OpenVPN and Yealink Phones

Started by DaveA67, May 16, 2018, 04:53:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 16, 2018, 04:53:16 PM
Hi

I would like to setup OpenVPN to work with a Yealink handset and I believe it's possible to do this.

I am new to OpenVPN especially the setup in Opnsense. Generally I ise IPSec for everything but the SIP phones I have only support OpenVPN

At present I cannot even get a client export file that the Yealink is happy with as it will only accept a .tar file.

I saw someone had posted a link to a tutorial specific to this on the pfsense forum, but it no longer exists.

Does anyone have a guide or pointers for this please?

Many thanks!
May 16, 2018, 09:43:59 PM #1
I have configured opnvpn on a Yealink phone a while ago... not to opnsense but a cloud vpn.
What type of phone and firmware version are you using. I remember that the format can depend from phone to phone and version to version...

Try renaming your files using this naming convention and folder layout. It is very picky about the filenames and folders.

Code Select
clientconf
├── keys
│   ├── ca.crt
│   ├── client.crt
│   └── client.key
└── vpn.cnf

Code Select
cd clientconf
# from within the clientconfdirectory:
tar -c vpn.cnf keys/* -f openvpn.tar

You need to run the tar command from within the folder itself. Otherwise the paths will get mangled and the file won't work.
Upload that file in the Web GUI or via your provisioning system.
May 17, 2018, 03:36:09 PM #2
Hi

Thanks for the reply.

yeah, I eventually figured out the file name and structure requirements.
I get the VPN config to load but doesn't start as it finds errors in the VPN config.

I'm not really familiar with OpenVPN so probably my config on Opnsense is incorrect
May 17, 2018, 03:37:00 PM #3
Sorry the phone is a W52P DECT
Firmware Version   25.80.0.28


Cheers

May 17, 2018, 03:47:26 PM #4
I have this in the log file of the Yealink after a reboot:

May 17 00:00:07 openvpn[542]: Options error: Parameter --cert cannot be used when --pkcs12 is also specified.
May 17 00:00:07 openvpn[542]: Use --help for more information.
May 17, 2018, 07:26:42 PM #5
OK I have this working now.
Not knowing much about OpenVPN I am not sure how :)

I made some changes to the OpenVPN server config on Opnsense and then 3 of the Client Export options were suddenly for Yealink phones.

Not the W52 but I think I used the T38(2) one.

I had to make a small edit to the vpn.cnf file but all seems to be working fine!
May 22, 2018, 11:40:28 AM #6
Good to hear this is working and thanks for reporting back.
I have both W52 and T38 as well and it's good to know they can be setup with opnsense opnvpn!
May 24, 2018, 10:05:31 AM #7
The 2 test W52s I set up were rock solid.

I now have 5 to deploy to a Customer's homeworkers  :o
May 24, 2018, 10:41:16 PM #8
This makes me happy. We successfully use Yealink phones in a particular setup, but over a heavier IPsec VPN where each branch has a dedicated tunnel to the main office, but this seems a lot simpler as the phones could be deployed as is.


Cheers,
Franco
May 25, 2018, 12:25:08 PM #9
It's great for Homeworkers as it doesn't matter what sort of router they have, even a cheap domestic one with no VPN capability or one of those awful Virgin or Sky routers :)

Print
Go Up Pages1
User actions