I have a need to install one of our Polycom IP500 handsets in an external member of staff’s house. I have Bria working on iPhones that link back to the system via the OpenVPN app and the same working on desktops but this installation needs to be a physical handset.
I’m not opening any dedicated ports or changing anything in the firewall so VPN is the only way to get in to the system.
I thought I could buy a little box that could sit between the users home router and the Polycom. The box does the handshaking for VPN and the Polycom plugs direct into it, none the wiser as to where it is in the world.
I’ve been searching and searching and can’t find anything that seems suitable for OpenVPN. Everything seems to be pointing towards having some sort of dedicated machine at the users end which is a no-go in this situation.
I’m now a bit stuck on what to do, can anyone recommend anything?
put in a phone that supports OpenVPN directly. Not sure about the Polycomms but they should have some model that does… we usually use Yealink sets, even the lowest end models have native OpenVPN support built it. Works great, pre-load your certs onto the phone and when it powers up it does the OpenVPN directly.
Put in any OpenVPN capable router behind their current router/modem. This works as long as you have the new router setup to be the OpenVPN client, since the client doesn’t need any port forwarding on the existing router. Technically you’re doing double-nat, but realistically you are not because the phone will only be one hop away from the VPN. Grab yourself any small/cheapo router that will run OpenWRT, load it up and configure the OpenVPN client and you’re all set. Or grab one like the Cisco SMB’s that supports VPN out of the box.
There should not be double NAT in the case of a VPN adapter in client mode.
The default gateway will NAT the OpenVPN tunnel to the Internet but that is it. The tunnel is layer 2 and the route down the tunnel is layer 3, it’s a direct connection.
In addition to OpenWRT, DD-WRT and Tomato also support OpenVPN. Most any cheap router will be compatible with at least one of those. If the system needs QoS to maintain voice quality, Tomato is usually better than the other two.
If the user’s workstation is already running OpenVPN and is always on when the phone is needed, you could just add a USB NIC to connect the phone, with the OpenVPN connection shared to that NIC.