Reply To: RE: OpenVPN Yealink issues

VitalPBX Community Support General Discussion OpenVPN Yealink issues Reply To: RE: OpenVPN Yealink issues

    DannyLarsen
    Participant
    none

    I have spent many hours on this here is what I have found

    Older Yealink phones like the T28 need Ver 2.73.0.50   (73) and will only work with:

    sha1 (not sha256) hash algorithm, and dh1024 (not dh2048) certs

    the openvpn server config file must also reference the location of  dh1024 and certs

    Also in the client vpn.cnf of the openvpn.tar file should look like this 

    client
    setenv SERVER_POLL_TIMEOUT 4
    nobind
    proto udp
    remote XXX.XXX.XXX.XXX
    port 1194
    dev tun
    dev-type tun
    persist-tun
    persist-key
    ns-cert-type server

    comp-lzo yes

    auth-retry nointeract

    ca /config/openvpn/keys/ca.crt
    cert /config/openvpn/keys/client.crt
    key /config/openvpn/keys/client.key

     

    If you have a mix of old and new yealink phones these lower encryption files can also be used on the T46S ver .8X – .84 phones but are less secure.

    It is best to use then newer sha256 if you have all newer yealink phones T4X or T5X

    0