IanC Posted June 24, 2020 #1 Share Posted June 24, 2020 Hi all, In the release notes for version Swyxware12: In addition, the certified Yealink end devices, which have recently become part of the Swyx product portfolio, are optimally supported. For example, employees in the home office can be securely integrated into their company's communications environment without having to set up a Virtual Private Network (VPN). Yealink telephones can also be integrated into the corporate network via port authentication according to IEEE 802.1x. Swyx thus offers an authentication method for the highest security requirements.” Anyone know how to set this up? Neither the SWYX Admin Guide nor KB area has any info. Many thanks. Link to comment Share on other sites More sharing options...
Most Valued User Solution jodost Posted June 24, 2020 Most Valued User Solution #2 Share Posted June 24, 2020 As far as I know, you need to setup a session border controller that helps the device connecting from outside. The only "new" thing compared to older versions is - that Yealink uses SIP, where the unify devices use CorNet.IP (I do not know about any session border controller that can handle CorNet.IP) - that with SwyxWare 12.1, they only use port 5060 (Yealink connected to SwyxWare 11.x also uses port 65012 for uaCSTA) that makes SBC configuration a bit easier. But anyway, it is far away from "plug and play" or worth calling it a feature. And, to be honest, I would really think about using inexpensive VPN components instead. If you configure your SBC to use port 5060 into the internet, your SwyxServer will be INVITEd into fraudulent calls within hours, so don't forget to configure security features like fail2ban, geo-IP-blacklists, .... If you want to change the port to somewhere else, this may collide with the AutoProvisioning of Swyx - once you change any account setting on the Yealink manually, the device will not longer accept account settings via AutoProvisioning any more. There are some ugly ways to force Swyx' AutoProvisioning to deploy your own settings, but they are ugly ways and nothing officially supported. So in both ways, you will get in trouble if you update the server to a newer version and Swyx has changed everything (like they did on 12.0->12.1) without giving any information to the partners. If you keep all of this in mind, I does work. We use this on our HostedPBX VPNless-offer, but the work we spend to figure out all all problems, bugs, ... is nothing I want to do if you are just talking about one single PBX. Hope this helps Link to comment Share on other sites More sharing options...
IanC Posted June 25, 2020 Author #3 Share Posted June 25, 2020 Thanks a lot for the info. We are indeed talking about a single PBX (with a standby). At present our client's CEO has a UNIFY telephone at his home. That connects over a site-to-site VPN. Post-COVID, they anticipate more remote working so would like a dozen or so colleagues to have a similar set up (they already use SWYXIT). Although we can preconfigure a VPN router for each home, the challenge here is relying on these users to set up their WAN connections. When I noticed that section in the release notes, I thought we may have a solution. The client site doesn't currently use an SBC - the SWYX server sits in a DMZ with connections from SIP providers published (reverse-proxied) through the firewall. Not too concerned about auto-provisioning due to the small numbers, but looks complicated however we decide to tackle it. Link to comment Share on other sites More sharing options...
Most Valued User Varmenni Posted December 13, 2022 Most Valued User #4 Share Posted December 13, 2022 Don't know if you are still looking for a solution, but here's one: The Yealink phones support OpenVPN natively. The best way I found is to set up a VPN server with PFSense (https://www.pfsense.org/) There are a lot of good guides around on how to implement it. Link to comment Share on other sites More sharing options...
Most Valued User jodost Posted December 15, 2022 Most Valued User #5 Share Posted December 15, 2022 sure they still support OpenVPN? IIRC, the openVPN-support was removed by the product change from Yealink T4xG- to T4xS- series some years ago. Link to comment Share on other sites More sharing options...
Most Valued User Varmenni Posted December 15, 2022 Most Valued User #6 Share Posted December 15, 2022 Just checked spec sheets on the current models in the T4 and T5 lines, and they state that the have OpenVPN support... Link to comment Share on other sites More sharing options...
RaKin Posted January 10, 2023 #7 Share Posted January 10, 2023 Am 15.12.2022 um 16:52 schrieb jodost: sure they still support OpenVPN? IIRC, the openVPN-support was removed by the product change from Yealink T4xG- to T4xS- series some years ago. Yes I am sure. I still use it on various T48S and T57W. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now