Yealink SIP-T28P OpenVPN

ChooseOpen

Joined
Aug 4, 2010
Messages
11
Likes
0
Points
0
#1
That latest firmware release from Yealink supposedly supports OpenVPN. Unfortunately, I cant find any documentation on how to configure it.

I did a little digging and found that the web GUI expects the config file to be in TAR format. I tried TARballing all of the OpenVPN client certificates and an .ovpn config file with no luck. The GUI actually accepted the TAR upload, but the OpenVPN client still doesnt connect.

Anyone have any ideas? :eek:hmy:


Thanks!
Jason
 

logtech

Joined
Apr 9, 2010
Messages
147
Likes
0
Points
0
#2
did you figure it out?
 

ChooseOpen

Joined
Aug 4, 2010
Messages
11
Likes
0
Points
0
#3

logtech

Joined
Apr 9, 2010
Messages
147
Likes
0
Points
0
#4
yes that's true that Yealink guide for VPN is not huge :)

So the file needs to in tar and include exectly:
VPN conf file
keys folder incuded all certyficates and key

Am I right?
 

ChooseOpen

Joined
Aug 4, 2010
Messages
11
Likes
0
Points
0
#5
You are mostly correct. The TAR archive has an unusual structure. The upper most folder is a "." folder. I had a hell of a time finding a graphical archiving tool in Ubuntu Linux that could handle it. I ended up using Xarchiver.

To be more precise, the TAR archive folder structure is:

# . <-folder
# vpn.cnf <-standard OpenVPN client config file
# keys <-folder
## ca.crt
## client.crt
## client.key

EDIT: Updated the Wiki article.
 

logtech

Joined
Apr 9, 2010
Messages
147
Likes
0
Points
0
#6
thank you,

my concern regards dh2048.pem that is icluded in zip generated by OpenVpn server,

if you could give the right directory direction I would appreciate it

thank you
 

ChooseOpen

Joined
Aug 4, 2010
Messages
11
Likes
0
Points
0
#7
My OpenVPN server is running on my Vyatta router (so your setup might be different). I followed the stock instructions located at the link below to setup my Certificate Authority and generate my client keys. According to the table in this document, the dh2048.pem file is only for the OpenVPN server. It should not be needed by the Yealink clients.

http://www.openvpn.net/index.php/open-source/documentation/howto.html#pki
 

logtech

Joined
Apr 9, 2010
Messages
147
Likes
0
Points
0
#8
in yealink tar file vpn config has name vpn.cnf but real OpenVpn name is conf .....

I don't know if this matter


so far no luck there is any indication hows the vpn went .... i believe I can only check OpenVpn server status and logs on the server ....
 

ChooseOpen

Joined
Aug 4, 2010
Messages
11
Likes
0
Points
0
#9
Yep, you want your tar file to contain vpn.cnf NOT vpn.conf
It is simply a text file that you can edit in a text editor (Notepad, gedit, etc). Rename yours to "vpn.cnf"
Or, use the Yealink supplied version as a guide and edit it to suit your environment. My client vpn.cnf file only contains the following lines:

client
dev tun
remote 99.99.99.99 1194
tls-client
proto udp
# Comment out the following line if you dont have comp-lzo compression enabled on the server
comp-lzo
ca ca.crt
cert client.crt
key client.key
ping 10



As for logging, I couldnt find any way to check the client-side logs on the Yealink.

Another tip... I found it easier to get a MS Windows workstation to connect to the OpenVPN server and then steal the working configuration file from it. At least that way you know that you OpenVPN server is working.
 

logtech

Joined
Apr 9, 2010
Messages
147
Likes
0
Points
0
#10
Thank You

That's what I exactly did. I put config for a remote laptop to check it first and it works: I can ping Elastix and only Elastix since this is POINT to POINT VPN connection.

By the way I have received answer from YEALINK support to ask the local agents or the seller, they will provide helpful information for me.

Well they did not even provide the stupid link with default configuration which is ridiculous .....

Once again thank you for advices and I am goint to work on that VPN .....

Cheers
 

ChooseOpen

Joined
Aug 4, 2010
Messages
11
Likes
0
Points
0
#11
Yealink support sucks. They told me the same thing. I doubt the website I bought my phones from was going to be any help, so I figured it out myself. Hoverer, the T-28 is an awesome phone. We decided to deploy them to all of our desks.

Lets do some basic troubleshooting:

1. Does your OpenVPN server logs show any connection attempts from the Yealink phones. *ANY* attempt is a good sign, even if it didnt fully negotiate and got dropped. If you dont see any connection attempt in your logs, then you must have a serious problem with your Yealink TAR.

2. In your vpn.cnf, are you specifying your OpenVPN servers's IP address instead of hostname? Just a long-shot, but use the IP address instead of the hostname in case DNS lookups aren't working.

3. If you DO see unsuccessful connection attempts in your logs, make sure your comp-lzo settings match on both sides.

As a last-ditch effort, if you want to send me your vpn.cnf and sample key files, I will assemble them and send them back to you. I think this is most-likely your problem. The Yealink phone will accept a malformed TAR archive without complaining, and OpenVPN simply wont work! You can email me at jason <at> chooseopen <dot> com
 

logtech

Joined
Apr 9, 2010
Messages
147
Likes
0
Points
0
#12
problem is with number 1 .... I have already send an email ....

Thank you
 

logtech

Joined
Apr 9, 2010
Messages
147
Likes
0
Points
0
#13
I would like to thank you Jason for free of charge advices. I really appreciate this kind of help on this forum. Jason spend alomst all day sending emails and explaining how to do stuff from scratch. He did not say " I am better than you and you are moran, please read guide or etc..... I would call this real help on forum ..... Jason belongs to a few people that provide excelent forum support. He supposed to get a couples of carma....

one more time THANK YOU Jason for your help!!!!!!!!!!!!
 

Ninoska

Joined
Jan 17, 2011
Messages
1
Likes
0
Points
0
#14
Re: Re:Yealink SIP-T28P OpenVPN

Hey Jason, I email you, I have the number one problem.
Thanks you so much If you can help me.
 

Liakopoulos

Joined
Feb 24, 2010
Messages
37
Likes
0
Points
0
#15
Hello everyone,

I started working on the vpn feature of a T38G Yealink phone.

After a lot of messing around with it I discovered that the path that the configuration
file and the keys directory is saved is actually /config/openvpn

If you try to use the vpn feature of this phone please remember to adjust the path for the certificates in vpn.cnf accordingly.

Best Regards,

Panagiotis
 

hca

Joined
Aug 7, 2011
Messages
3
Likes
0
Points
0
#16
Hi Folks,

I am trying to get some new T26p's to use VPN on my elastix box but could not seem to the the VPN up in webadmin, but its actually up. Testing to it with an XP box connects and drops on crypto. Thus there are a few weird things but I google it up and see some versions of openvpn have crypto issues.

However after deleting all the keys, and a fresh start it now seems to work with the xp box with AES-128-CBC. It seems I have OpenVPN version 2.0_rc16, OpenSSL version 0.9.7e with the OpenVPN + CA webadmin module.

The phones are new T26p's firmware 6.60.0.110 and work normally with the server on a local subnet.

I think I have the tar file format correct, it loads apparently with out error, but there is no evidence of the connect attempt to the server or vpn indication on the phone.

Solved now. maybe it helps someone else.

Could the T26p have a slightly different tar file layout to the T28? What I found made them work was renaming the ovpn file and editing the paths rather in it than the using conf file, the only difference being the use of windows style carriage returns.

Also I note the phones take a little while to bring up the vpn indicator.














Reg HCA
 

Members online

No members online now.

Latest posts

Forum statistics

Threads
30,900
Messages
130,884
Members
17,561
Latest member
marouen
Top