2 network interfaces on server

Discussion in '3CX Phone System - General' started by jofer, Jan 15, 2013.

Thread Status:
Not open for further replies.
  1. jofer

    Joined:
    Dec 5, 2012
    Messages:
    45
    Likes Received:
    3
    Hi

    I have seen the documentation about having 2 NIC's on a server and having 1 connected to the internet via ADSL and my VoIP provider lines connected through this connection.

    The other NIC is connected to the customer internal LAN where a voice VLAN is created.

    Can someone please explain in a bit more detail how to have this working proparly, I know windows complain about having 2 default gateways and I need to set 1 static route. What would the best way be to have this working?

    Regards
    Johan
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    Leave the first interface for your local LAN and IP phones with standard gateway, etc. No gateway should be specified for the second LAN interface. You must add static route for the second LAN interface (to your provider) via DOS prompt command:
    Code:
    route add destination mask gateway -p
    Check command syntax and make this route permanent (with '–p' option).
    Also you normally need to specify the address for this interface into advanced voip provider settings menu - use specified IP address.



    Regards
     

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sigma1

    sigma1 Active Member

    Joined:
    Nov 20, 2009
    Messages:
    542
    Likes Received:
    1
    The above is somewhat incomplete and you need to supply us with more information and specifically:

    Are you only dealing with ONE private subnet and the public subnet If so, provide ONLY the default gateway on the public NIC and leave the private subnet alone. Do not add any route on your host. IF you have a need to one or more additional private subnets (like a VPN or other private subnet via another router on your private subnet NIC) you will need to specify a static route for that.

    What is important to remember is that within 3CX you will need to specify the IP you use to connect to external entities and the card that it's associated to (bound) and the private side where your phones will connect (IP and card used).

    Try and have the public end static and avoid STUN if possible.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. jofer

    Joined:
    Dec 5, 2012
    Messages:
    45
    Likes Received:
    3
    Thanks for the reply, let me give more detail on what i try to get working.

    the customer has 2 vlan's, 1 for the data side and another for the voice side. Now on my windows 2008 server I have 2 network interfaces. One is connected into the voice vlan lets say ip:10.41.188.2 mask 255.255.255.0 and i have set the gateway 10.41.188.1
    On the second NIC which is connected to an ADSL and my VoIP provider lines register to this connection. I have set IP:192.168.10.2 255.255.255.0 and not added the default gateway.

    I added the static route
    route add 192.168.10.0 mask 255.255.255.0 192.168.10.1 -p IF2

    But by doing this my VoIP lines does not register, and also i cannot access the internet with this setup.

    By adding the gateway on the network interface on NIC 2 and not adding it on NIC 1 but use static route for default gateway on NIC 1 my VoIP lines register but then I cannot reach the rest of the customer network (myphone ) for example does not work.

    Please advise on how to do this the right way.

    Thanks
    Johan
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. jofer

    Joined:
    Dec 5, 2012
    Messages:
    45
    Likes Received:
    3
    Just more info, when i leave out the default gateway on my NIC connecting to the internet, and i add the route, the interface says "unidentified network" and that does not give me internet access.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. sigma1

    sigma1 Active Member

    Joined:
    Nov 20, 2009
    Messages:
    542
    Likes Received:
    1
    Can you please post a ROUTE PRINT screenshot
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    If possible, turn off STUN requests into networking settings, assuming you have a static IP address for Internet access via LAN interface 1. Specify in this section as internal address the address of first LAN, e.g. 10.41.188.2.

    Into your provider settings, advanced section, you must select 'use specified IP' for contact field, e.g. 192.168.10.2. Other options (external IP, STUN resolved, internal IP) should not be used.

    If the real address of your provider (second LAN interface) is a public one (not the given 192.168.10.0/24 network example, you must add that network into 'Custom parameters' settings menu, 'Local subnets', to prevent 3CX to NAT that network to public address (beyond first LAN interface).

    You must be able also to ping or at least to trace route to your provider via second LAN interface, if configured correctly.

    Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. sigma1

    sigma1 Active Member

    Joined:
    Nov 20, 2009
    Messages:
    542
    Likes Received:
    1
    LOL... 3CX to NAT that network to public address (beyond first LAN interface).

    If you do not input any default gateway on the private LAN NIC this cannot happen at all. It can ONLY happen if you input a default gateway bound to the private NIC that happens to be on the same subnet of the IP assigned to the Private NIC.

    Bottom line, simply configure ONLY one gateway (default gateway) on the NIC assigned to the PUBLIC IP and obviously that will also be a PUBLIC IP on the same subnet of the NIC connected to your ADSL. KISS
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. jofer

    Joined:
    Dec 5, 2012
    Messages:
    45
    Likes Received:
    3
    I got it working but not sure if it will keep working like that. I have assigned a gateway on the NIC connected on the local LAN and no gateway on the 2nd NIC connected to public (ADSL) then added 2 route entries and you will see I put xx in the address field because it is my provider public IP put in there.



    C:\Users\aritech>route print
    ===========================================================================
    Interface List
    13...a0 b3 cc e7 b4 00 ......HP NC112i 1-port Ethernet Server Adapter #2
    11...a0 b3 cc e7 b4 01 ......HP NC112i 1-port Ethernet Server Adapter
    1...........................Software Loopback Interface 1
    12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
    14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 10.41.188.1 10.41.188.2 276
    10.41.188.2 255.255.255.255 On-link 10.41.188.2 276
    xx.xx.xx.xx 255.255.255.255 192.168.10.1 192.168.10.2 21
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    192.168.10.0 255.255.255.0 On-link 192.168.10.2 276
    192.168.10.0 255.255.255.0 192.168.10.1 192.168.10.2 21
    192.168.10.2 255.255.255.255 On-link 192.168.10.2 276
    192.168.10.255 255.255.255.255 On-link 192.168.10.2 276
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 10.41.188.2 276
    224.0.0.0 240.0.0.0 On-link 192.168.10.2 276
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 10.41.188.2 276
    255.255.255.255 255.255.255.255 On-link 192.168.10.2 276
    ===========================================================================
    Persistent Routes:
    Network Address Netmask Gateway Address Metric
    0.0.0.0 0.0.0.0 10.41.188.1 Default
    xx.xx.xx.xx 255.255.255.255 192.168.10.1 1
    192.168.10.0 255.255.255.0 192.168.10.1 1
    ===========================================================================

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    11 276 fe80::/64 On-link
    11 276 fe80::f8b6:7ef7:a8be:4990/128
    On-link
    1 306 ff00::/8 On-link
    11 276 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. sigma1

    sigma1 Active Member

    Joined:
    Nov 20, 2009
    Messages:
    542
    Likes Received:
    1
    Certainly not what we were suggesting. Do a tracert and it's likely going out via NAT on your other router...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    @jofer:
    Your setup should continue working normally. We have many similar installations of 3CX (over 50 systems already), as well this setup has been discussed and confirmed by 3CX support.

    @sigma1:
    Depends what you are tracerouting. The rest is how 3CX system is working.

    Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. sigma1

    sigma1 Active Member

    Joined:
    Nov 20, 2009
    Messages:
    542
    Likes Received:
    1
    Orlin... over 100 installs LOL ROFL

    You should tracert something like 8.8.8.8 and make sure that your first hop is the "dedicated dsl" public IP gateway and not your private IP on the other router, if the latter you need to keep STUN enabled if you don't have static port mapping.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    Tracing route to 8.8.8.8 should pass through LAN1 gateway in Jofer's case (route for 0.0.0.0/0).

    Only traffic to VoIP provider should pass through LAN2 in this case. SIP/SDP headers should not be changed for most providers (insisting on private IPs from their networks for the PBX), for this reason provider's public addresses should be added in local subnets custom parameter in order to avoid NAT. Probably you haven't faced this issue (depends on provider).

    Otherwise you must use a router supporting properly SIP ALG (like Cisco).

    Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. jofer

    Joined:
    Dec 5, 2012
    Messages:
    45
    Likes Received:
    3
    Hi all

    I did the tracert and the traffic flows over the right interfaces, so I will keep this config because I don't have any problems with it now. But thank you all for the input, I have surely made notes of all of this.

    Regards
    Johan
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Constantinos

    Joined:
    Apr 6, 2017
    Messages:
    2
    Likes Received:
    0
    Hi guys
    I have a server 2016 with 2 LAN cards and my system is working perfect with internet and with VoIP provider. The only problem i am facing is with the mail server. Cannot send any mail. If i disable the LAN from the VoIP provider send normally emails but when is enable doesn't send. I think is because the system don't know which LAN to choose for email. Any suggestion?
    Thank you
     
Thread Status:
Not open for further replies.