FreePBX | Register | Issues | Wiki | Portal | Support

Grandstream Phones with the built in OpenVPN Client


#1

Greetings!

Just wanted to check with the community here and see if anyone has had success with using any of the Grandstream GXP-21XX series phone’s OpenVPN clients to connect to FreePBX’s built in OpenVPN server?

If anyone has, did you have to do anything special to get it to work? Also, has the connection been stable?

Thanks!


#2

I am also very eager to hear the communities feedback. I too have this project on my open list of items to accomplish. We have standardized on the gxp2160.


(xpat) #3

We have been unsuccessful using the GXP2130 v1 and v2 phones. We can successfully connect Zoiper and PhonerLite soft clients (as a test case) to FreePBX using SSL and VPN, however GXP2130 does not work in either mode.

We have contacted Grandstream helpdesk and they attempted some troubleshooting, however ultimately the answer was that their phones work with their PBX system and they were unable to get them working with FreePBX. I appreciate their effort, but typical vendor answer. The logging on their phones in this regard is lacking. They claimed some issues with VPN in 1.0.7.25 firmware. I haven’t tried with the latest firmware 1.0.7.97 so I cannot confirm if the problem is still there. It has taken up too many hours for me to try again, maybe in a few weeks I’ll give it another whirl.


#4

Just a little hint to see if works, I had a similar issue with the Yealink phone and openvpn and the issue was hat yealink phones only support SHA1 and MD5 ciphers. So changing the cipher to MD5 in the openssl-$VERSION.conf file works, not sure if you can try that and see if grandstream connects correctly.


#5

I believe the Yealinks allow for better customization. All we have available to us is IP, port, protocol, and a place to upload the certs and key.


#6

The changes that I refer to, are in the server side.


#7

basic settings that I use (SERVER side)

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.10.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1”
client-to-client
cipher BF-CBC
comp-lzo
duplicate-cn
keepalive 10 120
max-clients 100
status openvpn-status.log
log openvpn.log
verb 7


(Rafael Baez) #8

I know this is an old post and dont know if you were able to figure it out, but I got all my GXP2160 to work over vpn with freepbx. infact I got two vps with freepbx and vpn working including the elusive remote user with Tmobile phone over vpn.

Steps

  1. upload certificate to gxp21xx then on each account on the gxp go to network and set
  • DNS Mode: use configured ip

  • DNS srv: leave to default

  • Primary IP: to what you have set it up for

  • Nat Traversal: vpn


(Lon Townsend) #9

What is the primary IP?


(Rafael Baez) #10

If you server range is 10.8.0.0/255.255.255.0 then your primary IP/Gateway is 10.8.0.1 and dont forget to reboot phone after uploading certs.


(Lon Townsend) #11

thank you for that.