Set IP addresses using OpenVPN to access UCP

adtopkek · September 27, 2017, 3:41pm

I’ve been working with the default Freepbx 13 (responsive) firewall and when you connect to an extension directly using the server IP then the connecting device’s IP address can access the UCP. That is a great feature and I am trying to get that to work with OpenVPN.

I setup openvpn through Freepbx, I formatted the OpenVPN file how my Yealink wants it, my Yealink connected to the VPN server, and calls out through the VPN. The problem is that the public IP I am using to connect to the OpenVPN server cannot connect to the UCP as it is not being allowed through like if I was directly registering my endpoint without using the VPN tunnel.

Ip 81.35.27.26 connects to 10.8.0.1 and gets the IP 10.8.0.2. It uses 10.8.0.1 to talk to the Freepbx server to avoid firewall issues. I want 81.35.27.26 to be able to access the UCP.

How do I get IP’s using the OpenVPN to be able to access the UCP automatically?

lgaetz · September 27, 2017, 4:11pm

You can’t, nor can I think of a work around to this. I suppose your users could run an OpenVPN client on their PC then connect to UCP using the VPN ip.

adtopkek · September 27, 2017, 4:18pm

On our CSF firewall servers we would pull all the unique IP addresses from /etc/openvpn/openvpn-status.log, make them into a list, then tell CSF to read/allow that list every X minutes. Can this firewall do something similar?

lgaetz · September 27, 2017, 4:32pm

Can it? Probably. Does it at present? No. Feature requests received at the above link marked ‘Issues’.