FreePBX - PPTP vpn client to remote site

Hey guys,

I have a FreePBX box on which i installed PPTP and open a vpn out to the site where the phones are… when the VPN is active all the extensions register just fine and I can call out just fine…

But when the VPN is active for some reason my incoming calls can’t make it in… I don’t even see an attempt at connection in the CLI…

If I shut down the VPN then the calls come in just fine… but the extensions can’t register… I’m sure its some sort of weird routing issue but I haven’t been able to track it down…

I’m using PPTP… this is what I have in my ip-up.local

–#!/bin/bash
NET1=“10.0.0.0/8”
NET2=“192.0.0.0/8”
IFACE=“ppp0”
route add -net ${NET1} dev ${IFACE}
route add -net ${NET2} dev ${IFACE}

==============================================================

This is what I have in my actual VPN connection file

pty “pptp XXX.XXX.XXX.XXX --nolaunchpppd”
name user
linkname vpn
ipparam vpn
require-mppe-128
refuse-eap
usepeerdns
noauth

#adopt defaults from the pptp-linux package
file /etc/ppp/options.pptp

==================================================

This is in my options.pptp file

–# Lock the port
lock

–# Authentication
–# We don’t need the tunnel server to authenticate itself
noauth

–# We won’t do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
–# (you may need to remove these refusals if the server is not using MPPE)
refuse-pap
refuse-eap
refuse-chap
refuse-mschap

–# Compression
–# Turn off compression protocols we know won’t be used
nobsdcomp
nodeflate

Any suggestions on how to fix this would be greatly appreciated…

I know it is not directly related to your question, but why not use OpenVPN? It is what FreePBX uses when paired with the commercial module sysadmin pro and many phones support, so you will have a lot more info related to that not only from the freepbx wiki but also from forum users that could help you.

It sounds to me that when you activate the ppptp connection the routing table might be modified, messing the inbound connection from your VoIP service provider. I might be wrong, as I never used PPTP with FreePBX, but you can start looking at that. Look for any options that might relate to automatic route generation after pptp connection has been established.

PPTP is so insecure that it’s probably safer to let the remote phones register to FreePBX directly, provided that you open the SIP port to only the remote site’s IP.


Of course, OpenVPN or other decent VPN would also be fine.

Unless the remote end is using public IPs privately, that’s simply wrong; it should be
NET2=“192.168.0.0/16”

That seems wrong, too, unless some private names on the remote system are somehow needed by FreePBX.

If you still have trouble, please post:

What subnet are the remote phones on?
In what subnet does the PBX get its tunnel address?
What is the local IP address of the PBX?
In Asterisk SIP Settings, how is Local Networks set?
What kind of router/firewall is the PBX connected to?
Does the trunk require registration? If so, does it register ok when the VPN is up?

Hey guys… thanks for the info… Honestly I have never tried setting up OpenVPN… i will definitely give it a try…

I was however able to find a fix based on your suggestions… I modified the route entry in ip-up.local to NET2=“192.168.128.0/24” since that’s the subnet i’m using for my phones and voila… registration works and the trunk is able to call in… I also removed usepeerdns since I don’t really need to use the private names on the remote system.

Now I will test it with OpenVPN instead

Thanks!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.