Upgrade the OpenVPN Version

Why Need Upgrade the OpenVPN Version

In Yeastar U-Series and VoIP Gateways the OpenVPN version is 2.0.5. If the OpenVPN sever use TUN mode / Subnet Topology, then Yeastar client side can't connect it unless upgrade the version to the latest one 2.4.3.

Introduction of OpenVPN Topology

There are three topology of OpenVPN TUN mode: Subnet, NET30 and P2P.

Subnet: 

The current recommended topology for modern servers. Note that this is not the current default. Addressing is done by IP & netmask.

NET30:

This is the old topology for support with Windows clients running 2.0.9 or older clients. This is the default as of OpenVPN 2.3, but not recommended for current use. Each client is allocated a virtual /30, taking 4 IPs per client, plus 4 for the server.

P2P:

This topology uses Point-to-Point networking. This is not compatible with Windows clients, though use with non-Windows allows use of the entire subnet (no "lost" IPs.)

 

 

How to Upgrade the OpenVPN Version

STEP 1. Follow this guide to login the device via FTP: https://support.yeastar.com/hc/en-us/articles/217380628-How-to-Access-MyPBX-FTP-Folder.

STEP 2. Copy these three files: openvpn, libpam.tar, add.sh to the path /persistent as the below figure shown.

STEP 3. Reboot the device to make it effect.

 

For S-Series, please download the attachment openvpn246.tar, and upload to the App Center to upgrade the OpenVPN version.

Have more questions? Submit a request

11 Comments

  • 2
    Avatar

    Is this only for PBX? or can be used to the voip gateway ta810 ?

  • 1
    Avatar

    Thanks for this instruction. Updated OpenVPN version from 2.0.5 to 2.4.3 on TG100 gateway.
    So this instruction can be used for gateways too, not only for PBX.

    Thanks!

  • 0
    Avatar

    I tried to use it on TG800 the new version, but there is no ( persistent ) folder, 

    is there another way to use it for 

    David

    Can you elaborate pls

     

    thank you

  • 0
    Avatar

    Hi!

    I just updated OpenVPN on my TG100. Unfortunately I did not use TG800 model.

    You can write a support request, sent them a screenshot of FTP connection, if there is not "persistent" folder.

  • 0
    Avatar

    David

     

    Thanks for your quick response, 

    i opened a ticket and waiting for their response

     

    Thanks

  • 0
    Avatar

    hello dear and thanks for your kind support , is there any way to update openvpn client to be 2.4.7 or to update openssl library as i'm facing the following error : 

    OpenSSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match

    Failed to set restricted TLS cipher list: ECDHE-ECDSA-AES128-GCM-SHA256

  • 0
    Avatar

    no cipher match"

  • 0
    Avatar

    "no cipher match" - looks like you have different ciphers on server and client
    Try to add this line to both configs (server config and client config):
    cipher AES-128CBC

  • 0
    Avatar

    thanks for your kind reply David, 

    that's how my server config look like, please do i have to change all cipher types or just the main one

    thanks and regards 

  • 0
    Avatar

    Try to remove this line "tls-cipher TLS-ECDHE..." from server config. (if it present in client config, also remove it from client config)

    and then try to connect

    if it does not help, remove line "ncp-cipher from client config"
    also after that you can try to set "cipher AES-128-CBC" instead of "cipher AES-128-GCM"
    I am not sure yeastar VPN support GCM encryption.

    Just play with these options.

    But looks like you only need to remove line "tls-cipher TLS-ECDHE..."
    try this first.

  • 0
    Avatar

    many thanks dear David ,it has worked successfully..

     

     

     

     

Please sign in to leave a comment.