Hello,
i have a FreePBX (asterisk) system as my pbx. It is connected to my Mikrotik.
PBX: 192.168.1.3/32
Mikrotik: 192.168.1.2/32
In Mikrotik i have setup l2tp VPN.
Mikrotik VPN: 192.168.100.1/32
VPN DHCP POOL: 192.168.100.10 - 192.168.100.20
I have firewall rules of accept forward chain through 192.168.1.0/24 and 192.168.100.0/24 networks and vice versa.
Inside my internal lan, 192.168.1.0/24, everything is working fine as voip telephony concerned.
When i connected through VPN, i can register my sip phone and i can call every number i want (internal or external). The callee is ringing normally. But i cannot hear anything, he cannot hear anything. There is no audio even in our internal calls.
I am thinking i miss something… Are the RTP packets that are not passing through ? Do i need a NAT rule ? I tried to add firewall rule of accepting input chain the tcp 5060,5061 and the udp of my RTP port range but no success…
Mikrotik has implemented service port for this reason. so i highly suggest make sure that in /ip firewall services you have enabled required (sip) protocol and you need to write your rules based on connection type in general tab in ip firewall filter.
Thank you razavim for your interest.
My sip protocol at 5060 and 5061 ports is enabled in /ip firewall services.
What rules i have to write in my /ip firewall filter ? It is supposed that all network traffic is forwarded between my internal lan and vpn. I have also added the following rules but no success here…
My vpn subnet is on freepbx box already. I have added as static route. That is how i can register a sip phone that resides at vpn side.
Correct me if i am wrong, but vpn site to site needs a mikrotik routers on both sites. But i am on the move. I don’t have a static remote location where i need to connect to my office vpn.
When you don’t want all kinds of problems with SIP, make sure you do NOT use NAT!
It is not required to do NAT for a VPN when you use a reasonable network layout and have the correct gateway settings
in your routers and PBX.