FreePBX and changing IPs
-
I have a user who connects to our PBX remotely. For whatever reason, their home IP keeps changing almost weekly. The lovely responsive firewall on FPBX ALWAYS blocks their new IP and I have to add it back in. I have the user setup with DuckDNS, and I have whitelisted their DNS name. However, they connect into the home office with your standard VPN tunnel. So, therefore, DuckDNS sees the public IP address of the OFFICE IP, and not the user's home IP. Is there anyway around this? Can I force the DuckDNS program to see their actual home public IP address instead of the Office IP address?
Also, is there something on the users phone that could be triggering the responsive firewall to block their IP?
For those using other PBXs other than FPBX, do you have this issue with IPs constantly being blocked?
-
@AdamF said in FreePBX and changing IPs:
For those using other PBXs other than FPBX, do you have this issue with IPs constantly being blocked?
We have it, but mostly it's rare. But it certainly happens, especially hits me because so many devices autoconnect when the IP changes here.
-
Would setting up ZeroTier and adding their machine to it be a solution?
-
@jmoore said in FreePBX and changing IPs:
Would setting up ZeroTier and adding their machine to it be a solution?
Yes, VPNs will essentially always solve this. The problem is that it is often a physical phone without a VPN built it. So it ends up being a lot of effort.
-
@scottalanmiller said in FreePBX and changing IPs:
@AdamF said in FreePBX and changing IPs:
For those using other PBXs other than FPBX, do you have this issue with IPs constantly being blocked?
We have it, but mostly it's rare. But it certainly happens, especially hits me because so many devices autoconnect when the IP changes here.
The problem is, I have no idea why FPBX thinks the connection attempt is suspicious and blocks the user. The rate at which this person's IP changes is insane. Sometimes more than once per week. Me on the other hand, I h ave had the same dynamic IP from my ISP for YEARS! Although this user uses Windstream, so there you go.
-
@AdamF said in FreePBX and changing IPs:
The problem is, I have no idea why FPBX thinks the connection attempt is suspicious and blocks the user.
It's a bit unclear, for sure.
-
@scottalanmiller said in FreePBX and changing IPs:
@jmoore said in FreePBX and changing IPs:
Would setting up ZeroTier and adding their machine to it be a solution?
Yes, VPNs will essentially always solve this. The problem is that it is often a physical phone without a VPN built it. So it ends up being a lot of effort.
So this user had a Yealink T46s. (my favorite phone) I know that this has VPN capabilities, but I have not looked into how it works with FPBX. Have you?
-
@AdamF said in FreePBX and changing IPs:
@scottalanmiller said in FreePBX and changing IPs:
@jmoore said in FreePBX and changing IPs:
Would setting up ZeroTier and adding their machine to it be a solution?
Yes, VPNs will essentially always solve this. The problem is that it is often a physical phone without a VPN built it. So it ends up being a lot of effort.
So this user had a Yealink T46s. (my favorite phone) I know that this has VPN capabilities, but I have not looked into how it works with FPBX. Have you?
OpenVPN. You can do it to the PBX, or you can terminate elsewhere. PBX doesn't care. It's like a honey badger with VPNs.
-
@scottalanmiller said in FreePBX and changing IPs:
@AdamF said in FreePBX and changing IPs:
@scottalanmiller said in FreePBX and changing IPs:
@jmoore said in FreePBX and changing IPs:
Would setting up ZeroTier and adding their machine to it be a solution?
Yes, VPNs will essentially always solve this. The problem is that it is often a physical phone without a VPN built it. So it ends up being a lot of effort.
So this user had a Yealink T46s. (my favorite phone) I know that this has VPN capabilities, but I have not looked into how it works with FPBX. Have you?
It's like a honey badger with VPNs.
Pure gold.
-
@scottalanmiller said in FreePBX and changing IPs:
@AdamF said in FreePBX and changing IPs:
@scottalanmiller said in FreePBX and changing IPs:
@jmoore said in FreePBX and changing IPs:
Would setting up ZeroTier and adding their machine to it be a solution?
Yes, VPNs will essentially always solve this. The problem is that it is often a physical phone without a VPN built it. So it ends up being a lot of effort.
So this user had a Yealink T46s. (my favorite phone) I know that this has VPN capabilities, but I have not looked into how it works with FPBX. Have you?
OpenVPN. You can do it to the PBX, or you can terminate elsewhere. PBX doesn't care. It's like a honey badger with VPNs.
Do you need SysAdmin Pro for that?
-
@AdamF said in FreePBX and changing IPs:
@scottalanmiller said in FreePBX and changing IPs:
@AdamF said in FreePBX and changing IPs:
@scottalanmiller said in FreePBX and changing IPs:
@jmoore said in FreePBX and changing IPs:
Would setting up ZeroTier and adding their machine to it be a solution?
Yes, VPNs will essentially always solve this. The problem is that it is often a physical phone without a VPN built it. So it ends up being a lot of effort.
So this user had a Yealink T46s. (my favorite phone) I know that this has VPN capabilities, but I have not looked into how it works with FPBX. Have you?
OpenVPN. You can do it to the PBX, or you can terminate elsewhere. PBX doesn't care. It's like a honey badger with VPNs.
Do you need SysAdmin Pro for that?
You might. Although you can do it manually without that. But the GUI would be nice.
-
I'm curious why DuckDNS is picking up on the VPN IP instead of the local one? no split tunneling?
Any possibility that the home user has a router that supports DynDNS? If so, set that up should solve the problem.
-
@Dashrender said in FreePBX and changing IPs:
I'm curious why DuckDNS is picking up on the VPN IP instead of the local one? no split tunneling?
Any possibility that the home user has a router that supports DynDNS? If so, set that up should solve the problem.
Good call on the split tunneling. Checking...
-
@AdamF said in FreePBX and changing IPs:
@Dashrender said in FreePBX and changing IPs:
I'm curious why DuckDNS is picking up on the VPN IP instead of the local one? no split tunneling?
Any possibility that the home user has a router that supports DynDNS? If so, set that up should solve the problem.
Good call on the split tunneling. Checking...
If it doesn't split, then the phone traffic is likely going down the tunnel, too. Or else you are checking from a different location than the phone.
-
@scottalanmiller said in FreePBX and changing IPs:
@AdamF said in FreePBX and changing IPs:
@Dashrender said in FreePBX and changing IPs:
I'm curious why DuckDNS is picking up on the VPN IP instead of the local one? no split tunneling?
Any possibility that the home user has a router that supports DynDNS? If so, set that up should solve the problem.
Good call on the split tunneling. Checking...
If it doesn't split, then the phone traffic is likely going down the tunnel, too. Or else you are checking from a different location than the phone.
Not likely, if its a full tunnel the external ip WILL always be the IP of where the tunnels ends with everything flowing through the tunnel.
-
@scottalanmiller said in FreePBX and changing IPs:
@AdamF said in FreePBX and changing IPs:
@Dashrender said in FreePBX and changing IPs:
I'm curious why DuckDNS is picking up on the VPN IP instead of the local one? no split tunneling?
Any possibility that the home user has a router that supports DynDNS? If so, set that up should solve the problem.
Good call on the split tunneling. Checking...
If it doesn't split, then the phone traffic is likely going down the tunnel, too. Or else you are checking from a different location than the phone.
Are you assuming a softphone?
I was assuming a physical phone. -
@Dashrender said in FreePBX and changing IPs:
@scottalanmiller said in FreePBX and changing IPs:
@AdamF said in FreePBX and changing IPs:
@Dashrender said in FreePBX and changing IPs:
I'm curious why DuckDNS is picking up on the VPN IP instead of the local one? no split tunneling?
Any possibility that the home user has a router that supports DynDNS? If so, set that up should solve the problem.
Good call on the split tunneling. Checking...
If it doesn't split, then the phone traffic is likely going down the tunnel, too. Or else you are checking from a different location than the phone.
Are you assuming a softphone?
I was assuming a physical phone.I'm assuming the two on the same network component, regardless of hard or soft.
-
@scottalanmiller said in FreePBX and changing IPs:
@Dashrender said in FreePBX and changing IPs:
@scottalanmiller said in FreePBX and changing IPs:
@AdamF said in FreePBX and changing IPs:
@Dashrender said in FreePBX and changing IPs:
I'm curious why DuckDNS is picking up on the VPN IP instead of the local one? no split tunneling?
Any possibility that the home user has a router that supports DynDNS? If so, set that up should solve the problem.
Good call on the split tunneling. Checking...
If it doesn't split, then the phone traffic is likely going down the tunnel, too. Or else you are checking from a different location than the phone.
Are you assuming a softphone?
I was assuming a physical phone.I'm assuming the two on the same network component, regardless of hard or soft.
No, more typical it that the VPN is on the laptop. So only that is affected.
And it is a desk phone as noted someplace above. So not affected by the VPN.
-
@JaredBusch said in FreePBX and changing IPs:
@scottalanmiller said in FreePBX and changing IPs:
@Dashrender said in FreePBX and changing IPs:
@scottalanmiller said in FreePBX and changing IPs:
@AdamF said in FreePBX and changing IPs:
@Dashrender said in FreePBX and changing IPs:
I'm curious why DuckDNS is picking up on the VPN IP instead of the local one? no split tunneling?
Any possibility that the home user has a router that supports DynDNS? If so, set that up should solve the problem.
Good call on the split tunneling. Checking...
If it doesn't split, then the phone traffic is likely going down the tunnel, too. Or else you are checking from a different location than the phone.
Are you assuming a softphone?
I was assuming a physical phone.I'm assuming the two on the same network component, regardless of hard or soft.
No, more typical it that the VPN is on the laptop. So only that is affected.
And it is a desk phone as noted someplace above. So not affected by the VPN.
I was assuming not based on it being typical, but that it would only have been set up this way if they were on the same network, otherwise the behaviour would be expected rather than surprising.
-
@scottalanmiller said in FreePBX and changing IPs:
@JaredBusch said in FreePBX and changing IPs:
@scottalanmiller said in FreePBX and changing IPs:
@Dashrender said in FreePBX and changing IPs:
@scottalanmiller said in FreePBX and changing IPs:
@AdamF said in FreePBX and changing IPs:
@Dashrender said in FreePBX and changing IPs:
I'm curious why DuckDNS is picking up on the VPN IP instead of the local one? no split tunneling?
Any possibility that the home user has a router that supports DynDNS? If so, set that up should solve the problem.
Good call on the split tunneling. Checking...
If it doesn't split, then the phone traffic is likely going down the tunnel, too. Or else you are checking from a different location than the phone.
Are you assuming a softphone?
I was assuming a physical phone.I'm assuming the two on the same network component, regardless of hard or soft.
No, more typical it that the VPN is on the laptop. So only that is affected.
And it is a desk phone as noted someplace above. So not affected by the VPN.
I was assuming not based on it being typical, but that it would only have been set up this way if they were on the same network, otherwise the behaviour would be expected rather than surprising.
I suppose I can see where you are coming from - but I disagree.
I agree with JB that it seems more likely VPN only on the laptop and Split Tunneling wasn't enabled which is causing the DDNS to not function as desired.But we're waiting on the Op to confirm.
