For the phones to use VPN, I did not need to open port 1194 in the firewall, and they connect via VPN just fine.
For UCP, I assume I will need to open port 1194, this look right? :
iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Port 1194 is for OpenVPN, and doesn’t have anything to do with UCP.
If I want to use VPN to access ucp, via the VPN IP, is that not possible?
You would need to set up your own VPN client on your PC. Anything that comes in through the VPN is classified as ‘Internal’ in the firewall, which already has access to UCP.
I did set up my own windows openvpn client, downloaded openvpn files from UCP, and installed them, etc…
As a reference point, I can access several remote openvpn servers in the office, but for the remote freepbx server, when I try to connect via the openvpn gui, with or without the previously mentioned iptable commands, as you noted, I get:
Thu Jun 21 01:55:07 2018 RESOLVE: Cannot resolve host address: xxxxxxxxx.deployments.pbxact.com:1194 (The requested name is valid, but no data of the requested type was found. )
If I change the .ovpn file from:
remote xxxxxxxxxx.deployments.pbxact.com 1194
remote hostname 1194
I get this error:
Thu Jun 21 02:19:02 2018 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
Thu Jun 21 02:19:02 2018 MANAGEMENT: >STATE:1529561942,CONNECTED,ERROR,10.8.0.4,xxx.xxx.xx.xxx,1194,
The faq section mentioned is of no help. The DHCP Client service is running fine. Not sure where the appropriate log file is located, will look for it later today.
Any ideas off-hand how to fix this so I can connect from windows openvpn gui to openvpn on the freepbx server?
I got it fixed.
Removing these line was the fix:
#remote xxxxxxxxxx.deployments.pbxact.com 1194
#remote hostname 1194
since the .ovpn file already has:
remote xxx.xxx.xx.xxx 1194
But, does not seem to allow auto-login to UCP, so, of no use really.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.