LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-17-2011, 05:32 AM   #1
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 187
Blog Entries: 2

Rep: Reputation: 21
How to setup IP phone with OpenVPN to connect remotely to an internal network


The plan was to connect an ip phone on the switch of the client's local network, pass the voice thought the client's vpn tunnel to access to the PABX where the VOIP card is and is also behind the openvpn server.

I am attempting to run the openvpn client on the laptop and use a USB2.0 ethernet device to pass the connection to a switch and then connect the IP phone to the switch but I am guessing this will not work.

Apart from buying a WRT box (will look into this if it is cheap and easy to configure), what other way can the IP phone connect to a OpenVPN connection? (Other than the scenario I tried to test above)

I take it will involve IP routing as you said and maybe changes to the client/server.conf also?
 
Old 11-17-2011, 05:09 PM   #2
TimothyEBaldwin
Member
 
Registered: Mar 2009
Posts: 249

Rep: Reputation: 27
That's a perfectly valid method, you do need to configure the phone to use the correct router, possibly the Laptop or OpenVPN server, unless the network is bridged. You may need to do this via DHCP.
 
Old 11-18-2011, 04:25 AM   #3
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 187
Blog Entries: 2

Original Poster
Rep: Reputation: 21
Quote:
Originally Posted by TimothyEBaldwin View Post
That's a perfectly valid method, you do need to configure the phone to use the correct router, possibly the Laptop or OpenVPN server, unless the network is bridged. You may need to do this via DHCP.
Yes but if you have setup a phone like this yourself, can you explain how you did this.
Plus after some research, the IP phone needs to be routed with a WTR router with a static DHCP and cannot use a netbook/PC to connect to the openvpn as it needs a dedicated WTR router with an openvpn client to do so.

If anyone has experience setting this up, please share.
 
Old 11-20-2011, 07:30 AM   #4
TimothyEBaldwin
Member
 
Registered: Mar 2009
Posts: 249

Rep: Reputation: 27
Quote:
Originally Posted by shayno90 View Post
Plus after some research, the IP phone needs to be routed with a WTR router with a static DHCP and cannot use a netbook/PC to connect to the openvpn as it needs a dedicated WTR router with an openvpn client to do so.
Where did you this idea from? And what is a "WTR router"? Any device that can't use a PC as a router is not worthy of the name "IP phone".

The popular ISC DHCP server is available in all major Linux distributions, or you could a DHCP relay to forward requests to a remote DHCP server which will need the configured with knowledge of the subnet the phone is on.

If the VPN is OpenVPN tap mode and bridged at both ends then there is no other VPN specific configuration.

We can not give you specific advice unless you describe the network.
How is OpenVPN configured?
What operating systems are the OpenVPN server and client running?
How is DHCP provided to the other phones?
What traffic must/must not travel over the VPN?
Are we dealing with IPv4, IPv6 or both?
 
Old 11-21-2011, 08:47 AM   #5
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 187
Blog Entries: 2

Original Poster
Rep: Reputation: 21
Quote:
Originally Posted by TimothyEBaldwin View Post
Where did you this idea from? And what is a "WTR router"? Any device that can't use a PC as a router is not worthy of the name "IP phone".

The popular ISC DHCP server is available in all major Linux distributions, or you could a DHCP relay to forward requests to a remote DHCP server which will need the configured with knowledge of the subnet the phone is on.

If the VPN is OpenVPN tap mode and bridged at both ends then there is no other VPN specific configuration.

We can not give you specific advice unless you describe the network.
How is OpenVPN configured?
What operating systems are the OpenVPN server and client running?
How is DHCP provided to the other phones?
What traffic must/must not travel over the VPN?
Are we dealing with IPv4, IPv6 or both?
From DD-WRT.com:
"DD-WRT is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems. The main emphasis lies on providing the easiest possible handling while at the same time supporting a great number of functionalities within the framework of the respective hardware platform used."

You essentially either flash your existing router with this software or add it to a compatible DD-WRT list of routers.

Network setup:
IP Phone (192.168.100.30) (local address so I guess will need something like 10.8.0.3)
l
l
Netbook openvpn client (10.8.0.2)
l
l
Openvpn server (10.8.0.1)
l
l
VOIP Card (192.168.100.5) (local address)

The IP Keyphone has to be configured with an IP Address, Subnet Mask, Default Gateway and the address of the Aspire NTCPU.

This IP information can be supplied by DHCP or can be manually configured on the IP Keyphone. Ideally a static IP to negotiate it with the PABX server.

Attempted to to run the openvpn client on the laptop with Linux Ubuntu and use a USB2.0 ethernet device to pass the connection to a fast ethernet switch and then connect the IP phone to the switch to route the traffic. This does not work as the IP phone has 2 specific ports:

1. For a LAN connection to connect on the internal network of company

2. The phone needs to be connected directly to a router/switch with a VPN running on it then from the phone the PC is connected. The PC (X) port on the phone is used for feeding connection to a pc and will not work the other way (feeding connection from pc to phone).

Dealing with IPv4 for the moment.

The OpenVPN in client.conf is for dev tun in the bridge settings.

Other phone handsets are standard non VOIP/IP phone handsets so not relevant.
 
Old 11-23-2011, 07:03 PM   #6
TimothyEBaldwin
Member
 
Registered: Mar 2009
Posts: 249

Rep: Reputation: 27
Your the mention of 10.8.0.1, 10.8.0.2 and "dev tun" suggests you are running OpenVPN in routed mode. However you if using the default netmask of 255.255.255.0 you have two subnets numbered 192.168.100.0/24; this will not work and you should select a different subnet eg 192.168.101.0/24.

I'll assume OpenVPN is already working.

At the default routers in the server's network create a route for 192.168.101.0/24 via the IP address of the OpenVPN server in that network.

To the OpenVPN server config add (if not present) add:
Code:
route 192.168.101.0 255.255.255.0
client-config-dir some_directory
In some_directory create a file named after the common name in the laptops certificate containing:
Code:
iroute 192.168.101.0 255.255.255.0
On the laptop enable IP routing on interface connected to the phone and the tunnel interface only, this can be done by adding to /etc/sysctl.conf something like:
Code:
net.ipv4.conf.tun0.forwarding=1
net.ipv4.conf.usbeth0.forwarding=1
Configure the USB Ethernet interface with a suitable static IP address, eg 192.168.101.1 and a netmask of 255.255.255.0.

Reboot or run as root:
Code:
sysctl -p
The laptop is now a router, connect it to the router/switch port on the phone (via the USB Ethernet adapter) either via a crossover cable or a switch.

Manually configure the phone with the correct IP addresses, the default gateway will be the IP address of the laptop - 192.168.101.1. Alternatively install and configure a DHCP server on the laptop.
 
  


Reply

Tags
ddwrt, openvpn, phone, routing, voip vpn tunnels


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Use OpenVPN to connect to home network ? slacker_et Linux - Networking 15 04-19-2010 05:07 PM
openvpn cant ping internal network keith2045 Linux - Software 1 07-17-2009 11:04 PM
OpenVPN cannot connect to remote network behind server csweden Linux - Newbie 1 08-31-2008 04:27 AM
OpenVPN connection looks ok but cannot access anything from internal network @ office fdiaz05 Linux - Networking 1 02-28-2008 03:05 PM
OpenVPN internal network access mmarinho Linux - Networking 12 09-02-2005 02:00 PM


All times are GMT -5. The time now is 11:36 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration