WEB <3+error > NOTE : readlan=[English]
Mar 26 11:59:42 Log [365]: WEB <3+error > NOTE : baklan=[1.English]
Mar 26 11:59:42 Log [365]: WEB <3+error > NOTE : lan=[1.English]
Mar 26 11:59:52 Log [396]: WEB <3+error > NOTE : readlan=[English]
Mar 26 11:59:52 Log [396]: WEB <3+error > NOTE : baklan=[1.English]
Mar 26 11:59:52 Log [396]: WEB <3+error > NOTE : lan=[1.English]
Mar 26 11:59:57 Log [365]: WEB <3+error > NOTE : readlan=[English]
Mar 26 11:59:57 Log [365]: WEB <3+error > NOTE : baklan=[1.English]
Mar 26 11:59:57 Log [365]: WEB <3+error > NOTE : lan=[1.English]
Mar 26 11:59:58 Log [396]: WEB <3+error > NOTE : readlan=[English]
Mar 26 11:59:58 Log [396]: WEB <3+error > NOTE : baklan=[1.English]
Mar 26 11:59:58 Log [396]: WEB <3+error > NOTE : lan=[1.English]
03-26-2014 08:22 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink Support Offline
Administrator
*******

Posts: 2,684
Joined: Dec 2012
Reputation: 22
Post: #5
RE: Yealink SIP-T22P OpenVPN issue
1. Do you test to enter the webpage later? Can't you enter the webpage for ever?
2. Do you test in other browser?
3. Hi Please make sure "dev " is the same both in vpn.cnf and server.conf. TUN or TAP?
03-27-2014 05:07 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
siny Offline
Junior Member
**

Posts: 10
Joined: May 2014
Reputation: 0
Post: #6
RE: Yealink SIP-T22P OpenVPN issue
(03-26-2014 11:23 AM)mahan77 Wrote:  thank you.
the problem was easy-rsa

Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin
05-23-2014 04:18 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
mahan77 Offline
Junior Member
**

Posts: 11
Joined: Mar 2014
Reputation: 0
Post: #7
RE: Yealink SIP-T22P OpenVPN issue
(05-23-2014 04:18 PM)siny Wrote:  
(03-26-2014 11:23 AM)mahan77 Wrote:  thank you.
the problem was easy-rsa

Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin

Sorry for late replay I was busy with work.

You need public key MD5 for the Yealink phone. Latest easy-rsa uses deferent alga rhythm called sha256. I didn’t know to change back to MD5. Best way to do this use easy-rsa 2.2.0. Use openssl-1.0.0.cnf on your vars file, every think will be ok.

Many thanks
05-27-2014 12:20 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
siny Offline
Junior Member
**

Posts: 10
Joined: May 2014
Reputation: 0
Post: #8
RE: Yealink SIP-T22P OpenVPN issue
(05-27-2014 12:20 AM)mahan77 Wrote:  
(05-23-2014 04:18 PM)siny Wrote:  
(03-26-2014 11:23 AM)mahan77 Wrote:  thank you.
the problem was easy-rsa

Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin

Sorry for late replay I was busy with work.

You need public key MD5 for the Yealink phone. Latest easy-rsa uses deferent alga rhythm called sha256. I didn’t know to change back to MD5. Best way to do this use easy-rsa 2.2.0. Use openssl-1.0.0.cnf on your vars file, every think will be ok.

Many thanks

Thank you for your reply, but...

Actualy, I am using easy-rsa 2.0-rc1 (all of the other 20+ keys are made by it so I did not want to change).
in "openssl.cnf" there is this line:
default_md = md5
so I suppose that should be OK, right?

(just to compare, I have downloaded easy-rsa 2.2.2, and there it says "sha256")

It seems I shall wait for the webinar on Wednesday, maybe there will pop up something new: http://forum.yealink.com/forum/showthrea...ht=openvpn


Best regards,
Sinisa Bandin
05-27-2014 03:51 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
mahan77 Offline
Junior Member
**

Posts: 11
Joined: Mar 2014
Reputation: 0
Post: #9
RE: Yealink SIP-T22P OpenVPN issue
(05-27-2014 03:51 AM)siny Wrote:  
(05-27-2014 12:20 AM)mahan77 Wrote:  
(05-23-2014 04:18 PM)siny Wrote:  
(03-26-2014 11:23 AM)mahan77 Wrote:  thank you.
the problem was easy-rsa

Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin

Sorry for late replay I was busy with work.

You need public key MD5 for the Yealink phone. Latest easy-rsa uses deferent alga rhythm called sha256. I didn’t know to change back to MD5. Best way to do this use easy-rsa 2.2.0. Use openssl-1.0.0.cnf on your vars file, every think will be ok.

Many thanks

Thank you for your reply, but...

Actualy, I am using easy-rsa 2.0-rc1 (all of the other 20+ keys are made by it so I did not want to change).
in "openssl.cnf" there is this line:
default_md = md5
so I suppose that should be OK, right?

(just to compare, I have downloaded easy-rsa 2.2.2, and there it says "sha256")

It seems I shall wait for the webinar on Wednesday, maybe there will pop up something new: http://forum.yealink.com/forum/showthrea...ht=openvpn


Best regards,
Sinisa Bandin


Yes! it should be ok. Long as you have this default_md = md5 line in your .cnf it will work.

Many Thanks
Sathees
05-27-2014 03:56 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
siny Offline
Junior Member
**

Posts: 10
Joined: May 2014
Reputation: 0
Post: #10
RE: Yealink SIP-T22P OpenVPN issue
(05-27-2014 03:56 PM)mahan77 Wrote:  
(05-27-2014 03:51 AM)siny Wrote:  
(05-27-2014 12:20 AM)mahan77 Wrote:  
(05-23-2014 04:18 PM)siny Wrote:  
(03-26-2014 11:23 AM)mahan77 Wrote:  thank you.
the problem was easy-rsa

Can you please elaborate on that: what was the problem with Easy-RSA?


Thank you.


Best regards,
Sinisa Bandin

Sorry for late replay I was busy with work.

You need public key MD5 for the Yealink phone. Latest easy-rsa uses deferent alga rhythm called sha256. I didn’t know to change back to MD5. Best way to do this use easy-rsa 2.2.0. Use openssl-1.0.0.cnf on your vars file, every think will be ok.

Many thanks

Thank you for your reply, but...

Actualy, I am using easy-rsa 2.0-rc1 (all of the other 20+ keys are made by it so I did not want to change).
in "openssl.cnf" there is this line:
default_md = md5
so I suppose that should be OK, right?

(just to compare, I have downloaded easy-rsa 2.2.2, and there it says "sha256")

It seems I shall wait for the webinar on Wednesday, maybe there will pop up something new: http://forum.yealink.com/forum/showthrea...ht=openvpn


Best regards,
Sinisa Bandin


Yes! it should be ok. Long as you have this default_md = md5 line in your .cnf it will work.

Many Thanks
Sathees


Well, it is not OK Sad

I create .tar file, as instructed in docs, go to Network -> Advanced menu, Browse file, Upload it, get the message "Upload success!", then Enable the VPN and when I click Confirm, message says "Please upload VPN config file first!".

I have other clients working with same certificates, using Linux, Android, Mikrotik routers and Windows.


Best regards,
Sinisa Bandin
05-27-2014 04:47 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Multicast / Paging / Intercom - Yealink T58 Ryandh 19 14,563 08-11-2019 07:28 PM
Last Post: Chris708
  YEALINK AUTO PROVISION Dmitryche 1 400 08-09-2019 09:25 AM
Last Post: Paz_Yealink
Question 3CX / Yealink passthrough VLAN issue (when phone is rebooted) maindriver 3 511 08-01-2019 12:19 PM
Last Post: Evan_Yealink
  LDAP Directory Configuration Issue it_prevent 1 859 05-15-2019 05:55 AM
Last Post: Mike_Yealink
  OpenVPN and QoS/TOS roelvanmeer 0 625 02-19-2019 09:27 AM
Last Post: roelvanmeer
  Yealink Dialplan Alain 0 970 09-19-2018 05:10 PM
Last Post: Alain
  OpenVPN Timeout connecting p2xt 3 1,790 07-13-2018 07:37 PM
Last Post: jolouis
  Yealink T48S displays message "No service" David K L 1 2,273 04-17-2018 03:39 AM
Last Post: Paul_Yealink
  Yealink Dial Plan RobertCrawford 8 4,897 03-09-2018 06:38 AM
Last Post: Johnny88
  Yealink secure certificates and disabling ciphers Scot E. 1 1,660 12-29-2017 03:40 AM
Last Post: Lucia_Yealink

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication