Yealink voip phones won't auto provision using multicast group
-
Hello,
I have setup a test environment. I have a pc running VMware ESXi, with 3 virtual machine's installed. pfSense firewall, Debian 8 and windows 7.
I made a network with DHCP on the pfsense, and connected both other VM's to it. They get an IP address, can see each other and can access internet.
Then I installed 3CX on the debian VM. I configured everything using standard settings. I can access the 3CX webinterface using the Windows 7 VM.Then I connected a Yealink T41P voip phone to the same network, it gets an IP and I can open the webinterface using the Windows 7 VM.
If I factory reset the Yealink phone, it should auto provision to the 3cx server, using PnP (multicast?). For exact understanding of this process see: https://www.3cx.com/docs/plug-and-play-ip-phone/I have tried this process on my home router (Edgerouter Lite), and it works.
But on my virtual pfSense setup, it doesn't work.When I go to the Debian VM, and use 'netstat -g', I get the following:
It doesn't show 224.0.1.75, so I think that is the problem.
As I understand correct, PnP uses multicast to join a multicast group (224.0.1.75?).
How do I enable this on my pfSense?I tried UPnP and IGMP Proxy, but both won't help me. I think IGMP proxy is the way to go, but I don't know for sure.
I searched Google, this forum, the 3CX forum and the Yealink forum, but couldn't find an answer.
Can you help me?
-
Based on what you described, I don't believe pfSense has anything to do with this.
I'd venture to guess it's most likely a misconfigured vSwitch. Have you tried enabling multicast snooping on your vSwitch? Also make sure you don't have any multicast filtering rules which would prevent routed multicast (224.0.1.0 to 224.0.1.255) from being passed.
Edit:
http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.networking.doc/GUID-50AF72D4-F766-4D68-8330-BA15250E4E99.html
-
Hi,
Thanks for your answer. It is my first time setting up a ESXi machine, so I don't know exactly what I need to configure.
I first created a Debian8 VM, and installed 3cx. This was connected with a standard vSwitch to a Toughswitch, to a Edgerouter Lite. I connected the phone to the toughswitch, and auto provisioning (multicast) worked fine.
Then I created a pfSense VM, and created a new Debian 8 VM, and did a fresh install of 3CX, connected to this pfSense. This is connected to the toughswitch, and all VLAN's are set up correctly. But now it doesn't work.
I cannot find anywhere to create a vSphere Disributed Switch on my ESXi installation. Do I need vCenter Server for this?
Are there any other things I might try? Should it work in pfSense, or do I need to change some settings?
-
This has nothing to do with pfsense. Typically the IGMP proxy is used to route multicast traffic past your local network and to another network. Pfsense doesn't care about your multicast traffic since it's not routing it anywhere.
Can you layout how you have your virtual network setup? Especially since you mentioned VLANs which each have their own separate broadcast domain. Depending on your VLAN setup, then the IGMP proxy might come into play.
-
Sorry for my misunderstanding, I wasn't completely sure if this had anything to do with pfSense.
I have the following standard vSwitch:
The Windows 7 Pro is only used to access the webinterface's of pfSense, 3CX and the phone
3CX was my first install, on the Edgerouter network. I disabled it, and made a fresh install (just in case some IP settings were left wrong)
3CX Fresh Install is the Debian machine my current 3CX install is on.
pfSense has VLAN ID 4095, so it should receive all VLAN's. It has a VLAN for the WAN, and a VLAN for the VOIP. They both work as they should.The ESXi machine is connected to my Toughswitch, this port has 'Trunk port' enabled. The Yealink Phone is also connected to the Toughswitch, with Untagged VLAN 770.
They all connect to the correct network in pfSense.If you need to know anything more about my setup, let me know. I have a pretty good understanding of pfSense, but this is my first ESXi machine.
Thanks for your help so far! -
Is iptables enabled on the Debian VM? If so, have you created a rule to allow multicast to pass?
iptables -A INPUT -i ethXX -m pkttype –pkt-type multicast -j ACCEPT
^ that should work if you need a rule. Just change the ethXX to your eth
Also, are you able to ping the phone from your 3CX server?
-
I don't know if this is correct?
Yes, I am able to ping the phone from the 3CX server.
Before I created the pfSense VM, I had the 3CX server VM connected to my home network (Edgerouter Lite), and auto provisioning worked without any problems.
Then I created the pfSense VM, changed the switch settings, and reinstalled 3CX (just to be sure). And it didn't work.Do you know if there are any other settings within VMware ESXi that can affect my problem? I searched almost everything I could think about.
And can you help me understand how multicast exactly works? I don't understand it completely. Does pfSense have anything to do with multicast, or is it on the switches only? -
In your screenshot iptables is inactive anyways so the rules won't matter. Do you have ufw installed on the server? You should be able to check by typing "service ufw status".
What are your IP scheme for the 770 VLAN? What is the IP address of the 3CX server and what is the IP address of the phone? Also, can you post the results of ifconfig -a from the command line of the pfSense server?
The only setting in ESXi that I can think of that could help would be IGMP snooping or disabling multicast filtering. I have not used ESXi in several years so I don't remember what configurable options you have.
I'd suggest you read https://en.wikipedia.org/wiki/Multicast to familiarize yourself with how multicast works. Multicast is a broadcast dependent technology. What this means is each network has it's own broadcast domain. So if you have VLAN 100 with the IP scheme of 192.168.0.0/24 and another VLAN 200 with an ip scheme of 192.168.1.0/24, the multicast traffic from VLAN 100 won't be sent to VLAN 200 without using an IGMP routing service to route the multicast to another broadcast domain.
Since you have your 3CX server and phone on the same VLAN, you shouldn't have to do any multicast routing on pfSense since the server and phone are in the same broadcast domain.
IGMP snooping is a technology which typically runs on the switch. IGMP snooping works by listens for IGMP conversations between hosts and makes a list of what devices "care" about receiving multicast. This prevents the switch from blasting multicast broadcasts to every device on that specific broadcast domain and cuts down on multicast traffic.
-
And actually just for testing purposes, can you try defining your VLAN 770 network scheme as a downstream in the IGMP proxy in pfSense?
-
To be sure it works with another router, I tried the following:
The 'Debian 8 Fresh Install' is another fresh install of the 3CX server.
VLAN ID 0 is untagged traffic going to the Toughswitch, I changed the phone to this VLAN also, and it works.
The phone shows up automatically.This network is connected to a Edgerouter Lite, with basic configuration.
But as you say, the multicast is running on the switch. And about this I found the following:
https://communities.vmware.com/thread/470492?start=0&tstart=0I will try migrating to a distributed switch.
The IGMP proxy I already tried (see my first post), but it didn't help.