dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3159
share rss forum feed

winders

join:2012-05-23
San Martin, CA

Single Device VPN

I have a Verizon HomeFusion 4G LTE broadband Internet setup at home. I want to use an IP Phone on that connection.

The problem is that the phone needs to communicate with a server behind a firewall. I can get a hole punched through the firewall if I have a static IP address. Verizon charges $500 for static IP addresses on this broadband setup. Not the option I want to take.

I can use VPN but the IP Phone does not support it. What I am looking for is a piece of hardware that I can plug between the Verizon router and the IP Phone that will setup and maintain a VPN connection with the Microsoft Server running the PPTP VPN gateway.

Is there anything that doesn't cost a fortune that will do this? All I need it for is the IP Phone so speed is not critical.

Thanks,

S-

bdnhsv

join:2012-01-20
Huntsville, AL
winders - I don't have an off the shelf recommendation for you, but there are a lot of vpn appliances made by most of the same companies who make consumer grade cable/dsl routers. There's also a couple of others like sonicwall. I am however curious as to the details of your situation. What ports tcp/udp are there that your phone needs to use that Verizon is not allowing out? Also what's the model/brand of your phone?

winders

join:2012-05-23
San Martin, CA
Verizon isn't blocking anything. The firewall at the office only allows certain IP addresses through. The Verizon HomeFusion setup does not have a static address so I don't know when the IP address will change or what it will be. I don't want to keep chasing that. So, if I could get the phone on a device that can stayed logged into the Windows Server VPN connection, all would work fine.

Does that make sense?

bdnhsv

join:2012-01-20
Huntsville, AL
yes - I think I get the general idea. I'm sure one of the other forum members here will have some recommendations for particular devices. Good luck!

winders

join:2012-05-23
San Martin, CA
Thanks! I hope someone has some suggestions!

winders

join:2012-05-23
San Martin, CA
Anyone?? Please!

HELLFIRE
Premium
join:2009-11-25
kudos:19
reply to winders
winders, can you draw a quick diagram of how this is laid out? I'm kind of at a loss at picturing the connectivity
between the Verizon 4G, the IP phone, Windows PPTP, and mention of an "office firewall."

Regards

winders

join:2012-05-23
San Martin, CA
It's straightforward:

At home, I have a Verizon HomeFusion 4G LTE broadband antenna with it's own router which has 4 ports and WiFi. The router also does NAT and all devices besides the router use private addresses. The IP Phone (PolyCom 550) plugs into one of the ports on the router.

30 miles away I have an office that has a Windows Server 2003 acting as a VPN gateway. The IP Phone needs to communicate with a device that is only accessible if logged in via VPN. The IP Phone does not support VPN.

What I am looking for is inexpensive way to get the IP Phone on the VPN network.

S-


eibgrad

join:2010-03-15

3 edits

1 recommendation

reply to winders
One solution would be to setup a second wifi router w/ dd-wrt (third party firmware) and configure the WAN interface w/ PPTP. This would force any computers/devices that connect through that device to use the VPN, and most importantly, transparently. IOW, you would now have TWO wifi SSIDs. The primary router is left alone and used for most circumstances. But anyone needing a VPN connection merely connects to the other SSID. It makes it simple for clients because all the complexity of the VPN is kept hidden in the second router.

[primary router, SSID=xxx](lan)<-- wire -->(wan)[vpn router, SSID=xxx_vpn]

IOW, on the VPN router, rather than using the default DHCP configuration on the WAN, it’s changed to PPTP and connects through the primary router as a VPN client. Anything using that VPN router (wired or wireless) is forced through the VPN. Those clients aren’t even aware of it. It’s just an alternate SSID as far as they’re concerned.

Technically you could do the same thing using a single dd-wrt router and mucking w/ IPTABLES. But I think it’s easier for most people to configure a separate device and simply choose the SSID supporting the VPN client connection when necessary.

NOTE: This does nothing to solve your static vs. dynamic IP issue. That’s a separate problem. If your VPN server restricts clients to well-known, static IP addresses, there’s no simple way around the problem using dynamic IPs. Fortunately, most ISPs will maintain the same dynamic IP over long periods of time as long as you remain connected and immediately renew the lease when/if it expires. But a change always remains a possibility. I’m merely addressing how to enable VPN access for the IP phone.

HELLFIRE
Premium
join:2009-11-25
kudos:19
reply to winders
@winders thanks for the better explanation, that clarifies it alot!

@eibgrad I think you've basically got it covered pretty good.

Looks like pfsense and monowall can do PPTP VPN as well, especially if you
have a spare PC and are a DIY type of person. If not, a few other consumer
grade devices should offer PPTP VPN as well.

Regards

imseanbrown
Premium
join:2005-12-20
New York, NY
reply to winders
This is what you need... we have a dozen of them running our small remote sites and it works PERFECTLY... has VZ 4G modem, and the router supports IPSEC VPN tunnels with no problems........ in fact, we're using dyndns and don't even have to worry about static IP addresses at alll....

»www.cradlepoint.com/products/bra ··· ed-3g-4g

i believe they're only $400'ish.... but it is a VERY bad-ass piece of equipment that will even load balance/failover to a hardwire connection, etc....
--
Thanks,
Sean Brown
»www.sleepyshark.com


Mike84

@areti.net
reply to eibgrad
This sounds like it might be the answer to my problem but I'm not sure. I have a cable router linked to a wireless router that has direct (cables) links to a TV and a laptop. The laptop is connected through a VPN and I want the TV to use the same VPN and not the default cable connection.

On the TV I can manually specify IP Address, subnet mask, gatewaz and DNS Server. I have tried entering the values that the laptop shows (ipconfig) but it will not connect.

Any ideas?


eibgrad

join:2010-03-15
said by Mike84 :

This sounds like it might be the answer to my problem but I'm not sure. I have a cable router linked to a wireless router that has direct (cables) links to a TV and a laptop. The laptop is connected through a VPN and I want the TV to use the same VPN and not the default cable connection.

On the TV I can manually specify IP Address, subnet mask, gatewaz and DNS Server. I have tried entering the values that the laptop shows (ipconfig) but it will not connect.

Any ideas?

In your case, it sounds like you want to use the laptop's VPN as a gateway. As long as the laptop supports a second network connection (wired or wireless), then you could enable ICS on the VPN connection and share it w/ other devices over that second network connection. It's no different than if you were trying to share any other network connection available via the laptop. It just happens to be the VPN connection in this case.

That said, for the long haul, I believe having a separate dd-wrt router w/ its own PPTP VPN client offers the most flexibility and transparency. But in a pinch, you should be able to accomplish the same thing w/ a laptop as described above.


Roy A Brian

@banglalionwimax.com
You should be able to specify the "redirect-gateway" directive in the client configuration files as opposed to the server configuration file; just leave the directive(s) out of the VOIP client config. I recall doing this on a Windows XP laptop last year.

To get an idea of what to type in, start up your server with the "Direct clients to redirect Internet traffic" box checked off, and all other settings you want on your router. Start the VPN server, telnet to your router and type: cat /etc/openvpn/server1/config.ovpn Copy the output into a text editor.

Stop your server, uncheck "Direct clients to redirect Internet traffic" and start the VPN server again. Type in cat /etc/openvpn/server1/config.ovpn once more, and copy the output. You will want to copy the lines which are missing from the second config.ovpn into all of the client configuration files, except for the one VOIP device.

To know more: »www.techyv.com/article/amazon-vi ··· te-cloud