I’ve just rolled out all of our remote extensions that are now connecting and registering with our PBX. We have no audio in either direction.
Our PBX is hosted in our main office, i have the in built firewall enabled and then it goes through a USG Pro which is forwarding all ports to our PBX.
On the remote extensions, they have all ports allowed to the external PBX.
I have NAT enabled at both ends with the external IP of the PBX being used.
I’ve double checked the correct ports are open.
I’m not sure what next steps to take. Here is a snapshot of a call;
I believe you’re correct there. I think the issue is in the routing, not in the firewall. How are IP Addresses/Hosts communicated across your locations? I think that it’s safe to assume that the remote endpoints are incorrectly being pointed to [email protected] and that they should be pointed to the IP Address and/or FQDN of your PBX.
How are IP Addresses/Hosts communicated across your locations?
I’m not sure what you mean by this?
Under SIP Settings i have;
External Address: the correct external IP for the pbx
Local Networks: 192.168.1.0/24 (do i need to add the local IPs ranges of remote sites?)
We have since changed this and now have the remote extensions using the OpenVPN. They connect fine and register, we can hear audio but get cut off at 30 seconds. I guess this is the RTP traffic not getting through.
I thought it would just tunnel that traffic through to the pbx and so wouldn’t be an issue other ports being opened.
The local IP of the VPN clients is added the local networks - do i need to disable NAT anywhere else? I can’t get access to SSH at the moment so can’t produce the logs
I can’t see any options for NAT at the trunk level. I’ve been digging around and now have SSH access. Looking at a call, i get the below at 32 seconds.
I’ve already looked at that, on the USG Pros theres both UDP Other and UDP stream. I set both to 50 seconds and still got cut off at 32.
Would things like that effect it, as the remote extensions are VPN’d in? I thought they would only communicate via the internal (VPN) network of 10.8.0.* but as posted above, the 2nd line contains the external IP address.
NAT wise;
NAT = No
IP Config Override = External IP
A reminder of the route our traffic takes. PBX > PBX Firewall > USG PRO > Remote Firewall > Remote Extension. The remote extensions VPN into the the PBX. In my (simple) mind, so long as the VPN connection is live all data should be passed through that tunnel and i should have any other issues. Other than the provisioning data, does any other traffic get sent outside of the tunnel?
I think it would still help to see a packet capture of a remote ext to remote ext call. I agree that it might not be a nat/firewall issue based on what we know so far, but it still might lead to some clues. In this case, I wouldn’t filter for only sip since it could help to see any rtp packets involved.