Calling with Full IP:MP2

[Sylvester Chibamo]

Hi

 

Please assist, see the diagram below showing the connectivity for one of my customers(Ga-Thuli Guest House). MP2-10.130.2.252 connects to the radio, the  other MP2 connects via a mesh.

 

The customer is connected via radwin Radio and the data VLAN 1428, I have got a router at the TechnoTrends Office and sub-Interface has been configured… Please note since the MP2 cant do VLAN I have done the tagging on the radio instead.

 

The remote office is able to call full IP 10.130.1.20 or any other on 10.130.1.0 subnet. The Ga-Thuli Gust House subnet is 10.130.2.0/24. I am not able to call the remote office 10.130.2.0/24. From TechnoTrends side, I am getting a busy tone.

 

I can ping 10.130.2.252 from the router, and also from my PC that is on the 10.130.1.X network. See below.

 

I can’t ping any other IP on 10.130.2.0 subnet except 10.130.2.252. I am not able to login to the 172.16.1.2 and I think this is because I did not  Enable Port Forward SSH, HTTPS

 

Please advice why I am not able to reach the remote site,

 

See the Routes on the router

ip route 0.0.0.0 0.0.0.0 10.130.1.25 name ForInterTraffic

ip route 10.130.2.0 255.255.255.0 172.16.1.2 name ThuliGuestHouse

 

See the routes on the Netgear

=====================================================

TechnoTrendsRTR#ping 10.130.2.252

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.130.2.252, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/30/48 ms

TechnoTrendsRTR#ping 172.16.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/48 ms

TechnoTrendsRTR#

 

C:\Users\Sylvester>ping 10.130.2.252

 

Pinging 10.130.2.252 with 32 bytes of data:

Reply from 10.130.2.252: bytes=32 time=43ms TTL=63

Reply from 10.130.2.252: bytes=32 time=42ms TTL=63

Reply from 10.130.2.252: bytes=32 time=18ms TTL=63

Reply from 10.130.2.252: bytes=32 time=21ms TTL=63

 

Ping statistics for 10.130.2.252:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 18ms, Maximum = 43ms, Average = 31ms

=============================================================

C:\Users\Sylvester>ping 172.16.1.2

 

Pinging 172.16.1.2 with 32 bytes of data:

Reply from 10.130.1.23: bytes=32 time=30ms TTL=63

Reply from 10.130.1.23: bytes=32 time=19ms TTL=63

Reply from 10.130.1.23: bytes=32 time=29ms TTL=63

Reply from 10.130.1.23: bytes=32 time=59ms TTL=63

 

Ping statistics for 172.16.1.2:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 19ms, Maximum = 59ms, Average = 34ms

 

C:\Users\Sylvester>

=============================================================

 

[T Gillett]

Hi Sylvester

So it appears that basically you have two networks set up on 10.130.1.x and 10.130.2.x subnets, and the two networks are connected together by a VLAN arrangement through the Cisco router.

The issue, as I best understand, is that calls can be made from the 2.x network to the 1.x network nodes, but not the other way round.

The 2.x network nodes are sitting behind the NAT firewall in the 2.252 node so devices on the 1.x network will not be able to directly access Asterisk on devices on the 2.x network.

To allow incoming calls to the 2.x network, through the NAT firewall, I think that you will have to enable the Asterisk NAT facility on telephony nodes in the 2.x network.

You can do this in the Asterisk section on the SECN Advanced tab.

The Asterisk NAT External IP will be the WAN address of the NAT firewall node ie 172.16.1.2

It may also help to use the Asterisk Console facility to show debug information about the calls if you are not already doing so.

To access the Console, log in to the command line of the telephony node and run:

       #  asterisk  -vvvvvvrddddd

Adjust the level of debug detail by changing the number of "v" and "d" characters in the command.

When you make a call, the setup and progress will be displayed.

To your second point about connecting to the administration interface on the 2.252 node, you are correct that you need to enable the port forwarding for SSH and HTTPS.

Then you can connect using the primary or secondary WAN IP address for the device,  and the relevant port eg 2222 for SSH.

For more info on this see the SECN WAN options page on the VT Wiki.

 

Regards

Terry 

--
You received this message because you are subscribed to the Google Groups "Village Telco Development Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to village-telco-...@googlegroups.com.
To post to this group, send email to village-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/village-telco-dev/000901d1ba61%24733285e0%24599791a0%24%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[Sylvester Chibamo]

Hi Terry,

 

I have enabled Asterisk NAT on all the nodes for 2.X subnet and still I am not able to get through to the 2.x network. I cant call full IP 10.130.2.252 but I am able to ssh to it & ping it.

 

I am however able to reach 2.X network via ssh as shown below. I can ping 10.130.2.252 but still cant ping any else on the 2.X network from the 10.130.1.X network.

 

BusyBox v1.22.1 (2015-08-11 13:59:30 AEST) built-in shell (ash)

Enter 'help' for a list of built-in commands.

 

+++++++++++++++++++++++++++++++++++++++++++++++++++

           Welcome to Village Telco

 

                     O-----O

           O        / \   / \         0

          / \      /   \ /   \       / \

     O---O   O----O     O     O-----O   O---O

          \ /      \   / \   /       \ /

           O        \ /   \ /         O

                     O-----O

  _______                     ________        __

|       |.-----.-----.-----.|  |  |  |.----.|  |_

|   -   ||  _  |  -__|     ||  |  |  ||   _||   _|

|_______||   __|_____|__|__||________||__|  |____|

          |__| W I R E L E S S   F R E E D O M

 

 

OpenWrt Barrier Breaker 14.07 r46516 Dragino

 

Village Telco - Small Enterprise Campus Network

 

Version:     SECN-3.0-MP02-GA02 MP02FXS

Build date:  2016-01-07-17:55

GitHub:      vt-firmware secn_3-GA02-0-ga9130bfb7a

To view this discussion on the web visit https://groups.google.com/d/msgid/village-telco-dev/CAD58EkzN%3DKMOO88rqynuD8_HvDqVUx5wSETEYuXDk24SwC8bUA%40mail.gmail.com.

[T Gillett]

Hi Sylvester

I don't understand how your network is functioning.

I don't pretend to be a networking expert, but I can't understand how you can ping the 10.130.2.252 node from a node on the 10.130.1.x network, simply because the 2.x network is a private network and all the nodes, including 2.252, are behind the NAT firewall in the 2.252 node.

If you can ping it then it seems that there is something odd in the network set up.

It seems that you actually have three networks - 10.130.1.x, 10.130.2.x and in between them 172.16.1.x

I don't understand why it is set up this way. Why can't the WAN side of the 2.252 node just have an IP in the 10.130.1.x network?

I would have expected that it would have an IP assigned by the DHCP server in the Netgear router.

I don't understand what the Cisco router is doing.

Regarding the use of Asterisk NAT -

The Asterisk NAT function is commonly used to allow a node in a private network behind a NAT firewall to use a SIP/VoIP service located upstream on the WAN network, ie usually located on the public Internet.

Without Asterisk NAT set up, the node can make outgoing calls, but can not receive incoming calls. Once the Asterisk NAT facility is set up, it allows incoming calls to traverse the NAT firewall.

This is essentially the same situation as you have, except that the WAN side of the 2.252 node has an IP address in the 172.16.1.x subnet, and the calling node is in the 10.130.1.x range, so it is no surprise that the call can't proceed.

I think you may have to revisit the network design.

Regards

Terry

To view this discussion on the web visit https://groups.google.com/d/msgid/village-telco-dev/000701d1bcb0%247e9b0690%247bd113b0%24%40gmail.com.

[Sylvester Chibamo]

Hi Terry,

 

My previous mail explains why I have 3 subnets, see below,

 

Please assist, see the diagram below showing the connectivity for one of my customers(Ga-Thuli Guest House). MP2-10.130.2.252 connects to the radio, the  other MP2 connects via a mesh.

 

The customer is connected via radwin Radio and the data VLAN 1428, I have got a router at the TechnoTrends Office and sub-Interface has been configured… Please note since the MP2 cant do VLAN I have done the tagging on the radio instead.

 

The remote office is able to call full IP 10.130.1.20 or any other on 10.130.1.0 subnet. The Ga-Thuli Gust House subnet is 10.130.2.0/24. I am not able to call the remote office 10.130.2.0/24. From TechnoTrends side, I am getting a busy tone.

 

I can ping 10.130.2.252 from the router, and also from my PC that is on the 10.130.1.X network. See below.

 

I can’t ping any other IP on 10.130.2.0 subnet except 10.130.2.252. I am not able to login to the 172.16.1.2 and I have ebanabled Port SSH HTTPS but I cant login.

 

Please advice why I am not able to reach the remote site,

 

See the Routes on the router

ip route 0.0.0.0 0.0.0.0 10.130.1.25 name ForInterTraffic

ip route 10.130.2.0 255.255.255.0 172.16.1.2 name ThuliGuestHouse

 

See the routes on the Netgear

Regards,

 

Sly

To view this discussion on the web visit https://groups.google.com/d/msgid/village-telco-dev/CAD58EkxqutES4jDd4khqKp7y1OWH8ATeR%2BySn5_TORrUTJGCwA%40mail.gmail.com.

[T Gillett]

Hi Sylvester

I have read through your email but I don't understand the network/VLAN arrangement.  But that is just my lack of knowledge.

Regarding the Guest House network:

1. At the Guest House, it looks like the MP2 (2.252) is connected directly to the Radwin radio by Ethernet using the WAN port on the MP2 - is that correct?

And there is nothing else connected to the Radwin?

2.This MP2 is configured with Ethernet WAN enabled, with a static WAN Primary IP address of 172.16.1.2 - is that correct?

3. This MP2 is configured with a LAN side IP address of 10.130.2.252 - is that correct?

If this is the case, then I can not understand how it is possible to ping the 10.130.2.252 IP address from any device on the other network segments such as 10.130.1.x simply because the 2.252 address is behind the NAT firewall in the MP2 device.

If you can ping it, then the network is not operating in the manner outlined above. Something else is going on.

Regarding remote access to the gateway MP2 at the Guest House.

4. This device has a Primary WAN IP of 172.16.1.2 and you can ping this IP address from a PC on the 10.130.1.x network, via the VLAN arrangement - is that correct?

5. And Port Forwarding is enabled on the WAN page - is that correct?

6. The device will present two IP addresses on the WAN side - the Primary IP address which you have set to 172.16.1.2, and the Secondary IP address which is set by default to 10.0.1.20. You should be able to ping/access the device using either of these addresses.

The port forwarding arrangement is described in the VT Wiki page here: 
        http://wiki.villagetelco.org/SECN_WAN_Options

The LAN side SSH port (22) is forwarded to port 2222 on the WAN side.
So in order to connect to the device from the WAN side, the command would be:

     $ ssh  -p  2222  ro...@172.16.1.2
or
     $ ssh  -p  2222  ro...@10.0.1.20

Have you tried to connect using this command from a PC that can ping the relevant IP address?

If this is not working, I suggest that you get a spare MP2 and set it up independently to do some testing of the remote access facility.

7. Please generate the device configuration file for the Guest House gateway MP2 and send it so that we can check the configuration.
To do this, go to the Firmware/Configuration page and click on "Save Configuration".
Please be aware that the configuration file may contain passwords and other sensitive information, so either edit it or send it privately.
The file is a compressed tar file.

Regards

Terry

On Fri, Jun 3, 2016 at 12:26 AM, Sylvester Chibamo <sylveste...@gmail.com> wrote:

Hi Terry,

 

My previous mail explains why I have 3 subnets, see below,

[Sylvester Chibamo]

Hi

 

See my response below,in RED

 

1. At the Guest House, it looks like the MP2 (2.252) is connected directly to the Radwin radio by Ethernet using the WAN port on the MP2 - is that correct?CORRECT

And there is nothing else connected to the Radwin? CORRECT

 

2.This MP2 is configured with Ethernet WAN enabled, with a static WAN Primary IP address of 172.16.1.2 - is that correct? CORRECT

3. This MP2 is configured with a LAN side IP address of 10.130.2.252 - is that correct? CORRECT

 

If this is the case, then I can not understand how it is possible to ping the 10.130.2.252 IP address from any device on the other network segments such as 10.130.1.x simply because the 2.252 address is behind the NAT firewall in the MP2 device.

I am able to ping 10.130.2.252 because I have added a route on the router to route 10.130.2.X to 172.16.1.2 and that is why I am able to reach 10.130.2.252. I can even ssh to it 10.130.2.252 from 10.130.1.X network.

è10.130.2.X  route to 172.16.1.2

 

Remember from the router I am able to ping 172.16.1.2 as they are directly connected routes.

 

I have a route on the netgear 172.16.1.X  routed to the router router (LAN IP:10.130.1.24) and therefore I am able to ping 172.16.1.1 from 10.130.1.X network. .è172.16.0.X/24  route to 10.130.1.24

 

I have a route also routing 10.130.2.X on the netgear to allow me to ping 10.130.2.X from the network 10.130.1.X subnet.è10.130.2.0/24  route to 10.130.1.24

 

To me it looks like this is routing problem, Is there a way I can add a static route on MP2? I think the reason why I am not able to talk to 10.130.2.X network is because I do not have a route on the(MP2-10.130.2.252) to route 10.130.1.X subnet.?

 

Note: From the 10.130.2.X subnet I am able to do the following;

 

Ø  Calling by full IP to anything on the 10.130.1.X Network

Ø  I can ping all units on the 10.130.1.X Network

Ø  I can connct via the browser to all units on the 10.130.1.X

Ø  I can browse the internet.

 

Only problem is receiving calls,

 

 

Please advise.

 

Regards,

 

Sylvester

 

From: village-...@googlegroups.com [mailto:village-...@googlegroups.com] On Behalf Of T Gillett
Sent: 03 June 2016 12:05 AM
To: village-telco-dev
Subject: Re: [vt-dev] Calling with Full IP:MP2

 

Hi Sylvester

--

You received this message because you are subscribed to the Google Groups "Village Telco Development Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to village-telco-...@googlegroups.com.
To post to this group, send email to village-...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/village-telco-dev/CAD58EkysB5GR3vRwuZXyHy1xbVpnRLeTXzYyd%2Bz7Y7JgyhTB2g%40mail.gmail.com.

[Wayne Abroue]

/etc/config/network

config route
        option interface lanx
        option target subnet xyy e.g.172.16.0.0/24
        option gateway xyz

To view this discussion on the web visit https://groups.google.com/d/msgid/village-telco-dev/000001d1bff9%24579d17d0%2406d74770%24%40gmail.com.

[T Gillett]

Hi Sylvester

I am travelling at present so this is just a quick response.

Below are some links to pages that talk about setting up static routes on OpenWrt.

I think that you will need to set up a suitable configuration by editingthe /etc/config/network file, and possibly the /etc/config/firewall file.

Hopefully someone else on the mail list has done something like this before and can offer some help.

Regards

Terry

https://wiki.openwrt.org/doc/networking/routing

https://forum.openwrt.org/viewtopic.php?id=16962

https://wiki.openwrt.org/doc/recipes/routedclient

To view this discussion on the web visit https://groups.google.com/d/msgid/village-telco-dev/000001d1bff9%24579d17d0%2406d74770%24%40gmail.com.

[Sylvester Chibamo]

Hi

 

I will check further the routing and will let you know.

To view this discussion on the web visit https://groups.google.com/d/msgid/village-telco-dev/CAD58Ekw3Wc_kjKYTR4RjXnxtmMRiRJhqa0Xd9W_uiuDDKDAJvA%40mail.gmail.com.