Open VPN - GrandStream 1620 - Asterisk - Problem IP remote lan

rsocarras · Jun 20, 2016, 8:57 PM

Hello good afternoon,

I took a couple of weeks of research on this subject, I upgraded to the latest version pfsense and I connected the phone GrandStream 1620 through OpenVPN and still have the same problem. The IPv4 to register with Asterisk is the remote LAN IPv4.

Name/username Host Dyn Force Comedia ACL Port Status
74xx 10.1x.xx.86 D No No 9114 OK (1 ms)
74xx 10.1x.xx.61 D No No 6612 OK (13 ms)
74xx (Unspecified) D No No 0 UNKNOWN
74xx 192.168.0.102 D No No 5060 UNREACHABLE IP LAN REMOTE
74xx 10.1x.xx.152 D No No 9708 OK (2 ms)
74xx 10.1x.xx.34 D No No 5060 OK (5 ms)

This is my problem, the correct connection must be:

Name/username Host Dyn Force Comedia ACL Port Status
74xx 10.1x.xx.86 D No No 9114 OK (1 ms)
74xx 10.1x.xx.61 D No No 6612 OK (13 ms)
74xx (Unspecified) D No No 0 UNKNOWN
74xx 10.0.28.6 D No No 5060 OK (2 ms) IP tunnel VPN
74xx 10.1x.xx.152 D No No 9708 OK (2 ms)
74xx 10.1x.xx.34 D No No 5060 OK (5 ms)

Somebody can help me ??

Some data

1. Diagram

2. Pfsense Configuration

Server mode : Remote Access (SSL/TLS)
Protocol : UDP
Device mode : tun
Interface : WAN
Local port : 1194

TLS Autenthication : uncheck
Peer Certificate Authoroty : XXXXXX
Server Certificate : XXXXXX
DH Parameter : 2048
Encryption Algorithn : BF - CBC (128bit)
Auth digest Algorithn : SHA1 (160-bit)
Hardware Crypto : No hardware crypto acceleration
Certificate Depth : One (Client + server)

IPv4 Tunner Network : 10.0.28.0/24
IPv6 Tunner Network : _empty

Redirect Gateway : Ckeck, tambien probe uncheck.

Type-of-Service : uncheck
Inter-client communication : uncheck
Duplicate Connection : uncheck
Disable IPv6 : uncheck

Dynamic IP : Check
Address Poo : Check
Topology : net30 - Isolated /30 network per client

DNS Default Domain : uncheck
DNS Server enable : uncheck
Force DNS cache update : uncheck
NTP Server enable : uncheck
NetBIOS enable : uncheck
Enable custom port : uncheck

Custom options :
keepalive 10 120;
comp-lzo ;
max-clients 30 ;
persist-key ;
persist-tun ;

3. PING by Asterisk Server to GrandStream 1620

[root@192]# ping 10.0.28.6
PING 10.0.28.6 (10.0.28.6) 56(84) bytes of data.
64 bytes from 10.0.28.6: icmp_seq=1 ttl=63 time=20.0 ms
64 bytes from 10.0.28.6: icmp_seq=2 ttl=63 time=18.9 ms
64 bytes from 10.0.28.6: icmp_seq=3 ttl=63 time=21.1 ms
64 bytes from 10.0.28.6: icmp_seq=4 ttl=63 time=20.2 ms
64 bytes from 10.0.28.6: icmp_seq=5 ttl=63 time=19.1 ms
^C
–- 10.0.28.6 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4003ms
rtt min/avg/max/mdev = 18.910/19.878/21.113/0.799 ms
[root@192]# ping 192.168.0.102
PING 192.168.0.102 (192.168.0.102) 56(84) bytes of data.

^C
–- 192.168.0.102 ping statistics ---
20 packets transmitted, 0 received, 100% packet loss, time 19000ms

rsocarras · Jun 21, 2016, 3:02 AM

Solved, the problem was in the Grandstream 1620 configuration

On Accounts > Account 1 > Network Settings

NAT Traversal have to be on VPN

![Screen Shot 2016-06-20 at 10.00.28 PM.png](/public/imported_attachments/1/Screen Shot 2016-06-20 at 10.00.28 PM.png)
![Screen Shot 2016-06-20 at 10.00.28 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-06-20 at 10.00.28 PM.png_thumb)

zerofrank91 · Feb 23, 2017, 4:58 PM

Hi.

The configuration de pfsense, Connects 3 UCM6102 with its integrated openvpn client ?

janduy · Mar 13, 2017, 4:36 PM

Hello good afternoon.
The "rsocarras" tip helped, it usually ran OpenVPN in the grandstream gxp1625.

Thank you.