Peer SIP Trunk Unreachable on VPN Network


#1

I have an Asus RT-AC88U router at my Mpls office and an RT-AC68U at my Naples office, both running Asus-Merlin Rel 384.17. The Naples Router has an OpenVPN Server Configured. The Mpls Router has an OpenVPN Client Connected to the Naples Router with Create NAT on Tunnel = NO and Inbound Firewall = Allow. The Firewalls on both routers are disabled.

Attached to the router LANs at each location I have a Grandstream UCM6204 IP-PBX systems with Peer SIP Trunks configured connecting the two UCM systems. Each UCM can successfully ping the other UCM.

When I first configure the Peer SIP Trunks on the UCM systems, the connections work fine. After a week or two, the trunks no longer work. The status in the UCM dashboard shows that the SIP Trunks are unreachable. When I do a network trace on each of the UCM systems, they are sending SIP Keep Alive packets to the remote UCM, but the remote UCM does not seem to see these packets. While I have this failure mode, each UCM can still ping the remote UCM.

I’m pulling my hair out trying to figure out why these SIP keep alive packets are being blocked. How can I debug this problem?

Here are the Network Trace Files from both UCM Systems:Grandstream Peer SIP Trunk Problem.zip (292.0 KB)


#2

I changed the peer SIP Trunks from UDP to TCP and the problem disappeared. Keeping my fingers crossed that this will be a long term fix.


#4

è una situazione complessa, occorre verificare una serie di impostazioni, non c’è la “risposta certa”.


#5

It might fix it.
I took a look at the trace, (it helps to provide IPs of the systems) and it appears that one system is 135.70 and the other is 133.70. They are both trying to see OPTIONS from the other, but the messaging is not making it thru to either side. Being that the normal messaging is at the UDP level, and you can reach both using TCP, this tend to points to the tunnel being the issue.

It is not clear to me why you have disabled the firewalls, as tunnels don’t care about the firewall. I suggest you enable the protection it offers. I do not use ASUS and while they are reportedly great home routers with high throuhput, they lack in many areas for a business/commercial need. They focus on gaming, streaming and WiFi. I can only suggest checking the setup of the VPN and perhaps YouTube may have a video on using them with OpenVPN and VoIP.

TCP will oftentimes overcome some issues, but time will tell.