OpenVPN - Client Export for Yealink Phone - Not Working
I tried to configure a OpenVPN Server for a remote Yealink Sip Phone.
According to the documentation it should be pretty easy using the export utility.
Unfortunately my settings don't work.
Does anyone have experiance with doing this?
My Server Settings
Server Mode: Remote Access (SSL/TLS)
Mode: Tunnel Mode
Local Port: 1200
TLS Configuration: DONT USE A TLS KEY
Enable NCP: NO
Auth digest algorithm SHA1 160 bit
Best regards Fabian
I will specify a little bit more:
OpenVpn / System Logs:
Nov 5 22:49:25 openvpn 17381 Authenticate/Decrypt packet error: packet HMAC authentication failed
In your first post you said you didn't use a TLS key, but the screenshot shows it enabled and also set for TLS encryption which is most likely NOT supported on those phones, and would lead to the error you show.
Also there are several different formats for Yealink export depending on certain model and firmware revisions, you should try one of the alternate formats.
And last I knew, it also required that the CA, server cert, and client cert all use weak SHA1 hashes. Maybe they have fixed that in a recent update, though.
e they have fixed that in a recent update, though.
Thank you very much for you reply.
Finally got it to work.
SHA1 and TLS Encryption ON is crucial. Otherwise it wont work according to my testing.
Also i had to edit the configuration file manually:
the line ncp disable had to be commented out (not supported by yealink phones)
Maybe this could be fixed in the export for yealink phones...