Working on testing some sangoma s500 phones. I was able to get everything setup with connecting via the phone’s built in VPN client. Initially the phone would not register and did not know the time. I was able to temporarily work-a-round this issue by configuring the phones to use a secondary SIP server and secondary NTP server.
How can I configure the DNS server that the handsets use when connected to the VPN?
Do I need to use the redirect gateway to accomplish this?
Should the openvpn --push “dhcp-option DNS 10.8.0.1” be used?
Or is there a way to configure this from the web UI, that I just haven’t discovered yet?
DNS is not controlled by the VPN its controlled by the IP of the phone from your DHCP server and will use DNS based on your DHCP server.
Exactly. This is fine for local users, however this is problematic, if I send a phone out to a remote worker, who may be working from home. I have no control over their DNS settings, so if the phone is configured to connect to sip.example.com for sip and use ntp.example.com for NTP and both of those servers are on the same internal network, the phone will never resolve those addresses and as a result will not negotiate the SIP connection and will not update the clock from the NTP server.
Well with DHCP DNS is pushed from the DHCP server. Sorry. NTP can be set in EPM under the template.
Maybe I am phrasing this incorrectly.
There are two sets of DHCP servers involved.
Host DHCP Server: gives the phone an IP address and the rest of the necessary information, to take care of provisioning and setting up the VPN connection
VPN DHCP Server: give the phone an IP address to pass traffic through the VPN tunnel back to the PBX and potentially the network that the PBX is physically attached to.
OpenVPN provides functionality for adding routing information, dns servers etc to the client.
Are you saying that configuring the phones to use a DNS server provided by the VPN DHCP server is NOT currently supported?
If so, is this a feature that would be considered for a future version of FreePBX?
No I am saying the phones DNS will only pull from the LAN port. The VPN it creates it to communicate the the PBX on the VPN IP address so no DNS is needed as it will only talk to the PBX on the VPN IP address of the PBX so DNS is not needed.
I understand what you are asking, and am actually preparing to test this next week with my Yealinks. I was doing some testing with Bind this past weekend.
If the VPN client was not a Sangoma phone then this would work using the push “dhcp-options” DNS 10.0.8.1 as you suggested (My syntax is garunteeably wrong) if your dns server is in the same subnet as the VPN clients. If it is not then you will also need to push a static route and make sure that route actually works.
I can’t imagine that on the phones like Sangoma and Yealink they are using anything other than a standard or stripped down version of the openVPN build that already exists. I really think it will work if you get it all configured correctly. Please share your results and if you give up I will let you know how my testing goes next week.