By installing OpenVPN on the server and using phones which use OpenVPN you may have remote workers who could be possibly working from home connect into the server and use the phone as if they were in the office.
You must enable UDP or TCP Port 1194 though to server. I suggest UDP as this is faster and still reliable over short hops, but uses up less bandwidth.
yum install gcc gcc-ccc++ autoconf automake lzo-devel yum install rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel cd /tmp wget http://swupdate.openvpn.org/community/releases/openvpn-2.2.1.tar.gz wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz wget http://www.opensc-project.org/files/pkcs11-helper/pkcs11-helper-1.09.tar.bz2 tar xvf lzo-2.06.tar.gz tar xvf openvpn-2.2.1.tar.gz tar xvf pkcs11-helper-1.09.tar.bz2 cd lzo-2.06 ./configure make make check make test make install cd /tmp/pkcs11-helper-1.09 ./configure make make install cd /tmp/openvpn-2.2.1 ./configure make make check make install mkdir /etc/openvpn mkdir /etc/openvpn/easy-rsa cp -p /tmp/openvpn-2.2.1/sample-scripts/openvpn.init /etc/rc.d/init.d/openvpn cp -p /tmp/openvpn-2.2.1/sample-config-files/server.conf /etc/openvpn/openvpn.conf cp -r /tmp/openvpn-2.2.1/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ chkconfig --add openvpnRefer to this document for more details http://openvpn.net/index.php/open-source/documentation/howto.html#vpntype
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf vi /etc/openvpn/easy-rsa/vars export KEY_CONFIG=/etc/openvpn/easy-rsa/openssl-1.0.0.cnf export KEY_COUNTRY="xx" export KEY_PROVINCE="xxxx" export KEY_CITY="xxxxxx" export KEY_ORG="pbx" export KEY_EMAIL="email@example.com" export KEY_CN=xxxxx export KEY_NAME=xxxxxxx export KEY_OU=xxxx ./clean-all ./source vars ./vars ./clean-all (Removes all certs and keys from keys folder) ./build-ca **** if you enter '.' the field will be blank *** ./build-key-server server Use server name is: <servername> Use Password of :<password> ./build-dhCreate individual Client keys which will be used for each phone. you will need to perform this process for each phone you want to add to the vpn. You may change the name of Phone1, but each device name must be unique. The device name appears in the openn vpn status and assignment file once the device connects to the vpn.
./build-key phone1 Use Password of :<password previously used>You will use the ca.crt, client1.crt and client1.key to configure each phones vpn files. * save a copy of the keys and certs *
cp keys/ca.crt ../ cp keys/ca.key ../ cp keys/dh1024.pem ../ cp keys/server.key ../ cp keys/server.crt ../ cp keys/phone1.crt ../ cp keys/phone1.key ../
Edit the open VPN conf File and set the server settings In this case the servers ip address is 192.168.1.100 I allocate another subnet of 192.168.2.0 And allow the server to talk to this new subnet. All new vpn connections will get a 192.168.2.x ip address.
cd /etc/openvpn vi openvpn.conf proto udp dev tun server 192.168.2.1 255.255.0.0 dh dh1024.pem dev tap ca ca.crt cert server.crt key server.key keepalive 10 30 comp-lzo verb 4 user nobody group nobody log openvpn.log
service openvpn restart chkconfig openvpn onNow you must configure the Phones VPN settings.
Basically the vpn.cnf file must have the word 'client',servers address, port, tcp/udp
the ca, phone cert, phone key files.
The following phones do support OpenVPN.
http://www.yealink.com/index.php/Products/detail/id/1 (I believe with latest firmware)
Check the /etc/openvpn/openvpn.log files for connection issues and testing.