Configuring your Yealink phone to use a VPN requires a few steps to ensure secure communication through your hosted network. This guide provides an overview of the process, along with the steps you, the customer, will handle.

If your company has users located outside the US that are unable to obtain a static public IP from their ISP, then this will allow the device to connect to our services without interruption.

There currently two supported types: OpenVPN, and L2TP. 

• OpenVPN is an open-source VPN protocol known for its strong security, flexibility, and ability to bypass firewalls. It uses SSL/TLS for encryption, making it ideal for secure and reliable VPN connections across various devices and networks. OpenVPN supports advanced configurations and is highly customizable.
• L2TP (Layer 2 Tunneling Protocol) is a VPN protocol often paired with IPsec for encryption. It’s simpler than OpenVPN but also secure, widely supported, and easy to set up. L2TP is typically used for site-to-site VPNs and mobile device compatibility but may be blocked by some firewalls due to its reliance on specific UDP ports.

Open VPN

Overview of the Process

1. Gather VPN Configuration Files: The necessary VPN configuration files will be gathered and placed in a .zip folder. This will include files like the .ovpn configuration, certificates, and any keys needed.
2. Host the Configuration: You, as the customer, will host this .zip file on a server that the Yealink phone can access.
3. Provision the Yealink Phone: Our support team will handle the final configurations on the phone to activate the VPN.

Step 1: Gather VPN Configuration Files

To set up VPN on your Yealink phone, you’ll need specific VPN configuration files. Here’s a quick overview:

• VPN Configuration File (.ovpn): The primary configuration file for OpenVPN, defining connection settings such as the VPN server address, protocols, and port information.
• Certificates and Keys:
  • CA Certificate (ca.crt): The certificate authority file authenticating the VPN server's security certificate.
  • Client Certificate (client.crt) and Private Key (client.key): These authenticate the phone as a valid VPN client.

These files are often provided by your network administrator or VPN provider. If your VPN provider or network administrator supplies these in a single .ovpn file, you may skip the additional .crt and .key files. Otherwise, gather each of these files individually and ensure they are correctly referenced in the .ovpn configuration.

Step 2: Create and Host the Configuration File

1. Edit the .ovpn File: Open the .ovpn file using a plain text editor, such as Notepad or Notepad++.  
   Review and, if needed, edit the following fields.
    

• Remote Server: Check the server IP or domain in the line that typically starts with remote:

remote vpn.example.com 1194

• Certificates and Keys: Ensure each file path is correctly referenced in the .ovpn configuration, like so:

ca ca.crtcert client.crt
key client.key

• Encryption Settings: Confirm that the encryption and protocol settings (e.g., cipher, auth) match your VPN server’s requirements. For example:

cipher AES-256-CBC
auth SHA256

Additional Settings: If your VPN server requires extra parameters (such as nobind, tls-auth), add them as needed. Ensure that the file settings align with those required by your VPN server.

2. Place All Files in a Folder: Put the .ovpn file, .crt, and .key files (as needed) into a single folder.
3. Create a ZIP File: Compress this folder into a .zip file (e.g., vpn_config.zip). This will be the file that the phone downloads for its VPN configuration.
4. Host the ZIP File: Upload the .zip file to a secure server that your Yealink phone can access via a URL. This could be a web server, file server, or any secure hosting service.

• Example URL: https://yourdomain.com/vpn/vpn_config.zip
• Make sure the file is publicly accessible or secured with proper credentials as required.

Step 3: Inform Support of Your ZIP File URL

Provide our support team with the URL of the hosted .zip file. Our team will handle the configuration overrides that enable VPN on your Yealink phone and point it to the hosted configuration.

• Email: support@spectrumvoip.com
• Phone: 469-429-2500
• Chat: support.spectrumvoip.com

What to Expect Next

Once support configures the VPN settings:

• Reboot and Testing: The Yealink phone will reboot to apply the VPN settings. It should automatically connect to the VPN using the provided .zip file configuration.
• Confirmation: You can confirm the VPN connection by checking the phone’s network status, where the VPN status will indicate whether the connection is successful.

Additional Notes

• Updating the ZIP File: If you ever need to update the VPN configuration, replace the .zip file on your server with an updated version. Notify support to refresh the phone configuration if necessary.
• Firewall Settings: Ensure that your network firewall permits VPN traffic on the required ports (usually 1194 for OpenVPN, but check your VPN provider’s settings).
   

L2TP VPN

Overview of the Process

1. Gather VPN Configuration Files: Gather your VPN server’s details, including its IP or domain, as well as your L2TP login credentials.
2. Host the Configuration: If necessary, you’ll host any additional information required for setup
3. Provision the Yealink Phone: Our support team will handle phone settings to activate L2TP VPN.

Step 1: Gather VPN Configuration Files

For L2TP, you’ll need a few specific pieces of information:

• VPN Server Address: The IP address or domain name of the VPN server.
• Username and Password: Your unique login credentials for L2TP.

Step 2: Share the VPN Details with Support

Once you have the VPN server address, username, and password, send this information securely to our support team.

• Email: support@spectrumvoip.com
• Phone: 469-429-2500
• Chat: support.spectrumvoip.com

Step 3: Hosting (Optional)

Unlike OpenVPN, L2TP doesn’t require additional configuration files (like .ovpn), so you may not need to host files. However, if your L2TP setup requires certificate files or additional configuration, please host these on a server that the phone can access via HTTPS.

Step 4: Provisioning by Support

Our support team will take the details you provided and configure the Yealink phone using secure overrides to enable L2TP and apply your credentials.

What to Expect Next

Once support configures the VPN settings:

• Reboot and Testing: The phone will reboot to apply the settings, and it should automatically connect to the VPN if everything is configured correctly.
• Confirmation: Once connected, you’ll see VPN connection status in the phone’s network settings.

Additional Notes

• Updating the ZIP File: If you ever need to update the VPN configuration, replace the .zip file on your server with an updated version. Notify support to refresh the phone configuration if necessary.
• Firewall Requirements: Ensure that your network firewall allows L2TP traffic (usually UDP ports 1701 for L2TP and 500/4500 for IPsec).
• Network Compatibility: L2TP is generally compatible with most networks but may be restricted in some firewall configurations.