Snom 370 with OpenVPN setup problems

Discussion in 'Windows' started by jparaujo, Jul 13, 2009.

Thread Status:
Not open for further replies.
  1. jparaujo

    Joined:
    Jul 13, 2009
    Messages:
    6
    Likes Received:
    0
    Hello,

    I'm trying to setup the Snom 370 with OpenVPN, but have no success so far. I upgraded the firmware, and tried more than one how to (from 3CX and Snom's WIKI). I can see that the tar files are flashed to the phone, but then when I configure the sip line with the 3CX server which is on the VPN network, it times out, what make me believe the IP is not reachable.

    My VPN server is a Linksys WRT310N running DD-WRT. I was able to connect to it using a Windows client and another WRT310N as client too.

    Is there any way of testing or accessing logs to know what's going on? Ideas?

    Here's my VPN server config:

    cd /tmp
    openvpn --mktun --dev tap0
    brctl addif br0 tap0
    ifconfig tap0 0.0.0.0 promisc up

    echo '
    # Tunnel options
    mode server # Set OpenVPN major mode
    proto udp # Setup the protocol (server)
    port 1194 # TCP/UDP port number
    dev tap0 # TUN/TAP virtual network device
    keepalive 15 60 # Simplify the expression of --ping
    daemon # Become a daemon after all initialization
    verb 3 # Set output verbosity to n
    comp-lzo # Use fast LZO compression

    # OpenVPN server mode options
    client-to-client # tells OpenVPN to internally route client-to-client traffic

    # TLS Mode Options
    tls-server # Enable TLS and assume server role during TLS handshake
    ca ca.crt # Certificate authority (CA) file
    dh dh1024.pem # File containing Diffie Hellman parameters
    cert server.crt # Local peers signed certificate
    key server.key # Local peers private key
    ' > openvpn.conf

    echo '
    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----
    ' > ca.crt
    echo '
    -----BEGIN RSA PRIVATE KEY-----

    -----END RSA PRIVATE KEY-----
    ' > server.key
    chmod 600 server.key
    echo '
    -----BEGIN CERTIFICATE-----

    -----END CERTIFICATE-----
    ' > server.crt
    echo '
    -----BEGIN DH PARAMETERS-----

    -----END DH PARAMETERS-----
    ' > dh1024.pem

    sleep 5
    ln -s /usr/sbin/openvpn /tmp/myvpn
    /tmp/myvpn --config openvpn.conf

    Thank you!
     
  2. discovery1

    discovery1 Member

    Joined:
    Aug 4, 2008
    Messages:
    355
    Likes Received:
    0
    You have some tools in the Snom webinterface to ping IP addresses.
    Once connected by VPN try to ping the 3CX server IP from the phone - if there is no response you have a networking/IP problem.

    Make sure the Snom IP range on the network that it is plugged into is different to the one where the VPN server and 3CX is otherwise it won't be able to route across the tunnel.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. jparaujo

    Joined:
    Jul 13, 2009
    Messages:
    6
    Likes Received:
    0
    Hi,

    I couldn't find the tool to ping the server. Where should it be in the web interface?

    The phone is at 192.168.2.x and the VPN 192.168.3.x so that sould not be a problem.
    Should I use tap or tun for this?

    Thanks.
     
  4. discovery1

    discovery1 Member

    Joined:
    Aug 4, 2008
    Messages:
    355
    Likes Received:
    0
    Have you checked this from the Snom Wiki on open VPN
    http://wiki.snom.com/Networking/Virtual_Private_Network_%28VPN%29

    Q. Everything works as described, but the phone seems to reject my server certificate. What's wrong?

    A. You must configure an NTP server that the phone can reach on its native network (not via VPN). Otherwise, the phone will have a wrong date and assume that all certificates are not valid (yet)...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Discovery Technology

    Joined:
    Apr 19, 2008
    Messages:
    278
    Likes Received:
    0
    You should be using tap if you have setup your OpenVPN virtual adaptor in bridged mode (as per the 3CX Wiki)

    We recently went through this ourselves on a Virtual Server and there appears to be an extra step involved for VMWare-based Servers, as we found we couldn't pint the Server when we enabled the bridge.

    You need to setup the Network Adaptors in VMWare in "Promiscuous Mode" to allow the bridge to work (this was on a Windows 2003 Server as the host OS)

    We also noticed that the Simple CA software crashed a lot on our Server, so we prepared all the certificates on an XP workstation instead, then copied them across - works a treat as long as you setup the correct directory structure for the simple CA software first.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.