Jump to content

Snom 370 behind OpenVPN Tunnel


Recommended Posts

Hello all,

 

I'm running successfully a SnomONE v4.5.0.1075 on a Windows 2008R2. In the local network I have some Snom 360,370 and 870 connected and they all can successfully call outbound and internal as well as receive calls. Now I also got some clients in a second branch that is connected through OpenVPN to the main network. The manual provisioning of those Snom 370s was successful and I can call those phones and establish the call successfully. Only when trying to call from those devices somewhere else, it fails.

 

Both when trying to call one of the extensions in the main network and when trying to call outbound (through berofix Gateway) from this branch, the calls won't establish. But when dropping the call then, the call is established. But as then initiating extension already aborted, the end of the line is dead. I can exclude routing problems for sure.

 

Before SnomOne we used an Asterisk and due to the VPN and thereby reduced MTU., I had to enable the packet fragmentation. http://wiki.snom.com/FAQ/How_to_solve_problems_with_outgoing_calls_in_firmware_version_8%3F

Afterwards this setup worked. But now with SnomOne both enabling this feature as well as short SIP headers, I can't make any outgoing call successfully.

 

Anybody has an idea how to solve this issue? I can of course provide detailed log information, but please give me a hint what you need. I don't want to spam this forum with logs.

 

Calling from a PC with XLite4 in this network successfully establishes a call. Also using one of the extensions for the Snom phones....

 

Best

Hubertus

Link to post
Share on other sites

Why do you need to use VPN? snom ONE has a "mini session border controller" built-in, so that devices can also work behind NAT. Also, regarding packet fragmentation, why dont you just use TLS? If you use plug and play, the phones will have all the settings right, so you dont have to worry about details.

Link to post
Share on other sites

The VPN connection was not originally installed just for telephony, but actually to connect main office and branch and use the same ressources (AD, XenApp, Shares, ...). As the infrastructure is already available, I wanted to use it also for telephony. I don't see a reason to tunnel most of my traffic through the VPN but let the phones connect "around" it - also in terms of safety.

 

 

Regarding TLS, do you mean this can also improve my problem still using the VPN?

 

 

PnP did not work in the branch office behind the tunnel. So I entered the settings URI manually and set the HTTP Client settings for each of the phones.

 

 

If I got you wrong somewhere, let me know...

Link to post
Share on other sites

Today I figured out a way to solve the problem temporarily:

 

I forced the snom phones to use TCP by adding ";transport=tcp" to the outbound proxy address. Unfortunately this only works until the next time the phones settings are updated by the provisioning.

 

Is there a way to force TCP for certain extensions? Otherwise also TCP for all would be acceptable for me. The Transport layer for the SnomOne under PnP->snom in the web interface is currently set to UDP.

 

 

Thanks for any suggestions

Hubertus

Link to post
Share on other sites

Is there a way to force TCP for certain extensions? Otherwise also TCP for all would be acceptable for me. The Transport layer for the SnomOne under PnP->snom in the web interface is currently set to UDP.

 

The default for that is TLS. Did you change that for a reason? Usually, TLS is the best choice as it avoids problems like the UDP fragmentation problem and it also keep other parties from reading the traffic betwene the PBX and the phones. If you want to overrule if for certain extensions, you can do this by modifying the PnP files only for the specfic extensions.

Link to post
Share on other sites

Thanks for the reply, again :)

 

I changed this setting to UDP as it was recommended by beronet for their hardware:

http://wiki.beronet.com/index.php/Berofix_with_Snom_One

 

As far as I understand, TLS it not fully supported by their hardware. I now asked the support for their explanation and will post the answer here. But I changed the transport layer already to TCP for the whole system yesterday evening and after a reboot, it worked as intended.

 

So far, thank you very much for you help and I would like to say, that I'm very happy with Snom One. As we only have snom phones, I really think it was worth to change from Asterisk to benefit for the way better interactions out of the box. As soon as we cross the limit of the users, I will not hesitate to pay for the yellow Edition.

 

Regards

Hubertus

Link to post
Share on other sites

You can easily use UDP for the gateway and TLS for the phones. As for the PBX, if you use a outbound proxy on the gateway trunk like 192.168.1.2:5060, it is always UDP by default (thats the RFC). No need to change that in the provisioning settings for the snom phones...

Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...