Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - Client Export for Yealink Phone - Not Working

    Scheduled Pinned Locked Moved
    pfSense Packages
    2
    4
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fbaumann
      last edited by

      Dear All

      I tried to configure a OpenVPN Server for a remote Yealink Sip Phone.
      According to the documentation it should be pretty easy using the export utility.

      Unfortunately my settings don't work.

      Does anyone have experiance with doing this?

      My Server Settings
      Server Mode: Remote Access (SSL/TLS)
      Mode: Tunnel Mode
      Interface: WAN
      Local Port: 1200
      TLS Configuration: DONT USE A TLS KEY

      Enable NCP: NO

      Auth digest algorithm SHA1 160 bit

      Thanks...
      Best regards Fabian

      1 Reply Last reply Reply Quote 0
      • F
        fbaumann
        last edited by

        I will specify a little bit more:

        OpenVpn / System Logs:
        Nov 5 22:49:25 openvpn 17381 Authenticate/Decrypt packet error: packet HMAC authentication failed

        0_1541454756347_snip.PNG

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          In your first post you said you didn't use a TLS key, but the screenshot shows it enabled and also set for TLS encryption which is most likely NOT supported on those phones, and would lead to the error you show.

          Also there are several different formats for Yealink export depending on certain model and firmware revisions, you should try one of the alternate formats.

          And last I knew, it also required that the CA, server cert, and client cert all use weak SHA1 hashes. Maybe they have fixed that in a recent update, though.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • F
            fbaumann
            last edited by

            @jimp said in OpenVPN - Client Export for Yealink Phone - Not Working:

            e they have fixed that in a recent update, though.

            Thank you very much for you reply.

            Finally got it to work.

            SHA1 and TLS Encryption ON is crucial. Otherwise it wont work according to my testing.
            Also i had to edit the configuration file manually:
            the line ncp disable had to be commented out (not supported by yealink phones)

            Maybe this could be fixed in the export for yealink phones...

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.