FreePBX Installation WAN-IP and Clients via openVPN

iceget · July 28, 2016, 7:10pm

dear community,

i need help in my setup:

i have installed the current version for freepbx on a public ip (83.65.XX.XX) (datacenter).
but the importand thing: my freepbx server has the ip address 10.90.1.200.
my freepbx goes out with the 83.65.XX.XX ip-address to the sip-provider.
incoming ports from the sip-trunk provider goes to 10.90.1.200.

have only 1 network card, with internal ip 10.90.1.200. the outside ip i have set to the 83.65.X.X.
have tried with 2 network cards, but not working for me.

my phone clients setup:
i have a 192.168.X.X subnet, and have connected the whole subnet (via ipsec) to 10.90.1.X.

in freepbx the local networks, i have added 192.168.X.X.

so now, my snom d715 phone connects via ipsec over the internal ip-address the freepbx server.

have enterd as host 10.90.1.200.

and now here is my problem, i get a network failure from SNOM d715 phone:
Jul 28 20:44:32 [NOTICE] SIP: RTP: set_destination adr=10.90.1.200:18504
Jul 28 20:44:35.006 [NOTICE] SIP: RTP: set_destination RP1 adr=
Jul 28 20:44:35.006 [NOTICE] MEDIA: MediaIpc::rtpClose: RP1
Jul 28 20:44:35.006 [NOTICE] MEDIA: MediaIpc::rtpClose: RC1
Jul 28 20:44:35.006 [NOTICE] MEDIA: onRtpClose: RP1
Jul 28 20:44:35.006 [NOTICE] MEDIA: onRtpClose: RC1
Jul 28 20:44:37 [NOTICE] PHN: Fetching URL: snom://mb_exit/?..
Jul 28 20:49:20 [NOTICE] PHN: testNetworkPolicyIsSet
Jul 28 20:50:06 [NOTICE] SIP: getInternalSdpFmts: Skipped Codec g723 is not supported for ptime of 20
Jul 28 20:50:06 [WARN ] SIP: process_registrar_packet: 401 needs 128 bit nonce
Jul 28 20:50:06 [NOTICE] SIP: process auth: Match challenge for user=10, realm=asterisk
Jul 28 20:50:06 [WARN ] SIP: transaction_timeout udp: 1000017 (32500)
Jul 28 20:50:06 [ERROR ] SIP: transport error: 1000017 -> udp:10.90.1.200:5060
Jul 28 20:50:06 [NOTICE] SIP: Add dirty host: udp:10.90.1.200:5060 (0 sec)
Jul 28 20:50:06 [ERROR ] SIP: request 1000017 destination invalid udp:10.90.1.200:5060 313436393733313830353433373634-006cxjsomeur
Jul 28 20:50:06 [NOTICE] SIP: final transport error: 1000017 -> udp:10.90.1.200:5060
Jul 28 20:50:06 [ERROR ] SIP: transport error 1000017: generating fake 599
Jul 28 20:50:06 [NOTICE] MEDIA: MediaIpc::rtpClose: RP2
Jul 28 20:50:06 [NOTICE] MEDIA: MediaIpc::rtpClose: RC2
Jul 28 20:50:06 [ERROR ] MEDIA: Stream setup: invalid ssrc 944807042, state off
Jul 28 20:50:06 [NOTICE] MEDIA: onRtpClose: RP2
Jul 28 20:50:06 [ERROR ] MEDIA: StopCall: failed to stop 944807042
Jul 28 20:50:06 [NOTICE] MEDIA: onRtpClose: RC2

can anybody help me, where i have the problem?

my basic idea: i have vpn, and the port problems should be gone.

how i should setup this?

do you have another perfect setup for this cases (clients on LAN sides behind a router via VPN) and server on datacenter connected through ipsec?

thank you very much,
many greets

bksales · July 28, 2016, 7:24pm

can you ping the pbx from the phone network through the vpn?

iceget · July 28, 2016, 8:01pm

yes, of course.

many greets

astbox · July 30, 2016, 6:13am

Do you use pjsip or sip extensions?

bksales · August 3, 2016, 5:01pm

what type of routers are you using for your vpn?

iceget · August 23, 2016, 8:00am

hello,

i use SIP extensions.

in my datacenter i have installed a pfSense Firewall.
On my network here i use a zyxel zywall usg 100.

i have tried it with openvpn, and now with ipsec.
all the same error.

if i restart the phone, on the first call i get this error message.
then i must reregister then sip extension,
and after that i can use the phone without any problems.

can anybody helps me?

thanks

bksales · August 23, 2016, 2:16pm

so the phone is connected to the pbx via a vpn? what do you mean by “if i restart the phone, on the first call i get this error message. then i must reregister then sip extension,and after that i can use the phone without any problems”? what is the error message? and what do you do to re-register the sip extension?

iceget · August 23, 2016, 5:38pm

Hello,

Yes my snom Phone (my LAN 192.168.0.0) is connected via ipsec to the remote network wehre my freepbx is running (lokal 192.168.1.0). In i start my snom Phone, the Phone connecting to the freepbx Server. My snom Phone is Auto registered on My freepbx. If i want Do a call, on my snom Phone there appears the error network error. So in this state i must via snom Phone in the settings go to reregister my extension, and After that the Phone stays connected. All working fine…

Thanks

bksales · September 8, 2016, 4:30pm

it sounds like you have a udp session timer issue across the vpn. check your router settings and set the udp session timer to a minute or so