Dual nic local network setup

empace · August 20, 2019, 7:18pm

Greetings,

If I have a dual nic box with one going to:
192.168.X.X
255.255.0.0
192.168.1.1

and the other set to:
172.16.0.X
255.255.255.0

I have some endpoints on the 192 network that are assigned the box already. I have been trying to test if I can have the same box on 172 network register endpoints on that network. I currently have it set up this way:

(172 intercoms) ---->(un-managed switch)—>(172 and 192 Freepbx box)<—(192 endpoints)

I know this setup is not ideal, but the current 192 VLAN is a high traffic network. I am trying to reduce the noise for the intercoms.

As of right now I can see the 172 intercom in CLI, but I cannot get it to register to FreePBX box.

Thanks,
Edward

arielgrin · August 20, 2019, 10:44pm

What error are you getting?

empace · August 21, 2019, 4:26pm

Just getting unable to register.

arielgrin · August 21, 2019, 4:31pm

Can you post the error that appears on the Asterisk log?

empace · August 21, 2019, 4:34pm

freepbx*CLI> sip show peers
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
10201/10201 192.168.110.101 D No No A 5291 OK (4 ms)
10202/10202 192.168.110.102 D No No A 5430 OK (5 ms)
10203/10203 192.168.110.103 D No No A 5123 OK (5 ms)
10204/10204 192.168.110.104 D No No A 5322 OK (4 ms)
10205/10205 192.168.110.105 D No No A 5680 OK (4 ms)
10301/10301 192.168.110.201 D No No A 5331 OK (4 ms)
10302/10302 192.168.110.202 D No No A 5465 OK (4 ms)
6210 (Unspecified) D No No A 0 UNKNOWN
8 sip peers [Monitored: 7 online, 1 offline Unmonitored: 0 online, 0 offline]

cynjut · August 21, 2019, 4:44pm

Are you using VLANs or real LANs? One or the other, but not both.
Did you properly identify the local network address in the Integrated Firewall?
What is the output of “ifconfig -a” from the system console?
What are the DHCP settings for your phones?
Do you have a DHCP server the phones can reach?

Even if you are using only one physical network, you can set this up so it works correctly. If you are setting up actual networks (two physical networks), then you will need to make sure the services are available on both network.

Rest assured that this is doable - I set up almost exactly this same configuration for one of my customers. You just have to get all of the DHCP/network stuff squared away for it to work.

empace · August 21, 2019, 5:16pm

Real LAN on the 172 side and 192 is on a LVAN.
I have the firewall off on this setup, because of network firewalls.

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.21 netmask 255.255.0.0 broadcast 192.168.255.255
inet6 fe80::ca1f:66ff:fecd:c1d5 prefixlen 64 scopeid 0x20
ether c8:1f:66:cd:c1:d5 txqueuelen 1000 (Ethernet)
RX packets 44333633 bytes 5039212598 (4.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2972888 bytes 602203969 (574.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.10 netmask 255.255.255.0 broadcast 172.16.0.255
inet6 fe80::ca1f:66ff:fecd:c1d6 prefixlen 64 scopeid 0x20
ether c8:1f:66:cd:c1:d6 txqueuelen 1000 (Ethernet)
RX packets 619948 bytes 60062980 (57.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4402 bytes 298092 (291.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 17
No DHCP on either network
No DHCP allowed on our network. All endpoints and phones use static IPs.

Thanks,

arielgrin · August 21, 2019, 5:25pm

That is the status of the extensions. I was referring to any error on the asterisk log that shows a registration error.

empace · August 21, 2019, 5:27pm

Looking at CL of asterisk (asterisk -rvvvvv) Not seeing any errors being thrown.

cynjut · August 21, 2019, 5:30pm

In the Advanced Settings, under SIP Configuration, are the local networks all correctly defined for both PJ-SIP and Chan-SIP?

At some point, you’re going to need to look at some tcpdump output to make sure your networks are getting used correctly. If your 172.x.x.x traffic is going out on the 192.x.x.x network, that could mess you up.

empace · August 21, 2019, 5:35pm

Local networks are set as
192.168.0.0/16
172.16.0.0/16

I have not made any changes on the chan sip and PJSIP section.

arielgrin · August 21, 2019, 5:44pm

Look in the log file.

empace · August 21, 2019, 6:06pm

[2019-08-21 17:33:10] WARNING[737] pbx.c: Context ‘ext-test’ tries to include nonexistent context ‘ext-test-custom’

[2019-08-21 17:33:10] WARNING[737] pbx.c: Context ‘app-echo-test-echo’ tries to include nonexistent context ‘app-echo-test-echo-custom’
[2019-08-21 17:33:10] WARNING[737] pbx.c: Context ‘app-echo-test’ tries to include nonexistent context ‘app-echo-test-custom’

arielgrin · August 21, 2019, 6:26pm

That is not related to your issue at all.

arielgrin · August 21, 2019, 6:29pm

I think you need to revise your network settings, both on the phones and server.

empace · August 21, 2019, 6:39pm

I am limited in what I can do by the IT dept. The goal of this is to island the 172 intercoms and go through FreePBX to the other Boxes on the 192 network.

cynjut · August 21, 2019, 6:50pm

OK - I’m not sure how much networking you understand, but there are a few things you need to help us understand.

You said you are using a VLAN on the 192.168.x.x network. Are you running this VLAN on the same physical network as the 172.16.x.x network? If so, I think you are going to need to establish a VLAN for those devices.

Are the Intercom devices different that your phone on the 192.168.x.x network, or are you trying to do something tricky with routing rules? Your description of the network is getting more and more confusing as we move forward.

To test an intercom - since you aren’t using DHCP - you will need to set up a device with a 172.16.x.x address and the 16 bit netmask. The gateway address for the device will be 172.16.0.10. The SIP server will also be at 172.16.0.10. All of the services the phones are going to need (DNS, etc.) will all need to be on the 172.16.x.x network. You’re not going to be able to just jam addresses in between the two networks, even if they are on the same physical network.

If you can set the phone up with 172.16.0.x (for some value not equal to 10) and the netmask to 255.255.0.0 (which is a not-great netmask for the 172.16.x.x network) you should be able to direct all of your traffic appropriately. You might need a DNS on the 172.x.x.x network and you are going to have to make sure the configs for the phones are all set up to work exclusively with the 172.16.x.x network.

I’m reasonably certain this is not a FreePBX question. It looks entirely like a basic network routing problem.

empace · August 21, 2019, 6:59pm

Yes currently the intercom devices are on the VLAN. And no, the 172 network is a device connected to a switch which is connected directly to eth1 on the freepbx box. eth0 is connected to VLAN. I think I might be trying to have the box work as a router now that I see the questions being asked.

And the gateway on the box is 192.168.1.1 since it connects to the VLAN. As I far as I know, I believe you can only have one gateway per box.

I have a device on the 172 network 172.16.0.11.

cynjut · August 21, 2019, 8:12pm

There is a sysctl that will allow the PBX to operate as a gateway to the outside world, but it’s a custom configuration and you need to be sure it’s something you really want to do.

empace · August 21, 2019, 8:15pm

Understood. I was under the assumption that the box would do the routing because it had two separate IPs. My apologies, still learning constantly. Thank you again for your help.