VLAN and snom 300 VoIP phone (no access to webserver)

  • I can't access the webserver from my snom 300 phone on a VLAN. The VLAN and the rules are the "same" as in m0n0wall. With m0n0wall I can access the webserver from the snom phone, with pfsense release 1.2 it doesn't work. I can ping the phone no problem. If I try to access with https (the phone has http or https) I'll get the warning about an unsecure certificate (that from the phone) but nothing more …

    In older version from pfsense this worked.

  • Are you using multiwan or policybased routing? We need more information about your setup (networktopology, vlans, firewallrules, etc).

  • Just Single WAN: VLAN (TAG 10) on LAN Interface. Firewall rule to prevent VLAN accessing LAN.

    VoIP (is my VLAN interface setup with DHCP Server)
    Proto Source  Port Destination Port Gateway Schedule Description
    *      VoIP net  *    ! LAN net  *      *          Default VoIP -> any BUT LAN

    Proto Source  Port Destination Port Gateway Schedule Description
    *    LAN net  *    *              *    *          Default LAN -> any

    Phone gets IP address from DHCP server.

    Phone uses VLAN TAG "10 7"  (10 = VLAN TAG; 7 QOS) maybee this is the problem, but this wasn't a problem on pfSense 1.01 and isn't by m0n0wall 1.3b10.

  • Are you using a vlanswitch for this? Is LAN a vlan as well?

  • LAN is "vr0" on my ALIX board and the VLAN is setup in pfSense on "vr0".

    If you like I can post mit config file from pfSense.

  • The way it's normaly done:

    Internet –--pfSense----(Trunk/Tagget)---Switch ----(untagget with vid 10)-----voip
                                                                        ----(untagget with vid 11)-----Lan

  • I have a very small network, that's why I have unmanagged switches.

    And the IP phone has a internal switch and it can untag the VLAN.

  • Does it work if you change !lan net to * on the voip net.

  • No, I tried this first.

    For me it is strange that it worked on pfSense 1.01 and m0n0wall 1.3b10 with the same configuration.

    And very strange, that I see the certificate of the phone when I do a https access.

  • Maybe this is a driver related problem. You are talking about using an alix and these systems are quite new so you probably have been running on different hardware when it worked? Can you retest on that old hardware? Maybe the old hardware didn't fully support vlans and that's why you now have an mtu issue as the vr chipset supports it? Btw, vlansupport for vr has been added  not too long ago for that chipset (in m0n0 in version 1.3b5 and we added it around that time too) so this would never have worked with a 1.01 on that same hardware.

  • No, I can't I don't have the old wrap board anymore. And yes, I'm running the "new" ALIX board.

Log in to reply