WAN LAN Scenario (via openVPN) how to setup?

dear community,

have the following problem:

i have one public ip in my data center (78.12.x.x). this is the primary interface for my freepbx server.

then i have 3 locations around the world with one router. behind the router here are standing all my sip phones.
i have opened the sip 5060 UDP port on my freepbx for my 3 locations. in my router i dont have done anything.

so for now, how i can setup all 3 locations with the server?

currently i can call from the phones in my locations, but if i call from external, my phone is not ringing… (voicebox answers the phone because not reachable)… why?

i also have running a firewall on my datacenter where i can activate openvpn but how i should do this with the
ip-adresses? i only have set one primary ip address (78.12.x.x). must i setup a lan ip address for the whole openVPN traffic?

can anybody help me?


You have three LANs (in different locations), with multiple phones at each location - but only one FreePBX server? Incoming calls arrive, I presume, at the location where the server is - you want to be able to answer incoming calls at any of the three locations? Hard to understand your description.

I suspect the answer to your problem will be in the log file at /var/log/asterisk/full – make an outgoing call, then an incoming call from a mobile (or whatever) and see what the log says.

Hello jeremy,

Yes my description is correct. I have one freepbx Server in my datacenter with one trunk and one phone number. And have 3 LAN (,, On each LAN i have 5 extension: 10,11,12,13,14,15 lan1, 16, 17, 18, 19, 20 lan2, 21, 22, 23, 24, 25 lan3. So my question how i can or should do it exactly with the serverside and LAN site configure it? Have 3 static ip-addresses (on each LAN one).

Openvpn? How correct Setup?

Thank you.

Many greets MK

If you use an OpenVPN server then you don’t have anything to do. Run the server in your datacenter, open the port the server listens to, set your phones to connect there and after the vpn is established you configure your phones as they were local.

Hello astbox,

thank you for you message.

is it a good choice to use openvpn?
or is that not recommend?

i mean because the overhead and the latency from openVPN?

thank you,

many greets

Well there is some overhead but the chance to get hacked leaving a pbx on a public ip is worse. Plus many major phone brands support openvpn, that way you don’t need any extra hardware like a router to connect to the openvpn server.

Okay, so for now i have done the vpn with ipsec.

but i have another question:

question 1:
if i change the trunk port to another port as 5060 UDP (PEER details: port=5090),
i get the following error:
– Executing [[email protected]:1] NoOp(“SIP/10-0000002e”, “TRUNK Dial failed due to CONGESTION HANGUPCAUSE: 19 - failing through to other trunks”) in new stack
– Executing [[email protected]:2] Set(“SIP/10-0000002e”, “CALLERID(number)=10”) in new stack
– Executing [[email protected]:7] Macro(“SIP/10-0000002e”, “outisbusy,”) in new stack
– Executing [[email protected]:1] Progress(“SIP/10-0000002e”, “”) in new stack
– Executing [[email protected]:2] GotoIf(“SIP/10-0000002e”, “0?emergency,1”) in new stack
– Executing [[email protected]:3] GotoIf(“SIP/10-0000002e”, “0?intracompany,1”) in new stack
– Executing [[email protected]:4] Playback(“SIP/10-0000002e”, “all-circuits-busy-now&pls-try-call-later, noanswer”) in new stack
– <SIP/10-0000002e> Playing ‘all-circuits-busy-now.slin16’ (language ‘de_DE’)
> 0x7f36540441c0 – Probation passed - setting RTP source address to
– <SIP/10-0000002e> Playing ‘pls-try-call-later.slin16’ (language ‘de_DE’)
== Spawn extension (macro-outisbusy, s, 4) exited non-zero on ‘SIP/10-0000002e’ in macro ‘outisbusy’
== Spawn extension (from-internal, 066XXXXXXX, 7) exited non-zero on ‘SIP/10-0000002e’
– Executing [[email protected]:1] Hangup(“SIP/10-0000002e”, “”) in new stack
== Spawn extension (from-internal, h, 1) exited non-zero on ‘SIP/10-0000002e’

all lines are busy. if i change the port return to 5060, then it works fine…

question 2:
what is this problem?

[2016-07-18 02:48:13] WARNING[2137]: chan_sip.c:4020 retrans_pkt: Retransmission timeout reached on transmission 99LB9Rz9Ix9jv6HSu4e3oA… for seqno 2 (Critical Response) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 6400ms with no response
[2016-07-18 02:48:13] WARNING[2137]: chan_sip.c:4049 retrans_pkt: Hanging up call 99LB9Rz9Ix9jv6HSu4e3oA… - no reply to our critical packet (see https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions).

can you help me?

thank you.

which problem i have here? any ideas? :frowning:

thank you very much

If you " change the trunk port to another port as 5060 UDP (PEER details: port=5090)," do you not realize that on the far end you would also have to reciprocate that association or it just won’t answer? If you don’t have control over that endpoint, then you are pretty well buggered. If you do, then change the sip bindport to 5090.

Just asking if we are all talking rational networking here and you understand how it works.

Hello Dicko,

thank you very much.

i have called with my provider, he means i must go via UDP 5060 outgoing becaus a security policy.

so now, all working fine.

thank you very much!

many greets