Installing OpenVPN on your Asterisk Server (PBX in a Flash Distribution) – Day 2

Status update

So far we configured the asterisk server to run openVPN. You can find all the installation instructions on but if you want us to tell you how we did it then here you go.

Disclaimer. We literally just tested this less than an hour ago so we didnt really customize anything.

So you’ve got openvpn installed now what you need to do is build the certificate authority. You’ll start off by browsing to the easy-rsa directory at /usr/share/doc/openvpn-2.0.9. You should copy this entire directory to /etc/openvpn/ so that future OpenVPN upgrades don’t affect the changes you made. After you’ve entered the directory

vi bars (or use nano bars). Edit the following lines so they look similar to this

export KEY_CITY=NewYork
export KEY_ORG=”Voipling”
export KEY_EMAIL=””

save it and then rebuild the file by typing in the following.
. ./vars – notice there are two dots and there is one blank space in between them

This will build the certificate authority. Follow the on-screen prompts and don’t forget to enter your unique Common Name.

Next you need to generate a certificate and private key.

./build-key-server server

Next generate certificates and keys for the clients that will be connecting to your server.

./build-key client1 (or use whatever name you want in place of “client1“). Make sure you use a unique common name for every certificate you generate.

Generate the Diffie Hellman parameters


Thats it! You should now have all the certs, keys, csr and the ca files that you’ll need. Now continuing on to the configuration files. Since we want the server to act as a server and possibly client (if you want to create a vpn tunnel between two asterisk servers) you’ll have to modify the the server.conf and client.conf files.

The OpenVPN guys provided a nice set of examples that you can find in the “samples-config-files” directory. Let’s modify the server.conf file since we want to get the server up and running.

vi server.conf

You don’t actually need to modify much if you want to do a general test. Just modify the following lines of the “server.conf” file.

ca ca.crt
cert server.crt
key server.key  # This file should be kept secret

These need to point to the location where your certs are stored. For our testing we changed it to:

ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret

The default subnet it will use is If you are already using this subnet in you network go ahead and modify the “server″ line to whatever you want it to be. It will use this as the subnet for assigning addresses to your clients and your tunnel interface.

Now you are ready to verify that at a minimum the server portion works. You can do so by typing in:

openvpn server.conf (make sure you are in the right directory where the server conf file is located).

You should now see the server listening for incoming clients. The very last line should say “Initialization Sequence Completed”. If you don’t see this line you’ll have to go back and review what you did. If these instructions didnt work for you, go here and follow those instructions


To prepare for usage of your server you will need to modify the iptables on your server. If you chose to use the defualt udp protocol and port number then you can use the following command. If you don’t be sure to substitute udp with tcp and the port number you defined in the server.conf file.

iptables -A INPUT -p udp –dport 1194 -j ACCEPT




Installing OpenVPN on your Asterisk Server (PBX in a Flash Distribution)

For all of you that are looking to secure communications for softphones OpenSSL looks to be a good option. Right now we are in the process of testing it and ran through the OpenSSL installation. We provided a set of instructions on getting it installed on your PBX in a Flash Server. (Cent O.S 5.2)
Download openvpn

Download LZO and install the rpm
rpm -ivh lzo-1.08-4.2.el5.rf.i386.rpm

You can try to build the rpm package from the tarball (but it will probably fail).
rpmbuild -tb openvpn-2.0.9.tar.gz

It will probably tell you it requires certain dependencies and will not allow you to continue. The dependencies are listed below.
– openssl
– pam
– lzo – you’ll probably have to download it
– openssl-devel
– pam-devel
– lzo-devel – you’ll probably have to download it

If you dont have openssl, openssl-devel, pam and pam-devel installed you can use yum to install them.
yum install openssl pam openssl-devel pam-devel

You can download lzo-devel and install it.
rpm -ivh lzo-devel-2.02-2.el5.1.i386.rpm

If for some reason when you try to install the lzo-devel package it complains that the dependencies are not available you can download the following

rpm -ivh lzo2-2.02-3.el5.rf.i386.rpm

rpm -ivh liblzo2_2-2.03-6.el5.i386.rpm
rpm -i libminilzo2-2.03-6.el5.i386.rpm.

You can now try to install lzo-devel. It should install now with no problems.
rpm -i lzo-devel-2.02-2.el5.1.i386.rpm

After you install all of the dependencies you can try to rebuild the openvpn rpm.
rpmbuild -tb openvpn-2.0.9.tar.gz

After building it you’ll find it in the following directory

Now try to install it. It should run successfully.
rpm -ivh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm

Thats it.

This was installed on a 32bit system so if you do install it on a 64-bit machine please make sure to download all of the correct rpms and tarballs.

Drone for VoIP and Dragon Headset

With the Drone bluetooth adapter and the Dragon headset, you no longer have to sit in front of your laptop/computer to  complete your VoIP/Skype call or listen to your favorite music. With this pair you have up to 300ft to roam free before the sound drops out on you. (the supposed exact range is 100 meters or 328ft)

This is wonderful because you can now use your soft phone without your laptop being attached to your hip. Just plug in the adapter and sync up your headset and off you go.

1 2 3 4