We have a main office with several vlan’s, one of which is the voice. We also have a remote office that is connected via a vpn tunnel. I need to connect phones at the remote site but I can not get them to find the FreePBX box at the main office on vlan 100. Any suggestions?
Ok well I am no networking genius but I do not think you can do VLAN across a VPN logic of how VLAN layers work says it would never be possible to me.
Theoretically, VLAN 100 has an address range associated with it. Devices that are not “participating” in the VLAN through tagging should still be able to connect to your service by their IP address. So, as long as the remote phones at the other end are set up to route to that VLAN (I’m not sure at which end you’d set that up) you should be able to get the traffic through. I think it will require some additional routing rules in a couple of places, but it should be possible.
Dave is on the right track. I’m guessing that vpn server is hosted on some firewall/router in your main office. Vlan 100 (btw you can have up to 1000 vlans, even more on some enterprise equipment) is just arbitrary number, but whatever vlan for voip you have, it is certainly reserved for some ip subnet range. You need static route on your pbx box that will tell how to get to remote office subnet - and you need another static route that will tell devices on your remote site subnet how to get to subnet which hold your pbx and phones (in your case vlan100). The first route is just needed on pbx (if your main office router is hosting vpn service) and other route must be set on remote office router that is holding vpn connection to main office…
A little more info:
192.168.2.x — router — Internet
|— Main office router ----- layer 3 switch – pbx 192.168.100.x
|----- 192.168.1.x vlan 1
|----- 192.168.10.x vlan 10
|----- 192.168.50.x vlan 50
There is a vpn tunnel between the routers. The layer 3 switch is the default gateway for all VLANs at the main office. There is a static route in the office router to send incoming traffic to those VLANs to the switch and it routes appropriately.
Picture did not post properly. Hope you can get the idea tho
Ok, I get the picture… there is, most likely one more “transport” subnet for vpn between 2 edge routers… Check on remote router if there actually is a static route for vlan100 subnet, and check on pbx box if there is a route for remote office subnet that points to gateway of subnet that resides in vlan100. And off course, check if you have some kind of acl in freepbx that will prevent extensions form remote subnet to register.