Can't Connect through VPN

mikec_90028 · February 14, 2013, 12:58am

I’m trying to set up an Aatra 6753 in a remote location.

The phone connects just fine if I use it on the local network. It also works at the remote location if I tell it to use my public SIP IP (which is behind a pfsense firewall and only known Ip’s are allowed through, so I have to manually open it up, which is a PITA, since the remote location does not have a static IP).

Anyway, I have a cradlepoint MBR1400 at the remote location and a pfsense firewall where the FreePBX server is located.

I have successfully created an IPSEC tunnel between the two locations. The remote uses 192.168.5.0 and the local 192.168.1.

At the remote location, I can type 192.168.1.25 (my internal address for the GUI) and it brings it up. I can see back and forth between the two networks, but the phone won’t register. I tried using DHCP to give it a 192.168.5.x address and also manually configuring it with a 192.168.1.X address, doesn’t work.

What am I missing to get the phone to work on a tunnel that works for everything else?

lgaetz · February 14, 2013, 1:11am

Did you add the remote network’s ip/mask to Asterisk SIP Settings?

mikec_90028 · February 14, 2013, 1:18am

I added 192.168.5.0 to the local networks

SkykingOH · February 14, 2013, 9:18am

Do the following:

From asterisk command line:

1 - ‘core set verbose 0’ - turn off dialplan debug messages
2 - ‘sip set debug ip 192.168.5.x’ where x is IP of remote phone trying to register. Turns on SIP debugging
3 - Watch the screen and see what error occurs when the register message is received.

Share the error with us.

mikec_90028 · February 14, 2013, 2:29pm

Absolutely nothing – no output.

For kicks and giggles, I restarted one of the working phones with debug and it did output.

Also tried changing the IP address of the phone on the .5 subnet to the .1, still doesn’t work.

mikec_90028 · February 14, 2013, 3:41pm

The IPSEC firewall rule in pfsense was set to only allow TCP traffic, hence the reason I was able to get to the GUI from the remote network, but nothing else worked.

mikec_90028 · February 14, 2013, 5:54pm

Just don’t get it, changed the firewall rule to allow all packets, everything worked for a few minutes, now I’m back to no output with sip debug.

vegastech · February 14, 2013, 8:01pm

I was under the impression you have to disable the default NAT option in pfSense to get phones working. Instead you have to enable some other NAT function (1to1?). Not really clear on the specifics but may be something to check.

mikec_90028 · February 14, 2013, 8:43pm

You change outbound from Automatic to Manual. Did that when I first set the phones up at the main location, everything works there. Problem is at the remote location on the other side of the IPSEC tunnel.

The tunnel works. I can ping, I can connect to remote shares, both ways, just can’t get the phone to register.

eseelke · April 4, 2013, 7:29pm

Hi Mike,

I know this is not related, but do you have a walkthrough on how to setup a vpn using the MBR1400 as the main network and the pfsense 2.0 as the secondary?

I have the same items and cannot seem to get the connection right.

Many thanks,
Eddie

dbilbie · April 3, 2014, 8:18pm

Hi,
Did you ever fix this problem as I’m having the same issue but I cannot ping the Asterisk box or access it from my remote location either.