I have an employee that connects to the main office via VPN. He is using a Digium D50 phone which is set to register to the 192.168.1.x Asterisk server however whenever I SSH into the server and type sip show peers, it shows him as being connected to the 24.x.x.x external static ip address rather than the internal ip address. Everything else with the VPN is fine. Also, since there is nothing in his Digium phone that is even aware of the public IP address, I’m assuming that it’s something in Asterisk that’s pointing the phone to that public IP. Anyone know what setting(s) I should look for and/or change so that he connected to the 192.x.x.x address versus the 24.x.x.x address?
I don’t think so. I don’t even see an option available for STUN on the Digium D50 phone. All I see is Primary Host, Alternate Host and SIP Outbound Proxy. The Primary Host section is the only one filled in and the other two sections are blank. The Primary Host is set to the 192.x address so I’m not sure how it even knows that the public IP address exists unless Asterisk is telling it somewhere.
On the networking tab, the only sections are IPv4 Address (set to auto, DHCP), the Virtual LAN, (set to the defaults), the QoS (also set to defaults) and the Ethernet Port Modes (UDP Persist Connection is OFF).
UPDATE: Looking at the “sip show peers” now in the CLI, it is showing that the phone is now connected with the 192.x.x.x address and NOT the public IP address. So at best, it seems to pick and choose where it connects and when. Is there any way to “force” it to ALWAYS use the internal IP address over the LAN? I would ultimately like to completely disable ports 5060-5061 in my firewall since I don’t have a need for external non-LAN peers to connect.
Yes, I did and they agreed with me that it wasn’t the phone (since there’s no place in the phone which even has the public address) so it must be a configuration issue with Asterisk. The support rep logged into my system and added the VPN LAN address to the localnets (192.168.2.0/255.255.255.0) but that didn’t appear to work. Since they determined that it was a config issue and not a phone issue, they couldn’t help anymore so I posted here to see if anyone who knows more about Asterisk configuration could help.
It might be a IP/subnet issue!
Your employee is he having a LAN at home that uses
192.168.1.x/255.255.255.0
and the IP the VPN gives him is 192.168.1.x/255.255.255.0
Then I think it will connect with the external IP!
I got this issue and changed the IP the VPN gives me.
Home LAN: 192.168.0.x/255.255.255.0
VPN DHCPD: 10.0.x.x/255.255.255.0
I also got this issue when I in Win 8.1 started OpenVPN, but not as admin!
It looked like I was connected but a small error in the connection log told
me that I was not connected with the VPN but with the hotel external IP!
I’m not sure if I understand what you’re saying? Are you recommending that I change the VPN user to a class A network instead of a class C?
My employee is using a 192.168.2.x networkvia the VPN and the office uses a 192.168.1.x. They are both class C’s, just on two different networks. (.1.x and .2.x)
Also, I’m using a site-to-site hardware VPN rather than a software VPN.
Ok!
It might be some difference between hardware and software VPN!
But I got one of the problems when I started OpenVPN client as
a non admin user in my win8.1 client!
Anyhow, I’m using 10.66.77.0//255.255.255.0 so I’m hopefully not
getting any subnet conflicts.
Your employee are using 192.168.2.x/255.255.255.0 at home.
The VPN is using 192.168.1.x/255.255.255.0.
What are your office LAN IP range?
The VPN must use a IP range that is not the same as any other!
I’m using VPN when I’m staying at different hotels.
I got this IP at the Hotel: 2.86.255.159 (in Greece, not sure what the LAN IP was)
At Home i’m using for my LAN: 192.168.0.x/255.255.255.0
The VPN tunnel is using: 10.66.77.x//255.255.255.0
Then I get no subnet problems connecting through my VPN and I can
use my home network as if I was at home!
How is VPN organised?
Is there some router which creates a VPN tunnel, and the Digium phone is behind that router ?
Do you have an opportunity to set up a softphone on the PC from the same LAN to which the D50 is connected?
Which IP will be shown in Asterisk when connecting from the softphone?
Do a traceroute from such a computer to your Asterisk’s VPN address.