No VOIP audio on either end.

[techjohnny]

We have three offices connected using NEC SV8100 device, problem is the new location cannot here anything both ways from the two existing locations that are already communicating.
We suspect it's the firewall, which is doing NAT, but does have the RTP and SIP helper modules loaded.
We can see the display at the remote location, but cannot hear anything. I ran a packet sniffer (tcpdump) and it did show many UDP packets leaving our firewall, but the other end I was able to see the traffic.​

 

[belevedere]

You failed to mention how the systems are connected. CCIS? Netlink? Remote IP phones? However you need to have ports 10020-10081 port forwarded to the IP address in CMD 84-26. This is what provides the voice.

 

[techjohnny]

Sorry. The connection between the two is done through OpenVPN using SSL certificate. All traffic over the VPN on the subnet transfer fine, but the voice is not transferring.

192.168.2.0 (OpenVPN Tunnel) to 192.168.1.93
192.168.1.254 (Kerio Firewall that has a VPN) 192.168.0.1 (Site that VOIP works on). (192.168.0.0/24 and 192.168.1.0/24)

So I believe part of the problem is the NEC behind 192.168.1.0/24 has to go through the Kerio firewall (192.168.1.254) and then connect through another NAT Firewall (192.168.1.93).

This is why I tried specifying a route from 192.168.1.0 NEC to route directly through the OpenVPN to the subnet 192.168.2.0/24, but this didn't help either.

 

[belevedere]

This note is from the NEC SV-8100 Networking manual for a Netlink set up. Ports used by the NEC VoIP equipment must be opened in the firewall allowing the NEC traffic to pass through onto the SV8100. The ports, 58000 and 58002 (TCP) for signaling and the voice ports, are required to be open at each location. This depends on how many IPLA/B ports are installed.
 IPLA/B 32 open UDP ports 10020 ~ 10083
 IPLA/B 64 open UDP ports 10020 ~ 10147
 IPLA/B 128 open UDP ports 10020 ~ 10275
 For IPLB, only one IP address is needed for each type of IPLB32, IPLB64, or IPLB128.
For a CCIS network, The ports, 57000 and 59000 (TCP) for signaling and the voice ports, are required to be open at each location. This depends on how many IPLA/IPLB ports are installed.
 IPLA/IPLB 32 open UDP ports 10020 ~ 10083
 IPLA/IPLB 64 open UDP ports 10020 ~ 10147
 IPLA/IPLB 128 open UDP ports 10020 ~ 10275
Not sure if this helps.

 

[techjohnny]

Thanks. I would like to avoid the VPN and go over the Internet, but this would require using POSTROUTING or SNAT in iptables to forward the ports over the Internet and then forward the ports to the NEC SV8100 at 192.168.1.249.

 

[techjohnny]

Okay, so let's say my setup as is:

Seattle 192.168.2.26 (brain) ,27 (10020) ,28 (10052)
-> VPN 192.168.2.20 -> Internet -> <- Internet <- Everett Firewall 192.168.1.254 <- VPN 192.168.1.93
Everett 192.168.1.249 (brain), 95 (10020), 96 (10052)

What if I wanted to send the traffic over the WAN directly to 192.168.1.254 instead of going through the tunnel?

 

[belevedere]

You would need to set up port forwarding.