IPSec Tunnel and VoIP



  • This is my first post here. I am hoping that someone can help me clear up some issues that I am having.

    Background:
    I have pfsense deployed in the amazon cloud. I have several PBX systems running in the cloud. So far everyone has been fine connecting via a regular public IP to the PBX. Now we are starting to use 3CX. This platform requires us to have a local ip on the same network as the phone for remote provisioning. So in order to do this, we need to setup a VPN.

    On the clients ends we have pfsense boxes. So my thought was to do a site to site VPN tunnel for the sites that will implement this.

    Problem:

    I have followed some directions online and have been unable to communicate with anything other than the pfsense on the cloud side. (Ping and visiting the web page). If i try to ping or visit one of the other servers on the same subnet, nothing returns. However I know the pinging works because I can go machine to machine in the cloud.

    Details:
    Cloud VoIP Subnet 10.1.96.0/22

    pfSense WAN 10.1.96.5 > EC2 Public IP Address
    pfSense LAN 10.1.96.6

    PBX 1 LAN 10.1.96.10
    Accounting PBX LAN 10.1.96.200

    On the client end, at least for me:

    pfsense WAN XX.X.X.X Static IP
    pfsense LAN 10.0.0.0/24
    pfsense OPT2 (VOIP) Subnet 10.61.0.0/24 (IP is 10.61.0.1) with DHCP and Options for Remote Provisioning.

    Question:

    I have done everything that tutorials state, including the firewall rules on the ipsec tab, etc. I dont see anything related to it in the Routing Tables, so I am not sure where to go from here. Is there anything I am missing?

    Any help would greatly be appreciated. Thanks.



  • Hello

    Can you ping a EC2 server from local?
    Can you ping local from a EC2 server?

    Are you using public and private route tables and subnets on AWS?



  • NASMAN,

    Thank you for the reply.

    From the local (office) side, I can not ping the EC2 servers. I can however ping the EC2 server that is the pfsense (10.1.96.5)
    I can also visit the pfsense configuration page (for the remote end) from the web on the local side.
    I can not ping from an EC2 to local.

    I feel like its something to do with the routing tables, but I am just not sure.

    Thanks,

    Jim



  • Are you using public and private route tables and subnets on AWS?



  • @NASMAN:

    Are you using public and private route tables and subnets on AWS?

    @beijingjim did this help?

    Also why can you not just use the AWS VPN?
    We use the AWS VPC VPN and a local pfSense box.



  • I am using public and private route tables. However the reason I didnt want to use just the AWS VPN is because of the cost. With the pfSense AMI I can use it for other purposes as well. But still no luck.



  • Did you already create a port forward rule on wan that opens UDP Port 5060-5080 and RTP port 10000 - 20000? It is required for the VOIP to work on. Also I noticed that subnet of your LAN and WAN that you have configured for your pfsense is the same subnet. Did you already tried to change the network of your LAN? Try to make it 172.xx.xx.xx or any private IP Address that is different from your WAN Subnet.

    Hope this can help you