5000i G(igibit) and 9800 series IP phones configured for OpenVPN on Wave 4.0 and later.
At larger installations, when allocating more than 63 OpenVPN phones, they will not all come up at once.
In Global Administrator, viewing Station Monitor, it is noted that IP addresses for the OpenVPN phones are allocated such that they are all 4 IP addresses apart.
Example: Using the default OpenVPN subnet of 10.10.2.0 /24, IP addresses may be handed out as follows.
The reasoning behind this is that OpenVPN makes allowances for Windows clients, which due to the way it is allocated requires a /30 network (4 IP address segments) for a private point to point tunnel.
There are two ways to go about resolving this. Either solution below will cause existing OpenVPN phones to be disconnected to implement.
- When configuring your OpenVPN subnet, allocate a larger subnet. i.e. don't use a /24 mask, use a /23 (255.255.254.0) or /22 (255.255.252.0). This has the drawback of possibly overlapping a clients existing network; but it simple to implement.
- As we are not using (or supporting) Windows based clients in our OpenVPN implementation, we can reconfigure it to not follow this /30 allocation. Directions for this are below.
Reconfiguring OpenVPN to make use of all client IPs in a subnet.
login as openvpn, then use 'su -' and enter the root user password.
NOTE: While you can currently just login as root initially, that is not best practice & a later OpenVPN image provided by Vertical may not allow this.
Change to the OpenVPN configuration directory.
Create a copy of the openvpn.conf before you edit.
cp openvpn.conf openvpn.bkup
Edit the OpenVPN configuration file:
i – for insert
topology p2p - add line at bottom
:wq! (then press enter) – save and exit
NOTE: this next step will cause all OpenVPN connected phones to be dropped immediately.
service openvpn restart