Grandstream VoIP over OpenVPN in VitalPBX
VitalPBX includes a new OpenVPN module that together with the current Grandstream firmware includes support for it (server/client mode) which allows you to tunnel the whole SIP/RTP traffic over an encrypted channel. This is also the best solution to avoid any kind of NAT/routing issues because all the devices are directly accessible within the virtual IP subnet.
Next, we will show you how to configure a Grandstream phone.
1.- First make sure that the compression is set to “comp-lzo”, in the server configuration tab
2.- Add an OpenVPN client by pressing the blue button at the bottom of the left corner
3.- After we have created the client, we can download the OpenVPN configuration of our client from the client’s tab.
4.- A compressed zip file will be downloaded, and will contain the following files:
5.- Now we are going to configure a Grandstream phone, uploading the required files in Network/OpenVPN Settings
- OpenVPN® Server Address: we configure the IP/Domain of our server.
- OpenVPN® Port: here we configure the port to access the server.
- OpenVPN® CA: we load ca.crt file.
- OpenVPN® Certificate, we load clientX.crt file.
- OpenVPN® Client key, we load clientX.key file.
After establishing the tunnel, it is necessary to configure the SIP account of the telephone. Remember that the IP Address to reach VitalPBX is the first in that range, that is, if we have the range 10.8.0.0, the IP Address of the PBX is 10.8.0.1.
When you create the SIP extension to connect, remember that to have audio it is necessary for the configuration of NAT must be Force, Comedia.
In future articles, we will explain how to connect phones of the brand Yealink, Htek as well as Android and iPhone phones with the OpenVPN built-in of VitalPBX.