Trying to connect T46G via OpenVPN

I have my FreePBX on a Vultr and I am desperately trying to connect my Yealink T46G phone via VPN to to the FreePBX (Vultr) Server.
I cannot work out how to do it. I think I’ve tried just about everything to set it up to connect securely via VPN.
I have included screenshots of my current setup. I know just enough about networking to get myself in trouble so I’d be so very grateful if someone could please step me though the process step by step.






I think you have to login to your Yealink Phone GUI to add your FreePBX Phone Provisioning (Auto Provisioning) details ( IP Address, Port, Username etc)

But this is where I keep getting lost. I can add the auto provisioning details and I can get the phone to connect but then it’s not running through the VPN?
Isn’t the phone meant to have the private ip address so it’s all on the Freepbx “internal” network.

You have to check at is User Management side Extension or in Group settings is OVPN allowed or not?
If Allowed there in User Management side cross check you can do via login to UCP…

If in UCP is existing OpenVPN client cert then you should see same OVPN details at EPM Mapping side.

Shahin

Yes it’s enabled but I don’t know if I’ve setup OVPN up correctly because I’m not seeing anything in the EPM at all.

So you are seeing OpenVPN client when you login to UCP panel ?

I have this?

Is your EPM paid module ? check your license maybe EPM module is expired.
Everything looks okay, you should see at EPM → Mapping side VPN name 101 when you selected Extension 101.

How do I know if it’s connected via OVN?

at your phone display you should see the VPN icon.

The only way I can get the account to register is by setting the SIP Server host to the public IP address.
But in System Admin > OpenVPN Client assigns the phone an IP in the 10.19.112.0/24 range

What about your EPM license ? Admin → System Admin → Activation

All in date

Endpoint Manager Expiration Date 2046-05-04 (Updates and support until 2024-09-06)
EPM for UCP. Expiration Date 2046-05-04
System Admin Expiration Date 2044-03-15

Are you able to ping the IP address that’s assigned to the phone on the tunnel interface? By default this is typically something in the 10.8.0.x subnet, you’ll need to look on your phone what IP it’s received from the VPN interface.


In that screenshot it actually says that it’s not connected. Not sure your VPN server is working properly. Did you port forward UDP port 1194 through your firewall to your phone system to allow inbound connections from any client that’s trying to connect to the phone system?

Can you pls make change Server Remote Address to IP Address instead of FQDN.
After change applied. from EPM send Refresh config to 101

Maybe Phone DNS is not resolved FQDN ?

@dobrosavljevic yes, port UDP 1194 is open.

@shahin I’ve changed it to the server IP address but still got the same issue.

The phone is being assigned the ip address is 192.168.1.129 which is the local internal ip range.

The FreePBX server is located at 45.xxx.xxx.xxx
and the OVN Server range is 10.19.112.0/24 and the phone is trying to connect to SIP server at 10.19.112.1

None of it is making any sense to me

so, Try to download OpenVPN for 101 from UCP and install it to another laptop or PC but be sure OpenVPN client is not at your PBX LAN network. This way you can test your OpenVPN client cert and VPN server…