TIPS Remote Extension - OpenVPN

[Robmillerlight]

Hi,

My IncrediblePBX 2.11 install has been working great, but now that I'm trying to add three remote cellphone extensions via OpenVPN I'm having trouble figuring out how to do it. My IncrediblePBX is on a Pi 2, and since the Pi has limited processing power I've installed OpenVPN on my Windows 7 Pro 64-bit PC (which I leave running all the time, same NAT'd network).

I've searched Google and this forum but I'm still at a loss - could someone please help me understand how to set this part up? I've read that I'll need to setup three 'clients' in OpenVPN, one for each extension - but I don't understand how to do this, nor how Asterisk will see and access those three clients separately through the single IP address of the PC. Does this mean that I have to setup each OpenVPN client with a different port? Or does it mean that I have to run three instances of OpenVPN on the PC, each with it's own different port? If so, how do I do that (I don't even know how to run multiple instances).

Many thanks for any assistance!

 

[jerrm]

Setting up OpenVPN Server on the Pi is probably the simplest thing to do, and should be fine even on a Pi2.

If you insist on Windows, there is way to much variability to give definitive answers and I've never setup OpenVPN Server on Windows (actually surprised at that).

In general, the OpenVPN Server will assign clients to a vpn subnet - the default sample config is usually 10.8.0.0/24. The Windows PC then becomes a router between your network and the vpn subnet.

You will need to set up a route on the Pi for 10.8.0.0/24 pointing to the local IP of the Windows PC, and the PC should then handle the routing to the VPN endpoints. Alternatively you could add a route for 10.8.0.0 on your gateway router(pointing to the PC), but that introduces an unnecessary hop unless you have vpn clients the whole LAN needs access to.

 

[briankelly63]

Just some examples of what's involved

http://pbxinaflash.com/community/threads/yealink-ip-phone-openvpn-guide-wip.15423/

https://wiki.noojee.com.au/@api/deki/pages/119/pdf

 

[Robmillerlight]

I'll look into those suggestions - thank you both.

I just found a Ward Mundy article in which his very first suggestion for remote extensions is to "install another Incredible PBX at the remote site so the two servers can be linked with IAX connections between the servers making connectivity between the systems totally transparent."

Since this is his preferred method it indicates that an IAX connection is as secure as VPN; does this also mean that setting up an IAX phone at the remote extension by itself (without an additional PIAF server) would work just as well? It's certainly a lot easier than a remote PIAF installation plus a phone, and also seems a heck of a lot easier than the incredibly tedious VPN scenario.

Any thoughts?

 

[jroper]

Hi

The instructions for building an OpenVPN server are at http://www.bbc.co.uk/news/technology-33548728, I've used and verified them as accurate, and work for OSX (use Tunnelblick), Android and IOS (use OpenVPN client). An unusual topic for the BBC but welcome all the same. I used Ubuntu 14,04, but the instructions will not vary dramatically for other Linux distributions.

Joe