Setting up vpn ip phone


(Laurent Francois) #1

Hi ,
I try to setup an Sangoma IP phone on a remote place with VPN

Here is my config :

Freepbx -(LAN net)- switch cisco L3 ----Routeur OpenWRT (IP-PUBLIC-ROUTEROPENWRT) – INTERNET – Router -(REMOTE net)

It used to work for two years but not anymore. I think because of a change in the IP public of the Routeur OpenWRT.

  • version FreePBX 13.0.197.8 'VoIP Server’
  • Current Asterisk Version: 14.7.5
  • I read and follow and done:

  • The vpn server is running. I got a tun0 interface on the freepbx (ifconfig)
    and got route : 10.8.0.0 * 255.255.255.0 U 0 0 0 tun0

  • IP phone plug in the cisco switch, so localy.

  • If the extension mapping is with no Client VPN the phone is SIP registered

    • can do a *43 echo test
    • sip show peer like 57 : sip show peers like 57
      Name/username Host Dyn Forcerport Comedia ACL Port Status Description
      57/57 10.66.0.138 D Yes Yes A 5060 OK (7 ms)
      1 sip peers [Monitored: 1 online, 0 offline Unmonitored: 0 online, 0 offline]
  • If I add the client VPN in an extension mapping

  • Save and rebuild Apply

  • reboot phone
    syslog of the phone, I find this:

[11-18 22:54:21 50:19:73] SIP: aid 0, cid 0, tid 47, did 18, REQUEST: SUBSCRIBE, Event: 40
[11-18 22:54:21 50:19:73] SIP: aid 0, cid 0, tid 47, did 18, RESPONSE: 401 Unauthorized, 4xx received for SUBSCRIBE!, Event: 40
[11-17 21:52:41 50:19:73] SIP: aid 0, cid 0, tid 63, did 0, REQUEST: SUBSCRIBE, Event: 40
[11-17 21:52:41 50:19:73] SIP: aid 0, cid 0, tid 63, did 0, RESPONSE: 404 Not Found, 4xx received for SUBSCRIBE!, Event: 40

Now I’m stuck. Where are the authentification informations? Or it’s an other probleme.
Thanks


(Laurent Francois) #2

I made it.

  • My config

internet ---- Router — Switch cisco L3 — Freepbx

  • Plug the phone localy (in the net of the freepbx) for all this procedure.

  • Set some port forwarding on the router in the net of the freepbx. Check Admin /System Admin / Port management : Http provisionning , server VPN and Endpoint manager / Global settings tab.

    • http port
    • VPN port
  • System admin / Provisionning protocole: HTTP(s)Authentification : BOTH

  • Factory reset phone

  • Set in Webgui phone provisionning address :

    • http://user:password@ip_public_router_freepb:83(84)

Clear as much as possible

  • Delete: Endpoint manager (EPM) / extension mapping
  • Delete: Admin / System Admin / VPN server / VPN Client
  • Delete all not usefull and working Application / Extension
  • Delete all not usefull Admin / user Management
  • Delete VPN client System Admin / VPN client / Delete

Settings

  • Setting / Advanced Settings
    • Device settings : SIP nat : No
  • Setting / Asterisk SIP settings :
    • General SIP settings tab no change
      • External address : auto get the IP_PUBLIC_ROutER_fREEPBX
    • CHAN SIP settings tab :
      https://wiki.freepbx.org/display/FPG/NAT+Configuration+FreePBX+12
    • NAT YES
    • IP configuration :
      • Dynamic IP : (configure a dydns before)
        • Dynamic host : MY_FQDNDDNS
        • Dynamic host refresh : 120
    • Submit / apply config

Create template - extension - client VPN

  • EPM / Brand Sangoma / New template

    • General tab :
      • Default internal Template : YES (obscur)
      • Default external template YES (obscur)
      • SIP destination adress : IP_LOCAL_SERVER_FREEPEBX
      • Provisionning address : custom : http://user:password@IP_PUBLIC_ROUTER_FREEPBX
      • PhoneApps protocole : HTTP (no other choise)
      • Force Firmware version : Firmware slot 1
  • Create extension : Application extension / add

    • Application / extension / add new chan SIP extension
      • General tab
        • user extension : 5
        • Display name :HelloCab
        • Link to a default user : Create new user
      • Advanced tab:
        -DID description : HelloCabDID
        • NAT Mode :Yes
          Yes usually works for both internal and external devices. Set to No if the device will always be internal.
      • Other tab:
        • Brand Sangoma
        • MAC
      • Template created previously
      • Model
      • Account
  • Submit Apply config

  • Create extension mapping :
    - Endpoint Manager / Extension Mapping / Add extension
    - Account , MAC address , model

  • Save and rebuild configs / Use selected

  • Reboot the phone .

  • Verify it is registered :

    • *43 echo test
    • ssh root@IP_LOCAL_FREEPBX
      • asterisk -rvvvdddd
      • sip show peers (sip show peers like ID)
    • EPM /Extension Mapping / ip for the extension mapping.

Go to VPN config .

  • Admin / User Management / Edit user /

    • VPN tab
      • Autocreate and Link
    • Submit / Apply config
  • Check the new VPN client in System Admin / VPN Server / Client exist.

  • Check Setting / Asterisk Sip settings:

    • Local network :
      • Subnet local
      • Subnet VPN (populated by the system)
      • If not click Add Local Network Field
  • add the VPN client to extension mapping

    • EPM / extension mapping / edit
      • VPN client: add the VPN autocreated.
      • Save and rebuid / Apply
  • Check VPN server

    • Admin / System Admin / VPN server / client : Client IP 10.8.0.x | Connected : time stamp
    • service openvpn status
    • grep tun ifconfig
  • reboot the phone

syslog ip phone 
vpn et registered 
[11-20 00:24:20 50:19:73] SIP: sip_nict_init, no route, req_uri->host:port is 10.8.0.1:5060
[11-20 00:24:20 50:19:73] SIP: aid 0, cid 0, tid 0, did 0, REQUEST: REGISTER, Event: 2
[11-20 00:24:20 50:19:73] SIP: aid 0, cid 0, tid 0, did 0, RESPONSE: 401 Unauthorized, Registration failed!, Event: 2
[11-20 00:24:20 50:19:73] SIP: find_authentication_info, aid 0, username: 5, realm: "asterisk"
[11-20 00:24:20 50:19:73] SIP: find_auth_info, aid 0, username: 5, account match
[11-20 00:24:20 50:19:73] SIP: sip_nict_init, no route, req_uri->host:port is 10.8.0.1:5060
[11-20 00:24:20 50:19:73] SIP: aid 0, cid 0, tid 3, did 0, REQUEST: OPTIONS, Event: 27
[11-20 00:24:20 50:19:73] SIP: aid 0, cid 0, tid 0, did 0, REQUEST: REGISTER, Event: 1
[11-20 00:24:20 50:19:73] SIP: aid 0, cid 0, tid 0, did 0, RESPONSE: 200 OK, User is successfully registred!, Event: 1
[11-20 00:24:20 50:19:73] SIP: aid 0, Fail to get User-Agent header
[11-20 00:24:20 50:19:73] SIP: aid 0, expires: 900(900)

Check if registered:

  • It say it is in the WEB gui IP phone (Account / Registered).
  • echo test *43
  • sip show peers
    • Name/username Host Dyn Forcerport Comedia ACL Port Status Description
      5/5 10.8.0.2 D Yes Yes A 5060 OK (14 ms)
      […]

To debug

  • tail -f /var/log/messages

  • tail -f /var/log/asterisk/full

  • tail -f /var/log/httpd/accesslog

  • For VPN server

    • cat /etc/openvpn/sysadmin-server1-status.log
    • ou service openvpn status.

(system) closed #3

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.