Hi Michael, i don't understand you exactly I have NTP Server ch.pool.ntp.org
I have in my sip.conf deny = 0.0.0.0/0.0.0.0 permit = 10.0.0.0/255.255.255.0 permit = 10.8.0.0/255.255.255.0 permit = 10.10.11.0/255.255.255.0 you mean i must put into my sip.conf under [general] localnet for all network’s to? Or only localnet and remove this with deny and permit? after nat=yes? localnet = 10.0.0.0/255.255.255.0 localnet = 10.8.0.0/255.255.255.0 localnet = 10.10.11.0/255.255.255.0 I don’t understand must configure phone to register to IP adress 10.10.11.? if my pbx is 10.0.0.132? all others clinets on mac and android working only snom not. regards Nedi > Am 12.04.2021 um 13:54 schrieb Michael Keuter <li...@mksolutions.info>: > > > >> Am 12.04.2021 um 13:48 schrieb Michael Keuter <li...@mksolutions.info>: >> >> >> >>> Am 12.04.2021 um 13:01 schrieb nedi <n...@gmx.ch>: >>> >>> Hi, >>> I have my snom phone connected to the PBX trough OpenVPN, (on the display I >>> see VPN Active, on PBX VPN Status is User1 connected but I can’t make >>> provisioning and can't register, what can bee the issues? >>> My Macbook or Android phone with SIP Client work trough this OpenVPN with >>> the same VPN >>> settings. >>> >>> My lan PBX is 10.0.0.132 >>> My virtual Network IP for VPN Client is 10.10.11.2 >>> My LTE Router for testing VPN is 192.168.1.1 >>> >>> what must be in PUSH section of my PBX VPN Config? >>> >>> I have This >>> dhcp-option DNS 10.0.0.1 >>> route 10.0.0.0 255.255.255.0 >>> redirect-gateway def1 >>> >>> >>> OpenVPN Status on PBX >>> >>> >>> User1 194.230.148.217:6184 10.10.11.2 4182 4520 >>> Mon Apr 12 10:47:57 2021 1618217277 >>> >>> in sip.conf general I have this >>> >>> alwaysauthreject=yes >>> deny = 0.0.0.0/0.0.0.0 >>> permit = 10.0.0.0/255.255.255.0 >>> permit = 10.8.0.0/255.255.255.0 >>> permit = 10.10.11.0/255.255.255.0 >>> >>> regards Nedi >> >> Hi Nedi, >> >> important is that the phone registers to Asterisk on the virtual IP >> "10.10.11.x" and not on 10.0.0.132! >> >> You also need to add "localnet" in sip.conf for this virtual IP range in the >> NAT section. >> For provisioning to work you need to add the virtual IP range to "HTTP & >> HTTPS /phoneprov/ Allowed IP's:" (if not all (*) is allowed) and restart >> AstLinux. > > Update: and you need an external time server on the IP-phone and not the > internal one from AstLinux (e.g. "europe.pool.ntp.org") > >>>> Am 10.04.2021 um 18:04 schrieb nedi <n...@gmx.ch>: >>>> >>>> Hi , >>>> has anyone working config for the snom phones and astlinux openVPN i tried >>>> and tried , it works with MacBook and Asttlinux OpenVPN, >>>> snom won’t connecting , what can I do to get it working? >>>> >>>> I putting ip adress of vpn server into vpn.cnf >>>> This is my snom vpn config: >>>> remote IP Adress of my PBX OpenVPN Server 1194 udp >>>> comp-lzo yes >>>> cipher AES-256-CBC >>>> key-direction 1 >>>> client >>>> ns-cert-type server >>>> nobind >>>> persist-key >>>> persist-tun >>>> dev tun >>>> verb 3 >>>> <ca> >>>> -----BEGIN CERTIFICATE----- >>>> …..my cert , key, and tl…. >>>> >>>> After not working i tried this vpn.cnf to put cert key separately as >>>> described by snom wiki putting all files into openvpn folder and made >>>> tarbal of them >>>> >>>> remote IP Adress of my PBX OpenVPN Server 1194 udp >>>> comp-lzo yes >>>> cipher AES-256-CBC >>>> key-direction 1 >>>> client >>>> ns-cert-type server >>>> nobind >>>> persist-key >>>> persist-tun >>>> dev tun >>>> verb 3 >>>> ca /openvpn/ca.crt >>>> cert /openvpn/client.crt >>>> key /openvpn/client.key >>>> >>>> Thanks >>>> >>>> Regards nedi >>>> >>>> >>>>> Am 08.04.2021 um 23:22 schrieb Michael Keuter <li...@mksolutions.info>: >>>>> >>>>> >>>>> >>>>>> Am 08.04.2021 um 22:59 schrieb nedi <n...@gmx.ch>: >>>>>> >>>>>> Hi MIchael, >>>>>> I need 2 Phoen connect to pbx from outside >>>>>> I have this snom Firmware and Patch for VPN flashed as Update, but this >>>>>> not working with my Synology. From Synology I can Export openvpn config >>>>>> file and use on Macbook OpenVpn app but there is not user.key included >>>>>> and user.crt ther are only ca.crt and openvpn.conf files. >>>>> >>>>> The Synology OpenVPN server is very limited from the WebGUI. >>>>> >>>>>> I think is not wrong with snom, I can make those tar file .. and flash >>>>>> the snome phone. After that I tried with Astlinux openvpn and forwarded >>>>>> port to Astlinux ip but with Astlinux i can’t Connect from snom, can’t >>>>>> connect from my smartphone or macbook. There is no connecting to VPN >>>>>> server. I thinK on astlinux side is something wrong. >>>>>> regards >>>>>> nedi >>>>> >>>>> You should definitely get it working first with your Mac, before trying >>>>> the snom. >>>>> >>>>> https://doc.astlinux.org/userdoc:tt_openvpn_server >>>>> >>>>> For the snom use "Auth Method" => "Certificate" >>>>> >>>>> When I download the credentials and import the "openvpn-cert-key" *.ovpn >>>>> file into Viscosity or Tunnelblick it works fine on a Mac. >>>>> >>>>>> >>>>>>> Am 08.04.2021 um 22:36 schrieb Michael Keuter <li...@mksolutions.info>: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Am 08.04.2021 um 22:24 schrieb nedi <n...@gmx.ch>: >>>>>>>> >>>>>>>> Hi, >>>>>>>> I tried to configure OpenVpn for the Snom phone without success on >>>>>>>> Astlinux box and on Synology. >>>>>>>> On Synology I have VPN working but I think is not compatible to the >>>>>>>> Snom phone I need a key file. >>>>>>>> >>>>>>>> >>>>>>>> astlinux-1.2.6.1 i586 - Asterisk 1.8.32.3 Runnix Release: >>>>>>>> runnix-0.4-7671 GUI Version: 1.8.40 >>>>>>>> >>>>>>>> Can Anyone help me to configure OpenVPN on Astlinux box. I Have Alix >>>>>>>> with only one Lan Port can be this is the issue because VPN won’t work >>>>>>>> or iptables firewall make some issues? >>>>>>>> I tried with firewall enabled or disabled, I rebooted, tried import >>>>>>>> openvpn.conf on Macbook. I made port-forwarding . >>>>>>>> >>>>>>>> In Firewal options is all disabled and I put into firewall Pass >>>>>>>> EXT->Local UDP 0/0 1194 >>>>> >>>>> You don't need that, it is done by the openvpn firewall plugin >>>>> automatically. >>>>> >>>>>>>> >>>>>>>> My network is: 10.0.0.1 DNS: 10.0.0.1 NM: 255.255.255.0 ipv4 >>>>>>>> Gateway: 10.0.0.1 >>>>>>>> >>>>>>>> Tunnel Options: >>>>>>>> Protocol: UDPv4 Port: >>>>>>>> 1194 >>>>>>>> Log Verbosity: medium Compression: yes >>>>>>>> QoS Passthrough:Yes Legacy Cipher: >>>>>>>> AES-256-CBC >>>>>>>> Device:tun0 Auth >>>>>>>> HMAC: Use default >>>>>>>> Raw Commands: >>>>>>>> >>>>>>>> Authentication: >>>>>>>> Auth Method: Certificate >>>>>>>> Extra TLS-Auth: Yes >>>>>>>> >>>>>>>> Firewall Options: >>>>>>>> External Hosts: 0/0 >>>>>>>> >>>>>>>> Server Mode: >>>>>>>> Server Hostname(s): my dyndns >>>>> >>>>> Is this domain reachable? >>>>> Depending on your network/DNS configuration you might fail to test the >>>>> VPN connection from your internal network. >>>>> >>>>> Try testing with your MacBook via a smartphone with Wifi Hotspot and >>>>> mobile data instead. >>>>> >>>>>>>> Network IPv4 NM: 10.10.11.0 255.255.255.0 >>>>>>>> Network IPv6/nn: >>>>>>>> >>>>>>>> Topology: subnet latest , requires openvpn 2.1+ clients >>>>>>>> "push": dhcp-option DOMAIN priv.mydomain.ch <== >>>>>>>> can be it is wrong what i have here , do I need this? >>>>> >>>>> The domain option is not needed at first, you can still add it later. >>>>> >>>>>>>> dhcp-option DNS 10.10.10.1 >>>>>>>> route10.10.10.0 255.255.255.0 >>>>>>>> redirect-gateway def1 >>>>>>>> >>>>>>>> Server Certificate and Key: >>>>>>>> >>>>>>>> Private Key Size: 2048 >>>>>>>> Signature Algorithm: SHA-256 >>>>>>>> >>>>>>>> I made 2 Usr and downloaded zip files >>>>>>>> >>>>>>>> after import into openvpn app won’r connecting. >>>>>>>> >>>>>>>> regards Nedi >>>>>>> >>>>>>> I think some years ago snom removed OpenVPN from their default firmware >>>>>>> images. You need a special firmware that enables OpenVPN. >>>>>>> >>>>>>> https://service.snom.com/display/wiki/Configuring+VPN+on+Snom+Deskphones#ConfiguringVPNonSnomDeskphones-InstallandconfigureOpenVPNontheSnomphones.1 >>>>>>> >>>>>>> Michael >>>>> >>>>> Michael >> >> Michael >> >> http://www.mksolutions.info >> >> >> >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > Michael > > http://www.mksolutions.info > > > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
