Remote vpn extension does not re-register after network restart


We have a setup with 10 local and 2 remote extensions connecting via VPN. This has been working for a year now but the one problem we do face is when the Internet connection on the PBX goes down. The VPN extensions will then not register unless we reboot the box. We have tried:

  • reloading asterisk
  • reloading the network service
  • killing and then restarting the VPN channel
  • restarting the VPN routers on each end

Is there any other way to force these remote extensions to register again without rebooting the box?

what type of phones are these? have you waited long enough for the phone to reregister on its own. a quick way to test is to break the vpn, wait until asterisk marks the phones as unreachable, then bring the vpn back up and then reboot one of the phones. if it registers after the reboot you have your answer. it can take up to an hour for a phone to re-register if the connection breaks.

These are Linksys/Cisco phones. We wait for a while, try restarting/rebooting the phones, but nothing happens. It is true that after about an hour or so the phones will register on their own. The problem is, we need to reboot the PBX for them to register before that, and that is not always feasible. So, we are looking for a way to register these phones without restarting the PBX.

you do not have to reboot the pbx at all. once the vpn is reestablished, simply reboot the phones. the only other option is to wait it out. if the phones are poe, then power cycle the poe switch. you can also reduce the re0egistration time in the phones if the vpn is unstable. the default re-reg time is i think 1 hour.

Sorry for not mentioning that before. Obviously, we tried restarting, rebooting and power-cycling the phones. Nothing happens, no registration.

i am assuming the you have the qual time on the extension set to 60? does the pbx mark the phone as unreachable? if yes then you are going to have to wireshark the phone end of things and see what is going on.

Yes, it is set to 60 seconds. If we do nothing, then the phones are Unavailable, not unreachable.

something sounds very strange. the first question to be answered is if the phones are able to contact the pbx after the vpn comes back up. you should be able to see this in the log files. if the phones are booting using tftp then check /var/log/messages. you should see the phones attempting to pull their configs. if they do, then check the /var/log/asterisk/full file to see if the phone attempts to register and what the result of the registration attempt is. if the phones either don’t pull a config or don’t attempt to register, then you need to look at your network a little closer. are you using a router to router vpn? or are you using router to pbx vpn?

You don’t have to reboot the PBX just the phones

After a couple of months, we had another issue which caused us to reboot the network on one side of the VPN. The 2 phones on the other end will then stop registering. They attempt to register, but the asterisk box never receives the request.

This is a router to router VPN. We can access the phones through the VPN just fine, but they can simply not contact asterisk. Any ideas?

Check whether any of the routers in question is running any SIP ALG helper… there was a post here recently, with result that the router user disabled alg and conntrack modules (he had that low level access obviously, YMMV)

(fyi FreePBX Distro: TFTP in remote offices via IPsec)