Routing/ipsec/Asterisk issue communicating with remote networks inside pfSense



  • Not sure where to put this as im not sure what the issue is. I have a ipsec vpn set up with 7 remote locations. Every location with the exception of 2 have dedicated Asterisk boxes. The 2 other have only pfsense with the Asterisk package ad. I have short dial codes setup to dial other locations over the vpn. all work except for the 2 pfsense/asterisk boxes.

    At both locations were the short codes do not work while in the pfsense gui or ssh'd into the routers i cannot ping/connect/talk to anything at the corporate location. so 10.0.9.254 (remote router) cant ping 10.0.1.254 (corporate location) inside the router.  But from behind the router (any host on the 10.0.9.0 network) I can ping anything on the corporate location just not inside the router. To confuse me more at the corporate location i can ping/connect/talk to anything on the remote networks from the router.

    So my theory why I cant use these short codes is this lack of communication between the 2 locations from remote router to corporate router.  Verbose output from asterisk shows and unreachable destination when the short code is entered.

    Firewall rules on one of the 2 locations is set to allow any on both the WAN and LAN just to try to get it to work.

    Thanks for any help you can give.



  • Bump

    I still cannot communicate with the corporate router from inside the remote router. I cannot fathom why since i can from behind the router. Is pfSense not sending down the VPN tunnel when inside the router?



  • I've read your thread several times but I still don't understand what your network looks like and what equipment you really have at each site.

    Perhaps the lack of answers comes from the fact that nobody understands the situation?

    Instead of only bumping you could try to provide more information. Like a network diagram and explain what exactly the unknown "routers" are.

    I can't promise an answer but I believe a better question would at least increase the odds of getting one.



  • @P3R:

    I've read your thread several times but I still don't understand what your network looks like and what equipment you really have at each site.

    Perhaps the lack of answers comes from the fact that nobody understands the situation?

    Instead of only bumping you could try to provide more information. Like a network diagram and explain what exactly the unknown "routers" are.

    I can't promise an answer but I believe a better question would at least increase the odds of getting one.

    OK im still having this issue and Im going to try to explain this better/ more simplified 2 location scenario.

    I have a IPSEC VPN connections between 2 locations.

    Location 1 Has a pfsense router (10.0.1.254) with a dedicated Asterisk server (10.0.1.2) behind the routers LAN port.

    Location 2 is a pfSense Netgate router with Asterisk installed on the router (10.0.9.254)

    At location 2 anything behind the Netgate router LAN port (10.0.9.254) ipsec traffic travels to Location 1 (10.0.1.0/24) fine with out issues. But from inside the Netgate router (10.0.9.254) either via trying to ping in the GUI or ssh the Location 1's network (10.0.1.0/24)  no packetes travel down the VPN.

    So my issues is that I have short codes (ie *80) to dial the two locations but since Asterisk is not using the VPN tunnel on the Location 2 Netgate router (10.0.9.254) they time out.

    I need to find out how to get Asterisk from Location 2 to communicate down the VPN. Right now it simply does not even see the 10.0.1.0/24 network at location 1 from inside the router.

    Testing from Location 1's router and Asterisk Server I can ping Location 2's router. I cannot ping from inside Location 2's router or Asterisk CLI to Location 1's network (10.0.1.0/24)

    Ping output:

    
    PING 10.0.9.254 (10.0.9.254) from 10.0.1.254: 56 data bytes
    64 bytes from 10.0.9.254: icmp_seq=0 ttl=64 time=22.600 ms
    64 bytes from 10.0.9.254: icmp_seq=1 ttl=64 time=30.619 ms
    64 bytes from 10.0.9.254: icmp_seq=2 ttl=64 time=21.115 ms
    
    --- 10.0.9.254 ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 21.115/24.778/30.619/4.174 ms
    
    
    
    PING 10.0.1.254 (10.0.1.254): 56 data bytes
    
    --- 10.0.1.254 ping statistics ---
    3 packets transmitted, 0 packets received, 100.0% packet loss
    
    
    
    Pinging 10.0.1.254 from 10.0.9.13 with 32 bytes of data:
    Reply from 10.0.1.1: bytes=32 time=26ms TTL=126
    Reply from 10.0.1.1: bytes=32 time=24ms TTL=126
    Reply from 10.0.1.1: bytes=32 time=25ms TTL=126
    Reply from 10.0.1.1: bytes=32 time=23ms TTL=126
    
    Ping statistics for 10.0.1.254:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 23ms, Maximum = 26ms, Average = 24ms