[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Phone logs and OpenVPN
Author Message
AndyInNYC Offline
Junior Member
**

Posts: 10
Joined: Jul 2014
Reputation: 0
Post: #2
RE: Phone logs and OpenVPN
Knerd,

I have been having OpenVPN issues as well. My last round ended up being 'bad' certificates. They worked everywhere except on the phone (other PCs, iPhones, etc. could use them just fine). I used certificates created on another machine and ported them to the server.

Prior to that I had an issue many have had - the .tar file must been in a very specific format:

vpn.cnf (the 'client.conf' everywhere else)
a keys subdirectory
\keys\client.crt
\keys\client.key
\keys\ca.crt (I think from memory)

The vpn.cnf must reference the certificates as though they were in another directory - like this:
ca /config/openvpn/keys/ca.crt

Here is my working vpn.cnf (client side) file:
client
persist-tun
persist-key
cipher BF-CBC
auth SHA1
tls-client
ns-cert-type server
remote X.Y.Z.A # You fill in your VPN address here
nobind
port 1190
proto udp
dev tun
comp-lzo
verb 3
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client1.crt
key /config/openvpn/keys/client1.key

Here is the working server.conf file:

local X.Y.Z.A # Fill in your IP address here
port 1194
proto udp
dev tun
# added based on pbxinaflaah.com
daemon
persist-tun
persist-key
cipher BF-CBC
tls-server
#end added

mode server
server 10.8.0.0 255.255.255.0
push "route 10.2.1.0 255.255.255.0"
push "dhcp-option DNS 10.2.1.1"
keepalive 20 60
client-to-client
duplicate-cn
comp-lzo
verb 3
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
log-append /etc/openvpn/openvpn.log

I'm using iptables on my machine, you need to open the firewall - here's what I have as additions

-A INPUT -s 10.8.0.0/16 -j ACCEPT
-I INPUT -p udp --dport 1194 -j ACCEPT

in the *nat section as the very first line:

-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Hope this helps you. You can look at the created openvpn.log file (now in /etc/openvpn) to see if your phone is at least trying to hit the VPN.

Andrew
08-10-2014 09:16 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
Phone logs and OpenVPN - KNERD - 08-06-2014, 08:48 AM
RE: Phone logs and OpenVPN - AndyInNYC - 08-10-2014 09:16 AM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Solved Openvpn.tar creating the right size file compsos 3 937 08-20-2020 06:49 AM
Last Post: complex1
  Raw XML for Remote Phone Book rgranholm 1 1,235 03-24-2020 06:14 AM
Last Post: crazyau
  Setting phone to default to No Account by default when Off Hook InterLynx 4 4,695 01-08-2020 01:20 AM
Last Post: tfrazer
  How can i reset my phone andyjgarner 3 2,350 10-24-2019 02:45 PM
Last Post: Garry_Yealink
Question 3CX / Yealink passthrough VLAN issue (when phone is rebooted) maindriver 3 1,971 08-01-2019 12:19 PM
Last Post: Evan_Yealink
  OpenVPN and QoS/TOS roelvanmeer 0 1,265 02-19-2019 09:27 AM
Last Post: roelvanmeer
  Can't register T21P E2 phone LOU 2 7,414 02-09-2019 03:48 PM
Last Post: rccloud
  OpenVPN Timeout connecting p2xt 3 3,256 07-13-2018 07:37 PM
Last Post: jolouis
  Call Parking - Yealink Phone - Asterisk 11 vs 13 Velocita Technology 1 2,990 12-26-2017 06:06 AM
Last Post: Lucia_Yealink
  Multiple Lines on a Single Phone TomEdwards 2 3,784 11-21-2017 09:29 PM
Last Post: TomEdwards

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication