Re: [Astlinux-users] how to confogure OpenVPN on Astlinux for Snom Phone

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Nedi,

I never used snom phones for OpenVPN (only Yealink) since the stripped VPN from their default firmware (years ago).
Have you followed their instructions at:

https://service.snom.com/display/wiki/Configuring+VPN+on+Snom+Deskphones

It looks at they need separate files for the keys and cert. There are example configs.
BTW: Depending how old the phones are e.g. "AES-256-CBC" might not be supported by the phones hardware.

> Am 10.04.2021 um 18:04 schrieb nedi <ne...@gm...>:
> 
> Hi , 
> has anyone working config for the snom phones and astlinux openVPN i tried and tried , it works with MacBook and Asttlinux OpenVPN, 
> snom won’t connecting , what can I do to get it working?
> 
> I putting ip adress of vpn server into vpn.cnf
> This is my snom vpn config:
> remote IP Adress of my PBX OpenVPN Server  1194 udp
> comp-lzo yes
> cipher AES-256-CBC
> key-direction 1
> client
> ns-cert-type server
> nobind
> persist-key
> persist-tun
> dev tun
> verb 3
> <ca>
> -----BEGIN CERTIFICATE-----
> …..my cert , key, and tl….
> 
> After not working i tried this vpn.cnf  to put cert key  separately as described by snom wiki  putting all files into openvpn folder and  made tarbal of them 
> 
> remote IP Adress of my PBX OpenVPN Server  1194 udp
> comp-lzo yes
> cipher AES-256-CBC
> key-direction 1
> client
> ns-cert-type server
> nobind
> persist-key
> persist-tun
> dev tun
> verb 3
> ca /openvpn/ca.crt
> cert /openvpn/client.crt
> key /openvpn/client.key 
> 
> Thanks
> 
> Regards nedi
> 
> 
>> Am 08.04.2021 um 23:22 schrieb Michael Keuter <li...@mk...>:
>> 
>> 
>> 
>>> Am 08.04.2021 um 22:59 schrieb nedi <ne...@gm...>:
>>> 
>>> Hi MIchael, 
>>> I need 2 Phoen connect to pbx from outside 
>>> I have this snom Firmware and Patch for VPN flashed as Update,  but this not working with my Synology. From Synology I can Export  openvpn config file and use on Macbook OpenVpn app  but there is not user.key included and user.crt ther are only ca.crt and openvpn.conf  files. 
>> 
>> The Synology OpenVPN server is very limited from the WebGUI.
>> 
>>> I think is not wrong with snom, I can make those tar file .. and flash the snome phone.  After that I tried with Astlinux openvpn and forwarded port to Astlinux ip  but with Astlinux i can’t Connect from snom, can’t connect from my smartphone or macbook. There is no connecting to VPN server. I thinK on astlinux side is something wrong.
>>> regards 
>>> nedi
>> 
>> You should definitely get it working first with your Mac, before trying the snom.
>> 
>> https://doc.astlinux.org/userdoc:tt_openvpn_server
>> 
>> For the snom use "Auth Method" => "Certificate"
>> 
>> When I download the credentials and import the "openvpn-cert-key" *.ovpn file into Viscosity or Tunnelblick it works fine on a Mac.
>> 
>>> 
>>>> Am 08.04.2021 um 22:36 schrieb Michael Keuter <li...@mk...>:
>>>> 
>>>> 
>>>> 
>>>>> Am 08.04.2021 um 22:24 schrieb nedi <ne...@gm...>:
>>>>> 
>>>>> Hi, 
>>>>> I tried to configure OpenVpn for the Snom phone without  success on Astlinux box and on Synology. 
>>>>> On Synology I have VPN working but I think  is not compatible to the Snom phone I need a key file.
>>>>> 
>>>>> 
>>>>> astlinux-1.2.6.1 i586 - Asterisk 1.8.32.3	Runnix Release:	runnix-0.4-7671 GUI Version:	1.8.40
>>>>> 
>>>>> Can Anyone help me to configure OpenVPN on Astlinux box. I  Have Alix with only one Lan Port can be this is the issue because VPN won’t work or iptables firewall make some issues? 
>>>>> I tried with firewall enabled or disabled, I  rebooted, tried import openvpn.conf on Macbook. I made port-forwarding .  
>>>>> 
>>>>> In Firewal options is all disabled and I put into firewall  Pass EXT->Local  UDP 0/0 1194
>> 
>> You don't need that, it is done by the openvpn firewall plugin automatically.
>> 
>>>>> 
>>>>> My network  is: 10.0.0.1   DNS:  10.0.0.1  NM:  255.255.255.0    ipv4 Gateway: 10.0.0.1
>>>>> 
>>>>> Tunnel Options:
>>>>> Protocol: UDPv4						Port:	1194
>>>>> Log Verbosity: medium				Compression:	yes
>>>>> QoS Passthrough:Yes					Legacy Cipher:	AES-256-CBC
>>>>> Device:tun0							Auth HMAC:	Use default
>>>>> Raw Commands:
>>>>> 
>>>>> Authentication:
>>>>> Auth Method:	Certificate	
>>>>> Extra TLS-Auth:	Yes
>>>>> 
>>>>> Firewall Options:
>>>>> External Hosts:	0/0
>>>>> 
>>>>> Server Mode:
>>>>> Server Hostname(s):	my dyndns
>> 
>> Is this domain reachable?
>> Depending on your network/DNS configuration you might fail to test the VPN connection from your internal network.
>> 
>> Try testing with your MacBook via a smartphone with Wifi Hotspot and mobile data instead.
>> 
>>>>> Network IPv4 NM:	10.10.11.0 255.255.255.0
>>>>> Network IPv6/nn:	
>>>>> 
>>>>> Topology:	subnet latest , requires openvpn 2.1+ clients
>>>>> "push":	dhcp-option DOMAIN priv.mydomain.ch           <==       can be it is wrong what i have here , do I need this?
>> 
>> The domain option is not needed at first, you can still add it later.
>> 
>>>>> 		dhcp-option DNS 10.10.10.1 
>>>>> 		route10.10.10.0 255.255.255.0 
>>>>> 		redirect-gateway def1
>>>>> 
>>>>> Server Certificate and Key:
>>>>> 
>>>>> Private Key Size:	2048
>>>>> Signature Algorithm:	SHA-256
>>>>> 
>>>>> I made 2 Usr and downloaded zip files 
>>>>> 
>>>>> after import into openvpn app won’r connecting.
>>>>> 
>>>>> regards Nedi
>>>> 
>>>> I think some years ago snom removed OpenVPN from their default firmware images. You need a special firmware that enables OpenVPN.
>>>> 
>>>> https://service.snom.com/display/wiki/Configuring+VPN+on+Snom+Deskphones#ConfiguringVPNonSnomDeskphones-InstallandconfigureOpenVPNontheSnomphones.1
>>>> 
>>>> Michael
>> 
>> Michael

Michael

http://www.mksolutions.info