@fuznutz04 said in Site to Site VPN - not passing audio traffic properly:

This one was interesting to get to the bottom of. @JaredBusch With the VPN tunnel enabled, the phone system was trying to send RTP to the phone on the internal IP. There is a setting in FreePBX on the extension level called "RTP Symmetric". Normally, this is set to yes. I changed it to no and the audio started flowing normally. However, I didn't like this solution. So, as a test, (and what I should have done from the beginning) I blocked all outbound traffic FROM my phone system, to any local network. (10.x, 172.16, 192.168, etc) This immediately solved the issue. I did not yet do a packet capture AFTER the fact to confirm, but I am assuming that blocking the PBX's ability to get to an internal private IP, forces the system to renegotiate and send the RTP to the correct public IP.

Definitely an odd issue.

nice you found a solution - I'm curious why it happens in the first place? Are some of the original phone's packet data still containing the original IP? And if so, why?
Are you using encrypted RTP?

@dafyre My small addition in french : https://www.canaletto.fr/post/zerotier-site-to-site

The problem is this:
On the Meraki side, let's say you have 5 (this can be any number greater than 1) firewalls.
In Meraki speak, if all 5 are in the same "organization", S2S is a few clicks & AutoVPN takes over. No pre-shared secret, no keys.
You turn on VPN, say yes to whatever subnets you want in the vpn & save.

On the ER side, I have to create 5 peers to connect to the Meraki side.
Meraki will only expose one connection for a 3rd party S2S & therein lies the problem.
Not all the tunnels connect & there's no good way to fix it.

@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:

@dashrender said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:

@dbeato said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:

@eddiejennings said in Passing traffic between a remote access VPN and Site-to-site VPN on an Edge Router Lite:

Thanks to @Dashrender for the assist. It looks like the problem was authentication. I authenticated to the VPN using domain\username rather than using the User Principal Name. Doing the latter allowed me to reach DFS shares.

Woops, that's crazy but definitely there is an issue with DNS

huh?

If the user cannot login with UPN there is an issue with DNS.... As you should be able to use domain.com.

User can login with UPN. They were using the old domain\username method rather than UPN, which apparently caused problems with accessing stuff via the DFS namespace.

@JaredBusch

Good to know. I'm planning on starting this later this week. If I can get this working, I'm going to replace a PFSense firewall with an ERX or lite. Right now, this is the only thing that I dont have setup for ERX yet.