OpenVPN - Client Export for Yealink Phone - Not Working



  • Dear All

    I tried to configure a OpenVPN Server for a remote Yealink Sip Phone.
    According to the documentation it should be pretty easy using the export utility.

    Unfortunately my settings don't work.

    Does anyone have experiance with doing this?

    My Server Settings
    Server Mode: Remote Access (SSL/TLS)
    Mode: Tunnel Mode
    Interface: WAN
    Local Port: 1200
    TLS Configuration: DONT USE A TLS KEY

    Enable NCP: NO

    Auth digest algorithm SHA1 160 bit

    Thanks...
    Best regards Fabian



  • I will specify a little bit more:

    OpenVpn / System Logs:
    Nov 5 22:49:25 openvpn 17381 Authenticate/Decrypt packet error: packet HMAC authentication failed

    0_1541454756347_snip.PNG


  • Rebel Alliance Developer Netgate

    In your first post you said you didn't use a TLS key, but the screenshot shows it enabled and also set for TLS encryption which is most likely NOT supported on those phones, and would lead to the error you show.

    Also there are several different formats for Yealink export depending on certain model and firmware revisions, you should try one of the alternate formats.

    And last I knew, it also required that the CA, server cert, and client cert all use weak SHA1 hashes. Maybe they have fixed that in a recent update, though.



  • @jimp said in OpenVPN - Client Export for Yealink Phone - Not Working:

    e they have fixed that in a recent update, though.

    Thank you very much for you reply.

    Finally got it to work.

    SHA1 and TLS Encryption ON is crucial. Otherwise it wont work according to my testing.
    Also i had to edit the configuration file manually:
    the line ncp disable had to be commented out (not supported by yealink phones)

    Maybe this could be fixed in the export for yealink phones...