Forum

Unified Communications PBX System

Help us to improve VitalPBX

USD

[Solved] OpenVPN with router  

  RSS

linkat
(@linkat)
Active Member
Joined: 1 year ago
Posts: 7
27/11/2019 2:38 am  

Hi,

it is possible to use OpenVPN add-on whit router cliente? 

I use mikrotik router and I would like to create a vpn VitalPBX (Cloud) <--> Router (mikrotik) and next register all extensions to PBX over VPN.

It is possible?

thanks


Quote
mrivera
(@ing-joserivera26)
Developer Admin
Joined: 2 years ago
Posts: 1889
27/11/2019 8:25 am  

Yes, it is possible if your router has the ability to manage OpenVPN certificates.


ReplyQuote
mo10
 mo10
(@mo10)
Estimable Member
Joined: 1 year ago
Posts: 104
01/12/2019 3:24 pm  
Posted by: @linkat

Hi,

it is possible to use OpenVPN add-on whit router cliente? 

I use mikrotik router and I would like to create a vpn VitalPBX (Cloud) <--> Router (mikrotik) and next register all extensions to PBX over VPN.

It is possible?

thanks

Yes this is possible with the right configuration of the mikrotik router.
You can use the mikrotik openvpn client to connect to vitalpbx.


ReplyQuote
linkat
(@linkat)
Active Member
Joined: 1 year ago
Posts: 7
03/12/2019 2:25 am  

Yes i use mikrotik openvpn client to connect to vitalpbx.

Yes Mikrotik can manage openvpn certificates

is there anyone can give me some configuration suggestions?

Thanks

ReplyQuote
DannyLarsen
(@dannylarsen)
Estimable Member
Joined: 2 years ago
Posts: 142
03/12/2019 3:53 pm  

I have spent a lot of time on this

OpenVPN will work, however all of the phones will show the single remote mikrotik address, which makes it so you can't easily do a tunnel back thru to the phone since the Vital server is also the Openvpn server and the mikrotik is only client

A better solution for me was to use and IPsec point to point

Install OpenSwan VPN to your server

yum install openswan lsof

Setup firewall rules

4500 UDP/TCP
500 UDP

Setup your IPsec config    files are here   /etc/

ipsec.secrets

   0.0.0.0 %any: PSK "YourIPSecPassword"         (change 0.0.0.0 to the mikrotik ip for security)

ipsec.conf

config setup

# nat_traversal=yes

protostack=netkey
fragicmp=no

conn mikrotik
# This is where you define your connection to the router NAME.

left=XXX.XXX.XXX.XXX    #your Vital Wan address
leftsourceip=10.5.0.1             #Vital pbx local, you may need to add this as an interface 
leftsubnet=10.5.0.0/24
leftid=XXX.XXX.XXX.XXX  #your Vital Wan Address

right=XXX.XXX.XXX.XXX    ##mikrotikwanip or %any   if the server is dynamic
rightid=XXX.XXX.XXX.XXX ##mikrotikwanip
rightsubnet=192.168.0.0/24   ##mikrotik local ips or multiple ranges using a coma ","

keyingtries=0
pfs=yes
aggrmode=no

ike=3des-sha1;modp1024   ## Or what you want just so it matches the other router
esp=3des-sha1;modp1024

authby=secret
keyexchange=ike

# This allows the VPN to come up automatically when openswan starts
auto=start

ikelifetime=86400s
keylife=3600s

 

Enable and start the service Like this
systemctl enable ipsec.service
systemctl status ipsec.service

Mikrotik special settings if the wan is dhcp

Policy behind a NAT
Change SA Scr Address to 0.0.0.0

 

I have also used this with pfsense ipsec vpns or other

The advantage is each phone will have a unique ip address of 1.05.0.X


mo10 and mrivera liked
ReplyQuote
Share:

Please Login or Register