TUTORIAL Yealink < OpenVPN > IncrediblePBX

jaycos

New Member
Joined
Sep 3, 2018
Messages
11
Reaction score
3
It took me a while to figure this out, so in case anyone else wants to try connecting a Yealink phone to an Incredible PBX using OpenVPN, here you go:

Setup
  • Vultr $5 server
  • CentOS 7
  • FQDN (pbx.mydomain.com)
  • Incredible PBX 16-15.1
  • Yealink T41S (Firmware 66.84.0.15)
Steps
  1. Install OpenVPN following Nerdvittles instructions:
    Code:
    cd /root
    curl -O https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh
    chmod +x openvpn-install.sh
    sed -i "s|\techo 'push \"redirect-gateway|#\techo 'push \"redirect-gateway|" openvpn-install.sh
    sed -i "s|push \"redirect-gateway|#push \"redirect-gateway|" openvpn-install.sh
    sed -i 's|tls-client|tls-client\npull-filter ignore "redirect-gateway"|' openvpn-install.sh
    ./openvpn-install.sh
  2. Run installer using recommended settings, except for Custom encrypt(no):
    • Server IP Address: using FQDN strongly recommended to ease migration issues
    • Enabled IPv6 (no): accept default
    • Port (1194): accept default
    • Protocol (UDP): accept default
    • DNS (3): change to 9 (Google)
    • Compression (no): accept default
    • Custom encrypt(no):yes
      • select 4) AES-128-CBC
      • use recommendations for remaining settings
  3. Create the first client, e.g. yealink1
  4. Gather some necessary data
    Code:
    mkdir -p /tmp/yealink/keys
    cd /etc/openvpn/easy-rsa
    cp pki/ca.crt pki/private/yealink1.key pki/issued/yealink1.crt /tmp/yealink/keys/
    cat /root/yealink1.ovpn
  5. From yealink1.ovpn copy the OpenVPN Static key including the BEGIN and END lines to a new file
    Code:
    cd /tmp/yealink
    nano keys/ta.key
  6. From yealink1.ovpn copy everything at the top, above <ca>, to a new file
    Code:
    nano vpn.cnf
  7. Add the following lines to vpn.cnf (I added them between persist-tun and remote-cert-tls server):
    Code:
    ca /config/openvpn/keys/ca.crt
    cert /config/openvpn/keys/yealink1.crt
    key /config/openvpn/keys/yealink1.key
    tls-crypt /config/openvpn/keys/ta.key 1
  8. You should now have the following files in place:
    Code:
    /tmp/yealink/keys/ca.crt
    /tmp/yealink/keys/yealink1.crt
    /tmp/yealink/keys/yealink1.key
    /tmp/yealink/keys/ta.key
    /tmp/yealink/vpn.cnf
  9. Create a tar file
    Code:
    tar cvf openvpn.tar ./vpn.cnf ./keys
  10. Download openvpn.tar and upload it into your phone.
  11. Make sure your phone registers to 10.8.0.1
  12. Continue with Nerdvittles tutorial "to block all server access except via SSH or the VPN":
    Code:
    cd /etc/sysconfig
    wget http://incrediblepbx.com/iptables-openvpn.tar.gz
    tar zxvf iptables-openvpn.tar.gz
    rm -f iptables-openvpn.tar.gz
    echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
    sysctl -p
    systemctl -f enable [email protected]
    systemctl start [email protected]
    systemctl status [email protected]
    systemctl enable [email protected]
    systemctl restart iptables
 
Last edited:
  • Like
Reactions: Jake and wardmundy

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,319
Messages
137,021
Members
14,550
Latest member
treimers