We have a small company network here (192.168.178.x) and a private network in home office (192.168.2.x). These networks are both running a FritzBox router and are connected via VPN trough FritzBox to FritzBox (IPSec, 192.168.2.1 resolves to 192.168.178.128 in remote network).
Now I try to connect to the companies telephone System with my Softphone (local computer IP is 192.168.2.41) and the telephone system is addressed at 192.168.178.10 and is running an local VoIP service.
I can register my softphone / account, I can call someone, I can get called, but nobody is hearing me and I do not hear anybody.
So the route should look like this:
192.168.2.41 (client computer with softphone) ->
192.168.2.1 FritzBox ->
192.168.178.1 FritzBox remote VPN Server ->
192.168.178.10 telephone system / VoIP Server
I have tried to catch some packages within the FritzBoxes and check them with Wireshark. But it am not really able to understand them. While calling the connection between 192.168.2.41 and 192.168.178.62 is active. But I even do not now which device 192.168.178.62 should be.
Any ideas why there do not get any voice data transferred?
Best Answer
A standard SIP VoIP call involves 4 IP tuples: two control channels and two voice channels, one of each from each client to the other client. Both ends of the call are both server (inbound connections) and client (outbound connections). Usually, a dynamic high numbered port is used for the voice channel. A clients control channel is used to pass the voice connection IP and port opened by the client to the opposing call client within the control channel payload. Each client then initiates a voice channel (RTP mentioned above), resulting in one voice channel each way. In your case the home office client would pass the local IP (192.168.2.41), not the virtual IP (192.168.178.128) of the far end of the VPN. This results in the main office client attempting to connect to an unroutable IP rather than the virtual IP.
Your remote VPN softclient must be able to pass a routable IP to the office client for the voice channel connection or you need a firewall capable of SIP session inspection and management (aka a SIP gateway).
Some softclients can do a reverse cone connection (remote client initiates all call paths) to mitigate virtual IPs and NAT on a VPN. You can look for that function in your soft client docs. Otherwise, the local IPs of both VoIP clients must be transparently and directly routable by both clients.
If you have a STUN server running, enabling STUN on the client will give the client a way to lookup its virtual IP on the office end of the VPN and use that IP for registration and SIP sessions. Both server and home client must be enabled to work. Note, the STUN service must be running on a server that is directly routable by the PBX (no NAT). Usually this is the same server as the SIP registrar and catalog services.
Q: does the same behavior occur between clients on the same subnet? Iām guessing not.