Sangoma Phones on independant OpenVPN


We have a working OpenVPN setup among several offices that has worked for years. I see that the Sangoma S700 series phones (among others) can utilize OpenVPN, but I cannot find instructions on how to configure them manually.

Yes, I see the instructions for utilizing EPM to configure the phone, however, that is assuming the FreePBX server is going to be the OpenVPN server. I do not want that – I have OpenVPN running on my firewall, and life is good. I want the phones to connect to my firewall, and then they can find the FreePBX server through routing.

I see the web tab on the phone for uploading VPN Config, but I have no idea on the format of the uploads. Usually, OpenVPN requires the CA, a certificate, a config file, and in my case, a dlh and TA files. Do I need to send them all to be uploaded, or perhaps all tar’d together and the phone does its thing.

How do I set this up manually?


We do not support having the phone connect a VPN to anything but the FreePBX server direct. You can hack your away around and try and figure it out but its not something supported by us.

Hello Tony,

Thank you for the reply. But was does support mean? I can understand that you won’t accept phone calls on it, but surely there is an expected file format that the phones expect that could be disclosed for us who will support it on our own. Clicking on the Import button asks me to select a .tar or a .ovpn file. Maybe you use the same format as TunnellBlick.

We specifically purchased the phones because of the OpenVPN declaration, with the expectation that I prepare the files, configure the phone, and away we go. I was excited about the ability of a home office without the small linux server in front to negotiate the VPN. The phone connecting to the SOHO router and a corporate laptop behind the phone on the VPN was a very sexy option. And now you are telling me that I need to break a working environment in order to support it.

Finding out what the phone expects would be a useful disclosure. I might just setup a server and try it just to see what is sitting in the /tftp directory for the phone to scoop up.


Its just stock openvpn so nothing special.

If you configure it through FreePBX VPN server and EPM you can see what we are doing. But the minute we provide info on it we have to support it and the Sangoma Phones whole design is about tight built in integration into FreePBX and PBXact and we are trying to keep that simple and easy to use and not overwhelm users and our staff with having phones used in 100 different ways.


We do have a wiki on the Phones VPN setup: Maybe there are bits and pieces in there that you can utilize to configure to your needs.

Preston and Tony,

Thank you both for your information. I see where you are going, and understand you desire to have simple configs for the majority of folks out there. I think I may be a problem child as I have the “old way” carved into the granite block that resembles my head, and sometimes easy is too hard for me.

I have been swimming in Linux since RedHat 5.1 (before Enterprise). Just want to be careful altering appliances.

Keep up the great work. I’ll have to swing into Neenah sometime and shake hands again.


I’m going to chime in here… We’ve been using Yealink endpoints for our remote users, primarily becuase they support OpenVPN, and it’s no great mystery on how to configure with a dedicated site OpenVPN server. (There are several excellent guides on the net for that). We just installed a new location which will require some remotes. With the increase in the price for EndPoint Manager and Phone-Apps for third party phones (hey, I understand, you want to encourage Sangoma and Digiium endpoints), doing the math easily shows it was cheaper to use Sangoma endpoints than purchase the full EndPoint Manager and Phone-Apps for this site. Plus we need the VPN. (All of our installs include a dedicated hardware firewall which support multiple VPN protocols. There is no way I’m going to install a PBX trusting anything less)

However – To say we have to use openVPN on the PBX, or will not document how to, configure the phones with plain jane OpenVPN, well that’s a huge disappointment.

The whole idea of using open standards is interoperability. Yealink and SNOM clearly ‘get it’, and document how to configure the endpoint for VPN use. To have to “…hack your away around and try and figure it out but its not something supported by us.” Is really quite arrogant in some respects.

Yes I get it, you’re designing for the lowest common denominator of install. But at least document the full phone like your competitors…