Hi Michael, Thanks, I get it working with putting this to my vpn.cnf on snom phone dhcp-option DNS 10.0.0.1 route 10.0.0.0 255.255.255.0
remote xx.xx.xx.xx 1194 udp comp-lzo yes cipher AES-256-CBC auth SHA1 key-direction 1 client ns-cert-type server nobind persist-key persist-tun dev tun verb 3 dhcp-option DNS 10.0.0.1 route 10.0.0.0 255.255.255.0 redirect-gateway def1 ca /openvpn/ca.crt cert /openvpn/client.crt key /openvpn/client.key Regards Nedi > Am 13.04.2021 um 07:12 schrieb Michael Keuter <li...@mksolutions.info>: > > > >> Am 12.04.2021 um 21:32 schrieb nedi <n...@gmx.ch <mailto:n...@gmx.ch>>: >> >> Hi Michael, >> i don't understand you exactly >> >> I have NTP Server ch.pool.ntp.org <http://ch.pool.ntp.org/> >> >> I have in my sip.conf >> >> deny = 0.0.0.0/0.0.0.0 >> permit = 10.0.0.0/255.255.255.0 >> permit = 10.8.0.0/255.255.255.0 >> permit = 10.10.11.0/255.255.255.0 >> >> you mean i must put into my sip.conf under [general] localnet for all >> network’s to? Or only localnet and remove this with deny and permit? >> after nat=yes? >> localnet = 10.0.0.0/255.255.255.0 >> localnet = 10.8.0.0/255.255.255.0 >> localnet = 10.10.11.0/255.255.255.0 > > Looks good. > >> I don’t understand must configure phone to register to IP adress 10.10.11.? >> if my pbx is 10.0.0.132? > > This is the IP address of your OpenVPN server (possibly 10.10.11.1). The > phone does not need to know anything else about your network (e.g. other > routes). > >> all others clinets on mac and android working only snom not. >> >> regards Nedi >> >> >>> Am 12.04.2021 um 13:54 schrieb Michael Keuter <li...@mksolutions.info >>> <mailto:li...@mksolutions.info>>: >>> >>> >>> >>>> Am 12.04.2021 um 13:48 schrieb Michael Keuter <li...@mksolutions.info >>>> <mailto:li...@mksolutions.info>>: >>>> >>>> >>>> >>>>> Am 12.04.2021 um 13:01 schrieb nedi <n...@gmx.ch <mailto:n...@gmx.ch>>: >>>>> >>>>> Hi, >>>>> I have my snom phone connected to the PBX trough OpenVPN, (on the display >>>>> I see VPN Active, on PBX VPN Status is User1 connected but I can’t make >>>>> provisioning and can't register, what can bee the issues? >>>>> My Macbook or Android phone with SIP Client work trough this OpenVPN with >>>>> the same VPN >>>>> settings. >>>>> >>>>> My lan PBX is 10.0.0.132 >>>>> My virtual Network IP for VPN Client is 10.10.11.2 >>>>> My LTE Router for testing VPN is 192.168.1.1 >>>>> >>>>> what must be in PUSH section of my PBX VPN Config? >>>>> >>>>> I have This >>>>> dhcp-option DNS 10.0.0.1 >>>>> route 10.0.0.0 255.255.255.0 >>>>> redirect-gateway def1 >>>>> >>>>> >>>>> OpenVPN Status on PBX >>>>> >>>>> >>>>> User1 194.230.148.217:6184 10.10.11.2 4182 4520 >>>>> Mon Apr 12 10:47:57 2021 1618217277 >>>>> >>>>> in sip.conf general I have this >>>>> >>>>> alwaysauthreject=yes >>>>> deny = 0.0.0.0/0.0.0.0 >>>>> permit = 10.0.0.0/255.255.255.0 >>>>> permit = 10.8.0.0/255.255.255.0 >>>>> permit = 10.10.11.0/255.255.255.0 >>>>> >>>>> regards Nedi >>>> >>>> Hi Nedi, >>>> >>>> important is that the phone registers to Asterisk on the virtual IP >>>> "10.10.11.x" and not on 10.0.0.132! >>>> >>>> You also need to add "localnet" in sip.conf for this virtual IP range in >>>> the NAT section. >>>> For provisioning to work you need to add the virtual IP range to "HTTP & >>>> HTTPS /phoneprov/ Allowed IP's:" (if not all (*) is allowed) and restart >>>> AstLinux. >>> >>> Update: and you need an external time server on the IP-phone and not the >>> internal one from AstLinux (e.g. "europe.pool.ntp.org >>> <http://europe.pool.ntp.org/>") >>> >>>>>> Am 10.04.2021 um 18:04 schrieb nedi <n...@gmx.ch <mailto:n...@gmx.ch>>: >>>>>> >>>>>> Hi , >>>>>> has anyone working config for the snom phones and astlinux openVPN i >>>>>> tried and tried , it works with MacBook and Asttlinux OpenVPN, >>>>>> snom won’t connecting , what can I do to get it working? >>>>>> >>>>>> I putting ip adress of vpn server into vpn.cnf >>>>>> This is my snom vpn config: >>>>>> remote IP Adress of my PBX OpenVPN Server 1194 udp >>>>>> comp-lzo yes >>>>>> cipher AES-256-CBC >>>>>> key-direction 1 >>>>>> client >>>>>> ns-cert-type server >>>>>> nobind >>>>>> persist-key >>>>>> persist-tun >>>>>> dev tun >>>>>> verb 3 >>>>>> <ca> >>>>>> -----BEGIN CERTIFICATE----- >>>>>> …..my cert , key, and tl…. >>>>>> >>>>>> After not working i tried this vpn.cnf to put cert key separately as >>>>>> described by snom wiki putting all files into openvpn folder and made >>>>>> tarbal of them >>>>>> >>>>>> remote IP Adress of my PBX OpenVPN Server 1194 udp >>>>>> comp-lzo yes >>>>>> cipher AES-256-CBC >>>>>> key-direction 1 >>>>>> client >>>>>> ns-cert-type server >>>>>> nobind >>>>>> persist-key >>>>>> persist-tun >>>>>> dev tun >>>>>> verb 3 >>>>>> ca /openvpn/ca.crt >>>>>> cert /openvpn/client.crt >>>>>> key /openvpn/client.key >>>>>> >>>>>> Thanks >>>>>> >>>>>> Regards nedi >>>>>> >>>>>> >>>>>>> Am 08.04.2021 um 23:22 schrieb Michael Keuter <li...@mksolutions.info >>>>>>> <mailto:li...@mksolutions.info>>: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Am 08.04.2021 um 22:59 schrieb nedi <n...@gmx.ch <mailto:n...@gmx.ch>>: >>>>>>>> >>>>>>>> Hi MIchael, >>>>>>>> I need 2 Phoen connect to pbx from outside >>>>>>>> I have this snom Firmware and Patch for VPN flashed as Update, but >>>>>>>> this not working with my Synology. From Synology I can Export openvpn >>>>>>>> config file and use on Macbook OpenVpn app but there is not user.key >>>>>>>> included and user.crt ther are only ca.crt and openvpn.conf files. >>>>>>> >>>>>>> The Synology OpenVPN server is very limited from the WebGUI. >>>>>>> >>>>>>>> I think is not wrong with snom, I can make those tar file .. and flash >>>>>>>> the snome phone. After that I tried with Astlinux openvpn and >>>>>>>> forwarded port to Astlinux ip but with Astlinux i can’t Connect from >>>>>>>> snom, can’t connect from my smartphone or macbook. There is no >>>>>>>> connecting to VPN server. I thinK on astlinux side is something wrong. >>>>>>>> regards >>>>>>>> nedi >>>>>>> >>>>>>> You should definitely get it working first with your Mac, before trying >>>>>>> the snom. >>>>>>> >>>>>>> https://doc.astlinux.org/userdoc:tt_openvpn_server >>>>>>> <https://doc.astlinux.org/userdoc:tt_openvpn_server> >>>>>>> >>>>>>> For the snom use "Auth Method" => "Certificate" >>>>>>> >>>>>>> When I download the credentials and import the "openvpn-cert-key" >>>>>>> *.ovpn file into Viscosity or Tunnelblick it works fine on a Mac. >>>>>>> >>>>>>>> >>>>>>>>> Am 08.04.2021 um 22:36 schrieb Michael Keuter >>>>>>>>> <li...@mksolutions.info>: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> Am 08.04.2021 um 22:24 schrieb nedi <n...@gmx.ch>: >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> I tried to configure OpenVpn for the Snom phone without success on >>>>>>>>>> Astlinux box and on Synology. >>>>>>>>>> On Synology I have VPN working but I think is not compatible to the >>>>>>>>>> Snom phone I need a key file. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> astlinux-1.2.6.1 i586 - Asterisk 1.8.32.3 Runnix Release: >>>>>>>>>> runnix-0.4-7671 GUI Version: 1.8.40 >>>>>>>>>> >>>>>>>>>> Can Anyone help me to configure OpenVPN on Astlinux box. I Have >>>>>>>>>> Alix with only one Lan Port can be this is the issue because VPN >>>>>>>>>> won’t work or iptables firewall make some issues? >>>>>>>>>> I tried with firewall enabled or disabled, I rebooted, tried import >>>>>>>>>> openvpn.conf on Macbook. I made port-forwarding . >>>>>>>>>> >>>>>>>>>> In Firewal options is all disabled and I put into firewall Pass >>>>>>>>>> EXT->Local UDP 0/0 1194 >>>>>>> >>>>>>> You don't need that, it is done by the openvpn firewall plugin >>>>>>> automatically. >>>>>>> >>>>>>>>>> >>>>>>>>>> My network is: 10.0.0.1 DNS: 10.0.0.1 NM: 255.255.255.0 >>>>>>>>>> ipv4 Gateway: 10.0.0.1 >>>>>>>>>> >>>>>>>>>> Tunnel Options: >>>>>>>>>> Protocol: UDPv4 Port: >>>>>>>>>> 1194 >>>>>>>>>> Log Verbosity: medium Compression: >>>>>>>>>> yes >>>>>>>>>> QoS Passthrough:Yes Legacy Cipher: >>>>>>>>>> AES-256-CBC >>>>>>>>>> Device:tun0 Auth >>>>>>>>>> HMAC: Use default >>>>>>>>>> Raw Commands: >>>>>>>>>> >>>>>>>>>> Authentication: >>>>>>>>>> Auth Method: Certificate >>>>>>>>>> Extra TLS-Auth: Yes >>>>>>>>>> >>>>>>>>>> Firewall Options: >>>>>>>>>> External Hosts: 0/0 >>>>>>>>>> >>>>>>>>>> Server Mode: >>>>>>>>>> Server Hostname(s): my dyndns >>>>>>> >>>>>>> Is this domain reachable? >>>>>>> Depending on your network/DNS configuration you might fail to test the >>>>>>> VPN connection from your internal network. >>>>>>> >>>>>>> Try testing with your MacBook via a smartphone with Wifi Hotspot and >>>>>>> mobile data instead. >>>>>>> >>>>>>>>>> Network IPv4 NM: 10.10.11.0 255.255.255.0 >>>>>>>>>> Network IPv6/nn: >>>>>>>>>> >>>>>>>>>> Topology: subnet latest , requires openvpn 2.1+ clients >>>>>>>>>> "push": dhcp-option DOMAIN priv.mydomain.ch <== >>>>>>>>>> can be it is wrong what i have here , do I need this? >>>>>>> >>>>>>> The domain option is not needed at first, you can still add it later. >>>>>>> >>>>>>>>>> dhcp-option DNS 10.10.10.1 >>>>>>>>>> route10.10.10.0 255.255.255.0 >>>>>>>>>> redirect-gateway def1 >>>>>>>>>> >>>>>>>>>> Server Certificate and Key: >>>>>>>>>> >>>>>>>>>> Private Key Size: 2048 >>>>>>>>>> Signature Algorithm: SHA-256 >>>>>>>>>> >>>>>>>>>> I made 2 Usr and downloaded zip files >>>>>>>>>> >>>>>>>>>> after import into openvpn app won’r connecting. >>>>>>>>>> >>>>>>>>>> regards Nedi >>>>>>>>> >>>>>>>>> I think some years ago snom removed OpenVPN from their default >>>>>>>>> firmware images. You need a special firmware that enables OpenVPN. >>>>>>>>> >>>>>>>>> https://service.snom.com/display/wiki/Configuring+VPN+on+Snom+Deskphones#ConfiguringVPNonSnomDeskphones-InstallandconfigureOpenVPNontheSnomphones.1 >>>>>>>>> >>>>>>>>> Michael >>>>>>> >>>>>>> Michael >>>> >>>> Michael >>>> >>> >>> Michael > > Michael > > http://www.mksolutions.info <http://www.mksolutions.info/> > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
