rjaiswal
Active Member
- Joined
- May 24, 2013
- Messages
- 438
- Reaction score
- 58
Hi,
Haven't posted in a while. Had a freak accident last year. 4 surgeries later, I'm now on the road to a somewhat full recovery.
Just got this working for myself. I have a new full time job, and wanted to keep a desk phone hooked up to my personal PBX, so if my old clients needed to get a hold of me, while I was at the office, I could still take the call. Didn't want to do the follow me, because I don't have good cell coverage at the office, and the wifi calling doesn't work.
So, I have an OpenVPN instance, that I use for my iPhone and laptop, to remote back into the house. I couldn't use this instance, because it's setup for user-pass login. Yealink phones only support certificate authentication. It took a lot of trial and error, and reading multiple posts on the Yealink forum, and Ubiquiti forum to get this to work.
Here is the portion of my router config that pertains to the new OpenVPN instance that's just for my remote phones.
This is the vpn.cnf for the Yealink phone. The cert paths are for a T21p E2. You'll have to look at the Yealink vpn guide for the proper path for the model of phone that you're setting up.
The tun-mtu is set for my openvpn instance. I tested my connection using a ping command, that I found using google, to determine my mtu size.
Haven't posted in a while. Had a freak accident last year. 4 surgeries later, I'm now on the road to a somewhat full recovery.
Just got this working for myself. I have a new full time job, and wanted to keep a desk phone hooked up to my personal PBX, so if my old clients needed to get a hold of me, while I was at the office, I could still take the call. Didn't want to do the follow me, because I don't have good cell coverage at the office, and the wifi calling doesn't work.
So, I have an OpenVPN instance, that I use for my iPhone and laptop, to remote back into the house. I couldn't use this instance, because it's setup for user-pass login. Yealink phones only support certificate authentication. It took a lot of trial and error, and reading multiple posts on the Yealink forum, and Ubiquiti forum to get this to work.
Here is the portion of my router config that pertains to the new OpenVPN instance that's just for my remote phones.
Code:
server.conf
admin@router# show interfaces openvpn vtun1
description "Remote Phones"
encryption aes128
hash sha1
mode server
openvpn-option "--proto udp"
openvpn-option "--push route 192.168.16.0 255.255.255.0"
openvpn-option --persist-key
openvpn-option --persist-local-ip
openvpn-option --persist-remote-ip
openvpn-option "--port 1195"
openvpn-option "--push redirect-gateway def1"
openvpn-option "--link-mtu 1472" ;(check mtu settings on site)
openvpn-option "dhcp-option DNS 8.8.8.8"
openvpn-option "--verb 1"
server {
subnet 192.168.91.0/24
topology subnet
}
tls {
ca-cert-file /config/auth/remotephones/cacert.pem
cert-file /config/auth/remotephones/remotephones.pem
dh-file /config/auth/remotephones/dh1024.pem
key-file /config/auth/remotephones/remotephones.key
}
[edit]
This is the vpn.cnf for the Yealink phone. The cert paths are for a T21p E2. You'll have to look at the Yealink vpn guide for the proper path for the model of phone that you're setting up.
Code:
client.ovpn (vpn.cnf)
client
dev tun
proto udp
remote 72.80.184.41 1195
cipher AES-128-CBC
nobind
persist-key
ca /config/openvpn/keys/ca.crt
cert /config/openvpn/keys/client.crt
key /config/openvpn/keys/client.key
;comp-lzo
verb 1
;mute 20
tun-mtu 1472
The tun-mtu is set for my openvpn instance. I tested my connection using a ping command, that I found using google, to determine my mtu size.