Hi all - I am having some issues around routing, call quality and my vpn configuration. I have a dual-interfaced set up, which is virtualized running within ESXi. One of my interfaces goes directly to the internet, the other goes to an administrative subnet (192.168.1.0/24). I will call this my LAN. I have openvpn set up and running and I’ve also managed to get calls working, but not both at the same time in all configuration scenarios. Here is where it gets interesting. If I have the default route pointed to the WAN’s default route, call quality gets choppy when running a client based on the administrative subnet/LAN (which is connected to another gateway going out to the internet, with its own router). Any clients out on the internet have problems directly connecting to sip, including registrations, etc. OpenVPN connects fine with the 192.168.3.0/24 tun interface on the FreePBX host. It appears then that clients connecting over the VPN are fine (locked out by fail2ban - but that’s a different topic). Call quality, in the short time I could listen before locked out, sounded good.
My other testing surrounded pointing the default route to the 192.168.1.1 administrative subnet/LAN default gateway which is attached to a separate router. In this case, clients on the 192.168.1.0/24 subnet worked well and call quality was vastly improved. But then, OpenVPN stopped being able to connect to clients out on the internet. My assumption is this is happening because the VPN traffic does not know how to return to the internet other than the default gateway already configured with is directed at 192.168.1.1. Is this type of set up not going to work because of the presence of two routable gateways to the internet? Will I be forced in to a situation where I will have to disconnect the admin/LAN side interface to make this work? How are administrative interfaces connected to the LAN in other deployments? I apologize in advance if I have left out any glaring bits of important information. I am happy to share more details. I am eager to solve this problem.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.