Hi Nedi I have about 100 Yealink phones working over OpenVPN and can assure you they are excellent. Some have been in for years. No brainer as far as I'm concerned.
Regards Michael Knill From: Nedeljko Grgic <n...@gmx.ch> Reply to: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Sunday, 11 April 2021 at 3:49 am To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] how to confogure OpenVPN on Astlinux for Snom Phone HI Michael, I see the wiki and use separate files. how is it with yealink? I need 2 phones to connect trough vpn. Does yealink working good? regards Nedi Am 10. Apr. 2021, um 18:23, Michael Keuter <li...@mksolutions.info<mailto:li...@mksolutions.info>> schrieb: Hi Nedi, I never used snom phones for OpenVPN (only Yealink) since the stripped VPN from their default firmware (years ago). Have you followed their instructions at: https://service.snom.com/display/wiki/Configuring+VPN+on+Snom+Deskphones It looks at they need separate files for the keys and cert. There are example configs. BTW: Depending how old the phones are e.g. "AES-256-CBC" might not be supported by the phones hardware. Am 10.04.2021 um 18:04 schrieb nedi <n...@gmx.ch>: Hi , has anyone working config for the snom phones and astlinux openVPN i tried and tried , it works with MacBook and Asttlinux OpenVPN, snom won’t connecting , what can I do to get it working? I putting ip adress of vpn server into vpn.cnf This is my snom vpn config: remote IP Adress of my PBX OpenVPN Server 1194 udp comp-lzo yes cipher AES-256-CBC key-direction 1 client ns-cert-type server nobind persist-key persist-tun dev tun verb 3 <ca> -----BEGIN CERTIFICATE----- …..my cert , key, and tl…. After not working i tried this vpn.cnf to put cert key separately as described by snom wiki putting all files into openvpn folder and made tarbal of them remote IP Adress of my PBX OpenVPN Server 1194 udp comp-lzo yes cipher AES-256-CBC key-direction 1 client ns-cert-type server nobind persist-key persist-tun dev tun verb 3 ca /openvpn/ca.crt cert /openvpn/client.crt key /openvpn/client.key Thanks Regards nedi Am 08.04.2021 um 23:22 schrieb Michael Keuter <li...@mksolutions.info>: Am 08.04.2021 um 22:59 schrieb nedi <n...@gmx.ch>: Hi MIchael, I need 2 Phoen connect to pbx from outside I have this snom Firmware and Patch for VPN flashed as Update, but this not working with my Synology. From Synology I can Export openvpn config file and use on Macbook OpenVpn app but there is not user.key included and user.crt ther are only ca.crt and openvpn.conf files. The Synology OpenVPN server is very limited from the WebGUI. I think is not wrong with snom, I can make those tar file .. and flash the snome phone. After that I tried with Astlinux openvpn and forwarded port to Astlinux ip but with Astlinux i can’t Connect from snom, can’t connect from my smartphone or macbook. There is no connecting to VPN server. I thinK on astlinux side is something wrong. regards nedi You should definitely get it working first with your Mac, before trying the snom. https://doc.astlinux.org/userdoc:tt_openvpn_server For the snom use "Auth Method" => "Certificate" When I download the credentials and import the "openvpn-cert-key" *.ovpn file into Viscosity or Tunnelblick it works fine on a Mac. Am 08.04.2021 um 22:36 schrieb Michael Keuter <li...@mksolutions.info>: Am 08.04.2021 um 22:24 schrieb nedi <n...@gmx.ch>: Hi, I tried to configure OpenVpn for the Snom phone without success on Astlinux box and on Synology. On Synology I have VPN working but I think is not compatible to the Snom phone I need a key file. astlinux-1.2.6.1<http://1.2.6.1> i586 - Asterisk 1.8.32.3<http://1.8.32.3> Runnix Release: runnix-0.4-7671 GUI Version: 1.8.40 Can Anyone help me to configure OpenVPN on Astlinux box. I Have Alix with only one Lan Port can be this is the issue because VPN won’t work or iptables firewall make some issues? I tried with firewall enabled or disabled, I rebooted, tried import openvpn.conf on Macbook. I made port-forwarding . In Firewal options is all disabled and I put into firewall Pass EXT->Local UDP 0/0 1194 You don't need that, it is done by the openvpn firewall plugin automatically. My network is: 10.0.0.1<http://10.0.0.1> DNS: 10.0.0.1<http://10.0.0.1> NM: 255.255.255.0<http://255.255.255.0> ipv4 Gateway: 10.0.0.1<http://10.0.0.1> Tunnel Options: Protocol: UDPv4 Port: 1194 Log Verbosity: medium Compression: yes QoS Passthrough:Yes Legacy Cipher: AES-256-CBC Device:tun0 Auth HMAC: Use default Raw Commands: Authentication: Auth Method: Certificate Extra TLS-Auth: Yes Firewall Options: External Hosts: 0/0 Server Mode: Server Hostname(s): my dyndns Is this domain reachable? Depending on your network/DNS configuration you might fail to test the VPN connection from your internal network. Try testing with your MacBook via a smartphone with Wifi Hotspot and mobile data instead. Network IPv4 NM: 10.10.11.0<http://10.10.11.0> 255.255.255.0<http://255.255.255.0> Network IPv6/nn: Topology: subnet latest , requires openvpn 2.1+ clients "push": dhcp-option DOMAIN priv.mydomain.ch<http://priv.mydomain.ch> <== can be it is wrong what i have here , do I need this? The domain option is not needed at first, you can still add it later. dhcp-option DNS 10.10.10.1<http://10.10.10.1> route10.10.10.0<http://10.10.10.0> 255.255.255.0<http://255.255.255.0> redirect-gateway def1 Server Certificate and Key: Private Key Size: 2048 Signature Algorithm: SHA-256 I made 2 Usr and downloaded zip files after import into openvpn app won’r connecting. regards Nedi I think some years ago snom removed OpenVPN from their default firmware images. You need a special firmware that enables OpenVPN. https://service.snom.com/display/wiki/Configuring+VPN+on+Snom+Deskphones#ConfiguringVPNonSnomDeskphones-InstallandconfigureOpenVPNontheSnomphones.1 Michael Michael Michael http://www.mksolutions.info ________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
