FreePBX Onboard VPN server, Comcast, Sangoma S505

Hey folks, I’m somewhat at my ropes end I think on this head scratcher.
I have a remote user that has Comcast Business internet and their provided modem (not sure which off hand). We’ve had the office in the loop for 3 years, but have had days where the phones won’t link up or talk back to my server. I’m using the remote hosted, FreePBXHosting, to support 4 locations. I have no issues with the other 3 which use a different ISP. As a result of the quirks on the project, we opted to try and setup the VPN server within FreePBX 14, and then create the connection using a Sangoma S505 phone.
When we tested the phone from 2 sites that work, no issue, VPN connection good, we even tested on a residential Charter connection (we’re in MI, problem phone in CO).
The new phone is installed an in place in CO now. The phone will connect, and get rings and dial out; however now audio is heard on either end. It feels as though Comcast is just blocking all the RTP packets; that said I saw someplace else, someone claim the router doesn’t supports ports over 5000. Any thoughts, any insights would be greatly appreciated.

This is very strange. If the phone is indeed connected via the VPN, that’s encrypted and it would not be possible for even a malicious router to block RTP, because it could not tell whether a packet was RTP.

First, confirm the IP range used for the tunnel (default is 10.8.0.0/24). In Asterisk SIP Settings, check that Local Networks includes that range. If you change these settings, after Submit and Apply Config you must restart Asterisk.

Next, confirm that the trouble is not caused by other networking equipment at the failing site. Test by plugging the phone directly into an available LAN port on the Comcast gateway. That port is not PoE, so you’ll have to power the phone with an adapter or power inserter (whatever you used when testing on the residential connection).

Check that there is not a conflict between the tunnel IP range and the LAN range of the Comcast gateway.

If no luck, at the Asterisk command prompt type
pjsip set logger on
make a call from the failing phone, paste the Asterisk log for the call at pastebin.freepbx.org and post the link here.

Thanks, I’m pretty confident in the settings but I’ll reconfirm and try some debugging, this afternoon. The phone is powered with an injector now, since all they have is wireless devices on site. We’ve had the phones working on the same ports with other phones in the past, no new equipment from Comcast. All I can figure is maybe a firmware update was pushed or something else by Comcast. We switched out the Polycom phones for the Sangoma for the built in VPN feature.

Thanks for your help, we ran a few reports finally today. All checked out, the user tried making a call today on speaker phone and everything worked, while the handset did not. Turned out the handset cable was bad. Nothing like 3 days of frantic phone calls (all their calls have to be handset for privacy), to find out it’s a junk poorly made cable.

The VFD tunnel is working flawless as it should.

Thank you.