DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

PPTP VOIP between VigorPhone350 and IPPBX2820 - Solved [pt1]

  • bunnco
  • Topic Author
  • Offline
  • New Member
  • New Member
More
03 May 2014 09:43 #79817 by bunnco
I've spent hours on this so I thought I'd tell you how I fixed it.
Hat-tip to Felix from Draytek support too.

Objective: To connect a VigorPhone350 at Office A to a IPPBX2820 at Office B using a VPN Tunnel ONLY.
Why? Because when you just connect from a remote site [OfficeA] using open authentication over a WAN, it leaves the ports open for hackers to hijack your SIP account. I ended-up paying £1000 for VOIP calls to mobile phones in Ghana when hackers logged in. I didn't want that to happen again so I just had to work-out how to connect the phones using a VPN tunnel immune from probing attacks.

Step 1 - Set-up the Vigor Phone 350 in SIP Accounts

In SIP Accounts, element 1, I set-up the extension details that will match the extension account that you'll set up in the IPPBX
Registration: I used a 3-digit extension number that's matched to the Extention on the IPPBX, say 200
Registration ID: When I used Alpha characters it wouldn't work so I just used numerics, say 200
Display Name: "Office A"
Password: I used a complex password but it just wouldn't work. In the end a 4-digit number worked, say 1234
Registration Server: 192.168.xxx.1 which is the IPaddress of the router in Office B
Authentication Name: 200. Again, when I used Alpha characters it didn't work
Proxy Server: 192.168.xxx.1 which is the IPaddress of the router in Office B

Step 2 - Set-up the VPN in the Vigor Phone

Menu: Network, VPN Settings
VPN Mode: PPTP
VPN Server: 88.36.xxx.125 [this is the public Fixed IP address of the router in Office B]
Share Account with: SIP Account 1 - the one you set up in Step 1 above

The thing that isn't mentioned in the documentation is that you do NOT have to set-up a separate matching dial-in PPTP account for each remote extension on the VPN Accounts on the IPPBX in OfficeB. I wasted hours on this. It turns out that the VigorPhone is smart enough to do it for you. In fact, if you do set-up dial-in PPTP VPN accounts on the IPPBX, it wont work.

So let's just test that the VigorPhone350 has made a PPTP tunnel to the OfficeB IPPBX in Menu Option Network, Status

LAN Port Information
Type: DHCP Client
IP Address: 192.168.xx.103 - The IP address of the VigorPhone
Netmask: 255.255.255.0
Gateway: 192.168.xx.1 - The IP address of the router in Office A
Primary DNS: 192.168.xx.1 - - The IP address of the router in Office A
Secondary DNS:
VPN Mode: PPTP
VPN IP Address: 192.168.100.104 - A valid DHCP IP address on OfficeB's IPPBX2820 - Success! <<<



One final thing - To get to work you need to be on VigorPhone Firmware version 10. On the international Draytek ftp site there is a firmware v11 that claims to have fixed the PPTP dial-in problem. It doesn't. I found through wasting hours of effort that v11 does NOT allow you to create a PPTP tunnel. Once I downgraded to v10 it worked immediately. Hat-tip to Felix

now go to part 2

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami