Setting up VPN with Polycom Phones and Endpoint Manager

I was following the directions listed in
https://wiki.freepbx.org/display/FPG/EPM-Admin+User+Guide#EPM-AdminUserGuide-VPN
I have a VPN set up on the server side through the GUI, but the article only talks about Sangoma phones. I have a Polycom VVX 301 and 401 which I’d like to provision. Are there any instructions someone has on how to configure these Polycom phones to use the VPN? I was able to provision the Polycom phones through the endpoint manager, but can not find documentation on connecting the phones to use the VPN. Thank you.

They don’t support VPN.

@tonyclewis - is there a Wiki page that talks about setting the server up as a VPN host and using a remote network to connect to the phone VPN? While it isn’t a phone-to-PBX VPN, there should be a way to get the remote network VPNed into the PBX, right?

Correct, I believe that is my intent. My phones are showing up as “Unreachable” when I look at the Asterisk info, and I was reading in the forums the best way to solve this is to set up a VPN. Our PBX is in a remote colocation facility. I think the best way to solve this is to set up a VPN between our office and the FreePBX server?

A VPN used to connect to FreePBX is a good way of allowing remote access without the compromise to open SIP port to the wild. At least that is what I prefer and use, I don’t feel comfortable with my FreePBX server being accessible to the world, even though the new firewall seems to do its job at keeping offenders away. Currently I run an OpenVPN server on a pfSense server and my remote phones connect through an OpenVPN client. I have both phones that directly support OpenVPN on their firmware and also phones behind OpenWRT routers with an OpenVPN client running on them.
For site-to-site connectivity I also have an IPSEC VPN and the phones use it to connect to FreePBX. If you are looking for help on setting up a VPN, please let us know which way are you willing to go so we can help.

For a server

Maybe something like

sed -i 's/10\.8\.0\.0/172.16.8.0/g' openvpn-install.sh

if you are already using 10.8.0.0/24

For a client.

yum/apt-get install openvpn

openvpn --config client.ovpn

Many residential routers have built in openvpn as client or server or both, only route your phones’s ips through such a server

1 Like

Thank you all for the suggestions. I have a Cisco RV325 router, and provision 192.168.1.* IP’s to local machines (phones, computers, or otherwise) that are plugged in.
The “Unreachable” phone listed in Asterisk Info reports its IP as 192.168.1.* in the list (again, my PBX is in a remote colocation facility, so we are traversing the Internet), so I’m assuming I need to have it provision one of the 10.8.0.0/24 IP’s?

How did you configure the OpenVPN client on the router against the OpenVPN server on your PBX? Did you ensure that the IP’s of any local voip phones are routed through that OpenVPN interface? When you have it all working, your phones should register successfully against 10.8.0.1

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.