Hi there community,
I have been struggling with this and did not want to post lest it I could not figure it out myself.
I have a PBX server running on a remote network. (Network: 192.168.1.0) I have attempted numerous time to setup openVPN server and succeeded (using TUNnel adapters) on it’s own 10.9.8.0 network.
I was able to login but problems with pinging server and internet network – this aside I got that resolved (firewall issues).
Now I am trying to share my TUN adapter (bridge) with my VoIP phone to connect over VPN to the server.
PHONE–HOME(VPN)–INTERNET– SERVER(VPN)-- FreePBX box
What is the best approach in doing this properly and why can I not get it to work?! Do I need to permit multiple login’s of the same username on the VPN?
My sincerest thanks for any help.
Not really sure what you’re asking. But…if you can ping your server from the remote end of the VPN, an login into the server from the remote end of the VPN, You should be ready to go. Once I’ve got the VPN connected, I’ve never had a problem getting the phones to connect and work great.
So then…do you have the VPN in an operational status? Can you ping and login to the server from the remote end?
In what device is the tunnel terminated on the home end?
Both end are on a NATted network.
I use my laptop to connect via openVPN client.
Should I bridge the TAP adapter with the LAN adapter (which connects to phone) on the laptop?
No, you need to buy a router with the OpenVPN client, something that will run DD-WRT. You will never get what you want trying to bridge interfaces on a PC.
I figured something like that.
When I have my laptop connected to the remote network (on location) I can bridge my wireless to the wired NIC and the phone works fine. I can certainly understand sharing a TAP or TUN adapter may create problems/security issues.
Thanks for your input.
We use VPN connection between HQ and remote site, VPN connected using IpCop (linux router distro) at each end. http://www.ipcop.org/
Phones at remote site are regular extensions of FreePBX running at HQ.
No special ports opened or other complications needed.