FreePBX | Register | Issues | Wiki | Portal | Support

Need help with VPN Server (Sangoma S500)


(Bob Reiber) #1

I cant for the life me get this going. The phone shows “VPN activated” and all the lines are unreachable. I went through this article

http://wiki.freepbx.org/display/FPG/System+Admin+-+VPN+Server

  • Enabled and configured the VPN server as well as made a client.
  • Set the User and Group to have VPN access in User Management
  • Manually downloaded the file generated and uploaded it into the phone (which was not being pulled when the phone would FTP it’s config file)
  • Registered the phone in the Schmooze portal
  • Verified that the config shows the correct info (shows the IP I gave it and the correct link to the vpn.tar file)
  • Tried using the internal IP of the PBX
  • Gave up and came here.

I’m confused by this line of the wiki page regarding the Remote Address, which I would assume would be the IP/URL of the remote phone, but the wiki seems to indicate the opposite:

Remote Address will be used as a fallback.The DDNS FQDN is managed inside the DDNS section of System Admin. You can also define a Remote Address, which would be the external IP address or FQDN at which the OpenVPN server is reachable for connecting clients.

Then there’s this, which I’m not sure is actually affecting anything

Any help is appreciated.

FreePBX 13.0.123
PBX Firmware: 10.13.66-12


(Bob Reiber) #2

derp. It was autofilling the IP range in the server settings and putting the phone on the 10.8.0 subnet. The VPN is actually connecting but the phone isn’t able to reach the PBX due to being on a different network.

edit: that didn’t fix anything. The phone continues to FTP it’s config files but it just will not register. Though now it’s not even establishing the VPN connection anymore.

Has anyone gotten this to actually work?


(Tony Lewis) #3

We use it daily. Did you go in EPM under Extension Mapping and edit your extension and tell it what VPN cert to use for the user.


(Bob Reiber) #4

I only see where to assign the client to the device.


(Tony Lewis) #5

That is the correct field. When you do that and have it rebuild the config the config should show the VPN IP address in it. The phone then needs to reach the PBX not on the VPN update the config and pull down the cert. It does this all for you.

We do this daily and it works just fine.

Make sure all your modules are fully updated on 13.


(Bob Reiber) #6

Whats interesting is that when I left the Server Range as the default and my phone got a 10.8.0 address the VPN connected but the phone would not register. Changing it to a different range kills the VPN. In neither case will the phone register. It FTPs it’s config just fine though. Also, changing the config to not use the VPN allows the phone to register.

I’m confused by the text in the Client tab. First off, it looks different than in the wiki page. In the PBX there is both a Server Remote Address and a Client Remote Address. I’m not clear on what the CLient Remote Address is actually supposed to be. The text in the help field makes it sound like it should be the same as the Server Remote Address, which is presumably the PBX address.



vs the wiki page

I also updated all the modules, which included updates to the paid Endpoint Manager as well as the VPN server.

For whatever reason I don’t see it downloading the MAC-vpn.tar file in the xferlog.

Tue Jul 5 16:07:32 2016 1 0 /tftpboot/factory0500.bin b _ o r phone ftp 0 * i
Tue Jul 5 16:07:32 2016 1 148 /tftpboot/cfg0500.xml b _ o r phone ftp 0 * c
Tue Jul 5 16:07:34 2016 1 0 /tftpboot/MAC.cfg b _ o r phone ftp 0 * i
Tue Jul 5 16:07:34 2016 1 0 /tftpboot/cfgMAC b _ o r phone ftp 0 * i
Tue Jul 5 16:07:35 2016 1 51354 /tftpboot/cfgMAC.xml b _ o r phone ftp 0 * c


(Lon Townsend) #7

did you ever get this to work? You want your phone to use 10.8.0.1 as the sip server and the proxy server, on the phone, to register to the phone server.


(Bob Reiber) #8

we kinda did, but it did not seem to be a very reliable connection so we gave up


(Lon Townsend) #9

what’s more reliable than vpn connection?