RT86U - VPN - Access to GIGASET VOIP.

[miazza]

Hello to everybody.

I have an issue with my VPN that I cannot manage to solve:

I've set a VPN on my 86U and I'm able to reach all the LAN devices attached to the router as from home.

All except one ... ... I cannot reach my Gigaset VOIP phone Web page; I can reach it when I am at home and attached to the router but I get no answer when connected through the VPN.

Do you have any suggestion about how to solve this problem ?
Is there any particular setting for this kind of device ?

Thanks

 

[Martineau]

Hello to everybody.

I have an issue with my VPN that I cannot manage to solve:

I've set a VPN on my 86U and I'm able to reach all the LAN devices attached to the router as from home.

All except one ... ... I cannot reach my Gigaset VOIP phone Web page; I can reach it when I am at home and attached to the router but I get no answer when connected through the VPN.

Do you have any suggestion about how to solve this problem ?
Is there any particular setting for this kind of device ?

Thanks

Is the Gigaset VOIP Web page on a different subnet? - if it is then search/follow solutions for accessing 'modem behind' router/OpenVPN.

 

[miazza]

Is the Gigaset VOIP Web page on a different subnet? - if it is then search/follow solutions for accessing 'modem behind' router/OpenVPN.

Thanks for the feedback.
No, the Gigaset is on the same subnet of other devices:
- Router 192.168.1.1
- Raspberry and other devices 192.168.1.xxx
- Gigaset VOIP 192.168.1.39

From home, when connected via Wifi or LAN I can access it to the web page without any problem.

 

[Martineau]

Thanks for the feedback.
No, the Gigaset is on the same subnet of other devices:
- Router 192.168.1.1
- Raspberry and other devices 192.168.1.xxx
- Gigaset VOIP 192.168.1.39

From home, when connected via Wifi or LAN I can access it to the web page without any problem.

If the issue was reported against say a NAS or a WinPC, I'd suspect the firewall on the target device rejecting the OpenVPN Client subnet.

Not sure if there is a similar restriction for the Gigaset VOIP.

 

[netware5]

You may try the following:

1. Start a second OpenVPN server with TAP interface.
2. Try again when connected to the second server.

***IMPORTANT***
In order to avoid conflicts between your home LAN and and remote place where you connect from, it is strongly advised to not use 192.168.1.0/24 as a home LAN address space. Change your LAN to something different i.e. 192.168.56.0. Of course, if the remote LAN you are connecting from has an address space different from 192.168.1.0/24 you may continue to use the original (and default) address space of your home LAN. But in any case using a default address space setting for the home LAN is not a good idea.

 

[miazza]

This is the log when attemting to connect to the Gigaset VOIP at 192.168.1.39:

ay  5 13:46:02 ovpn-server1[1632]: client/37.162.154.7:32524 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
May  5 13:46:02 ovpn-server1[1632]: client/37.162.154.7:32524 MULTI: Learn: 10.8.0.2 -> client/37.162.154.7:32524
May  5 13:46:02 ovpn-server1[1632]: client/37.162.154.7:32524 MULTI: primary virtual IP for client/37.162.154.7:32524: 10.8.0.2
May  5 13:46:02 ovpn-server1[1632]: client/37.162.154.7:32524 PUSH: Received control message: 'PUSH_REQUEST'
May  5 13:46:02 ovpn-server1[1632]: client/37.162.154.7:32524 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 vpn_gateway 500,route 192.168.1.39 192.168.1.1,dhcp-option DNS 192.168.1.1,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)

 

[netware5]

This is the log when attemting to connect to the Gigaset VOIP at 192.168.1.39:

Is this a log of the newly installed TAP server when trying to connect using a TAP client?

 

[miazza]

No, this is the log from the TUN server, I just wanted to share the situation before to try with TAP.

Now I have a good update: after long time I found where the probem was ... in the GIGASET advanced network settings there is a tick to allow access from other networks ( do not know why I have never seen it) ... I've put a tick on YES and now it works ... even if I cannot understand how the VOIP station understands that I am conncting from the outside ..

Thanks for your help.

 

[Martineau]

No, this is the log from the TUN server, I just wanted to share the situation before to try with TAP.

Now I have a good update: after long time I found where the probem was ... in the GIGASET advanced network settings there is a tick to allow access from other networks ( do not know why I have never seen it) ... I've put a tick on YES and now it works ... even if I cannot understand how the VOIP station understands that I am conncting from the outside ..

So it was a 'firewall' issue on the device after all? ….. because the OpenVPN subnet '10.8.0.1/24' is not the same as the LAN subnet the GIGASET device is on 192.168.1.0/24'

 

[miazza]

So it was a 'firewall' issue on the device after all? ….. because the OpenVPN subnet '10.8.0.1/24' is not the same as the LAN subnet the GIGASET device is on 192.168.1.0/24'

YES, your message suggested me to look more in details in the network settings and ... at the end it was as simple as that . Thank you for your explanation about the different OpenVPN subnet.

 

[netware5]

So it was a 'firewall' issue on the device after all? ….. because the OpenVPN subnet '10.8.0.1/24' is not the same as the LAN subnet the GIGASET device is on 192.168.1.0/24'

That is the reason I always prefer TAP tunnels They are very simple to setup, no need to thing about subnets, routing, etc., and their concept is very easy to explain. Everything runs out of the box exactly as if you plugged in your device directly into the lan port at home or connected it to the home Wi-Fi.

 

[miazza]

That is the reason I always prefer TAP tunnels They are very simple to setup, no need to thing about subnets, routing, etc., and their concept is very easy to explain. Everything runs out of the box exactly as if you plugged in your device directly into the lan port at home or connected it to the home Wi-Fi.

I even was not awar there was a TUN or TAP .
I understood the diffence just reading on google after your post.