>That's definitely the cable modem's NAT getting confused. If you can get the >phones to randomize their source ports on their OpenVPN traffic, that might >resolve. I'm not sure if that's possible on those phones. In stock OpenVPN, >specifying "lport 0" >in the config will make it choose a random port. I'm not >sure if that's configurable for the Yealink phones though. We disable that >automatically in our OpenVPN client export for Yealink because they didn't >support it at least up until recently.
>If you can change the modem to bridge mode to pass through the public IP to a >router of some sort that will properly handle that circumstance, it'll resolve >that. That might be hit or miss with consumer-grade routers. A completely >default pfSense >config will work fine in that circumstance, as it'll >randomize the source ports on its own so the phones don't have to. I'm not sure installing a pfSense box is an option at the moment... will a consumer grade (Asus RT-AC68U as an example) be useful? Unless there is a "Just as good / same price pfSense with wifi AC). I have one ASUS pulled from an installation... I guess another approach could be to use the consumer router to build the OpenVPN tunnel instead of the phones. Not sure if that's better or worse... will have to think that through... it's nice to see the phones popup on pfSense. Regards, Chuck _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
