Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Operator » auto provisioning not working over vpn tunnel
  •  
ser1998

Messages: 81
Karma: -1
Send a private message to this user
i have a vpn tunnel between 2 network : 192.168.0.0 and 192.168.10.0

my kerio is at 1.2.0

i setup a dhcp server on 192.168.10.0 network with option 66 pointing to 192.168.0.64 which is my kerio server

the phone get it's ip from the DHCP but he doesn't seem to get the .cfg file

i've attached the packet capture between the kerio(192.168.0.64) and the phone (192.168.10.150)

  • Attachment: spa504g.pcap
    (Size: 10.50KB, Downloaded 218 times)

[Updated on: Wed, 01 February 2012 20:07]

  •  
ser1998

Messages: 81
Karma: -1
Send a private message to this user
i tried it with a kerio at 1.1.3 and it's working

so there's really a bug in the 1.2.0 firmware when trying to auto provisione remote phone over vpn tunnel
  •  
Vladimir Toncar (Kerio)

Messages: 1696
Karma: 39
Send a private message to this user
Hi,

The packet dump shows the phone asking for the generic configuration file for SPA504G. Operator responds with a short configuration file that instructs the phone to ask again and include its hardware address in the file name. However the phone never confirms that it has received the TFTP packet. Because of that, Operator repeats the packet several times.

It looks like the TFTP packets are being filtered by a firewall. But on the other hand you claim it worked well with 1.1.3. Are you 100% sure the network configuration has been the same for 1.1.3 as for 1.2.0? Are you able to capture packets in the phone's LAN segment to see if the TFTP traffic is actually delivered to it?

Vladimir

  •  
ser1998

Messages: 81
Karma: -1
Send a private message to this user
Its the same vpn tunnel same network configuration. So there is a bug in the new firmware

I reinstall the server to 1.1.3 and its working
  •  
Vladimir Toncar (Kerio)

Messages: 1696
Karma: 39
Send a private message to this user
Are there any filtering rules on the firewall? Or NAT?
  •  
ser1998

Messages: 81
Karma: -1
Send a private message to this user
No rules

It wouldnt work at 1.1.3 if there was any
  •  
ser1998

Messages: 81
Karma: -1
Send a private message to this user
help!? need to be at 1.2 to auto provisionned cisco spa303 phone but i can't provisioned them over vpn tunnel

i need to provisionned them in my local network before shipping them to the remote office
  •  
Vladimir Toncar (Kerio)

Messages: 1696
Karma: 39
Send a private message to this user
Hi,

We are now setting up a test network for provisioning over a VPN link. What is your ping time over the VPN?

Vladimir

[Updated on: Mon, 06 February 2012 08:45]

  •  
ser1998

Messages: 81
Karma: -1
Send a private message to this user
  •  
Filip Jenicek (Kerio)

Messages: 1094
Karma: 80
Send a private message to this user
Dear ser1998,

it seems to me that the attached packet dump doesn't contain all the communication between Kerio Operator and the phone. Have you filtered something out?

Could you provide me with a more detailed packet dump? You can reach me at fjenicek<_at_>kerio.com.

Thank you,
Filip
  •  
ser1998

Messages: 81
Karma: -1
Send a private message to this user
no i haven't

i'll send you a bigger packet dump to your email
  •  
Filip Jenicek (Kerio)

Messages: 1094
Karma: 80
Send a private message to this user
Thanks for the packet dump.

As far as I can tell, there is no real difference between the working and the broken packet dump.

I'd say that the issue was in the VPN tunnel, dropping either Operator's replies or the ACKs from the phone.

I would probably blame incorrect route settings or firewall dropping some communication.

Cheers
Filip
Previous Topic: Operator / Asterisk on a different port than 5060
Next Topic: IAX Protocol
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Oct 22 15:26:28 CEST 2017

Total time taken to generate the page: 0.00554 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.