> Am 12.04.2021 um 21:32 schrieb nedi <n...@gmx.ch>: > > Hi Michael, > i don't understand you exactly > > I have NTP Server ch.pool.ntp.org > > I have in my sip.conf > > deny = 0.0.0.0/0.0.0.0 > permit = 10.0.0.0/255.255.255.0 > permit = 10.8.0.0/255.255.255.0 > permit = 10.10.11.0/255.255.255.0 > > you mean i must put into my sip.conf under [general] localnet for all > network’s to? Or only localnet and remove this with deny and permit? > after nat=yes? > localnet = 10.0.0.0/255.255.255.0 > localnet = 10.8.0.0/255.255.255.0 > localnet = 10.10.11.0/255.255.255.0
Looks good. > I don’t understand must configure phone to register to IP adress 10.10.11.? > if my pbx is 10.0.0.132? This is the IP address of your OpenVPN server (possibly 10.10.11.1). The phone does not need to know anything else about your network (e.g. other routes). > all others clinets on mac and android working only snom not. > > regards Nedi > > >> Am 12.04.2021 um 13:54 schrieb Michael Keuter <li...@mksolutions.info>: >> >> >> >>> Am 12.04.2021 um 13:48 schrieb Michael Keuter <li...@mksolutions.info>: >>> >>> >>> >>>> Am 12.04.2021 um 13:01 schrieb nedi <n...@gmx.ch>: >>>> >>>> Hi, >>>> I have my snom phone connected to the PBX trough OpenVPN, (on the display >>>> I see VPN Active, on PBX VPN Status is User1 connected but I can’t make >>>> provisioning and can't register, what can bee the issues? >>>> My Macbook or Android phone with SIP Client work trough this OpenVPN with >>>> the same VPN >>>> settings. >>>> >>>> My lan PBX is 10.0.0.132 >>>> My virtual Network IP for VPN Client is 10.10.11.2 >>>> My LTE Router for testing VPN is 192.168.1.1 >>>> >>>> what must be in PUSH section of my PBX VPN Config? >>>> >>>> I have This >>>> dhcp-option DNS 10.0.0.1 >>>> route 10.0.0.0 255.255.255.0 >>>> redirect-gateway def1 >>>> >>>> >>>> OpenVPN Status on PBX >>>> >>>> >>>> User1 194.230.148.217:6184 10.10.11.2 4182 4520 >>>> Mon Apr 12 10:47:57 2021 1618217277 >>>> >>>> in sip.conf general I have this >>>> >>>> alwaysauthreject=yes >>>> deny = 0.0.0.0/0.0.0.0 >>>> permit = 10.0.0.0/255.255.255.0 >>>> permit = 10.8.0.0/255.255.255.0 >>>> permit = 10.10.11.0/255.255.255.0 >>>> >>>> regards Nedi >>> >>> Hi Nedi, >>> >>> important is that the phone registers to Asterisk on the virtual IP >>> "10.10.11.x" and not on 10.0.0.132! >>> >>> You also need to add "localnet" in sip.conf for this virtual IP range in >>> the NAT section. >>> For provisioning to work you need to add the virtual IP range to "HTTP & >>> HTTPS /phoneprov/ Allowed IP's:" (if not all (*) is allowed) and restart >>> AstLinux. >> >> Update: and you need an external time server on the IP-phone and not the >> internal one from AstLinux (e.g. "europe.pool.ntp.org") >> >>>>> Am 10.04.2021 um 18:04 schrieb nedi <n...@gmx.ch>: >>>>> >>>>> Hi , >>>>> has anyone working config for the snom phones and astlinux openVPN i >>>>> tried and tried , it works with MacBook and Asttlinux OpenVPN, >>>>> snom won’t connecting , what can I do to get it working? >>>>> >>>>> I putting ip adress of vpn server into vpn.cnf >>>>> This is my snom vpn config: >>>>> remote IP Adress of my PBX OpenVPN Server 1194 udp >>>>> comp-lzo yes >>>>> cipher AES-256-CBC >>>>> key-direction 1 >>>>> client >>>>> ns-cert-type server >>>>> nobind >>>>> persist-key >>>>> persist-tun >>>>> dev tun >>>>> verb 3 >>>>> <ca> >>>>> -----BEGIN CERTIFICATE----- >>>>> …..my cert , key, and tl…. >>>>> >>>>> After not working i tried this vpn.cnf to put cert key separately as >>>>> described by snom wiki putting all files into openvpn folder and made >>>>> tarbal of them >>>>> >>>>> remote IP Adress of my PBX OpenVPN Server 1194 udp >>>>> comp-lzo yes >>>>> cipher AES-256-CBC >>>>> key-direction 1 >>>>> client >>>>> ns-cert-type server >>>>> nobind >>>>> persist-key >>>>> persist-tun >>>>> dev tun >>>>> verb 3 >>>>> ca /openvpn/ca.crt >>>>> cert /openvpn/client.crt >>>>> key /openvpn/client.key >>>>> >>>>> Thanks >>>>> >>>>> Regards nedi >>>>> >>>>> >>>>>> Am 08.04.2021 um 23:22 schrieb Michael Keuter <li...@mksolutions.info>: >>>>>> >>>>>> >>>>>> >>>>>>> Am 08.04.2021 um 22:59 schrieb nedi <n...@gmx.ch>: >>>>>>> >>>>>>> Hi MIchael, >>>>>>> I need 2 Phoen connect to pbx from outside >>>>>>> I have this snom Firmware and Patch for VPN flashed as Update, but >>>>>>> this not working with my Synology. From Synology I can Export openvpn >>>>>>> config file and use on Macbook OpenVpn app but there is not user.key >>>>>>> included and user.crt ther are only ca.crt and openvpn.conf files. >>>>>> >>>>>> The Synology OpenVPN server is very limited from the WebGUI. >>>>>> >>>>>>> I think is not wrong with snom, I can make those tar file .. and flash >>>>>>> the snome phone. After that I tried with Astlinux openvpn and >>>>>>> forwarded port to Astlinux ip but with Astlinux i can’t Connect from >>>>>>> snom, can’t connect from my smartphone or macbook. There is no >>>>>>> connecting to VPN server. I thinK on astlinux side is something wrong. >>>>>>> regards >>>>>>> nedi >>>>>> >>>>>> You should definitely get it working first with your Mac, before trying >>>>>> the snom. >>>>>> >>>>>> https://doc.astlinux.org/userdoc:tt_openvpn_server >>>>>> >>>>>> For the snom use "Auth Method" => "Certificate" >>>>>> >>>>>> When I download the credentials and import the "openvpn-cert-key" *.ovpn >>>>>> file into Viscosity or Tunnelblick it works fine on a Mac. >>>>>> >>>>>>> >>>>>>>> Am 08.04.2021 um 22:36 schrieb Michael Keuter <li...@mksolutions.info>: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Am 08.04.2021 um 22:24 schrieb nedi <n...@gmx.ch>: >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> I tried to configure OpenVpn for the Snom phone without success on >>>>>>>>> Astlinux box and on Synology. >>>>>>>>> On Synology I have VPN working but I think is not compatible to the >>>>>>>>> Snom phone I need a key file. >>>>>>>>> >>>>>>>>> >>>>>>>>> astlinux-1.2.6.1 i586 - Asterisk 1.8.32.3 Runnix Release: >>>>>>>>> runnix-0.4-7671 GUI Version: 1.8.40 >>>>>>>>> >>>>>>>>> Can Anyone help me to configure OpenVPN on Astlinux box. I Have Alix >>>>>>>>> with only one Lan Port can be this is the issue because VPN won’t >>>>>>>>> work or iptables firewall make some issues? >>>>>>>>> I tried with firewall enabled or disabled, I rebooted, tried import >>>>>>>>> openvpn.conf on Macbook. I made port-forwarding . >>>>>>>>> >>>>>>>>> In Firewal options is all disabled and I put into firewall Pass >>>>>>>>> EXT->Local UDP 0/0 1194 >>>>>> >>>>>> You don't need that, it is done by the openvpn firewall plugin >>>>>> automatically. >>>>>> >>>>>>>>> >>>>>>>>> My network is: 10.0.0.1 DNS: 10.0.0.1 NM: 255.255.255.0 ipv4 >>>>>>>>> Gateway: 10.0.0.1 >>>>>>>>> >>>>>>>>> Tunnel Options: >>>>>>>>> Protocol: UDPv4 Port: >>>>>>>>> 1194 >>>>>>>>> Log Verbosity: medium Compression: yes >>>>>>>>> QoS Passthrough:Yes Legacy Cipher: >>>>>>>>> AES-256-CBC >>>>>>>>> Device:tun0 Auth >>>>>>>>> HMAC: Use default >>>>>>>>> Raw Commands: >>>>>>>>> >>>>>>>>> Authentication: >>>>>>>>> Auth Method: Certificate >>>>>>>>> Extra TLS-Auth: Yes >>>>>>>>> >>>>>>>>> Firewall Options: >>>>>>>>> External Hosts: 0/0 >>>>>>>>> >>>>>>>>> Server Mode: >>>>>>>>> Server Hostname(s): my dyndns >>>>>> >>>>>> Is this domain reachable? >>>>>> Depending on your network/DNS configuration you might fail to test the >>>>>> VPN connection from your internal network. >>>>>> >>>>>> Try testing with your MacBook via a smartphone with Wifi Hotspot and >>>>>> mobile data instead. >>>>>> >>>>>>>>> Network IPv4 NM: 10.10.11.0 255.255.255.0 >>>>>>>>> Network IPv6/nn: >>>>>>>>> >>>>>>>>> Topology: subnet latest , requires openvpn 2.1+ clients >>>>>>>>> "push": dhcp-option DOMAIN priv.mydomain.ch <== >>>>>>>>> can be it is wrong what i have here , do I need this? >>>>>> >>>>>> The domain option is not needed at first, you can still add it later. >>>>>> >>>>>>>>> dhcp-option DNS 10.10.10.1 >>>>>>>>> route10.10.10.0 255.255.255.0 >>>>>>>>> redirect-gateway def1 >>>>>>>>> >>>>>>>>> Server Certificate and Key: >>>>>>>>> >>>>>>>>> Private Key Size: 2048 >>>>>>>>> Signature Algorithm: SHA-256 >>>>>>>>> >>>>>>>>> I made 2 Usr and downloaded zip files >>>>>>>>> >>>>>>>>> after import into openvpn app won’r connecting. >>>>>>>>> >>>>>>>>> regards Nedi >>>>>>>> >>>>>>>> I think some years ago snom removed OpenVPN from their default >>>>>>>> firmware images. You need a special firmware that enables OpenVPN. >>>>>>>> >>>>>>>> https://service.snom.com/display/wiki/Configuring+VPN+on+Snom+Deskphones#ConfiguringVPNonSnomDeskphones-InstallandconfigureOpenVPNontheSnomphones.1 >>>>>>>> >>>>>>>> Michael >>>>>> >>>>>> Michael >>> >>> Michael >>> >> >> Michael Michael http://www.mksolutions.info
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
