Phone will not stay registered

I have an Asterisk system in my office and a phone at home. The networks at my home and office are connected through a VPN link. This has worked for a long time (3 years ). but something changed. I cannot connect my home phone to the Asterisk box for more than a few minutes. When I restart the phone, it registers, and I can receive phone calls (but for some reason I don’t seem to be able to make phone calls). After a short time (somewhere between immediately and 3 minutes, the phone (AAstra 6753i) shows “No Service”. On the Asterisk log, I can see 2 entries:

[2019-03-30 13:58:51] NOTICE[2182] chan_sip.c: Peer ‘1600’ is now Reachable. (120ms / 2000ms)

and then:

[2019-03-30 14:01:00] NOTICE[2182] chan_sip.c: Peer ‘1600’ is now UNREACHABLE! Last qualify: 112

the phone shows “Status 408”

The phone will not reconnect by itself and When I restart it, it goes offline again.

I have spend a few hours now resetting the phone and setting it up again, but I can’t get it to hold on. Can someone help me with some pointers what could be the reason for this behavior, or what I can do to trouble shoot this?

Appreciate your help.

First the response time to the OPTION request 1600 sec too hig , almost lagged, then the408 Request Timeout: phone Couldn’t register during the established time, and also UNREACHABLE!, all indicate a network connection issue, have you tried to connect the phone directly to Asterisk bypassing the VPN just for testing purposes

Thanks. No, I have not tried connecting directly. I will try that next when I go to the office n Monday.

Sorry for the delay. I was traveling …

So, I h now tried a few more things. First, I connected the phone as close to the modem as possible. So the entire connection chain was phone - passive router(1) - Sophos RED firewall - Xfinity modem (transparent) - (Internet) - Xfinity modem - Sophos UTM - router(2) - Asterisk box. Connecting the phone to the passive router(1) bypasses all the wires and routrs in my house. The result was the same.

Then I took the phone to the office and connected it to a passive router that was connected directly to router(2). Result: Stable connection, no problems with the phone.

Having eliminated the phone and my home wiring, the problem can only be between the two Sophos firewalls, (including the modems).

To further pinpoint the cause of this, I need to understand how the VPN channel between the Sophos boxes works. TCP/IP traffic, if I understand it correctly can go through many different ports, and those need to be open for communication to work. How is this managed through a VPN tunnel? On the package level, does the VPN tunnel only encrypt the payload, but leave the meta information open (so the phone would start communicating through, say, port 5600, this would arrive at the VPN box, and only the payload is encrypted, but routing and port information stays unencrypted, or is the whole package, including all meta information encrypted and transported?

In the first case, since the sophos boxes report a stable VPN channel, and my other traffic between the office and my home works fine (access to resources), it would point to possibly a closed port on the modems.or the sophos devices. In the second case, I could exclude the sophos devices.

One more thing I noticed: When the connection is established and phone is registered (before it is no longer registered), I can call the phone from my cell phone, but I cannot make any calls (tone indicates a busy line). Immediately after i try to call from the phone or after I call it from my cell phone the phone goes offline. That indicated to me that the phone registers. But as soon as a bidirectional data flow is required, the communication breaks down. Does that point to a port problem (phone registers on one port, but when the Asterisk box tries to communicate on a different port it can’t, and cuts the connection)? However your routers may use a proprietary method.

What’s your Asterisk version?