I have Sangoma S500 phones I want to use with remote workers. They also have laptops and need to access our network. The S500 has a second ethernet port for this purpose and I thought that port automatically used the phone’s VPN to grant network access. However when I plug in a computer I get a network IP from their local router and none of the traffic is routed over the phone’s VPN. In other words, the phone is just acting as a switch to the local computer.
Did I misunderstand this feature of the S500 phone? Do I need to also run OpenVPN on the computer?
Current FreePBX 13 distro with current updates on everything running on Sangoma appliance.
Having whatever device that’s plugged into the phone’s data jack piggyback the phone’s VPN cert sounds like a horrible idea from a security point of view. A separate VPN client using its own VPN credentials is the way to go.
Just going off of what I was told prior to purchase of the phone. I was told you could turn that port on or off in End Point Manager and if it was on the VPN from the phone passed through to the computer connected to make it easy for home/remote workers. If you have to set up a separate VPN on the computer, what’s the point of the second port? Just in case there’s only one port in the room I guess.
I see the wiki does have instructions on installing a VPN to a computer for FreePBX at http://wiki.freepbx.org/display/FPG/Windows+Client+Setup however the link for 32 bit Windows systems is broken (yeah, I still have one of those to support. )
I installed OpenVPN from their site and downloaded the Client Configuration from the FreePBX UCP, changed the extension to .ovpn as instructed. But it doesn’t connect. I get a “Resolve: Cannot resolve host address: xxxxxxx.deployments.pbxact.com: The requested name is valid, but no data of the requested type was found.”
I read on a different thread that someone else had this problem and found they needed to turn on DDNS even though they were on a fixed IP. I’m also on a fixed IP but not running DDNS so I tried turning it on however it didn’t resolve the issue.
The deployment number is correct and the portal shows the correct fixed IP address.
I’m thinking this isn’t going to work for me. This would build an OpenVPN between the user and the PBX, but it’s not going to give them access to the rest of my network right? So if my PBX is on, say, 192.168.1.50 they isn’t going to let them access a different server at 192.168.1.60. There’s no bridge to the rest of the network right?
On the other hand if I just have them OpenVPN directly into my main router they should get access to the PBX because the 192.168.0.x network is listed as a trusted network.