L2TP тунель и VoIP телефон

Тема в разделе "Маршрутизация", создана пользователем Gungster, 18 мар 2021.

  1. Gungster

    Gungster Новый участник

    В общем в одном из филиалов сменили провайдера. Взял новый микротик, настроил интернет (внешний IP: 100.100.256.113), поднял l2tp тунель до ЦО. Всё взлетело сеть ЦО из филиала видно, 1С работает. А вот запрос регистрации с IP телефона (192.168.33.199 его адрес в филиале) приходит c Src. Address 100.100.256.113:5060
    Почему так происходит и в какую сторону рыть?
    Вот настройка филиального микротика.
    Код:
    /interface bridge
    add admin-mac=CC:2D:E0:B3:90:79 auto-mac=no comment=defconf name=bridge
    /interface ethernet
    set [ find default-name=ether2 ] name=ether2-master
    set [ find default-name=ether3 ] master-port=ether2-master
    set [ find default-name=ether4 ] master-port=ether2-master
    set [ find default-name=ether5 ] master-port=ether2-master
    /interface l2tp-client
    add allow=mschap2 connect-to=213.59.*.* disabled=no name=l2tp-to-HQ \
        password=********* user=User
    /interface wireless
    set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
        disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\
        MikroTik-B3907E wireless-protocol=802.11
    set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
        20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=\
        ap-bridge ssid=MikroTik-B3907D wireless-protocol=802.11
    /ip neighbor discovery
    set ether1 discover=no
    /interface list
    add comment=defconf name=WAN
    add comment=defconf name=LAN
    /interface wireless security-profiles
    set [ find default=yes ] supplicant-identity=MikroTik
    /ip pool
    add name=default-dhcp ranges=192.168.33.10-192.168.33.250
    /ip dhcp-server
    add address-pool=default-dhcp disabled=no interface=bridge name=defconf
    /ppp profile
    set *FFFFFFFE use-compression=yes use-mpls=yes
    /interface bridge port
    add bridge=bridge comment=defconf interface=ether2-master
    add bridge=bridge comment=defconf interface=wlan1
    add bridge=bridge comment=defconf interface=wlan2
    /interface list member
    add comment=defconf interface=bridge list=LAN
    add comment=defconf interface=ether1 list=WAN
    /ip address
    add address=192.168.33.1/24 comment=defconf interface=bridge network=\
        192.168.33.0
    /ip dhcp-client
    add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
        ether1
    /ip dhcp-server lease
    add address=192.168.33.179 client-id=1:38:d5:47:b4:3c:9c mac-address=\
        38:D5:47:B4:3C:9C server=defconf
    add address=192.168.33.199 client-id=1:0:a8:59:cc:de:4a mac-address=\
        00:A8:59:CC:DE:4A server=defconf
    /ip dhcp-server network
    add address=192.168.33.0/24 comment=defconf dns-server=192.168.33.1,8.8.8.8 \
        gateway=192.168.33.1
    /ip dns
    set allow-remote-requests=yes servers=192.168.0.100
    /ip dns static
    add address=192.168.33.1 name=router.lan
    /ip firewall filter
    add action=accept chain=input comment=\
        "defconf: accept established,related,untracked" connection-state=\
        established,related
    add action=drop chain=input comment="defconf: drop invalid" connection-state=\
        invalid
    add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
    add action=drop chain=input comment="defconf: drop all not coming from LAN" \
        in-interface-list=!LAN
    add action=accept chain=forward comment="defconf: accept in ipsec policy" \
        ipsec-policy=in,ipsec
    add action=accept chain=forward comment="defconf: accept out ipsec policy" \
        ipsec-policy=out,ipsec
    add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
        connection-state=established,related
    add action=accept chain=forward comment=\
        "defconf: accept established,related, untracked" connection-state=\
        established,related,untracked
    add action=drop chain=forward comment="defconf: drop invalid" \
        connection-state=invalid
    add action=drop chain=forward comment=\
        "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
        connection-state=new in-interface-list=WAN
    /ip firewall nat
    add action=masquerade chain=srcnat comment="defconf: masquerade" \
        ipsec-policy=out,none out-interface-list=WAN
    /ip route
    add distance=1 dst-address=192.168.0.0/24 gateway=172.16.30.1
    /ip service
    set telnet disabled=yes
    set ftp disabled=yes
    set www disabled=yes
    set ssh disabled=yes
    set api disabled=yes
    set winbox address=192.168.33.0/24,192.168.0.0/24
    set api-ssl disabled=yes
    /system clock
    set time-zone-name=Asia/Yekaterinburg
    /tool mac-server
    set [ find default=yes ] disabled=yes
    add interface=bridge
    /tool mac-server mac-winbox
    set [ find default=yes ] disabled=yes
    add interface=bridge
    
     
  2. Илья Князев

    Илья Князев Администратор Команда форума

    а АТС где?