Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Operator » Operator to Operator link
  •  
Michael Ruffin

Messages: 174
Karma: 4
Send a private message to this user
I'm having all sorts of trouble getting two Kerio Operator boxes to talk nicely to each other over the internet.

Kerio Operator System 1:
Kerio Operator Box
2xx Extension Range
PBX link to System 2

Kerio Operator System 2:
Clone PC box
1xx Extension Range
PBX Link to System 1

When I try to place a call to System 2 from System 1, I get about 10 seconds of silence, then a busy signal.

Not much I can find in the logs, except for this in the warning log:

[30/Jul/2013 16:09:40] asterisk[2185]: WARNING[2210]: chan_sip.c:3707 in retrans_pkt: Retransmission timeout reached on transmission 67c9d41f7f25ea245e2bb061587aa7ca<_at_>192.168.100.90:5060 for seqno 102 (Critical Request) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissio ns#012Packet timed out after 32001ms with no response

Some info:

- NAT is enabled on both Kerio Operator boxes, with the public IP of that internet connection added.
- Both firewalls have both 5060 (TCP) and 10000-19999 (UDP) opened and forwarded to the Kerio Operator systems

I have called Kerio Technical Support and told that's all I should have to have, but it's still not working. They tried telneting to 5060 on each IP address and were able to connect, but could not connect to 10000 or 19999 (although I can't even connect to these ports internally on the network using telnet).

Both are now running 2.1.4. (Previously was running 2.1.3 and 2.1.2).

Any help would be greatly appreciated!

Michael
  •  
Filip Jenicek (Kerio)

Messages: 1094
Karma: 80
Send a private message to this user
Hi Michael,

the error message means that some of the SIP packets were lost. They were probably sent to a wrong destination as 192.168.100.90 doesn't look like a public IP. Can you please double check the IP addresses used as a hostname in SIP interfaces and the public address on the network screens of both Operators.

If you need any further help, please contact our Technical Support and provide them with login information to both boxes in order to debug the installation.

Just a suggestion, you can also interconnect the Operators by setting up a VPN and getting completely rid of any nat issues, port forwarding, etc.

Btw, using telnet to connect to the RTP ports won't work, because they are UDP and are opened on demand after a sip communication is established.

Best
Filip
  •  
Michael Ruffin

Messages: 174
Karma: 4
Send a private message to this user
Filip Jenicek (Kerio) wrote on Tue, 30 July 2013 18:18

They were probably sent to a wrong destination as 192.168.100.90 doesn't look like a public IP.


That's the interesting part. 192.168.100.90 is the internal IP address of *that* Kerio Operator system. Somehow it's trying to send packets to itself??

Quote:

Can you please double check the IP addresses used as a hostname in SIP interfaces and the public address on the network screens of both Operators.


Done that already (several times as I thought that might've been the issue).

Quote:

If you need any further help, please contact our Technical Support and provide them with login information to both boxes in order to debug the installation.


I'll try again, but they seemed to give me the impression that since all the settings seem to be correct, it *should* work and there was nothing they could do... but will try again..


Quote:

Just a suggestion, you can also interconnect the Operators by setting up a VPN and getting completely rid of any nat issues, port forwarding, etc.


I can try, although I did have both of these boxes communicating fine with each other when they were on the same network, but unfortunately one needs to live in another location Smile

Quote:

Btw, using telnet to connect to the RTP ports won't work, because they are UDP and are opened on demand after a sip communication is established.


Please advise your helpdesk of that Smile They were the one's who suggested the RTP ports weren't open because they couldn't connect to them Smile

  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
I try to minimize the number of holes poked through firewalls.

Have you considered establishing a VPN (IPsec/PPTP) between the two Operators? This would also be a more secure configuration without any port limitations.
Previous Topic: call permissions and blocked ip addresses
Next Topic: Two simultaneous incoming call routes
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 00:39:27 CET 2017

Total time taken to generate the page: 0.00426 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.