VPN traffic sometimes routed over the WAN

  • Hi all, we have a site running pfSense, remote site also using pfSense, 3CX phone system, running over OpenVPN. Today I noticed that one of the extensions is not being routed over the VPN and therefore it is not able to register with the PBX (3CX). Why just one and not the other 3? The PBX is configured to disallow registrations from the WAN. This is perfect for security so that only phones communicating over the VPN will be able to register.

    We have another site that did something similar today - all 4 extensions were unable to register and when I logged into 3CX I noticed a whole bunch of attempts to register from the WAN, which were blocked. I rebooted the router and it fixed it. But now the client is extremely upset (a bit unreasonable, sure) because they want (like everyone else on the planet) to have a phone system that never goes down, and twice in 2 weeks is unacceptable to them.

    Any help is greatly appreciated!

  • How stable is the VPN connection? Do you have gateway monitoring enabled for it? The only thing that occurs to me offhand is if the VPN gateway goes down briefly and outbound traffic gets routed via the WAN. That wouldn't explain it if it's consistently only one (and the same one) out of three phones though. I may be off-base with this idea too; just a home user here and don't have any direct experience with a setup like that, but do run persistent VPN client connections.

  • Thanks @TheNarc

    I think what I was seeing was actually a PC soft-phone trying to connect via the WAN (outside the VPN) because it must have been provisioned that way, not one of the phones. And since the soft-phone has the same extension as one of the desk-phones, it appeared to be that one phone.

Log in to reply