Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN traffic sometimes routed over the WAN

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 321 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      peter_richardson
      last edited by

      Hi all, we have a site running pfSense, remote site also using pfSense, 3CX phone system, running over OpenVPN. Today I noticed that one of the extensions is not being routed over the VPN and therefore it is not able to register with the PBX (3CX). Why just one and not the other 3? The PBX is configured to disallow registrations from the WAN. This is perfect for security so that only phones communicating over the VPN will be able to register.

      We have another site that did something similar today - all 4 extensions were unable to register and when I logged into 3CX I noticed a whole bunch of attempts to register from the WAN, which were blocked. I rebooted the router and it fixed it. But now the client is extremely upset (a bit unreasonable, sure) because they want (like everyone else on the planet) to have a phone system that never goes down, and twice in 2 weeks is unacceptable to them.

      Any help is greatly appreciated!

      1 Reply Last reply Reply Quote 0
      • T
        TheNarc
        last edited by

        How stable is the VPN connection? Do you have gateway monitoring enabled for it? The only thing that occurs to me offhand is if the VPN gateway goes down briefly and outbound traffic gets routed via the WAN. That wouldn't explain it if it's consistently only one (and the same one) out of three phones though. I may be off-base with this idea too; just a home user here and don't have any direct experience with a setup like that, but do run persistent VPN client connections.

        1 Reply Last reply Reply Quote 0
        • P
          peter_richardson
          last edited by peter_richardson

          Thanks @TheNarc

          I think what I was seeing was actually a PC soft-phone trying to connect via the WAN (outside the VPN) because it must have been provisioned that way, not one of the phones. And since the soft-phone has the same extension as one of the desk-phones, it appeared to be that one phone.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.