3cx Assistant and VPN Clients

Discussion in '3CX Phone System - General' started by carolinainnovative, Jun 9, 2010.

Thread Status:
Not open for further replies.
  1. carolinainnovative

    Joined:
    May 4, 2009
    Messages:
    369
    Likes Received:
    6
    Has anyone seen any odd issues with 3cx Assistant and VPN clients? I did a cursory search of the forum and didn't find anything - so perhaps this is an issue specific with version 9...

    Here's how I have my system setup:

    Remote Client connects over internet to 3cx. Works great.
    Uses softphone just fine - works great.

    Connects via vpn to A COMPLETELY DIFFERENT NETWORK - and before any one asks - no, it does not tunnel ALL traffic - only the traffic for the IP addresses on the vpn network.. so for this case its a 10.10.0.0 being routed over the vpn and NOTHING ELSE - and 10.10.x.x doesn't conflict with anything on MY network either.

    Any time the VPN is connected, 3cx Assistant refuses to connect.

    Soft phone still works beautifully when the vpn is connected.

    Use Tunnel can be on or off, 3cx Assistant can be in local or remote mode, i've tried using fqdn and ip address for the 3cx box - fails every time... BUT THE SOFT PHONE WORKS. Yes - I realize they use separate ports and protocols but seriously - it is all to the same IP - if we were breaking one, we should be breaking both.

    Any ideas? The vpn has worked flawlessly for a long time - and nothing else has ever been affected by it. I'm running NCP Secure Entry client x64 bit edition connecting to a Cisco PIX 515E.

    Sorry in advance if this should be a "General" help question instead of 3cx Version 9 question, but I am running 3cx 9 with assistant installed version 9.0.12857.0 / executable version 9.0.0.12856, so I figured I should post it here.
     
  2. clarityscg

    Joined:
    Oct 16, 2008
    Messages:
    17
    Likes Received:
    4
    Chavous,

    You may be experiencing an RTP issue or firewall rule that is interupting the Assistant while in the VPN. I also note that we are using bridged PBX (2) and not experiencing that issue. Are you using Ver. 9 Bata 2?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. carolinainnovative

    Joined:
    May 4, 2009
    Messages:
    369
    Likes Received:
    6
    I thought about that - but the traffic is going to two separate places... vpn traffic is going to one network (one of my customers) and the SIp traffic is going to MY datacenter. There is no firewall on my machine to otherwise mess with the traffic.

    I even went so far as to run WireShark and see what goes across the wire both times. It did not reveal anything interesting. The only interesting bits of traffic were some DNS resolution requests that went over the vpn that I didn't think should have - but that shouldn't matter for two reasons -
    1) I had it configured to use the IP of the 3cx box and
    2) even if I didn't, my 3cx box sits on a public IP - like public ip BOUND to the nic - so DNS resolution ALWAYS comes back with the same public IP. ALWAYS.

    I'm going to wireshark it some more and see if I can see anything interesting. I was really hoping someone else had seen this and I wasn't all alone. <snif> ; - )

    The one piece to the puzzle I didn't mention - because I don't know if it will affect anything (haven't tried it outside of this yet) is the router on the network from which I'm doing all this has a static vpn tunnel to my datacenter w/ the 3cx box.

    Haven't had a chance to get out there and do more tests - soon.

    Thanks for the reply...

    Chavous
     
  4. carolinainnovative

    Joined:
    May 4, 2009
    Messages:
    369
    Likes Received:
    6
    SUCCESS!

    First off, I somehow manged to get it working with the vpn while in tunnel mode. I suspect it worked the whole time - I just didn't hold my mouth right (also known as I didn't explicitly shutdown 3cx assistant and start it back after making the settings changes - i presumed going into configuration or switching between local and remote would suffice. I was wrong)...

    Then I noticed something - because seriously -why would tunnel mode work and not normal? Well, because 3cx Assistant would SEND OUT the UDP sip requests on 5486 - and never get anything back. So - TCP works - UDP doesn't. Why?

    Well - for posterity's sake in case anyone else sees this issue - if anyone ever uses NCP Secure Entry Client - like some other VPN clients it has a firewall. I didn't check it because I had it turned OFF.

    HOWEVER - there is a buried little setting in the firewall configuration - even though the firewall is off - called "UDP Pre-Filtering."

    Hm... not getting UDP traffic... UDP pre-filtering... I wonder....

    Yep - works like a champ now.

    Dang it. :)

    Thanks for your help.
     
Thread Status:
Not open for further replies.