DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
PPTP VOIP between VigorPhone350 and IPPBX2820 - Solved [pt1]
- bunnco
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
03 May 2014 09:43 #79817
by bunnco
PPTP VOIP between VigorPhone350 and IPPBX2820 - Solved [pt1] was created by bunnco
I've spent hours on this so I thought I'd tell you how I fixed it.
Hat-tip to Felix from Draytek support too.
Objective: To connect a VigorPhone350 at Office A to a IPPBX2820 at Office B using a VPN Tunnel ONLY.
Why? Because when you just connect from a remote site [OfficeA] using open authentication over a WAN, it leaves the ports open for hackers to hijack your SIP account. I ended-up paying £1000 for VOIP calls to mobile phones in Ghana when hackers logged in. I didn't want that to happen again so I just had to work-out how to connect the phones using a VPN tunnel immune from probing attacks.
Step 1 - Set-up the Vigor Phone 350 in SIP Accounts
In SIP Accounts, element 1, I set-up the extension details that will match the extension account that you'll set up in the IPPBX
Registration: I used a 3-digit extension number that's matched to the Extention on the IPPBX, say 200
Registration ID: When I used Alpha characters it wouldn't work so I just used numerics, say 200
Display Name: "Office A"
Password: I used a complex password but it just wouldn't work. In the end a 4-digit number worked, say 1234
Registration Server: 192.168.xxx.1 which is the IPaddress of the router in Office B
Authentication Name: 200. Again, when I used Alpha characters it didn't work
Proxy Server: 192.168.xxx.1 which is the IPaddress of the router in Office B
Step 2 - Set-up the VPN in the Vigor Phone
Menu: Network, VPN Settings
VPN Mode: PPTP
VPN Server: 88.36.xxx.125 [this is the public Fixed IP address of the router in Office B]
Share Account with: SIP Account 1 - the one you set up in Step 1 above
The thing that isn't mentioned in the documentation is that you do NOT have to set-up a separate matching dial-in PPTP account for each remote extension on the VPN Accounts on the IPPBX in OfficeB. I wasted hours on this. It turns out that the VigorPhone is smart enough to do it for you. In fact, if you do set-up dial-in PPTP VPN accounts on the IPPBX, it wont work.
So let's just test that the VigorPhone350 has made a PPTP tunnel to the OfficeB IPPBX in Menu Option Network, Status
LAN Port Information
Type: DHCP Client
IP Address: 192.168.xx.103 - The IP address of the VigorPhone
Netmask: 255.255.255.0
Gateway: 192.168.xx.1 - The IP address of the router in Office A
Primary DNS: 192.168.xx.1 - - The IP address of the router in Office A
Secondary DNS:
VPN Mode: PPTP
VPN IP Address: 192.168.100.104 - A valid DHCP IP address on OfficeB's IPPBX2820 - Success! <<<
One final thing - To get to work you need to be on VigorPhone Firmware version 10. On the international Draytek ftp site there is a firmware v11 that claims to have fixed the PPTP dial-in problem. It doesn't. I found through wasting hours of effort that v11 does NOT allow you to create a PPTP tunnel. Once I downgraded to v10 it worked immediately. Hat-tip to Felix
now go to part 2
Hat-tip to Felix from Draytek support too.
Objective: To connect a VigorPhone350 at Office A to a IPPBX2820 at Office B using a VPN Tunnel ONLY.
Why? Because when you just connect from a remote site [OfficeA] using open authentication over a WAN, it leaves the ports open for hackers to hijack your SIP account. I ended-up paying £1000 for VOIP calls to mobile phones in Ghana when hackers logged in. I didn't want that to happen again so I just had to work-out how to connect the phones using a VPN tunnel immune from probing attacks.
Step 1 - Set-up the Vigor Phone 350 in SIP Accounts
In SIP Accounts, element 1, I set-up the extension details that will match the extension account that you'll set up in the IPPBX
Registration: I used a 3-digit extension number that's matched to the Extention on the IPPBX, say 200
Registration ID: When I used Alpha characters it wouldn't work so I just used numerics, say 200
Display Name: "Office A"
Password: I used a complex password but it just wouldn't work. In the end a 4-digit number worked, say 1234
Registration Server: 192.168.xxx.1 which is the IPaddress of the router in Office B
Authentication Name: 200. Again, when I used Alpha characters it didn't work
Proxy Server: 192.168.xxx.1 which is the IPaddress of the router in Office B
Step 2 - Set-up the VPN in the Vigor Phone
Menu: Network, VPN Settings
VPN Mode: PPTP
VPN Server: 88.36.xxx.125 [this is the public Fixed IP address of the router in Office B]
Share Account with: SIP Account 1 - the one you set up in Step 1 above
The thing that isn't mentioned in the documentation is that you do NOT have to set-up a separate matching dial-in PPTP account for each remote extension on the VPN Accounts on the IPPBX in OfficeB. I wasted hours on this. It turns out that the VigorPhone is smart enough to do it for you. In fact, if you do set-up dial-in PPTP VPN accounts on the IPPBX, it wont work.
So let's just test that the VigorPhone350 has made a PPTP tunnel to the OfficeB IPPBX in Menu Option Network, Status
LAN Port Information
Type: DHCP Client
IP Address: 192.168.xx.103 - The IP address of the VigorPhone
Netmask: 255.255.255.0
Gateway: 192.168.xx.1 - The IP address of the router in Office A
Primary DNS: 192.168.xx.1 - - The IP address of the router in Office A
Secondary DNS:
VPN Mode: PPTP
VPN IP Address: 192.168.100.104 - A valid DHCP IP address on OfficeB's IPPBX2820 - Success! <<<
One final thing - To get to work you need to be on VigorPhone Firmware version 10. On the international Draytek ftp site there is a firmware v11 that claims to have fixed the PPTP dial-in problem. It doesn't. I found through wasting hours of effort that v11 does NOT allow you to create a PPTP tunnel. Once I downgraded to v10 it worked immediately. Hat-tip to Felix
now go to part 2
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek