I would like to have one Yealin phone off site, either T41P or T23 but I don’t have nor want to purchase sysadmin module, I have freepbx 17 on Debian and already have a OpenVPN server running on this machine.
Thanks for any help in advance.
I think you have to purchase 2 modules, System Admin for OpenVPN Server and EndPointManager (EPM) for Yealink Phone deployment OpenVPN Cert files.
isn’t there any other way? A free way?
No I don’t know any free way for Yealink Phones OpenVPN solution.
Maybe Other guys knows other way, or you can search at the forum? If you didn’t do that search already,
Sure. You set it up on your own. The VPN server and then the configs.
I have tried 5-6 years ago, download user OpenVPN cert file from UCP and upload to Yealink Phone from web gui. Maybe can be work. ( sorry i don’t have Yealink phone to test for you )
where is it located? the openvpn server is running on the same machine, i can connect from the outside with a .ovpn file using a computer.
You mean OpenVPN Server you have installed separately to your FreePBX VM/Box?
OR, You are using FreePBX Built-In OpenVPN service ?
https://sangomakb.atlassian.net/wiki/spaces/PG/pages/35390162/System+Admin-VPN+Server
Which one you mean ?
1 Like
I have FreePBX 17 on debian, OpenVPN is installed separately.
I think you can try,
1st create a new OpenVPN user for your XXX-User Yealink Phone.
2nd Apply OpenVPN Cert file in your phone and be sure your phone connected to the VPN. (You can see VPN icon of the Phone Screen when vpn connected successfully )
3rd Register your Extension to Yealink Phone manually from Phone Gui.
4rd Add your OpenVPN Subnet details in your FreePBX Asterisk settings side ( Settings → Asterisk Sip Settings → NAT Settings → Local Networks : 192.xx.xxx.xxx/24 )
5th Firewall settings add your OpenVPN Subnet too ( Connectivity → Firewall → Networks → 192.xx.xx.xx/24 Trusted Network )
Good luck.
Shahin
Yes you can do this without the EPM module, but I think you need to have systemadmin to enable the user control in openvpn. Although you dont need it. You can manually add the user to your openvpn config and put all your settings.
The yealink just needs the config package built a certain way. I was able to do mine like this
client-file.tar
- vpn.cnf
- keys (this is a folder)
- user_ca.crt
- user.crt
- user.key
inside your vpn.cnf file you need:
client
dev tun
proto udp
resolv-retry 60
nobind
persist-key
persist-tun
remote-cert-tls server
ca user_ca.crt
cert user.crt
key user.key
comp-lzo
verb 3
reneg-sec 3600
remote your.ip.address.here 1194
depending on how you setup openvpn you might need to adjust the settings of your vpn.cnf, but yealink will take this and load it. You need to go to the Network and Advanced tab on the yealink, and upload your tar file. Then switch it to enable. On the last on i did, i had to upload, submit, click accept. Then go back to the network tab, switch to enable, then accept, and it was finally connecting.
Also, make sure on your phone registration, you use the VPN endpoint as your SIP Server, so on mine, the phone needed to be changed to register to 10.8.0.1 and not the outside public of the server.
1 Like
Simply don’t do it.
Use a TLS-connection, and you are settled.
Otherwise connect your routers via VPN. Then you might have access via private IPs from one routers network to the other routers network.
Yes and NO.
If you allow only Necessary ports from Firewall ( OpenVPN to Privet Network) How they will access to your Privet network ?
I agreed for TLS but VPN is safe too… if you knows how to do then no problem.
OpenVPN setups works at Yealink Phones. Tested at T46S T41S and T58A
Note: You have to follow @michaelp713 OpenVPN CRT,KEY and CFG instruction.