Yealink Forums
Local account should not go through VPN - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Wishlist (/forumdisplay.php?fid=13)
+--- Thread: Local account should not go through VPN (/showthread.php?tid=30109)

Pages: 1 2


Local account should not go through VPN - avayablix - 10-12-2016 03:47 AM

I have noticed that when my T23G connects to a remote server via VPN, all accounts on that phone want to send traffic through that VPN.

Now that's not desirable in all cases. E.g. I want account 1 to connect to a remote server, but account 2 should be local and register to my local telephone server or SIP provider, but that's not possible.

I suggest you add a functionality that will allow users to decide whether traffic for a specific account should send traffic through the VPN, or not.

Thanks.


RE: Local account should not go through VPN - jolouis - 10-13-2016 10:14 PM

This sounds more like more of a network setup scenario. Can you confirm that the IP address the VPN server hands to you does not conflict the local IP, and that the "local" PBX is in the same subnet as the local IP (and not the VPN).

Might also have to do with your VPN server. In OpenVPN there are configuration options to allow the server to push out routes for the client to use, and also an option to basically tell the client to route all traffic over the VPN instead of using it's existing routing table. The default route one is "redirect-gateway def1" or something like that (Google is your friend).

In any case I'm guessing you should be able to solve your issue by changing your server config, probably does not require anything to be changed on the Yealink side of things.


RE: Local account should not go through VPN - avayablix - 10-15-2016 09:22 PM

I wasn't describing my issue correctly. I get my local account to register with the local server, I can make calls, but I only have one way audio or no audio.

Yealink has confirmed to me it has to do with how the phone handles the traffic and it was not on their agenda to fix it soon.

This is basically a follow up on my request from a while ago, hoping they are willing to address this issue soon, cause I have plenty or remote phones, and people would like to use them for local accounts as well, instead of having to have two phones on their desks.


RE: Local account should not go through VPN - jolouis - 10-21-2016 09:43 PM

(10-15-2016 09:22 PM)avayablix Wrote:  I wasn't describing my issue correctly. I get my local account to register with the local server, I can make calls, but I only have one way audio or no audio.

Yealink has confirmed to me it has to do with how the phone handles the traffic and it was not on their agenda to fix it soon.
Interesting, what phone and firmware are you using? Out of curiosity I just tried this setup on one of the spare T23Gs we have here at the office and found no issues, both local account and remote VPN account work as expected. T23 is running 80.0.95 firmware (I don't think there was anything VPN related in the changelogs for .125 so scenario should work there also).

Setup is this:
Phone configured for OpenVPN to remote PBX.
VPN interface has IP 10.168.1.21 (remote network for VPN is 10.168.1.0/24)
Local interface has IP 192.168.10.185 (local network is 192.168.10.0/24)
Account #1 is registered to remote PBX 10.168.1.50
Account #2 is registered to local PBX 192.168.10.33

Calls to and from account #1 and account #2 work without issue, voice is routed properly etc.

So my suspicion is again that you have either a server setting issue, or a network conflict (i.e. is your VPN server assigning an address that is in the same range as your local network?? i.e. if VPN is 192.168.1.0/24 and local is 192.168.1.0/24 then of course things will not work properly for both)

Hopefully that helps :o)


RE: Local account should not go through VPN - avayablix - 10-22-2016 03:39 AM

Can you confirm, that you have audio both ways when making a call on your local account?
My T23G Yealink is receiving audio, but not sending any, so the party on the other end doesn't hear anything.
Looks like RTP packets are not routed correctly.
The packet capture below indicates this. 192.168.178.23 is the local Yealink. 192.168.178.1 is second phone on my local network.
10.124.193.10 is the VPN address of my Yealink and I don't think RTP packets should be sent to that address on a local call.

92 15.662888 192.168.178.23 192.168.178.1 RTP 214 PT=ITU-T G.711 PCMA, SSRC=0x1128EA25, Seq=10319, Time=240
93 15.676911 192.168.178.1 10.124.193.10 RTP 218 PT=ITU-T G.711 PCMA, SSRC=0x73DEA5E9, Seq=9, Time=1440

I am testing having two phones off of my fritzbox router (same happens when I try a local Asterisk server). When I disable VPN on my Yealink, I can make calls with two way audio fine.
Same problems on a T20P.

44.80.0.130 Firmware.
Trying to make Yealink fix this at some point, but I am not getting any answers.

By the way, thanks for your responses.


RE: Local account should not go through VPN - Quinlan_Yealink - 10-24-2016 11:06 AM

hi sir

could you help provide the packet capture to us analysis and I will also escalation a ticket to development to confirm your idea feasible.
please let me know if have any problems.


RE: Local account should not go through VPN - jolouis - 10-28-2016 02:36 PM

(10-22-2016 03:39 AM)avayablix Wrote:  Can you confirm, that you have audio both ways when making a call on your local account?

Hey Just tested this again for you and can confirm that it definitely works fine for me. Get full two way audio to both the local account, and the VPN account.

Tested on a T23G running 44.80.0.95. Haven't tried .130, but try rolling your phone back to .95 and see if the problem goes away maybe?

In fact, just to prove the point, I actually made a call on the VPN account, put it on hold and made a call on the local account, and then for fun conferenced them together on the Yealink. All three parties could hear each other without issue.

All this leads me to the conclusion that things on the Yealink side are working properly. So conclusions:
A) maybe there's something goofy between 0.95 and 0.130 firmware? I have not tried 130 yet, but as I said everything works on .95. Try putting 0.95 on your phone and see if that solves it, then at least you know there is a definite bug.
B) If A does not resolve the issue, then I hate to say it but logically the only other option is that there's something fishy going on either with your VPN setup or your routing....

Have you looked at the SIP dialog that flows back and forth when the call is setup? The INVITE packets will usually have details about where the RTP traffic should be sent, that might give you a clue as to what's happening. That would also help you find out if it's a problem with something on the Asterisk side of things (i.e. maybe your NAT/localnet settings on the local box aren't quite right and are conflicting with the VPN IPs).

Thanks,
-Rob


RE: Local account should not go through VPN - dig1234 - 01-09-2018 10:28 PM

Any update on this, there should be an easy way to send local IP in SDP instead of VPN IP. Very easy for yealink to fix. Or does anyone have a workaround?

Thanks


RE: Local account should not go through VPN - avayax - 01-22-2018 07:15 PM

(01-09-2018 10:28 PM)dig1234 Wrote:  Any update on this, there should be an easy way to send local IP in SDP instead of VPN IP. Very easy for yealink to fix. Or does anyone have a workaround?

Thanks

No update on this unfortunately.
Problem is that on accounts registering to a local server, the Yealink phone puts VPN IP in the Invite SIP header, instead of the local IP, resulting in one way audio.

Any workarounds?


RE: Local account should not go through VPN - KNERD - 01-22-2018 08:11 PM

Yeah, I sure would like to know why this BUG has not been resolved.