First create a user for the Yealink, at the router GUI navigate to: VPN and Remote Access >> Remote Dial-in User.<\/em><\/p>\n\n\n Click an Index number and make the following changes:<\/p>\n\n\n\n It should look like this:<\/p>\n\n\n Next is to setup the Draytek to accept OpenVPN connections.<\/p>\n\n\n\n Navigate to VPN and Remote Access >> Remote Access Control<\/em>. And check OpenVPN is enabled.<\/p>\n\n\n Then navigate to VPN and Remote Access >> OpenVPN >> OpenVPN Server Setup<\/em>.<\/p>\n\n\n\n In the General Certificates section, select Router Generated Certificates, and then press generate.<\/p>\n\n\n After some time, the generated certificates appear in this section:<\/p>\n\n\n The Draytek has the ability to create an OpenVPN config file for clients. However, what the Draytek generates and what the Yealink requires is not compatible. Therefore, we\u2019ll need to manipulate the file to file to get what we want.<\/p>\n\n\n\n On the Draytek, navigate to Remote Access >> OpenVPN >> Client Config<\/em>.<\/p>\n\n\n\n Leaving defaults in place, enter a filename and click the Export button to download the config file.<\/p>\n\n\n Open the file in Notepad++.<\/p>\n\n\n You\u2019ll see the protocol config at start of file, followed by each of the certificates in the following order:<\/p>\n\n\n\n The Yealink requires the certificates in their own file so they need to be extracted.<\/p>\n\n\n\n Copy the text from —–BEGIN CERTIFICATE—–<\/em> to —–END CERTIFICATE—–<\/em> of the first certificate and paste into a new Notepad++ file.<\/p>\n\n\n\n Save this file as ca.crt<\/strong> (remove the txt file extension)<\/p>\n\n\n Repeat this for the second certificate, naming this one client.crt<\/strong><\/p>\n\n\n\n Now it\u2019s the private key, copy text from —–BEGIN RSA PRIVATE KEY—–<\/em> to —–END RSA PRIVATE KEY—–<\/em> to a new file and save as client.key<\/strong><\/p>\n\n\n\n For the next file, you\u2019ll need to add the Draytek VPN user details as a file to allow the Yealink to authenticate.<\/p>\n\n\n\n In a new text file, enter the username and password on separate lines as below:<\/p>\n\n\n Save the file as auth.txt<\/strong><\/p>\n\n\n\n You\u2019ll now have the following files:<\/p>\n\n\n With the supporting files ready, it\u2019s time to reference them together with the OpenVPN config file.<\/p>\n\n\n\n In a new text file, enter the following info:<\/p>\n\n\n\n Save this as vpn.cnf<\/strong><\/p>\n\n\n\n Original Guide: https:\/\/support.yealink.com\/forward2download?path=ZIjHOJbWuW\/DFrGTLnGypjZRKhDplusSymbolXJQ4JaUSvKXmAoZw0rMev5uUPSPDoclfqojerLoiDU\/Ol0NW5DZdXcWplusSymbolZDNbde0dvqwZjDVChAjsaqHDjPW14991UaBvXhQ10P6Rm4u3tO4pNBqXRzzyvj9PbA==<\/a><\/p>\n\n\n\n The OpenVPN configuration is uploaded to the Yealink via a specifically arranged tar file, so the directory structure needs to be prepared.<\/p>\n\n\n\n On your desktop, create a new folder (named anything you like) and within this folder create another named \u201ckeys\u201d<\/p>\n\n\n\n Move vpn.cnf to the upper folder, and move auth.txt, ca.crt, client.crt and client.key to keys directory.<\/p>\n\n\n\n Open 7-Zip and navigate to the newly created folder:<\/p>\n\n\n Highlight vpn.cnf and keys, right click and choose 7-Zip >> add to archive<\/em>.<\/p>\n\n\n\n Ensure the following is set:<\/p>\n\n\n\n Click OK to create the file. The tar file is created in the directory and it\u2019s ready to be uploaded to the Yealink<\/p>\n\n\n\n On the phone, press the OK key to discover it\u2019s IP address, then navigate to it\u2019s Web interface via a browser on your computer.<\/p>\n\n\n\n Login, then move to Network >> Advanced<\/em> and scroll down to the VPN section.<\/p>\n\n\n Set Active to Enabled<\/strong> and set Mode to OpenVPN<\/strong><\/p>\n\n\n\n Click browse next to Upload VPN Config<\/em> and choose the created tar file.<\/p>\n\n\n Click Upload<\/strong>, the page will refresh and now Upload VPN Config is populated with vpn.cnf<\/p>\n\n\n Click Save at the bottom of the page.<\/p>\n\n\n\n OpenVPN will be set back to Disabled, scroll down and Enable<\/strong> it again, then click Save<\/strong>.<\/p>\n\n\n\n As there\u2019s a network change pending, you\u2019ll need to click apply at the warning message:<\/p>\n\n\n It\u2019ll now connect to the VPN.<\/p>\n\n\n\n Note: If you are configuring a phone remotely, the web page will stop responding as traffic is now passing through the VPN. To get back to the interface, check the Draytek for the VPN connection (VPN and Remote Access >> Connection Management<\/em>) to discover it\u2019s local IP:<\/p>\n\n\n The phone is now connected and routing traffic via the VPN.<\/p>\n","protected":false},"excerpt":{"rendered":" The firewalls in front of our PBX\u2019s are configured to only allow SIP traffic from UK IP addresses, this reduces the attack surface and is usually not an issue as almost all legitimate traffic is from the UK. As we expand there is greater need for international connections, this is fine if they have a … Continue reading “Yealink OpenVPN to Draytek Router”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[212,247],"tags":[293,351,352,353,276,355,354,114,249],"class_list":["post-839","post","type-post","status-publish","format-standard","hentry","category-network","category-voip","tag-draytek","tag-draytek-2927","tag-draytek-2927ac","tag-openvpn","tag-pbx","tag-routing","tag-static-routing","tag-vpn","tag-yealink"],"_links":{"self":[{"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/posts\/839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/comments?post=839"}],"version-history":[{"count":4,"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/posts\/839\/revisions"}],"predecessor-version":[{"id":862,"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/posts\/839\/revisions\/862"}],"wp:attachment":[{"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/media?parent=839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/categories?post=839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/tags?post=839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn01.png\")
<\/a><\/figure><\/div>\n\n\n\n
![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn02.png\")
<\/a><\/figure><\/div>\n\n\n![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn03.png\")
<\/a><\/figure><\/div>\n\n\n![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn04.png\")
<\/a><\/figure><\/div>\n\n\n![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn05.png\")
<\/a><\/figure><\/div>\n\n\nOpenVPN Setup<\/h2>\n\n\n\n
Extracting Certificates<\/h3>\n\n\n\n
![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn06.png\")
<\/a><\/figure><\/div>\n\n\n![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn07.png\")
<\/a><\/figure><\/div>\n\n\n\n
![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn08.png\")
<\/a><\/figure><\/div>\n\n\nConfig files<\/h3>\n\n\n\n
![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn09.png\")
<\/a><\/figure><\/div>\n\n\n![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn10.png\")
<\/a><\/figure><\/div>\n\n\nclient\ndev tun\nproto udp\nremote nnn.nnn.nnn.nnn 1194 # IP address of Draytek\nauth sha256\ncipher aes-256-cbc\nresolv-retry infinite # Reconnect if dropped\nnobind\n\nca \/config\/openvpn\/keys\/ca.crt\ncert \/config\/openvpn\/keys\/client.crt\nkey \/config\/openvpn\/keys\/client.key\n\nauth-user-pass \/config\/openvpn\/keys\/auth.txt\n\npersist-key\npersist-tun\n\nroute nnn.nnn.nnn.nnn 255.nnn.nnn.nnn nnn.nnn.nnn.nnn # Static route:\n # PBX IP\n # IP Subnet\n # Draytek LAN Gateway\nverb 5<\/code><\/pre>\n\n\n\nPreparing Yealink File<\/h3>\n\n\n\n
![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn11.png\")
<\/a><\/figure><\/div>\n\n\n\n
![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn12.png\")
<\/a><\/figure><\/div>\n\n\nYealink Setup<\/h2>\n\n\n\n
![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn13.png\")
<\/a><\/figure><\/div>\n\n\n![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn14.png\")
<\/a><\/figure><\/div>\n\n\n![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn15.png\")
<\/a><\/figure><\/div>\n\n\n![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn16.png\")
<\/a><\/figure><\/div>\n\n\n![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2022\/11\/yovpn17.png\")
<\/a><\/figure><\/div>\n\n\n