Hi, can anyone tell me how easy to update astlinux from: AstLinux Release: astlinux-1.2.4.1 - Asterisk 1.8.32.3 Runnix Release: runnix-0.4-6956 GUI Version: 1.8.21 to: AstLinux Release:astlinux-1.2.6.1 i586 - Asterisk 1.8.32.3 Runnix Release:runnix-0.4-7671 GUI Version:1.8.40 by one PBX I have openvpn config downloaded and there is no openvpn config file only key and cert. Regards nedi
> Am 15.04.2021 um 23:19 schrieb nedi <n...@gmx.ch>: > > Hi Michael, > Thanks, > I get it working with putting this to my vpn.cnf on snom phone > dhcp-option DNS 10.0.0.1 > route 10.0.0.0 255.255.255.0 > > > > remote xx.xx.xx.xx 1194 udp > comp-lzo yes > cipher AES-256-CBC > auth SHA1 > key-direction 1 > client > ns-cert-type server > nobind > persist-key > persist-tun > dev tun > verb 3 > dhcp-option DNS 10.0.0.1 > route 10.0.0.0 255.255.255.0 > redirect-gateway def1 > ca /openvpn/ca.crt > cert /openvpn/client.crt > key /openvpn/client.key > > Regards Nedi > >> Am 13.04.2021 um 07:12 schrieb Michael Keuter <li...@mksolutions.info>: >> >> >> >>> Am 12.04.2021 um 21:32 schrieb nedi <n...@gmx.ch>: >>> >>> Hi Michael, >>> i don't understand you exactly >>> >>> I have NTP Server ch.pool.ntp.org >>> >>> I have in my sip.conf >>> >>> deny = 0.0.0.0/0.0.0.0 >>> permit = 10.0.0.0/255.255.255.0 >>> permit = 10.8.0.0/255.255.255.0 >>> permit = 10.10.11.0/255.255.255.0 >>> >>> you mean i must put into my sip.conf under [general] localnet for all >>> network’s to? Or only localnet and remove this with deny and permit? >>> after nat=yes? >>> localnet = 10.0.0.0/255.255.255.0 >>> localnet = 10.8.0.0/255.255.255.0 >>> localnet = 10.10.11.0/255.255.255.0 >> >> Looks good. >> >>> I don’t understand must configure phone to register to IP adress 10.10.11.? >>> if my pbx is 10.0.0.132? >> >> This is the IP address of your OpenVPN server (possibly 10.10.11.1). The >> phone does not need to know anything else about your network (e.g. other >> routes). >> >>> all others clinets on mac and android working only snom not. >>> >>> regards Nedi >>> >>> >>>> Am 12.04.2021 um 13:54 schrieb Michael Keuter <li...@mksolutions.info>: >>>> >>>> >>>> >>>>> Am 12.04.2021 um 13:48 schrieb Michael Keuter <li...@mksolutions.info>: >>>>> >>>>> >>>>> >>>>>> Am 12.04.2021 um 13:01 schrieb nedi <n...@gmx.ch>: >>>>>> >>>>>> Hi, >>>>>> I have my snom phone connected to the PBX trough OpenVPN, (on the >>>>>> display I see VPN Active, on PBX VPN Status is User1 connected but I >>>>>> can’t make provisioning and can't register, what can bee the issues? >>>>>> My Macbook or Android phone with SIP Client work trough this OpenVPN >>>>>> with the same VPN >>>>>> settings. >>>>>> >>>>>> My lan PBX is 10.0.0.132 >>>>>> My virtual Network IP for VPN Client is 10.10.11.2 >>>>>> My LTE Router for testing VPN is 192.168.1.1 >>>>>> >>>>>> what must be in PUSH section of my PBX VPN Config? >>>>>> >>>>>> I have This >>>>>> dhcp-option DNS 10.0.0.1 >>>>>> route 10.0.0.0 255.255.255.0 >>>>>> redirect-gateway def1 >>>>>> >>>>>> >>>>>> OpenVPN Status on PBX >>>>>> >>>>>> >>>>>> User1 194.230.148.217:6184 10.10.11.2 4182 4520 >>>>>> Mon Apr 12 10:47:57 2021 1618217277 >>>>>> >>>>>> in sip.conf general I have this >>>>>> >>>>>> alwaysauthreject=yes >>>>>> deny = 0.0.0.0/0.0.0.0 >>>>>> permit = 10.0.0.0/255.255.255.0 >>>>>> permit = 10.8.0.0/255.255.255.0 >>>>>> permit = 10.10.11.0/255.255.255.0 >>>>>> >>>>>> regards Nedi >>>>> >>>>> Hi Nedi, >>>>> >>>>> important is that the phone registers to Asterisk on the virtual IP >>>>> "10.10.11.x" and not on 10.0.0.132! >>>>> >>>>> You also need to add "localnet" in sip.conf for this virtual IP range in >>>>> the NAT section. >>>>> For provisioning to work you need to add the virtual IP range to "HTTP & >>>>> HTTPS /phoneprov/ Allowed IP's:" (if not all (*) is allowed) and restart >>>>> AstLinux. >>>> >>>> Update: and you need an external time server on the IP-phone and not the >>>> internal one from AstLinux (e.g. "europe.pool.ntp.org") >>>> >>>>>>> Am 10.04.2021 um 18:04 schrieb nedi <n...@gmx.ch>: >>>>>>> >>>>>>> Hi , >>>>>>> has anyone working config for the snom phones and astlinux openVPN i >>>>>>> tried and tried , it works with MacBook and Asttlinux OpenVPN, >>>>>>> snom won’t connecting , what can I do to get it working? >>>>>>> >>>>>>> I putting ip adress of vpn server into vpn.cnf >>>>>>> This is my snom vpn config: >>>>>>> remote IP Adress of my PBX OpenVPN Server 1194 udp >>>>>>> comp-lzo yes >>>>>>> cipher AES-256-CBC >>>>>>> key-direction 1 >>>>>>> client >>>>>>> ns-cert-type server >>>>>>> nobind >>>>>>> persist-key >>>>>>> persist-tun >>>>>>> dev tun >>>>>>> verb 3 >>>>>>> <ca> >>>>>>> -----BEGIN CERTIFICATE----- >>>>>>> …..my cert , key, and tl…. >>>>>>> >>>>>>> After not working i tried this vpn.cnf to put cert key separately as >>>>>>> described by snom wiki putting all files into openvpn folder and made >>>>>>> tarbal of them >>>>>>> >>>>>>> remote IP Adress of my PBX OpenVPN Server 1194 udp >>>>>>> comp-lzo yes >>>>>>> cipher AES-256-CBC >>>>>>> key-direction 1 >>>>>>> client >>>>>>> ns-cert-type server >>>>>>> nobind >>>>>>> persist-key >>>>>>> persist-tun >>>>>>> dev tun >>>>>>> verb 3 >>>>>>> ca /openvpn/ca.crt >>>>>>> cert /openvpn/client.crt >>>>>>> key /openvpn/client.key >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> Regards nedi >>>>>>> >>>>>>> >>>>>>>> Am 08.04.2021 um 23:22 schrieb Michael Keuter <li...@mksolutions.info>: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Am 08.04.2021 um 22:59 schrieb nedi <n...@gmx.ch>: >>>>>>>>> >>>>>>>>> Hi MIchael, >>>>>>>>> I need 2 Phoen connect to pbx from outside >>>>>>>>> I have this snom Firmware and Patch for VPN flashed as Update, but >>>>>>>>> this not working with my Synology. From Synology I can Export openvpn >>>>>>>>> config file and use on Macbook OpenVpn app but there is not user.key >>>>>>>>> included and user.crt ther are only ca.crt and openvpn.conf files. >>>>>>>> >>>>>>>> The Synology OpenVPN server is very limited from the WebGUI. >>>>>>>> >>>>>>>>> I think is not wrong with snom, I can make those tar file .. and >>>>>>>>> flash the snome phone. After that I tried with Astlinux openvpn and >>>>>>>>> forwarded port to Astlinux ip but with Astlinux i can’t Connect from >>>>>>>>> snom, can’t connect from my smartphone or macbook. There is no >>>>>>>>> connecting to VPN server. I thinK on astlinux side is something wrong. >>>>>>>>> regards >>>>>>>>> nedi >>>>>>>> >>>>>>>> You should definitely get it working first with your Mac, before >>>>>>>> trying the snom. >>>>>>>> >>>>>>>> https://doc.astlinux.org/userdoc:tt_openvpn_server >>>>>>>> >>>>>>>> For the snom use "Auth Method" => "Certificate" >>>>>>>> >>>>>>>> When I download the credentials and import the "openvpn-cert-key" >>>>>>>> *.ovpn file into Viscosity or Tunnelblick it works fine on a Mac. >>>>>>>> >>>>>>>>> >>>>>>>>>> Am 08.04.2021 um 22:36 schrieb Michael Keuter >>>>>>>>>> <li...@mksolutions.info>: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> Am 08.04.2021 um 22:24 schrieb nedi <n...@gmx.ch>: >>>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> I tried to configure OpenVpn for the Snom phone without success on >>>>>>>>>>> Astlinux box and on Synology. >>>>>>>>>>> On Synology I have VPN working but I think is not compatible to >>>>>>>>>>> the Snom phone I need a key file. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> astlinux-1.2.6.1 i586 - Asterisk 1.8.32.3 Runnix Release: >>>>>>>>>>> runnix-0.4-7671 GUI Version: 1.8.40 >>>>>>>>>>> >>>>>>>>>>> Can Anyone help me to configure OpenVPN on Astlinux box. I Have >>>>>>>>>>> Alix with only one Lan Port can be this is the issue because VPN >>>>>>>>>>> won’t work or iptables firewall make some issues? >>>>>>>>>>> I tried with firewall enabled or disabled, I rebooted, tried >>>>>>>>>>> import openvpn.conf on Macbook. I made port-forwarding . >>>>>>>>>>> >>>>>>>>>>> In Firewal options is all disabled and I put into firewall Pass >>>>>>>>>>> EXT->Local UDP 0/0 1194 >>>>>>>> >>>>>>>> You don't need that, it is done by the openvpn firewall plugin >>>>>>>> automatically. >>>>>>>> >>>>>>>>>>> >>>>>>>>>>> My network is: 10.0.0.1 DNS: 10.0.0.1 NM: 255.255.255.0 >>>>>>>>>>> ipv4 Gateway: 10.0.0.1 >>>>>>>>>>> >>>>>>>>>>> Tunnel Options: >>>>>>>>>>> Protocol: UDPv4 Port: >>>>>>>>>>> 1194 >>>>>>>>>>> Log Verbosity: medium Compression: >>>>>>>>>>> yes >>>>>>>>>>> QoS Passthrough:Yes Legacy Cipher: >>>>>>>>>>> AES-256-CBC >>>>>>>>>>> Device:tun0 Auth >>>>>>>>>>> HMAC: Use default >>>>>>>>>>> Raw Commands: >>>>>>>>>>> >>>>>>>>>>> Authentication: >>>>>>>>>>> Auth Method: Certificate >>>>>>>>>>> Extra TLS-Auth: Yes >>>>>>>>>>> >>>>>>>>>>> Firewall Options: >>>>>>>>>>> External Hosts: 0/0 >>>>>>>>>>> >>>>>>>>>>> Server Mode: >>>>>>>>>>> Server Hostname(s): my dyndns >>>>>>>> >>>>>>>> Is this domain reachable? >>>>>>>> Depending on your network/DNS configuration you might fail to test the >>>>>>>> VPN connection from your internal network. >>>>>>>> >>>>>>>> Try testing with your MacBook via a smartphone with Wifi Hotspot and >>>>>>>> mobile data instead. >>>>>>>> >>>>>>>>>>> Network IPv4 NM: 10.10.11.0 255.255.255.0 >>>>>>>>>>> Network IPv6/nn: >>>>>>>>>>> >>>>>>>>>>> Topology: subnet latest , requires openvpn 2.1+ clients >>>>>>>>>>> "push": dhcp-option DOMAIN priv.mydomain.ch <== >>>>>>>>>>> can be it is wrong what i have here , do I need this? >>>>>>>> >>>>>>>> The domain option is not needed at first, you can still add it later. >>>>>>>> >>>>>>>>>>> dhcp-option DNS 10.10.10.1 >>>>>>>>>>> route10.10.10.0 255.255.255.0 >>>>>>>>>>> redirect-gateway def1 >>>>>>>>>>> >>>>>>>>>>> Server Certificate and Key: >>>>>>>>>>> >>>>>>>>>>> Private Key Size: 2048 >>>>>>>>>>> Signature Algorithm: SHA-256 >>>>>>>>>>> >>>>>>>>>>> I made 2 Usr and downloaded zip files >>>>>>>>>>> >>>>>>>>>>> after import into openvpn app won’r connecting. >>>>>>>>>>> >>>>>>>>>>> regards Nedi >>>>>>>>>> >>>>>>>>>> I think some years ago snom removed OpenVPN from their default >>>>>>>>>> firmware images. You need a special firmware that enables OpenVPN. >>>>>>>>>> >>>>>>>>>> https://service.snom.com/display/wiki/Configuring+VPN+on+Snom+Deskphones#ConfiguringVPNonSnomDeskphones-InstallandconfigureOpenVPNontheSnomphones.1 >>>>>>>>>> >>>>>>>>>> Michael >>>>>>>> >>>>>>>> Michael >>>>> >>>>> Michael >>>>> >>>> >>>> Michael >> >> Michael >> >> http://www.mksolutions.info >> >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
