Upgrade the OpenVPN Version

Why Need Upgrade the OpenVPN Version

In Yeastar U-Series and VoIP Gateways the OpenVPN version is 2.0.5. If the OpenVPN sever use TUN mode / Subnet Topology, then Yeastar client side can't connect it unless upgrade the version to the latest one 2.4.3.

Introduction of OpenVPN Topology

There are three topology of OpenVPN TUN mode: Subnet, NET30 and P2P.

Subnet: 

The current recommended topology for modern servers. Note that this is not the current default. Addressing is done by IP & netmask.

NET30:

This is the old topology for support with Windows clients running 2.0.9 or older clients. This is the default as of OpenVPN 2.3, but not recommended for current use. Each client is allocated a virtual /30, taking 4 IPs per client, plus 4 for the server.

P2P:

This topology uses Point-to-Point networking. This is not compatible with Windows clients, though use with non-Windows allows use of the entire subnet (no "lost" IPs.)

 

 

How to Upgrade the OpenVPN Version

STEP 1. Follow this guide to login the device via FTP: https://support.yeastar.com/hc/en-us/articles/217380628-How-to-Access-MyPBX-FTP-Folder.

STEP 2. Copy these three files: openvpn, libpam.tar, add.sh to the path /persistent as the below figure shown.

STEP 3. Reboot the device to make it effect.

 

For S-Series, please download the attachment openvpn246.tar, and upload to the App Center to upgrade the OpenVPN version.

Have more questions? Submit a request

16 Comments

  • 2
    Avatar

    Is this only for PBX? or can be used to the voip gateway ta810 ?

  • 1
    Avatar

    Thanks for this instruction. Updated OpenVPN version from 2.0.5 to 2.4.3 on TG100 gateway.
    So this instruction can be used for gateways too, not only for PBX.

    Thanks!

  • 0
    Avatar

    Dear Engr Mohmmd
    After opening a ticket with the support team they redirected me to this solution, please can you help with how you made it on your gateway ??

    Thanks and regards

  • 0
    Avatar

    dears under TG400 there is no persistent folder so how can i update openvpn client on it 

     

    thanks in advance . 

  • 0
    Avatar

    "no cipher match" - looks like you have different ciphers on server and client
    Try to add this line to both configs (server config and client config):
    cipher AES-128CBC

  • 0
    Avatar

    I tried to use it on TG800 the new version, but there is no ( persistent ) folder, 

    is there another way to use it for 

    David

    Can you elaborate pls

     

    thank you

  • 0
    Avatar

    David

     

    Thanks for your quick response, 

    i opened a ticket and waiting for their response

     

    Thanks

  • 0
    Avatar

    no cipher match"

  • 0
    Avatar

    many thanks dear David ,it has worked successfully..

     

     

     

     

  • 0
    Avatar

    Which version do you have, the new one or the old one?

    If you have the old one ( which the login page looks like the image below, then put the files on the first page when you open the ftp ( the page with all the folders ) then reboot the device and it will work

     

     

    But if You have the new version, which the login page looks like the image below, then you will not be able to update it by yourself because you don't have the root access, i did it by opening a ticket on yeastar tickets portal here https://support.yeastar.com/hc/en-us/requests/new

    then they will help you within a day or two

     

  • 0
    Avatar

    hello dear and thanks for your kind support , is there any way to update openvpn client to be 2.4.7 or to update openssl library as i'm facing the following error : 

    OpenSSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match

    Failed to set restricted TLS cipher list: ECDHE-ECDSA-AES128-GCM-SHA256

  • 0
    Avatar

    Hi, i download the openvpn246.tar from here and uploaded in app center but the openvpn version didint changed, i have S20 PBX, is the tar file correct ? coz when i chk the file it says the file is damaged.

  • 0
    Avatar

    thanks for your kind reply dear Engr Mohmmd 

    I've the new one, ok i will open a ticket with them, hope that they will response soon. 

    thanks and regards. 

  • 0
    Avatar

    Hi!

    I just updated OpenVPN on my TG100. Unfortunately I did not use TG800 model.

    You can write a support request, sent them a screenshot of FTP connection, if there is not "persistent" folder.

  • 0
    Avatar

    thanks for your kind reply David, 

    that's how my server config look like, please do i have to change all cipher types or just the main one

    thanks and regards 

  • 0
    Avatar

    Try to remove this line "tls-cipher TLS-ECDHE..." from server config. (if it present in client config, also remove it from client config)

    and then try to connect

    if it does not help, remove line "ncp-cipher from client config"
    also after that you can try to set "cipher AES-128-CBC" instead of "cipher AES-128-GCM"
    I am not sure yeastar VPN support GCM encryption.

    Just play with these options.

    But looks like you only need to remove line "tls-cipher TLS-ECDHE..."
    try this first.

Please sign in to leave a comment.