Specifications

ManualsBrandsYealink ManualsIP phonesSIP-T3

191

192

193

194

195

196

197

198

199

200

Administrator’s Guide for SIP-T2xP IP Phones

176

provides remote offices or individual users with secure access to their organization's

network. Two types of VPN access: remote-access VPN (connecting an individual

device to a network) and site-to-site VPN (connecting two networks together).

Remote-access VPN allows employees to access their company's intranet from home

or outside the office, and site-to-site VPN allows employees in geographically

separated offices to share one cohesive virtual network. VPN can be also classified by

the protocols used to tunnel the traffic. It provides security through tunneling protocols:

IPSec, SSL, L2TP and PPTP.

IP phones support SSL VPN, which provides remote-access VPN capabilities through SSL.

OpenVPN is a full featured SSL VPN software solution that creates secure connections in

remote access facilities, designed to work with the TUN/TAP virtual network interface.

TUN and TAP are virtual network kernel devices. TAP simulates a link layer device and

provides a virtual point-to-point connection, while TUN simulates a network layer device

and provides a virtual network segment. IP phones use OpenVPN to achieve VPN

feature. To prevent disclosure of private information, tunnel endpoints must

authenticate each other before secure VPN tunnel is established. After VPN feature is

configured properly on the IP phone, the IP phone acts as a VPN client and uses the

certificates to authenticate the VPN server.

To use VPN, the compressed package of VPN-related files should be uploaded to the IP

phone in advance. The file format of the compressed package must be .tar. The

related VPN files are: certificates (ca.crt and client.crt), key (client.key) and the

configuration file (vpn.cnf) of the VPN client. For more information on how to package

a .tar file, refer to VPN Feature on Yealink IP Phones.

Procedure

VPN can be configured using the configuration files or locally.

Configuration File

<y0000000000xx>.cfg

Configure VPN feature and

upload a tar file to the IP

phone.

For more information, refer to

VPN on page 344.

Local

Web User Interface

Configure VPN feature and

upload a tar package to the IP

phone.

Navigate to:

http://<phoneIPAddress>/servl

et?p=network-adv&q=load

Phone User Interface

Configure VPN feature.

To upload a tar file and configure VPN via web user interface:

1. Click on Network->Advanced.