QUESTION VPN Issue on Yealink phone

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
772
Reaction score
124
I have an external phone to my home based PBX. It is a Yealink T46G.
I have upgraded the firmware and sent new config files which were loaded.
The phone was rebooted and shows a) as connecting to the vpn (OpenVPN logs) and b) shows as registered (sip show peers).

However, the phone shows 'No Service" and a call to it goes to unavailable and the phone can't dial out.

We reloaded the original VPN config and all is fine (except I need to move away from the old conifg).

Has anyone seen this behavior/have a solution?

Thanks.

Andrew
 

islandtech

Wassamassaw
Joined
Jan 11, 2009
Messages
677
Reaction score
137
Is the vpn subnet listed in the asterisk sip settings local network?
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
772
Reaction score
124
Thanks for the response.

Yes, the subnet is there - remember, it works with the old configuration/certs which should be virtually identical.


The VPN log says the phone is in, and more importantly, the PBX says it is in - I show it as registered under SIP show peers. It shows with his public IP on the other side of the country and a 103 ms timing on port 5060.

Weird.
 

islandtech

Wassamassaw
Joined
Jan 11, 2009
Messages
677
Reaction score
137
my remote yealink phones has the ip range defined in the openvpn server subnet not the remote public ip
 

KNERD

Well-Known Member
Joined
Mar 9, 2014
Messages
1,659
Reaction score
586
I ran into that recently on a PBX I recently set up, I never did follow up on it yet. I just unplugged it, and moved on to other things and forgot about it.

I know it is not my setup, and I have a guide I made myself which has worked 100% of time except for a couple of times. Both times were after Yealink firmware updates, or newer phones added.

The first time was after an update, and the VPN client in the firmware refused to connect until I created a new stronger key. Second time was last year after a firmware update and then all VPN clients stopped working, and there was no error, or log to indicate why. They just would not connect.

This is something new. I guess I will have to look at it this weekend, if I have time.
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
772
Reaction score
124
Sure. I have the 10.0.0.x in the config, but also in the SIP Advanced Settings

KNERD - thanks.


Andrew
 

KNERD

Well-Known Member
Joined
Mar 9, 2014
Messages
1,659
Reaction score
586
After some testing, something strange going on. I connected two Yealnks (T28P and T46G) and a Sangoma S500 to this PBX I built maybe a couple of months ago on Digital Ocean.

The Sangoma telephone is stable, and working just fine. The Yealinks are having issues. They will not register when pointing to the VPN address of Asterisk. Doing a ping test from the telephone, it is failing to reach it.

What is also odd, the Yealink telephones keep losing registration, but not the Sangoma one.

Maybe my build is bad. Will have to do more tests
 

KNERD

Well-Known Member
Joined
Mar 9, 2014
Messages
1,659
Reaction score
586
Do you know the version of OpenVPN you are using? I am starting to think this is an issue with the VPN client on Yealink.

This is what I got:

OpenVPN 2.4.6 x86_64-redhat-linux-gnu [Fedora EPEL patched]

After I disabled VPN on one of the telephones, it started to behave as expected. I know this setup is proper as I have two other devices connected to the same machine. One being a router with VPN client, and a SIP ATA Gateway so I can send the ATA traffic over encrypted connection from a POTS.

On another PBX I have setup with Yealink telephones, it is OpenVPN 2.3.12 x86_64-redhat-linux-gnu
 

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
772
Reaction score
124
My OpenVPN is running on an R9800 router (Nighthawk X4S) running the most recent OpenWRT.
Code:
root@BenjaminRouter:~# openvpn --version
OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <[email protected]>

So, 2.4.5

I'm in the process of reconfiguring a VPS to test it (hard to test a VPN locally <g>). Woothosting is driving me crazy, however (see the woothosting thread for the latest drama).

I plan to get 13-13 running on the VPS and install OpenVPN and then use my 'home' certificates on that machine against the Yealink.
If it doesn't work, I'll jump on the Yealink forums, I guess.

Seems weird that the VPN shows as connected, the PBX shows as registered and yet the phone shows 'No Service'. Other than generate new certs, the only thing I've changed is moving to SHA256 (supported) and AES-256-(something) as the cipher.
 

KNERD

Well-Known Member
Joined
Mar 9, 2014
Messages
1,659
Reaction score
586
I also realized there is another PBX we got which has issues with some extensions with Yealink telephones using OpenVPN. Looking, I see that PBX is using OpenVPN version 2.4.6 also.

If there was problems with the certificates, then the telephones would not be making any connection at all to the OpenVPN server
 
Last edited:

KNERD

Well-Known Member
Joined
Mar 9, 2014
Messages
1,659
Reaction score
586
I just ran an update on a server with CentOS 6 today. There was an update to OpenVPN on it. Version 2.4.7, Mabye do an update to see if you have it available, and if it helps.
 

Members online

Forum statistics

Threads
25,782
Messages
167,509
Members
19,202
Latest member
pbxnewguy
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top