Elastix OpenVPN Configuration
I have taken a scenario of Elastix PBX install on two geographical location connecting over OpenVpn
and working as a VPN server and client. As we want to use OPENVPN for data and voice connectivity for both offices.
All our Internet traffic should go out through DSL Routers and only Voice and data traffic 192.168.1.x and 192.168.200.x should go over VPN Tunnel for KU to IN and IN to KU offices.
IN Office is our Head Office .
LAN IP Range is 192.168.1.x/24
WAN IP is Public Dynamic IP address (using DynamicDNS for IP update )
Elastix Server 192.168.1.200
Port forward 1194 UDP
enables routing on Elastix server
KU Office is our Branch Office .
LAN IP Range is 192.168.200.x/24
WAN IP is Public Dynamic IP address
Elastix Server 192.168.200.200
enables routing on Elastix server
Port forwarding not needed
Steps taken
1- Configure DynDNS for Dynamic IP address update on IN office .
2- Install EPEL Repository and update # yum update && yum install epel-release
2- Installed OPEN VPN and easy-rsa
# yum install openvpn easy-rsa
3- Generate Keys and Certificates for IN office and KU office
4- Make server.conf at IN office server /etc/openvpn/server.conf
I have used below configuration on server side
port 1194
proto udp
dev tun
ca /usr/share/easy-rsa/2.0/keys/ca.crt
cert /usr/share/easy-rsa/2.0/keys/ServerA.crt
key /usr/share/easy-rsa/2.0/keys/ServerA.key #
dh /usr/share/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route 192.168.1.0 255.255.255.0
route 192.168.200.0 255.255.255.0
push “route 192.168.1.0 255.255.255.0”
push “route 192.168.200.0 255.255.255.0”
client-config-dir ccd
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 6
mute 20
sndbuf 393216
rcvbuf 393216
push “sndbuf 393216”
push “rcvbuf 393216”
5- create a file /etc/openvpn/ipp.txt
kuwait,10.8.0.2
Note :- the name should be same as name of the client certificate .its will assign always same ip to that client .
6- create a directory CCD mkdir /etc/openvpn/ccd
nano /etc/openvpn/ccd/ServerA
iroute 192.168.1.0 255.255.255.0
nano /etc/openvpn/ccd/Kuwait
iroute 192.168.200.0 255.255.255.0
7 – Configure Client on KU office
Install and configure openvpn on KU office .
You should be able to access ping for KU office Elastix server for IN office Elastix server tun0 interface and vise versa.
8- Make SIP trunk between both PBX using TUNNEL interface IP address. (10.8.0.x)
9- Make incoming and out going Route Plan for calls incoming and outgoing.
Now you must be able to make and receive call form IN to KU offices and vise versa.
10 – To allow you network PC to access you must enter a route add command on each PC or server which you want to communicate with each other.
KU office PC
route -p add 192.168.1.0 mask 255.255.255.0 192.168.200.200
IN office
route -p add 192.168.200.0 mask 255.255.255.0 192.168.1.200
Note :- Both Offices PC must have route information for Networks they want to reach. Because you have not installed OPEN VPN client on PCs and its not required because we are using Elastix servers as gateway.
I will update soon on this topic. Client side configuration .
client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote kw.gkhan.in 1194
;remote 183.83.201.227 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert kuwait.crt
key kuwait.key
;ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 6
;mute 20