FreePBX 15.0.17.24 / Asterisk 16.15.1 / all modules up to date
I am trying to set up VPN on a Yealink T-22P phone to connect remotely to an OpenVPN server on FreePBX using the standard port 1194. The FreePBX server is at 11.22.15.72 (anonomized), and the public IP of the remote Yealink phone is 11.22.23.21 (anonomized). I have set up two Sangoma S500 phones as VPN clients on the same remote network 11.22.23.21 and they work perfectly as VPN clients. Note that I am using a pfSense firewall and port 1194 has been opened to 11.22.23.21 and forwarded to FreePBX.
The T-22P phone was Reset to Factory. Note that I have no problem connecting the T-22P as a remote phone from 11.22.13.21 but it fails when I try to set it up to connect to the OpenVPN server on FreePBX.
I am using this procedure in the link in the FreePBX wiki:
https://wiki.freepbx.org/display/FDT/[How-to]+Set+up+VPN+on+Yealink+Phone
and generate the following files from UCP for the Yealink extension: sysadmin_ca.crt, sysadmin_client1.conf, sysadmin_client109.crt, sysadmin_client109.key, and sysadmin_client109.ovpn.
Here is my vpn.cnf file with the .ca (i.e., sysadmin_ca.crt), .crt (i.e., sysadmin_client109.crt) and .key (i.e., sysadmin_client109.key) info removed:
client
dev tun
proto udp
remote 11.22.15.72
port 5061
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
key-direction 1
cipher AES-128-CBC
auth SHA256
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----
…
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
…
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
…
-----END PRIVATE KEY-----
</key>
The vpn.cnf file has been tar-red as follows:
tar cvf vpn.cfg.tar vpn.cnf
In the Network==>Advanced menu of the Yealink phone GUI I am able to upload the vpn.cfg.tar file. When I press Confirm, the Yealink phone GUI indicates “Operating Please Wait” which I believe should indicate that the file was successfully uploaded.
Here is a tcpdump of port 1194 (IP address anonomized). Note that ports 40976 and 52272 are the Sangoma S500 phones which are set up to connect with the OpenVPN server on FreePBX. There is no indication that the T-22P is sending out anything over port 1194.
[stewart@freepbx15vb asterisk]$ sudo tcpdump port 1194
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:34:40.533376 IP 11-22-23-21.dyn.novuscom.net.52272 > freepbx15vb.openvpn: UDP, length 53
08:34:40.533492 IP freepbx15vb.openvpn > 11-22-23-21.dyn.novuscom.net.52272: UDP, length 53
08:34:44.237803 IP 11-22-23-21.dyn.novuscom.net.40976 > freepbx15vb.openvpn: UDP, length 69
08:34:44.246830 IP 11-22-23-21.dyn.novuscom.net.40976 > freepbx15vb.openvpn: UDP, length 69
08:34:45.257676 IP 11-22-23-21.dyn.novuscom.net.40976 > freepbx15vb.openvpn: UDP, length 69
08:34:45.267826 IP 11-22-23-21.dyn.novuscom.net.40976 > freepbx15vb.openvpn: UDP, length 69
08:34:46.485358 IP 11-22-23-21.dyn.novuscom.net.52272 > freepbx15vb.openvpn: UDP, length 69
08:34:46.493595 IP 11-22-23-21.dyn.novuscom.net.52272 > freepbx15vb.openvpn: UDP, length 69
08:34:47.465923 IP 11-22-23-21.dyn.novuscom.net.52272 > freepbx15vb.openvpn: UDP, length 69
08:34:47.475943 IP 11-22-23-21.dyn.novuscom.net.52272 > freepbx15vb.openvpn: UDP, length 69
08:34:48.672334 IP freepbx15vb.openvpn > 11-22-23-21.dyn.novuscom.net.40976: UDP, length 53
08:34:50.789614 IP freepbx15vb.openvpn > 11-22-23-21.dyn.novuscom.net.52272: UDP, length 53
08:34:56.005310 IP 11-22-23-21.dyn.novuscom.net.40976 > freepbx15vb.openvpn: UDP, length 53
08:34:57.843753 IP 11-22-23-21.dyn.novuscom.net.52272 > freepbx15vb.openvpn: UDP, length 53
08:34:58.999197 IP freepbx15vb.openvpn > 11-22-23-21.dyn.novuscom.net.40976: UDP, length 53
08:35:01.062391 IP freepbx15vb.openvpn > 11-22-23-21.dyn.novuscom.net.52272: UDP, length 53
08:35:04.236986 IP 11-22-23-21.dyn.novuscom.net.40976 > freepbx15vb.openvpn: UDP, length 69
08:35:05.258603 IP 11-22-23-21.dyn.novuscom.net.40976 > freepbx15vb.openvpn: UDP, length 69
08:35:05.268837 IP 11-22-23-21.dyn.novuscom.net.40976 > freepbx15vb.openvpn: UDP, length 69
08:35:06.486154 IP 11-22-23-21.dyn.novuscom.net.52272 > freepbx15vb.openvpn: UDP, length 69
08:35:06.493629 IP 11-22-23-21.dyn.novuscom.net.52272 > freepbx15vb.openvpn: UDP, length 69
08:35:07.464571 IP 11-22-23-21.dyn.novuscom.net.52272 > freepbx15vb.openvpn: UDP, length 69
08:35:07.473915 IP 11-22-23-21.dyn.novuscom.net.52272 > freepbx15vb.openvpn: UDP, length 69
08:35:08.639106 IP freepbx15vb.openvpn > 11-22-23-21.dyn.novuscom.net.40976: UDP, length 53
^C
24 packets captured
26 packets received by filter
0 packets dropped by kernel
[stewart@freepbx15vb asterisk]$
Any suggestions would be appreciated.