PfSense - IOS 6 (AT&T LTE) - Asterisk –
-
Good Evening,
I am working on assisting a user with getting the 3CXPhone on a new iPhone5 (IOS 6) to connect to Asterisk 1.8.n
The iPhone is linking to the pfSense 2.0.1 box via a Mobile IPSec definition. So It's something like this –
iPhone5 (IOS 6 /Cisco VPN) --- AT&T LTE ---- Comcast Business ---- pfSense 2.0.1 --- Asterisk
10.37.165.n / 172.21.11.1/30 -- IPV6 ---- IPV4 (Satic) ------- IPSec -------- 2198 Nat=no / qualify=3500
(166.147.114.n)The link comes up and from the iPhone we can ping the Asterisk box, and access other applications.
But the 3cxPhone attempts to register with the iPhones 10 dot address not the IPSec assigned 172.21.11.1.
From asterisk when I run MTR to 172.21.11.1 but not the 10 dot address ir just goes out a default WAN route.
Anyone with any ideas here ???
====================================
SAD -- looks good as does SPD with the assigned 172.21.11.1
Phase 1 ---
Interface - Comcast
Authentication Method - Mutual PSK + Xauth
Negotiation Mode - Aggressive
My Identifier - My IP address
Peer Identifier - xxxxxx.dynalias.com
PreShared Key - xxxxxxxxxxxxxxxxxx
Policy Generation - Unquie
Proposal Checking - Strict
Encryption Algorithm - AES / 128
Hash Algorithm - SHA1
DH Key Group - 2
Lifetime - 8600
Nat-T - Enable
Enable DPD - Checked
10 Seconds / 5 Retries
Phase 2 ---
Mode - Tunnel
Local Network - Lan Subnet (172.21.10.0/24)
Encryption Algorithm - AES 128
Hash Algorithm - SHA1
PFS Key Group - 2
Lifetime - 3600
Automatically ping Host - 172.21.11.1
Mobile Client ---
User & Group Authentication Source System
Virtual Address Pool - Check Provide a Virtual Address Pool
Network 172.21.11.0 / 24 ( Potential for Tethered Devices is why I changed this from 30 )
Network List - Checked
Save Xauth Password - Checked
DNS Default Domain - Blank
DNS Servers - Checked -
- Internal DNS 172.21.10.5
- Goggle - 8.8.8.8
WINS Servers - Blank
Phase 2 PFS Group - Checked Group 2
Users -
Name - xxxxxxxxxx
Password - xxxxxxxxxxx
Group Membership - IPSECUSERS -
Effective Privileges - IPSecUsers - USER - VPN - IPSec xauth Dialin
Group -
Name - IPSECUsers
Assigned Privileges - User - VPN - IPsec xauth Dialin=================================================================================
-
In 3CX there should be an option for "In Office" and "Out of Office". You might need to switch that in order to make the phone use the external IP.
-
In 3CX there should be an option for "In Office" and "Out of Office". You might need to switch that in order to make the phone use the external IP.
Thank you for the response.
But it appears the feature you are referencing is designed to allow a user to specify how to attach to the IPBX and does not appear to have the ability to allow you to select the source address for the phone, only the target data, STUN server info for the IPBX / Proxy.
-
Answer was two fold –
First dump 3cxPhone to Useragent : Acrobits Softphone/5.2
Then validate routing for the Route end of the Mobile IPSec which included moving it to a 172.23.0.0 sub net due to a conflict..
======================