We have 2 offices with Mikrotik routers. Each office has its own VOIP server. The VOIP guy tells me… “Can you get a VPN between the 2 offices?” Sure we already have a PPtP VPN between the two offices.
He gets all excited. Brings up the phone server on the other end in a browser and tells me he’s is good. Several hours later I get a email that he is having trouble with the “voice path”.
I ask him to explain that… I get nothing back for 5 more hours. Then he starts talking about opening Protocols, not ports. Not thinking I am going to get much help there.
I am not onsite today but I think the VOIP guy is going to play some more.
Is PPtP sufficient to run a VOIP connection over VPN? Or should I be looking into straight packet forwarding?
If the traffic is SIP based then the SIP control path typically uses port 5060 while the audio RTP traffic typically uses a block of higher port numbers. You can certainly run various VOIP systems over PPTP. Just be aware that if that path gets congested (e.g. VPN concentrator performance) it will be heard fairly quickly on the audio path. If you have the option to provide higher QOS to the VOIP traffic that should help.
Those are some of the ports that they asked me to forward from the WAN to the servers on each side. Anything special need to be done when one server communicates with the other?
As long as the servers agree on the ports to be used it should be fine. Perhaps each server is trying to use a different RTP port range which will need to be reconciled.
I am a bit confused by the sudden talk of EoIP. Implementing EoIP just to get a couple of PBXs talking would be overkill. PPTP/VPN will work as long as the routers can handle the encryption demands caused by the voice traffic and port forwarding will also work so there is no need to expose the sites at layer 2.
Samir494. It depends on what his pbx’s are. Alot will not encrypt SIP so you cannot say that infact if you look at SIP it is very much human readable and very much insecure by nature.
To the OP - PPTP should be operating fine, I would suggest you get a trace of a call (wireshark the host or packet sniff on router) and see what addresses its passing. Perhaps it is using a different address on the call legs for some reason
The connection from site2 to site1 is a PPtP VPN.
I chose that because the main site has a static IP. So the site with the dynamic IP (site2)is always calling into the known site.
I made sure the routes are good between the 2 subnets
Site1 has one Vertical Phone System
Site2 has one Vertical Phone System
The systems are the WAVE system so they are SIP.
Got into both routers and turned off the SIP helper in firewall services.
Site1 192.168.88.0/24 Phone Server sits at 192.168.88.200
Site2 192.168.89.0/24 Phone Server site at 192.168.89.200
VPN between sites is 192.168.98.111 is the IP given to the Site2 router.
Routes exist on both sides so they know where the other subnet is using the 192.168.98.100 and 192.168.98.111 addresses.
Today onsite people now report that they can call between offices. But sometimes the calls break up.
When no one was at the office there was no issue.
I checked the routerboard and is never shows more then 7% cpu useage.
If the main issue is calls breaking up, that is usually caused by jitter (usually sounds like a person talking with a very bad stutter).
Our experience when this happens has shown that it is usually a connectivity or latency issue and/or there is not enough bandwidth to carry the calls/data traffic (e.g. Some person at one side of the link decides to copy over a large file).
Snce this is a site to site VPN with no concentrator (at least that is my assumption), it might be worth your time monitoring the link bandwidth and getting some feedback from the resultant graphs.
If the above is the case, enabling some form of QoS on link to prioritise SIP/RTP traffic should help. You might also try changing codec e.g. going from g.711 to g.729.
Audio breakup is probably either general bandwidth/jitter issues or could be a sign that under load the routers are struggling to provide the encryption for the traffic in the PPTP tunnels.