How to use OpenVPN with Watchguard


#1

Hi there.

With the current crisis a client is looking to improve homeworking with remote extensions. I’d like to implement the GXP1760W with the UCM6101 and to avoid issues with home networks I’d like to use the OpenVPN facility of the phones with the SSL VPN function on the Watchguard XTM33.

Has anyone made this work? I’ve seen a couple of posts and followed their ideas. Have downloaded the .ovpn file from the Watchguard and split into separate certs, uploaded those to the phone. I can see lots of chat between the phone and the Watchguard, but no VPN registration. I know the VPN SSL works as I can successfully connect using a notebook and the phone will register with a local PBX.


#2

I have a UCM6510, so modify as needed:

If your client’s users have cellphones, better use them with the GrandStream Wave app. Using this, the users won’t have to take the GXP1760W home, so less liability for them. My UCM has two ethernet ports, WAN & LAN. In my case, the WAN interface is reachable from the firewall (a WatchGuard M300, a bit bigger than the XTM33). In newer versions of Android & iOS I had problems using SSL VPN, so I changed to IKEv2 VPN. For Android you need to download strongSwan; iOS has its own VPN client. Also, for each extension in the UCM, check that they have configured at least two simultaneous connections, in case the GXP1760W stay plugged in.

Also, check the codecs used for each extension, and make sure they match those checked in the GSWave app.