OpenVPN Setup & Troubleshooting
OpenVPN setup & troubleshooting.
Scenario 1: The user cannot set up the VPN correctly.
Resolution
Please check if the VPN file format you are using is as follows. If not, please follow step 2.
Install the OpenVPN software:
“config”: save the configuration files and the certificate files
“easy-rsa”: tools folder includes the .bat to make the certificate files
In the “easy-rsa” folder:
Rename the “vars.bat.sample” file to the name “vars.bat”
Edit the file “vars.bat”Configure the environment variable:
Enter "cmd.exe“
Enter the path of the "easy-rsa“
Set the environment variable
Clean all old certificate filesCreate crt files (root/server-side/client-side)
Create a root certificate.
Command: build-ca.bat
Output: keys\ca.crt, keys\ca.keyCreate a dh1024.pem file.
Command: build-dh.bat
Output: keys\dh1024.pemCreate server-crt
Command : build-key-server.bat
e.g.: server; server 01 etcCreate client-crt
Command:build-key.bat
Output: keys/.crt, keys/ .csr, keys/ .key
Note: If you are going to create multiple client-crt files, need to input a different Common Name/Name, or it will cause failure.Update the configuration (server.ovpn).
Copy server.ovpn file from the path
C:\Program Files\OpenVPN\sample-config
to the pathC:\Program Files\OpenVPN\config
.Copy ca.crt, dh1024.pem, server.crt, and server.key files from the path
C:\Program Files\OpenVPN\easy-rsa\keys
to the pathC:\Program Files\OpenVPN\config
.Update
C:\Program Files\OpenVPN\config\server.ovpn
configuration (you can use cmd.exe and input ipconfig to check the local server’s IP address):Connection testing.
Run OpenVPN GUI software, the icon will show in the lower-right corner. Click Connect, then the server will prompt and turn green when it is successful.Preparation for the phone connecting (enable Internet share, TCP/IP transmission).
Enter “Regedit.exe”
Path:Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Set WLAN’s Sharing configuration: (needs two network cards).
Allow other network users to connect through this computer's internet connection.
Home networking connection: VPN
Allow other network users to control or disable the shared Internet connection.Update VPN.cnf.
Create the .tar pack and import it to the phone.
openvpn.tar.
On the web user interface, go to Network > Advanced > VPN.
On the phone user interface, go to Network > Advanced > Network > VPN.
Auto-Provisioning parameters:
static.openvpn.url = http://192.168.10.25/OpenVPN.tarnetwork.vpn_enable=0/1
Scenario 2: The phone can connect to the VPN, but cannot register an account /calls cannot be established
Resolution
- For register issue
Please test whether the VPN server can ping the SIP server address
Please check: whether the configuration file of the VPN server grants the phone access to the network segment of the SIP server (whether the configuration file of the VPN server has a push "route x.x.x.x x.x.x.x" configuration)If the user uses DNS-SRV and other domain name registration methods, please confirm whether DNS can correctly resolve to the SIP address, please focus on checking: Whether the VPN server has a push dhcp- option DNS x.x.x.x configuration.
- For call issue
Please Auto-provisioning account.x.vpn_address_take_precedence=1
(1 which means SIP and SDP negotiation preferentially use the VPN address)
The phone cannot connect to the VPN server.
Check that the VPN server is up and running.
After the VPN server is running, the VPN icon in the taskbar will appear green, and the virtual IP of the VPN server can be seen by moving the mouse over the VPN icon, as shown in the figure below:Check the VPN configuration file for the phone.
Extract the tar file from the phone. The directory name must be keys, and the configuration file name must be vpn.cnf. as shown in the figure below:
Check whether the VPN certificate file and configuration file of the phone are correct. Enter the Keys directory, as shown in the figure below:
The file name corresponding to ca, cert, and key should be the same as the names of the three files in the keys directory.
The certificate path should be: /config/openvpn/keys/Check whether the VPN configuration file of the phone and the configuration file of the server match. As shown in the figure below:
Several configurations marked with red arrows should be consistent with the server.If it still cannot be connected, please check whether the phone time is within the valid period of the certificate. Double-click the client certificate file to check the valid period of the certificate.
Please double-check if all tar files are packaged correctly. Please package with the 7-zip tool.
Yealink Offers Reliable Voice Phone Device Solution
Covering Multiple Scenarios
Yealink IP Phones Elevate the Experience in Diverse Hybrid Work Environments
Contact Us
Contact us for product quotes and installation consultations. We will promptly notify a local dealer to provide you with accurate and efficient service solutions.