Recent firmware versions for the Yealink T22P include the ability to connect to an OpenVPN server. This encrypts the traffic between the phone and Asterisk server. It also removes any NAT/SIP issues.
This guide was written using a SysAdminMan VPNPBX VPS and a Yealink T22P with firmware 7.70.23.2.
Different Yealink models, or the T22P with different firmware may behave differently!
The SysAdminMan VPNPBX comes with a script for creating the certificates and config file required to connect a Yealink T22P to an OpenVPN server. To create a certificate log in as root and then run …
./yealinkvpn.sh yealink1 my@email.com
Where yealink1 is the name of the phone you want create (you should create a new certificate for each phone) and my@email.com is your e-mail address. The config file, called openvpn.tar, will then be e-mailed to you.
Next we need to load this config file to the phone. I recommend performing a factory reset on the phone before doing this.
Log in to the GUI of the phone and select Network / Advanced -
Now scroll down to the VPN section and chose the file to import. My screenshot here shows VPN as Enabled but you will not be able to set this until you have imported a config file. Unfortunately there’s not really any feed back to say this has worked successfully!
Import the file, then set Active to Enabled, then select Confirm at the bottom of the screen -
Now restart the phone and if it connects successfully you should see “VPN” in the top right hand corner of the display. If you have any problems the error logs to check are /var/log/messages on the server or download the system logs from the phone.
Once connected via VPN you can setup your extension in FreePBX and also set the SIP account details on the phone. The SIP/Proxy address to use is 10.98.0.1, which is the VPS address when using the VPN.
Non SysAdminMan customers only
If you are not using the SysAdminMan VPNPBX then the script below may help with setting up your system. This is what is run above to create the OpenVPN config file for the phone -
if [ "x$1" == "x" ]; then
echo;echo;echo;
echo "Usage : yealinkvpn.sh client_name your_email (eg - yealink.sh yealink1 me@mail.com)";
echo;
exit;
fi
ip=`/sbin/ifconfig venet0:0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`
cd /etc/openvpn
source ./vars
./build-key $1
echo "client
dev tun
proto udp
remote $ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /yealink/config/openvpn/keys/ca.crt
cert /yealink/config/openvpn/keys/$1.crt
key /yealink/config/openvpn/keys/$1.key
ns-cert-type server
verb 3" > /etc/openvpn/vpn.cnf
tar cvf openvpn.tar vpn.cnf keys/ca.crt keys/$1.crt keys/$1.key
echo "Upload the attached tar file to your phone without extracting" | /usr/bin/mutt -s "Yealink OpenVPN files for client : $1" -a /etc/openvpn/openvpn.tar $2
service openvpn restart