PS Only need to add the range to localnet for sip.conf if you are behind a NAT
device. Will need to add it to the ACL though.
PPS I'm pretty sure you can register to the LAN address as long as you Push the
route to it via OpenVPN.
Regards
Michael Knill
On 12/4/21, 9:49 pm, "Michael Keuter" <li...@mksolutions.info> wrote:
> Am 12.04.2021 um 13:01 schrieb nedi <n...@gmx.ch>:
>
> Hi,
> I have my snom phone connected to the PBX trough OpenVPN, (on the display
I see VPN Active, on PBX VPN Status is User1 connected but I can’t make
provisioning and can't register, what can bee the issues?
> My Macbook or Android phone with SIP Client work trough this OpenVPN with
the same VPN
> settings.
>
> My lan PBX is 10.0.0.132
> My virtual Network IP for VPN Client is 10.10.11.2
> My LTE Router for testing VPN is 192.168.1.1
>
> what must be in PUSH section of my PBX VPN Config?
>
> I have This
> dhcp-option DNS 10.0.0.1
> route 10.0.0.0 255.255.255.0
> redirect-gateway def1
>
>
> OpenVPN Status on PBX
>
>
> User1 194.230.148.217:6184 10.10.11.2 4182 4520
Mon Apr 12 10:47:57 2021 1618217277
>
> in sip.conf general I have this
>
> alwaysauthreject=yes
> deny = 0.0.0.0/0.0.0.0
> permit = 10.0.0.0/255.255.255.0
> permit = 10.8.0.0/255.255.255.0
> permit = 10.10.11.0/255.255.255.0
>
> regards Nedi
Hi Nedi,
important is that the phone registers to Asterisk on the virtual IP
"10.10.11.x" and not on 10.0.0.132!
You also need to add "localnet" in sip.conf for this virtual IP range in
the NAT section.
For provisioning to work you need to add the virtual IP range to "HTTP &
HTTPS /phoneprov/ Allowed IP's:" (if not all (*) is allowed) and restart
AstLinux.
>
>> Am 10.04.2021 um 18:04 schrieb nedi <n...@gmx.ch>:
>>
>> Hi ,
>> has anyone working config for the snom phones and astlinux openVPN i
tried and tried , it works with MacBook and Asttlinux OpenVPN,
>> snom won’t connecting , what can I do to get it working?
>>
>> I putting ip adress of vpn server into vpn.cnf
>> This is my snom vpn config:
>> remote IP Adress of my PBX OpenVPN Server 1194 udp
>> comp-lzo yes
>> cipher AES-256-CBC
>> key-direction 1
>> client
>> ns-cert-type server
>> nobind
>> persist-key
>> persist-tun
>> dev tun
>> verb 3
>> <ca>
>> -----BEGIN CERTIFICATE-----
>> …..my cert , key, and tl….
>>
>> After not working i tried this vpn.cnf to put cert key separately as
described by snom wiki putting all files into openvpn folder and made tarbal
of them
>>
>> remote IP Adress of my PBX OpenVPN Server 1194 udp
>> comp-lzo yes
>> cipher AES-256-CBC
>> key-direction 1
>> client
>> ns-cert-type server
>> nobind
>> persist-key
>> persist-tun
>> dev tun
>> verb 3
>> ca /openvpn/ca.crt
>> cert /openvpn/client.crt
>> key /openvpn/client.key
>>
>> Thanks
>>
>> Regards nedi
>>
>>
>>> Am 08.04.2021 um 23:22 schrieb Michael Keuter <li...@mksolutions.info>:
>>>
>>>
>>>
>>>> Am 08.04.2021 um 22:59 schrieb nedi <n...@gmx.ch>:
>>>>
>>>> Hi MIchael,
>>>> I need 2 Phoen connect to pbx from outside
>>>> I have this snom Firmware and Patch for VPN flashed as Update, but
this not working with my Synology. From Synology I can Export openvpn config
file and use on Macbook OpenVpn app but there is not user.key included and
user.crt ther are only ca.crt and openvpn.conf files.
>>>
>>> The Synology OpenVPN server is very limited from the WebGUI.
>>>
>>>> I think is not wrong with snom, I can make those tar file .. and flash
the snome phone. After that I tried with Astlinux openvpn and forwarded port
to Astlinux ip but with Astlinux i can’t Connect from snom, can’t connect from
my smartphone or macbook. There is no connecting to VPN server. I thinK on
astlinux side is something wrong.
>>>> regards
>>>> nedi
>>>
>>> You should definitely get it working first with your Mac, before trying
the snom.
>>>
>>> https://doc.astlinux.org/userdoc:tt_openvpn_server
>>>
>>> For the snom use "Auth Method" => "Certificate"
>>>
>>> When I download the credentials and import the "openvpn-cert-key"
*.ovpn file into Viscosity or Tunnelblick it works fine on a Mac.
>>>
>>>>
>>>>> Am 08.04.2021 um 22:36 schrieb Michael Keuter
<li...@mksolutions.info>:
>>>>>
>>>>>
>>>>>
>>>>>> Am 08.04.2021 um 22:24 schrieb nedi <n...@gmx.ch>:
>>>>>>
>>>>>> Hi,
>>>>>> I tried to configure OpenVpn for the Snom phone without success on
Astlinux box and on Synology.
>>>>>> On Synology I have VPN working but I think is not compatible to the
Snom phone I need a key file.
>>>>>>
>>>>>>
>>>>>> astlinux-1.2.6.1 i586 - Asterisk 1.8.32.3 Runnix Release:
runnix-0.4-7671 GUI Version: 1.8.40
>>>>>>
>>>>>> Can Anyone help me to configure OpenVPN on Astlinux box. I Have
Alix with only one Lan Port can be this is the issue because VPN won’t work or
iptables firewall make some issues?
>>>>>> I tried with firewall enabled or disabled, I rebooted, tried import
openvpn.conf on Macbook. I made port-forwarding .
>>>>>>
>>>>>> In Firewal options is all disabled and I put into firewall Pass
EXT->Local UDP 0/0 1194
>>>
>>> You don't need that, it is done by the openvpn firewall plugin
automatically.
>>>
>>>>>>
>>>>>> My network is: 10.0.0.1 DNS: 10.0.0.1 NM: 255.255.255.0
ipv4 Gateway: 10.0.0.1
>>>>>>
>>>>>> Tunnel Options:
>>>>>> Protocol: UDPv4 Port:
1194
>>>>>> Log Verbosity: medium Compression:
yes
>>>>>> QoS Passthrough:Yes Legacy Cipher:
AES-256-CBC
>>>>>> Device:tun0 Auth
HMAC: Use default
>>>>>> Raw Commands:
>>>>>>
>>>>>> Authentication:
>>>>>> Auth Method: Certificate
>>>>>> Extra TLS-Auth: Yes
>>>>>>
>>>>>> Firewall Options:
>>>>>> External Hosts: 0/0
>>>>>>
>>>>>> Server Mode:
>>>>>> Server Hostname(s): my dyndns
>>>
>>> Is this domain reachable?
>>> Depending on your network/DNS configuration you might fail to test the
VPN connection from your internal network.
>>>
>>> Try testing with your MacBook via a smartphone with Wifi Hotspot and
mobile data instead.
>>>
>>>>>> Network IPv4 NM: 10.10.11.0 255.255.255.0
>>>>>> Network IPv6/nn:
>>>>>>
>>>>>> Topology: subnet latest , requires openvpn 2.1+ clients
>>>>>> "push": dhcp-option DOMAIN priv.mydomain.ch <==
can be it is wrong what i have here , do I need this?
>>>
>>> The domain option is not needed at first, you can still add it later.
>>>
>>>>>> dhcp-option DNS 10.10.10.1
>>>>>> route10.10.10.0 255.255.255.0
>>>>>> redirect-gateway def1
>>>>>>
>>>>>> Server Certificate and Key:
>>>>>>
>>>>>> Private Key Size: 2048
>>>>>> Signature Algorithm: SHA-256
>>>>>>
>>>>>> I made 2 Usr and downloaded zip files
>>>>>>
>>>>>> after import into openvpn app won’r connecting.
>>>>>>
>>>>>> regards Nedi
>>>>>
>>>>> I think some years ago snom removed OpenVPN from their default
firmware images. You need a special firmware that enables OpenVPN.
>>>>>
>>>>>
https://service.snom.com/display/wiki/Configuring+VPN+on+Snom+Deskphones#ConfiguringVPNonSnomDeskphones-InstallandconfigureOpenVPNontheSnomphones.1
>>>>>
>>>>> Michael
>>>
>>> Michael
Michael
http://www.mksolutions.info
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
