Create a Configuration File for Yealink Phone
You can create a client file named "vpn.cnf" with a text editor (e.g. notepad++), or download a client.ovpn sample file.
- Open the vpn.cnf file with a text editor.
- Edit the following options according to the VPN server settings on your PBX.Note: The client and server must use the same settings.
- Specify the hostname/IP and port of VPN server.
In this example, we have forwarded the VPN server 10.8.0.1 1194 to 110.80.36.162 7086.
remote 110.80.36.162 7086 - Set the protocol to UDP or
TCP.
In this example, UDP is enabled while TCP is disabled.
proto udp ;proto tcp - Set the device mode to TAP or
TUN.
In this example, TAP is enabled while TUN is disabled.
dev tap ;dev tun - Set the cryptographic cipher.
Table 1. Cryptographic cipher on server Cryptographic cipher on client BlowFish cipher BF-CBC AES-128 cipher AES-128-CBC AES-256 cipher AES-256-CBC Triple-DES cipher DES-EDE3-CBC In this example, AES-256 is set on server, then you should enable AES-256-CBC on client.
;cipher BF-CBC ;cipher AES-128-CBC cipher AES-256-CBC ;cipher DES-EDE3-CBC - If Compression is enabled on server, you need to
enable compression on the VPN
client.
comp-lzo - If Username/Password Authentication is used on server, you need
to specify the pwd
file.
auth-user-pass /config/openvpn/pwd - If SSL/TLS and a ta.key is
used on the server, you need to specify the TLS Authentication & TA
Key.
tls-auth ta.key 1 - Specify the CA certificate file used on
server.
ca /config/openvpn/keys/ca.crt
- Specify the hostname/IP and port of VPN server.
- Specify the Yealink phone client certificate and key file.
In this example, Yealink.crt and Yealink.key is specified.
cert /config/openvpn/keys/Yealink.crt key /config/openvpn/keys/Yealink.key - Edit other options according to your
need.
persist-key persist-tun verb 3 resolv-retry infinite remote-cert-tls server nobind ;dev-node MyTap ;remote-random ;http-proxy-retry ;http-proxy [proxy server] [proxy port #] ;mute-replay-warnings ;mute 20 - Save the client file.