On Tue, 11 Jan 2011 15:20:39 +0100, Gilles <codecompl...@free.fr> wrote: >By any chance, would someone have a working configuration so I can >take a look?
Got it working :-) Thanks much guys for the help. For those interested, here's how I did it. Note that the appliance only has the openvpn server, so I used a Ubuntu workstation to create the certificates + keys: ================= 1. Install OpenVPN on Asterisk server. On appliance, there's only a single binary /bin/openvpn, and configuration files are in /etc/openvpn/. To be positive SIP/RTP packets go through the OpenVPN tunnel, make sure the firewall in front of the OpenVPN/Asterisk server only has OpenVPN port open (default: UDP 1194). 2. On client, from www.openvpn.net, download and install OpenVPN for Windows, which includes Service + GUI 3. If using an appliance with just the openvpn binary, use a workstation to install the OpenVPN package and create certificates + keys: apt-get install openvpn 4. On workstation, copy programs to create keys and certificates: mkdir /etc/openvpn/easy-rsa cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa 5. Create the CA, and one pair of public/private keys for each host (server, clients) #Always use a unique Common Name vi /etc/openvpn/easy-rsa/vars #export variables . ./vars ./clean-all ./build-ca ./build-dh #keys for server ./build-key-server server #keys for client ./build-key client1 6. Create configuration file for server /var/www/server.ovpn: port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh1024.pem #server will use this network number for OpenVPN tunnel, server = 10.8.0.1 server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 #Uncomment if compiled with compression #comp-lzo persist-key persist-tun status openvpn-status.log verb 3 7. Create configuration file for client /var/www/client1.ovpn: dev tun proto udp remote <public IP to reach OpenVPN/Asterisk server> 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key #comp-lzo verb 3 8. Copy keys/certificates/config files to www so can be downloaded by server and client cd /etc/openvpn/easy-rsa/keys cp ca.crt dh1024.pem server.crt server.key client1.crt client1.key server.ovpn client1.ovpn /var/www #So web server can send files chmod 644 /var/www/server.key chmod 644 /var/www/client1.key 9. On server, download files: Asterisk> cd /etc/openvpn Asterisk> wget http://workstation/ca.crt Asterisk> wget http://workstation/dh1024.pem Asterisk> wget http://workstation/server.crt Asterisk> wget http://workstation/server.key Asterisk> chmod 600 server.key Asterisk> wget http://workstation/server.ovpn 10. On client, download files: cd c:\program files\openvpn\config wget http://workstation/ca.crt wget http://workstation/client1.crt wget http://workstation/client1.key wget http://workstation/client.ovpn Launch server: Asterisk> /bin/openvpn /etc/openvpn/server.ovpn Launch client: Start OpenVPN Service Start OpenVPN GUI with Admin rights: Right-click on OpenVPN GUI icon > Connect ping 10.8.0.1 If ping OK, configure SIP client to connect to Asterisk through the server's private IP used by OpenVPN tunnel, eg. 10.8.0.1, and make a call. ================= HTH, -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users