I have a laptop with a vpn client connected to our home office. The laptop routes through the remote router using the wireless connection. The vpn connection is working fine, and I am able to run an i2050 softphone on the laptop successfully. What I would like to do is connect an i2002 phone to the laptop NIC port instead of using the softphone. However, I can't seem to get it to work. I have connected the i2002 with a crossover cable and assigned a static IP to the phone. I can ping the i2002 from the laptop, but the phone cannot reach the BCM450 at the home office. Any ideas about what I am missing here?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
IPphone over VPN
- Thread starter mcdoug
- Start date
norstarboy125
Vendor
You connect hard ip phones to a switch/router not the nic port on a laptop, actually I've never even heard that process before with any PBX.
Charm City Communications
Charm City Communications
- Thread starter
- #3
The remote site does not have a vpn router, it has a d-link dir-820L. The laptop uses a vpn client to connect to the home office. Therefore I can't just plug into the router, it needs to go through the laptop. I don't know if it is possible, but it should work the same way as sharing the internet connection with a second laptop connected with a crossover cable.
norstarboy125
Vendor
Well you need a hardware vpn on remote side to make it work, or you can always use a static ip if you don't care about putting your system out like that.
Charm City Communications
Charm City Communications
phoneguy610
Programmer
I have a customer with the same setup, their it guys setup a sonic wall VPN client on the laptop
ddcommllc.com
Avaya/Toshiba/SyntelSolutions
ACIS
"Will work for stars
ddcommllc.com
Avaya/Toshiba/SyntelSolutions
ACIS
"Will work for stars
- Thread starter
- #7
Well bridging the network created an ip address conflict on the phone. I tried giving the phone and NIC port static addresses, but then they went back to not finding server. Static addresses were on the same subnet as the d-link, and the gateway was for the d-link as well. BTW, we have a Shrew soft VPN client.
How did you manage to "bridge" the NIC port to the VPN? That's typically not possible as IPSec (which is what it sounds like you're using as your underlying VPN technology) doesn't encapsulate ethernet frames.
What you are probably going to have to do is enable Windows ICS (Internet Connection Sharing), which starts up a NAT router and DHCP server that both happen to be built into Windows. You should (hopefully) be able to specify the VPN as the "WAN" interface being shared, and the NIC as the "LAN". How this is accomplished depends on the version of Windows you are running, the way the VPN client itself works (I'm not familiar with Shrew), and so on. The phone will get an IP from Windows ICS, and Windows will then NAT all traffic between the phone and the VPN connection. Note that the i2002 is a UNIStim phone, not SIP, and I have no idea how UNIStim responds to being NATted.
Good luck,
-- Nathan
What you are probably going to have to do is enable Windows ICS (Internet Connection Sharing), which starts up a NAT router and DHCP server that both happen to be built into Windows. You should (hopefully) be able to specify the VPN as the "WAN" interface being shared, and the NIC as the "LAN". How this is accomplished depends on the version of Windows you are running, the way the VPN client itself works (I'm not familiar with Shrew), and so on. The phone will get an IP from Windows ICS, and Windows will then NAT all traffic between the phone and the VPN connection. Note that the i2002 is a UNIStim phone, not SIP, and I have no idea how UNIStim responds to being NATted.
Good luck,
-- Nathan
- Thread starter
- #9
I must be missing some ports to share. The phone is getting an ip address and it is finding the gateway ip which is the NIC port ip. I have allowed the following ports based on info I have found online: 10000, 123, 4100, 5004-5007, 5060, 510-511, 7000.
I have installed the 2050 softphone on the laptop and it connects and runs fine through the Shrew vpn client.
I have installed the 2050 softphone on the laptop and it connects and runs fine through the Shrew vpn client.
UNIStim does not like being NATed since both ends need to know the true IP address of the other end since that is where they are sending signal/voice packets. Your 2050 works over VPN on the PC since it knows about the VPN IP address. The 2002 sitting behind the PC using a shared connection does not.
If UNIStim does not like being NATted, I think OP's only option is to change VPN clients to one that supports "true" tunneling mode in IPsec. I read through the Shrew docs, and they are very light on details, but as far as I could tell, even though it supports "tunneling" mode, as far as Shrew goes, that only appears to mean that it is encrypting & signing the IP header along with the payload, and does not actually mean that you can use Shrew as a gateway for multiple IP devices on its end of the tunnel (presumably, though, this is not necessarily a Shrew limitation, but a Windows one).
The easiest answer is to get a different router on your end: one that supports IPsec tunnels. Then you'd let the router construct the VPN instead of a software client (Shrew) on your computer, and connect both your computer and the phone to that router. If you absolutely MUST have a software VPN client on your computer, I don't know of too many (other than Linux's native IP stack) that would allow you to do this. You'd need to have an IP networking stack in your OS that supports IP forwarding (basically, it needs to be able to act as a router) and an IPsec client that supports tunnel mode. One possible (but complicated and convoluted) solution would be to run something like VMware Player or VirtualBox (or some other virtualization layer) on your computer, and then run a router OS inside of that -- something like MikroTik RouterOS or Vyatta Core -- that you'd use in place of a native IPsec software client. I've actually done this before, and it works great and is much more flexible, but you may find it to be a challenge to set up and use, especially if you are not particularly well-versed in IP networking.
The IT/network admin at your company may also need to make additional changes on their VPN concentrator for this to work.
-- Nathan
The easiest answer is to get a different router on your end: one that supports IPsec tunnels. Then you'd let the router construct the VPN instead of a software client (Shrew) on your computer, and connect both your computer and the phone to that router. If you absolutely MUST have a software VPN client on your computer, I don't know of too many (other than Linux's native IP stack) that would allow you to do this. You'd need to have an IP networking stack in your OS that supports IP forwarding (basically, it needs to be able to act as a router) and an IPsec client that supports tunnel mode. One possible (but complicated and convoluted) solution would be to run something like VMware Player or VirtualBox (or some other virtualization layer) on your computer, and then run a router OS inside of that -- something like MikroTik RouterOS or Vyatta Core -- that you'd use in place of a native IPsec software client. I've actually done this before, and it works great and is much more flexible, but you may find it to be a challenge to set up and use, especially if you are not particularly well-versed in IP networking.
The IT/network admin at your company may also need to make additional changes on their VPN concentrator for this to work.
-- Nathan
- Thread starter
- #12
All of your input has been greatly appreciated. Unfortunately I have run out of time to make this work, and the laptop is in the field with a 2050 softphone and the Shrew vpn client. So far it has been working well connecting to the BCM450 and receiving calls.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question