Why Need Upgrade the OpenVPN Version
In Yeastar U-Series and VoIP Gateways, the OpenVPN version is 2.0.5. If the OpenVPN server uses TUN mode / Subnet Topology, then the Yeastar client side can't connect it unless upgrade the version to the latest one 2.4.3.
For Gateways (except for TGv3/TAv3)
How to Upgrade the OpenVPN Version
STEP 1. Follow this guide to login the device via FTP: https://support.yeastar.com/hc/en-us/articles/217380628-How-to-Access-MyPBX-FTP-Folder.
STEP 2. Copy these three files: openvpn, libpam.tar, add.sh to the path /persistent as the below figure shown.
or the persistent folder contains the "imageupdate" sub-folder which would be like this:
STEP 3. Reboot the device to make it take effect.
Please try to upgrade the firmware to this version: http://download.yeastar.com/YeastarSupport/image/184.108.40.206.4.bin
please download the attachment openvpn246.tar, and upload it to the App Center to upgrade the OpenVPN version.
Is this only for PBX? or can be used to the voip gateway ta810 ?
Thanks for this instruction. Updated OpenVPN version from 2.0.5 to 2.4.3 on TG100 gateway.
So this instruction can be used for gateways too, not only for PBX.
I tried to use it on TG800 the new version, but there is no ( persistent ) folder,
is there another way to use it for
Can you elaborate pls
I just updated OpenVPN on my TG100. Unfortunately I did not use TG800 model.
You can write a support request, sent them a screenshot of FTP connection, if there is not "persistent" folder.
Thanks for your quick response,
i opened a ticket and waiting for their response
hello dear and thanks for your kind support , is there any way to update openvpn client to be 2.4.7 or to update openssl library as i'm facing the following error :
OpenSSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match
Failed to set restricted TLS cipher list: ECDHE-ECDSA-AES128-GCM-SHA256
no cipher match"
"no cipher match" - looks like you have different ciphers on server and client
Try to add this line to both configs (server config and client config):
thanks for your kind reply David,
that's how my server config look like, please do i have to change all cipher types or just the main one
thanks and regards
Try to remove this line "tls-cipher TLS-ECDHE..." from server config. (if it present in client config, also remove it from client config)
and then try to connect
if it does not help, remove line "ncp-cipher from client config"
also after that you can try to set "cipher AES-128-CBC" instead of "cipher AES-128-GCM"
I am not sure yeastar VPN support GCM encryption.
Just play with these options.
But looks like you only need to remove line "tls-cipher TLS-ECDHE..."
try this first.
many thanks dear David ,it has worked successfully..
Hi, i download the openvpn246.tar from here and uploaded in app center but the openvpn version didint changed, i have S20 PBX, is the tar file correct ? coz when i chk the file it says the file is damaged.
dears under TG400 there is no persistent folder so how can i update openvpn client on it
thanks in advance .
Which version do you have, the new one or the old one?
If you have the old one ( which the login page looks like the image below, then put the files on the first page when you open the ftp ( the page with all the folders ) then reboot the device and it will work
But if You have the new version, which the login page looks like the image below, then you will not be able to update it by yourself because you don't have the root access, i did it by opening a ticket on yeastar tickets portal here https://support.yeastar.com/hc/en-us/requests/new
then they will help you within a day or two
thanks for your kind reply dear Engr Mohmmd
I've the new one, ok i will open a ticket with them, hope that they will response soon.
thanks and regards.
Dear Engr Mohmmd
After opening a ticket with the support team they redirected me to this solution, please can you help with how you made it on your gateway ??
Thanks and regards
For anyone having an issue with the VPN upgrade in TG gateways ( The New Version TGv3 ), you can use the following firmware
I have tg100, but I got Segmentation fault ...
I have exactly the same problem "Segmentation fault" and I think I found its cause.
After copying the files with the new version "openvpn, libpam.tar, add.sh" to the "persistent" directory, the vpn works fine, but if you restart the device several times on power, the files get corrupted, my size of each file is 6 bytes. When this happens, you need to delete three files from "persistent" directory and copy them again, after copying, you must correctly reboot the device.
I think this is a bug of the device itself, it is possible that the files are overwritten by the operating system itself.