Author Topic: Best method to create VPN tunnel between 2 GWN7000s?  (Read 824 times)

kgupta

  • Jr. Member
  • **
  • Posts: 55
    • View Profile
Best method to create VPN tunnel between 2 GWN7000s?
« on: May 17, 2017, 02:08:51 PM »
Has anyone set up a VPN between 2 units yet?

We are considering putting in these at a customer with 2 locations.
They will need a VPN tunnel to pass traffic between them.

It will also need to be able to have QoS on the SIP traffic over the VPN (they will have GXP phones at the remote site connected to a UCM at the main site).

I tried setting up an IPSec tunnel in the settings between our unit and another that is at another customer's site.
It just says "Connecting" as the status.
Maybe I am missing something?

drostoker

  • Beta Club Members
  • Hero Member
  • *
  • Posts: 991
    • View Profile
    • Email
Re: Best method to create VPN tunnel between 2 GWN7000s?
« Reply #1 on: May 17, 2017, 03:17:37 PM »
The GWN7000 can only be an OPENVPN server. It can be an OPENVPN,  PPTP and IPSEC client, if I recall correctly.
David
Grandstream Certified Specialist
Grandstream Certified Reseller
GTA & Ottawa, Ontario, Canada

Sippy

  • Newbie
  • *
  • Posts: 13
    • View Profile
    • Email
Re: Best method to create VPN tunnel between 2 GWN7000s?
« Reply #2 on: May 19, 2017, 03:02:47 PM »
To clarify as I have experienced it so far the GWN7000 can only be used in point to point OpenVPN tunnels as either server or client. 
Can it be set up to connect to "road warriors"?

OliverB

  • Beta Club Members
  • Hero Member
  • *
  • Posts: 804
    • View Profile
    • Email
Re: Best method to create VPN tunnel between 2 GWN7000s?
« Reply #3 on: May 20, 2017, 03:32:30 AM »
It should be possible to have an IPsec-tunnel betwenn 2 GWN7000, but I could not establish one:

https://forums.grandstream.com/forums/index.php?topic=34903.0

Hopefully with the next firmware...
Certified Grandstream Reseller | Lübeck - Hamburg / Germany
Experience: Asterisk | snom | AVM | Alcatel | Siemens/Unify | Plantronics | Cisco | clavister | ruckus | Zyxel | Allnet | QNAP | MS-Server | Debian | Fujitsu | Lenovo| Samsung | Monacor | Seeburg

drostoker

  • Beta Club Members
  • Hero Member
  • *
  • Posts: 991
    • View Profile
    • Email
Re: Best method to create VPN tunnel between 2 GWN7000s?
« Reply #4 on: May 20, 2017, 07:49:28 AM »
I just checked the GWN7000 Manual:

"the GWN7000 to be connected to a remote VPN server using PPTP, L2TP/IPSec and OpenVPN® protocols, or configure an OpenVPN® server"

So it would seem that the GWN7000 can act as an OpenVPN client or server, but only a client for PPTP or L2TP/IPSec.

I wish it would act as a server for all three protocols too.
David
Grandstream Certified Specialist
Grandstream Certified Reseller
GTA & Ottawa, Ontario, Canada

thadrumr

  • Beta Club Members
  • Jr. Member
  • *
  • Posts: 90
    • View Profile
Re: Best method to create VPN tunnel between 2 GWN7000s?
« Reply #5 on: May 30, 2017, 07:24:25 AM »
The only tunnel I have been able to create on this router is a L2TP/IPSec tunnel between my Grandstream router and a Mikrotik.  The Mikrotik is acting as the L2TP/IPSec server and the Grandstream is the client.  I can post a screen shot of the Grandstream or the relavant config from the Mikrotik if anyone wants it.

OliverB

  • Beta Club Members
  • Hero Member
  • *
  • Posts: 804
    • View Profile
    • Email
Re: Best method to create VPN tunnel between 2 GWN7000s?
« Reply #6 on: May 30, 2017, 07:27:59 AM »
" I can post a screen shot of the Grandstream or the relavant config from the Mikrotik if anyone wants it. "

Yes, please. This could work with other manufactures also.
Certified Grandstream Reseller | Lübeck - Hamburg / Germany
Experience: Asterisk | snom | AVM | Alcatel | Siemens/Unify | Plantronics | Cisco | clavister | ruckus | Zyxel | Allnet | QNAP | MS-Server | Debian | Fujitsu | Lenovo| Samsung | Monacor | Seeburg

thadrumr

  • Beta Club Members
  • Jr. Member
  • *
  • Posts: 90
    • View Profile
Re: Best method to create VPN tunnel between 2 GWN7000s?
« Reply #7 on: May 31, 2017, 05:26:06 AM »
Here is the Mikrotik Piece  This routers local lan subnet is 192.168.3.0/24 and my Grandstream is 10.22.87.0/24
/interface l2tp-server server
set allow-fast-path=yes enabled=yes ipsec-secret=YourSecret use-ipsec=yes
/ppp secret
add local-address=172.16.1.1 name=Home password=YourPassword remote-address=172.16.1.2 routes="10.22.87.0/24" 172.16.1.2 1" service=l2tp
Make sure you allow the L2TP traffic in your firewall rules on the Mikrotik if you need help with this let me know.

GrandStream Config
VPN Name = Home
Wan Port = Wan Port 1
Remote L2TP Server = Mikrotiks Wan IP
Username = Home
Password = YourPassword
Connection Type = Tunnel
Pre-Shared Key = YourSecret
Auto Forward Group Traffic = Enabled/Checked
Network Group = group0
Remote Subnet 192.168.3.0/24
Everything else unchecked

This should setup Inter-Group Forwarding under Firewall/Basic from group0 to Home which is the VPN and from Home to group0

OliverB

  • Beta Club Members
  • Hero Member
  • *
  • Posts: 804
    • View Profile
    • Email
Re: Best method to create VPN tunnel between 2 GWN7000s?
« Reply #8 on: May 31, 2017, 09:26:22 AM »
Thanks!
Certified Grandstream Reseller | Lübeck - Hamburg / Germany
Experience: Asterisk | snom | AVM | Alcatel | Siemens/Unify | Plantronics | Cisco | clavister | ruckus | Zyxel | Allnet | QNAP | MS-Server | Debian | Fujitsu | Lenovo| Samsung | Monacor | Seeburg