System Admin - VPN Server support for Yealink Phones

Hi guys,

I’m setting up a new FreePBX sever and bought a license for System Admin Pro. After setting up this module I noticed there is not support for Yealink phones, those that use a “tar” file to load the OpenVPN server config.

Is there any workaround to accomplish this with the System Admin Pro, otherwise any advise to support this directly on my FreePBX server without using a separate OpenVPN Server such as PFSense?

Thank you

Endpoint Manager will provision Yealinks on the VPN. You can download the VPN tarball from UCP if enabled in user management.

Hi Lorne,

Thank for your prompt response.

In order to get the VPN tarball option from the UCP, should I get the EndPoint Manager activated.

I was looking for this option under User Management/UCP, but I couldn’t find it.

Please advise,

It’s under the UCP Tab, System Admin.

If you are trying to use the VPN server in sysadmin with your phone you need to use EPM to configure your phone. Outlined here

Under UCP Tab, System Admin: Allow VPN is enabled.

When I log in with this user on the UCP portal, the only option available for download is a zip file containing 4 files (2 x crt, 1 x conf and 1 x key).

P.S.: I haven’t purchased/activated EndPoint Manager for this server.

Hi Tony,

If I understood you correctly, I will need to purchase the EPM as well for my scenario with this Yealink phones.

I have another question…

We also use Softphones on our Android and iPhones, the OpenVPN app only supports .ovpn files, by activating the EPM on this server, will I have the option to generate this kind of files as well?

Thank you

Android setup is linked here:

Nothing for iOS … yet.

No iOS support is a deal breaker, work in progress for this platform at least?

Any workaround for iOS at this time?

You misunderstood. There is no iOS wiki page yet. It is an OpenVPN server, if there is an iOS client, it should be able to connect.


I understand your point regarding the iOS wiki, and as you mentioned, it is an OpenVPN server it should support an iOS client, the question is: how?

Please refer to my previous question:

“We also use Softphones on our Android and iPhones, the OpenVPN app only supports .ovpn files, by activating the EPM on this server, will I have the option to generate this kind of files as well?”

Did you read the Android page linked above?

Yes, I did, those certificates and key files have to be copied into the Android’s flash to proceed. My concern is about iOS, because you can only add a VPN profile by using a ovpn file.

I found a workaround for the iOS devices:

1- unzip the
2- Rename sysadmin_clientX.conf to sysadmin_clientX.ovpn.
3- Open iTunes, connect your iOS device, then go the Apps section.
4- Select the OpenVPN app.
5- Drag & drop all the files from the unzipped folder.
6- Click on the Sync button.
7- Open the OpenVPN app on the iOS device and add the profile, all set!

This process is very tedious, compared to the .ovpn file method, I am still wondering if you guys can provide me a better way.

Thank you.

There is an open feature request here

If you can determine a working format for the ovpn file for an iOS device, udate that ticket with your findings. I have had no success connecting with a single ovpn file without certs in separate files.

Thank you Lorne, I appreciate that.

Please see the above link i created.

I have worked with Yealink to create a vpn.tar file needed to upload vpn configuration to Yealink phones.

I had all sorts of VPN goodness with my Yealink T56A and FreePBX 13, however, after FreePBX 14 was marked stable and 13 marked legacy and a number of module updates disabled sysadmin pro and EPM all bets were off and stopped working. It was seamless.

FreePBX 14 is now using OpenVPN 2.4.4 which is the most modern and also seems to be using SHA256. The Yealink T56A with the latest firmware seams to be using OpenVPN 2.1.4 which I understand to be SHA1.

regardless of versions I have not found any errors or logs with anything meaningful.