OpenVPN and Yealink Phones

[DaveA67]

Hi

I would like to setup OpenVPN to work with a Yealink handset and I believe it's possible to do this.

I am new to OpenVPN especially the setup in Opnsense. Generally I ise IPSec for everything but the SIP phones I have only support OpenVPN

At present I cannot even get a client export file that the Yealink is happy with as it will only accept a .tar file.

I saw someone had posted a link to a tutorial specific to this on the pfsense forum, but it no longer exists.

Does anyone have a guide or pointers for this please?

Many thanks!

[fvanroie]

I have configured opnvpn on a Yealink phone a while ago... not to opnsense but a cloud vpn.
What type of phone and firmware version are you using. I remember that the format can depend from phone to phone and version to version...

Try renaming your files using this naming convention and folder layout. It is very picky about the filenames and folders.

Code: [Select]

clientconf
├── keys
│   ├── ca.crt
│   ├── client.crt
│   └── client.key
└── vpn.cnf

Code: [Select]

cd clientconf
# from within the clientconfdirectory:
tar -c vpn.cnf keys/* -f openvpn.tar
You need to run the tar command from within the folder itself. Otherwise the paths will get mangled and the file won't work.
Upload that file in the Web GUI or via your provisioning system.

[DaveA67]

Hi

Thanks for the reply.

yeah, I eventually figured out the file name and structure requirements.
I get the VPN config to load but doesn't start as it finds errors in the VPN config.

I'm not really familiar with OpenVPN so probably my config on Opnsense is incorrect

[DaveA67]

Sorry the phone is a W52P DECT
Firmware Version   25.80.0.28


Cheers

[DaveA67]

I have this in the log file of the Yealink after a reboot:

May 17 00:00:07 openvpn[542]: Options error: Parameter --cert cannot be used when --pkcs12 is also specified.
May 17 00:00:07 openvpn[542]: Use --help for more information.

[DaveA67]

OK I have this working now.
Not knowing much about OpenVPN I am not sure how

I made some changes to the OpenVPN server config on Opnsense and then 3 of the Client Export options were suddenly for Yealink phones.

Not the W52 but I think I used the T38(2) one.

I had to make a small edit to the vpn.cnf file but all seems to be working fine!

[fvanroie]

Good to hear this is working and thanks for reporting back.
I have both W52 and T38 as well and it's good to know they can be setup with opnsense opnvpn!

[DaveA67]

The 2 test W52s I set up were rock solid.

I now have 5 to deploy to a Customer's homeworkers 

[franco]

This makes me happy. We successfully use Yealink phones in a particular setup, but over a heavier IPsec VPN where each branch has a dedicated tunnel to the main office, but this seems a lot simpler as the phones could be deployed as is.


Cheers,
Franco

[DaveA67]

It's great for Homeworkers as it doesn't matter what sort of router they have, even a cheap domestic one with no VPN capability or one of those awful Virgin or Sky routers