SIP over VPN Issues

HLA91

Honorable
Nov 4, 2013
3
0
10,510
Hi all

I am having trouble with SIP over VPN. The current setup we have is, in the HQ we have 1 Draytek Vigor 2830 (10.0.0.1) which handles our 4 bonded broadband, we also have another 2830 (10.0.0.9) which connects to another broadband line for our SIP, which runs from an Asterix PABX (10.0.0.2).

In our site office we have another 2830 (10.0.10.1).

I can set up a VPN using PPTP between HQ Broadband Router (10.0.0.1) -> Site Office Router (10.0.10.1).

I can also do the same between the SIP Router (10.0.0.9) and the Site Office Router (10.0.10.1).
The issue we are having is that even though the VPN is up and working the SIP phones in the Site Office aren't picking up the PABX server here in HQ. Even though any SIP phone we plug in down here is HQ finds the PABX automatically.

Also if I connect the SIP Router and the Site Router even though the box "Change default route to this VPN tunnel" is UNTICKED, the user up there are complaining of slow internet when the VPN is on as if its directing all traffic down the SIP broadband line which is not needed or wanted.

Can anyone offer any guidance?

Many thanks

HLA91
 
Since your site router has 2 paths back to the main office how does it know to use the SIP path to get to the PBX ip rather than via the main path. Then how do you force traffic coming back from the PBX to end device to use the secondary connection rather than the primary. Now this is only the control traffic after the call is up you now have exactly the same issue from all the end stations talking between the HQ and the remote site. You almost have to run routing protocols to get this to work

Now this should not matter unless you have a firewall someplace that is blocking asynchronous traffic. It should work but just use the wrong path. If your phones are not even registering with the PBX then I would suspect there is some issue with how the phones are learning the IP of the PBX. If you configure the phones manually with static IP and static settings for the PBX do the phones contact the PBX...can you ping the phones from the remote location.
 

HLA91

Honorable
Nov 4, 2013
3
0
10,510
Sorry I didn't explain properly, for testing purposes we setup a VPN from 10.0.0.1 -> 10.0.10.1 (Site router) and we also setup (not at the same time though) a VPN from the SIP router 10.0.0.9->10.0.10.1 both VPN's work and from HQ I can ping the Site router and the site phone but the phones just cannot see the PABX, also the site router (10.0.10.1) cannot ping into the HQ for some unknown reason it can hit whichever router is on the VPN with it but no further, yet any pc inside HQ can ping inside the network at the site office.
 
It is not uncommon for the routers themselves to have issues pinging stuff. Mostly it is because they may issue ping commands with the outside address to a ip with a inside address. Normally you can override this behavior. It is not real important as long as the tunnels themselves work. I would avoid testing connectivity using the routers when you are using VPN because of them not always treating their own traffic the same as user traffic.

So if you take 2 PC and ping from say 10.0.0.5 to another pc at the remote location say at 10.0.10.5 and this works then your tunnel is fine. To be really sure you could turn off the PBX and the phone and assign the exact same addresses to these devices. This would ensure you do not have some filter or something in the routers. If this works it implies there is something strange in the pbx or phone. I would be most suspect of things like the default route...or if the phones are using a broadcast rather than a hard coded IP to find the sip gateway. Normally the you hard code the IP of the SIP gateway or have the DHCP server give it to the phone via one of the optional DHCP parameters (I forget exactly which)
 

HLA91

Honorable
Nov 4, 2013
3
0
10,510
Another problem to throw in the mix, when the VPN is live the internet connection in the site office doesn't work yet when that happened I was remotely accessing a pc their over the web and my remote connection didn't drop, so it seems only their browsing and outlook connections were affected.