PfSense Site-to-Site for VOIP

tvittitoe · July 22, 2020, 1:55pm

We have several branch offices that I have set up with OVPN in Peer to Peer mode. That has worked great for quite a while. I set up another OVPN connection from our main office to one of the branches to connect some phone extensions back to our asterisk server at our main office. I put it on a separate VPN tunnel to be able to do some traffic shaping. The extensions are a vlan (v110) at the branch office and the asterisk server is also on v110 at the main office. I know the VLAN tags don’t persist across the tunnel, we just standardized all of the voice traffic at all locations on v110.

For the life of me, I can’t figure out why I can’t access my asterisk server from v110 at the branch office. I’m assuming I am missing something at the firewall level. Does anyone have any ideas?

garethw · July 22, 2020, 3:06pm

So, I guess this depends on your exact setup but you should only need one p2p between sites. The QOS will still get applied by the pfsense box (I think). Do you have the same subnet allocated on vlan 110 at both ends. If you do then that’s probably the issue, you either need to setup openvpn in bridged (L2) mode or use different subnets.

tvittitoe · July 22, 2020, 3:35pm

Thanks for the quick response. They are different subnets on both ends.

Main office VOIP v110 (10.10.110.0/24) <–> Tunnel (10.10.220.0/24) <–> Branch Office v110 (192.168.220.0/24)

I will take a look at QOS and see if i’m making this way more complicated than it needs to be.

neogrid · July 22, 2020, 3:56pm

Pretty sure VOIP uses UDP protocol, I’d double check you’ve allowed that traffic in your rules.