OpenVPN with router

VitalPBX Community Support General Discussion OpenVPN with router

  • Post
    linkat
    Participant

    Hi,

    it is possible to use OpenVPN add-on whit router cliente? 

    I use mikrotik router and I would like to create a vpn VitalPBX (Cloud) <–> Router (mikrotik) and next register all extensions to PBX over VPN.

    It is possible?

    thanks

    0
Viewing 4 replies - 1 through 4 (of 4 total)
  • Replies
    Up
    0
    Down

    Yes, it is possible if your router has the ability to manage OpenVPN certificates.

    0
    mo10
    Moderator
    none
    Up
    0
    Down
    Posted by: @linkat

    Hi,

    it is possible to use OpenVPN add-on whit router cliente? 

    I use mikrotik router and I would like to create a vpn VitalPBX (Cloud) <–> Router (mikrotik) and next register all extensions to PBX over VPN.

    It is possible?

    thanks

    Yes this is possible with the right configuration of the mikrotik router.
    You can use the mikrotik openvpn client to connect to vitalpbx.

    0
    linkat
    Participant
    Up
    0
    Down

    Yes i use mikrotik openvpn client to connect to vitalpbx.

    Yes Mikrotik can manage openvpn certificates

    is there anyone can give me some configuration suggestions?

    Thanks
    0
    DannyLarsen
    Participant
    none
    Up
    0
    Down

    I have spent a lot of time on this

    OpenVPN will work, however all of the phones will show the single remote mikrotik address, which makes it so you can’t easily do a tunnel back thru to the phone since the Vital server is also the Openvpn server and the mikrotik is only client

    A better solution for me was to use and IPsec point to point

    Install OpenSwan VPN to your server

    yum install openswan lsof

    Setup firewall rules

    4500 UDP/TCP
    500 UDP

    Setup your IPsec config    files are here   /etc/

    ipsec.secrets

       0.0.0.0 %any: PSK “YourIPSecPassword”         (change 0.0.0.0 to the mikrotik ip for security)

    ipsec.conf

    config setup

    # nat_traversal=yes

    protostack=netkey
    fragicmp=no

    conn mikrotik
    # This is where you define your connection to the router NAME.

    left=XXX.XXX.XXX.XXX    #your Vital Wan address
    leftsourceip=10.5.0.1             #Vital pbx local, you may need to add this as an interface 
    leftsubnet=10.5.0.0/24
    leftid=XXX.XXX.XXX.XXX  #your Vital Wan Address

    right=XXX.XXX.XXX.XXX    ##mikrotikwanip or %any   if the server is dynamic
    rightid=XXX.XXX.XXX.XXX ##mikrotikwanip
    rightsubnet=192.168.0.0/24   ##mikrotik local ips or multiple ranges using a coma “,”

    keyingtries=0
    pfs=yes
    aggrmode=no

    ike=3des-sha1;modp1024   ## Or what you want just so it matches the other router
    esp=3des-sha1;modp1024

    authby=secret
    keyexchange=ike

    # This allows the VPN to come up automatically when openswan starts
    auto=start

    ikelifetime=86400s
    keylife=3600s

     

    Enable and start the service Like this
    systemctl enable ipsec.service
    systemctl status ipsec.service

    Mikrotik special settings if the wan is dhcp

    Policy behind a NAT
    Change SA Scr Address to 0.0.0.0

     

    I have also used this with pfsense ipsec vpns or other

    The advantage is each phone will have a unique ip address of 1.05.0.X

    0
Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.