Can't Connect through VPN

I’m trying to set up an Aatra 6753 in a remote location.

The phone connects just fine if I use it on the local network. It also works at the remote location if I tell it to use my public SIP IP (which is behind a pfsense firewall and only known Ip’s are allowed through, so I have to manually open it up, which is a PITA, since the remote location does not have a static IP).

Anyway, I have a cradlepoint MBR1400 at the remote location and a pfsense firewall where the FreePBX server is located.

I have successfully created an IPSEC tunnel between the two locations. The remote uses and the local 192.168.1.

At the remote location, I can type (my internal address for the GUI) and it brings it up. I can see back and forth between the two networks, but the phone won’t register. I tried using DHCP to give it a 192.168.5.x address and also manually configuring it with a 192.168.1.X address, doesn’t work.

What am I missing to get the phone to work on a tunnel that works for everything else?

Did you add the remote network’s ip/mask to Asterisk SIP Settings?

I added to the local networks

Do the following:

From asterisk command line:

1 - ‘core set verbose 0’ - turn off dialplan debug messages
2 - ‘sip set debug ip 192.168.5.x’ where x is IP of remote phone trying to register. Turns on SIP debugging
3 - Watch the screen and see what error occurs when the register message is received.

Share the error with us.

Absolutely nothing – no output.

For kicks and giggles, I restarted one of the working phones with debug and it did output.

Also tried changing the IP address of the phone on the .5 subnet to the .1, still doesn’t work.

The IPSEC firewall rule in pfsense was set to only allow TCP traffic, hence the reason I was able to get to the GUI from the remote network, but nothing else worked.

Just don’t get it, changed the firewall rule to allow all packets, everything worked for a few minutes, now I’m back to no output with sip debug.

I was under the impression you have to disable the default NAT option in pfSense to get phones working. Instead you have to enable some other NAT function (1to1?). Not really clear on the specifics but may be something to check.

You change outbound from Automatic to Manual. Did that when I first set the phones up at the main location, everything works there. Problem is at the remote location on the other side of the IPSEC tunnel.

The tunnel works. I can ping, I can connect to remote shares, both ways, just can’t get the phone to register.

Hi Mike,

I know this is not related, but do you have a walkthrough on how to setup a vpn using the MBR1400 as the main network and the pfsense 2.0 as the secondary?

I have the same items and cannot seem to get the connection right.

Many thanks,

Did you ever fix this problem as I’m having the same issue but I cannot ping the Asterisk box or access it from my remote location either.