You are not logged in.

#1 2016-05-05 00:26:05

apoletti
Member
From: Arizona
Registered: 2016-02-17
Posts: 16

IP Phone Unable to Communicate Through Arch-based Router

Hi All!
In my quest to create my ultimate router, I ran into a snag that despite days of research I cannot figure out. My company supplied me with an Avaya 9640 IP phone for use at home (since I work at home). On my old Belkin router, all I had to do was plug it in and it booted up to where I could make and receive calls. Now that I replaced that router with my Arch-based one, it starts booting, appears to make the (I think IPSec) VPN connection but after that it tries to download 96xxupgrade.txt and finally stalls on the message "HTTP: 1 -905". I have tried looking this specific error up to no avail. I honestly don't think it is phone-specific. Pretty much all other network traffic works, however another possibly-related issue is on a Windows machine I use for work, the PPTP VPN will not connect successfully either. It does work with the Belkin router. Any help is greatly appreciated as I've been banging my head against the wall trying to figure why everything but these two things are working!

iptables.rules:

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:INPUT-LAN - [0:0]
:INPUT-WAN - [0:0]
-A INPUT -i enp3s0 -s 10.0.0.0/24 -j INPUT-LAN
-A INPUT -i enp0s20u1u3 -j INPUT-WAN
-A INPUT -i tun0 -s 10.8.0.0/24 -j INPUT-LAN

-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 10.0.0.10 -p tcp --dport 443 -j ACCEPT
-A FORWARD -i enp3s0 -o enp0s20u1u3 -j ACCEPT
-A FORWARD -i tun0 -o enp3s0 -j ACCEPT
-A FORWARD -i enp3s0 -o tun0 -j ACCEPT

-A INPUT-LAN -p tcp -m multiport --dports 22,53,80,137,138,139,445 -j ACCEPT
-A INPUT-LAN -p udp --dport 53 -j ACCEPT
-A INPUT-LAN -p udp --sport 68 --dport 67 -j ACCEPT

-A INPUT-WAN -p tcp --dport 1194 -j ACCEPT

# Default rules:
-A INPUT -p icmp -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
COMMIT

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i enp0s20u1u3 -p tcp --dport 443 -j DNAT --to 10.0.0.10:443
-A PREROUTING -i enp3s0 -s 10.0.0.0/24 -d 10.0.0.2 -p tcp --dport 443 -j DNAT --to 10.0.0.10:443

-A POSTROUTING -o enp0s20u1u3 -s 10.0.0.0/24 -j MASQUERADE
-A POSTROUTING -o enp3s0 -s 10.8.0.0/24 -j MASQUERADE
-A POSTROUTING -o tun0 -s 10.0.0.0/24 -j MASQUERADE
-A POSTROUTING -o enp3s0 -d 10.0.0.10 -p tcp --dport 443 -j SNAT --to 10.0.0.2
COMMIT

tcpdump of traffic relating to the phone from the moment I plug it in to when it stalls at "HTTP: 1 -905":

21:51:13.681477 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    Router.ConeSystems.com.bootps > 10.0.0.52.bootpc: BOOTP/DHCP, Reply, length 300, xid 0x40143a26, Flags [none]
	  Your-IP 10.0.0.52
	  Client-Ethernet-Address 00:1b:4f:34:70:9d (oui Unknown)
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: Offer
	    Server-ID Option 54, length 4: Router.ConeSystems.com
	    Lease-Time Option 51, length 4: 3600
	    Subnet-Mask Option 1, length 4: 255.255.255.0
	    BR Option 28, length 4: 10.0.0.255
	    Default-Gateway Option 3, length 4: Router.ConeSystems.com
	    Domain-Name-Server Option 6, length 4: Router.ConeSystems.com
	    Domain-Name Option 15, length 15: "ConeSystems.com"
21:51:13.682270 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.52 tell 0.0.0.0, length 46
21:51:15.176050 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    Router.ConeSystems.com.bootps > 10.0.0.52.bootpc: BOOTP/DHCP, Reply, length 300, xid 0x40143a26, Flags [none]
	  Your-IP 10.0.0.52
	  Client-Ethernet-Address 00:1b:4f:34:70:9d (oui Unknown)
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: ACK
	    Server-ID Option 54, length 4: Router.ConeSystems.com
	    Lease-Time Option 51, length 4: 3600
	    Subnet-Mask Option 1, length 4: 255.255.255.0
	    BR Option 28, length 4: 10.0.0.255
	    Default-Gateway Option 3, length 4: Router.ConeSystems.com
	    Domain-Name-Server Option 6, length 4: Router.ConeSystems.com
	    Domain-Name Option 15, length 15: "ConeSystems.com"
21:51:15.177149 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.52 tell 0.0.0.0, length 46
21:51:15.675786 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.52 is-at 00:1b:4f:34:70:9d (oui Unknown), length 46
21:51:15.701469 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has Router.ConeSystems.com tell 10.0.0.52, length 46
21:51:15.701525 ARP, Ethernet (len 6), IPv4 (len 4), Reply Router.ConeSystems.com is-at d0:50:99:7c:27:8b (oui Unknown), length 28
21:51:21.389963 IP (tos 0x0, ttl 64, id 2, offset 0, flags [none], proto UDP (17), length 428)
    10.0.0.52.ah-esp-encap > 72.237.31.207.isakmp: isakmp 1.0 msgid 00000000: phase 1 I agg:
    (sa: doi=ipsec situation=identity
        (p: #2 protoid=isakmp transform=2
            (t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=fde9)(type=lifetype value=sec)(type=lifeduration len=4 value=00069780))
            (t: #2 id=ike (type=enc value=3des)(type=hash value=md5)(type=group desc value=modp1024)(type=auth value=fde9)(type=lifetype value=sec)(type=lifeduration len=4 value=00069780))))
    (ke: key len=128)
    (nonce: n len=20)
    (id: idtype=keyid protoid=0 port=0 len=4)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=8)
21:51:21.466830 IP (tos 0x0, ttl 246, id 11943, offset 0, flags [none], proto UDP (17), length 468)
    72.237.31.207.isakmp > 10.0.0.52.ah-esp-encap: isakmp 1.0 msgid 00000000: phase 1 R agg:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1
            (t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=fde9)(type=lifetype value=sec)(type=lifeduration len=4 value=00069780))))
    (ke: key len=128)
    (nonce: n len=20)
    (id: idtype=IPv4 protoid=udp port=0 len=4 72.237.31.207)
    (hash: len=20)
    (vid: len=16)
    (vid: len=8)
    (vid: len=16)
    (vid: len=16)
    (pay20)
    (pay20)
    (vid: len=20)
    (vid: len=16)
21:51:21.866541 IP (tos 0x0, ttl 64, id 3, offset 0, flags [none], proto UDP (17), length 164)
    10.0.0.52.ipsec-nat-t > 72.237.31.207.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 00000000: phase 1 I agg[E]: [encrypted pay20]
21:51:21.944743 IP (tos 0x0, ttl 246, id 13840, offset 0, flags [none], proto UDP (17), length 108)
    72.237.31.207.ipsec-nat-t > 10.0.0.52.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 5598b130: phase 2/others R #6[E]: [encrypted hash]
21:51:21.964896 IP (tos 0x0, ttl 64, id 4, offset 0, flags [none], proto UDP (17), length 116)
    10.0.0.52.ipsec-nat-t > 72.237.31.207.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 5598b130: phase 2/others I #6[E]: [encrypted hash]
21:51:22.041511 IP (tos 0x0, ttl 246, id 24662, offset 0, flags [none], proto UDP (17), length 100)
    72.237.31.207.ipsec-nat-t > 10.0.0.52.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid de2f6ddb: phase 2/others R #6[E]: [encrypted hash]
21:51:22.043312 IP (tos 0x0, ttl 64, id 5, offset 0, flags [none], proto UDP (17), length 100)
    10.0.0.52.ipsec-nat-t > 72.237.31.207.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid de2f6ddb: phase 2/others I #6[E]: [encrypted hash]
21:51:22.052522 IP (tos 0x0, ttl 64, id 6, offset 0, flags [none], proto UDP (17), length 180)
    10.0.0.52.ipsec-nat-t > 72.237.31.207.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 36dcd5e8: phase 2/others I #6[E]: [encrypted hash]
21:51:22.133721 IP (tos 0x0, ttl 246, id 1026, offset 0, flags [none], proto UDP (17), length 252)
    72.237.31.207.ipsec-nat-t > 10.0.0.52.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 36dcd5e8: phase 2/others R #6[E]: [encrypted hash]
21:51:23.137634 IP (tos 0x0, ttl 64, id 7, offset 0, flags [none], proto UDP (17), length 572)
    10.0.0.52.ipsec-nat-t > 72.237.31.207.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 761d5549: phase 2/others I oakley-quick[E]: [encrypted hash]
21:51:23.212824 IP (tos 0x0, ttl 246, id 21507, offset 0, flags [none], proto UDP (17), length 124)
    72.237.31.207.ipsec-nat-t > 10.0.0.52.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid d29e09ca: phase 2/others R inf[E]: [encrypted hash]
21:51:23.214215 IP (tos 0x0, ttl 64, id 8, offset 0, flags [none], proto UDP (17), length 572)
    10.0.0.52.ipsec-nat-t > 72.237.31.207.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 761d5549: phase 2/others I oakley-quick[E]: [encrypted hash]
21:51:23.219200 IP (tos 0x0, ttl 246, id 22297, offset 0, flags [none], proto UDP (17), length 228)
    72.237.31.207.ipsec-nat-t > 10.0.0.52.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 761d5549: phase 2/others R oakley-quick[E]: [encrypted hash]
21:51:23.223745 IP (tos 0x0, ttl 64, id 9, offset 0, flags [none], proto UDP (17), length 84)
    10.0.0.52.ipsec-nat-t > 72.237.31.207.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 761d5549: phase 2/others I oakley-quick[E]: [encrypted hash]
21:51:23.289500 IP (tos 0x0, ttl 246, id 25643, offset 0, flags [none], proto UDP (17), length 228)
    72.237.31.207.ipsec-nat-t > 10.0.0.52.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 761d5549: phase 2/others R oakley-quick[E]: [encrypted hash]
21:51:23.290624 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has Router.ConeSystems.com (00:1b:4f:34:70:9d (oui Unknown)) tell 10.0.0.52, length 46
21:51:23.290721 ARP, Ethernet (len 6), IPv4 (len 4), Reply Router.ConeSystems.com is-at d0:50:99:7c:27:8b (oui Unknown), length 28
21:51:23.291194 IP (tos 0x0, ttl 64, id 10, offset 0, flags [none], proto UDP (17), length 84)
    10.0.0.52.ipsec-nat-t > 72.237.31.207.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 761d5549: phase 2/others I oakley-quick[E]: [encrypted hash]
21:51:23.377892 IP (tos 0x0, ttl 57, id 23908, offset 0, flags [DF], proto UDP (17), length 29)
    72.237.31.207.ipsec-nat-t > 10.0.0.52.ipsec-nat-t: isakmp-nat-keep-alive
21:51:28.386367 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.52 tell Router.ConeSystems.com, length 28
21:51:28.386819 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.52 is-at 00:1b:4f:34:70:9d (oui Unknown), length 46
21:51:43.374625 IP (tos 0x0, ttl 64, id 20, offset 0, flags [none], proto UDP (17), length 29)
    10.0.0.52.ipsec-nat-t > 72.237.31.207.ipsec-nat-t: isakmp-nat-keep-alive

Thanks again and let me know if you need any other information; I have the latest version of Arch (pacman -Syu) as of this writing.

Offline

#2 2016-05-05 02:19:01

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,354

Re: IP Phone Unable to Communicate Through Arch-based Router

Not very sure what's going on, but you may want to search uPnP and figure out whether that's linked, and/or how to set that up on your Arch system.


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#3 2016-05-06 16:18:28

apoletti
Member
From: Arizona
Registered: 2016-02-17
Posts: 16

Re: IP Phone Unable to Communicate Through Arch-based Router

Hi again, sorry for the delay; things have been quite hectic here with work and packing to move out of state. Anyway, I looked into using uPnP but it isn't being used by either Windows for the PPTP connection or by the phone. I enabled it anyway to try in in case I was wrong but it didn't work. Some searches led me to think I needed to load some kernel modules such as nf_conntrack_pptp, nf_nat_pptp, and some relating to SIP/H.323 (a stab in the dark for the phone) to no avail.

Offline

#4 2016-05-06 19:39:18

branch
Member
Registered: 2014-03-16
Posts: 209

Re: IP Phone Unable to Communicate Through Arch-based Router

Your tcpdump is on the internal interface so it only tells half the story. You could try running tcpdump on both interfaces simultaneously to give you the full picture, then merge the two dump files with cat and sort. It would also be useful to append a log rule to the end of your forward chain to see everything that gets dropped.

Offline

#5 2016-05-13 14:20:51

apoletti
Member
From: Arizona
Registered: 2016-02-17
Posts: 16

Re: IP Phone Unable to Communicate Through Arch-based Router

Alrighty then, work has been so busy lately I that I don't get much time to work on my own projects. Anyway, I have the combined output below, which captures just about everything (except the initial DHCP requests) from the time I plug in the phone to a few seconds after it stalls. I didn't get to do the logging in iptables, that'll be my next task. FYI I replaced my ISP pseudo-domain with ip11-23-58-13, my real domain with MyDomain.com, and my company's VPN server with 1.2.3.4 for security purposes. I assign my phone (via DHCP) a static address of 10.0.0.52, which DNS translates to Avaya.MyDomain.com (real inventive, I know...). Let me know what you make of it!

13:00:43.586119 IP (tos 0x0, ttl 58, id 26482, offset 0, flags [DF], proto UDP (17), length 29)
    1.2.3.4.ipsec-nat-t > ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t: isakmp-nat-keep-alive
13:00:43.586250 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has Avaya.MyDomain.com tell Router.MyDomain.com, length 28
13:00:44.587079 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has Avaya.MyDomain.com tell Router.MyDomain.com, length 28
13:00:45.590479 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has Avaya.MyDomain.com tell Router.MyDomain.com, length 28
13:00:46.593945 IP (tos 0xc0, ttl 64, id 61107, offset 0, flags [none], proto ICMP (1), length 57)
    ip11-23-58-13.ph.ph.cox.net > 1.2.3.4: ICMP host ip11-23-58-13.ph.ph.cox.net unreachable, length 37
    IP (tos 0x0, ttl 57, id 26482, offset 0, flags [DF], proto UDP (17), length 29)
    1.2.3.4.ipsec-nat-t > ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t: isakmp-nat-keep-alive
13:01:04.685594 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    Router.MyDomain.com.bootps > Avaya.MyDomain.com.bootpc: BOOTP/DHCP, Reply, length 300, xid 0x4014a887, Flags [none]
      Your-IP Avaya.MyDomain.com
      Client-Ethernet-Address 00:1b:4f:34:70:9d (oui Unknown)
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Offer
        Server-ID Option 54, length 4: Router.MyDomain.com
        Lease-Time Option 51, length 4: 604800
        Subnet-Mask Option 1, length 4: 255.255.255.0
        BR Option 28, length 4: 10.0.0.255
        Default-Gateway Option 3, length 4: Router.MyDomain.com
        Domain-Name-Server Option 6, length 4: Router.MyDomain.com
        Domain-Name Option 15, length 15: "MyDomain.com"
13:01:04.686573 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has Avaya.MyDomain.com tell 0.0.0.0, length 46
13:01:06.185674 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
    Router.MyDomain.com.bootps > Avaya.MyDomain.com.bootpc: BOOTP/DHCP, Reply, length 300, xid 0x4014a887, Flags [none]
      Your-IP Avaya.MyDomain.com
      Client-Ethernet-Address 00:1b:4f:34:70:9d (oui Unknown)
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: ACK
        Server-ID Option 54, length 4: Router.MyDomain.com
        Lease-Time Option 51, length 4: 604800
        Subnet-Mask Option 1, length 4: 255.255.255.0
        BR Option 28, length 4: 10.0.0.255
        Default-Gateway Option 3, length 4: Router.MyDomain.com
        Domain-Name-Server Option 6, length 4: Router.MyDomain.com
        Domain-Name Option 15, length 15: "MyDomain.com"
13:01:06.186738 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has Avaya.MyDomain.com tell 0.0.0.0, length 46
13:01:06.685389 ARP, Ethernet (len 6), IPv4 (len 4), Reply Avaya.MyDomain.com is-at 00:1b:4f:34:70:9d (oui Unknown), length 46
13:01:06.713384 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has Router.MyDomain.com tell Avaya.MyDomain.com, length 46
13:01:06.713441 ARP, Ethernet (len 6), IPv4 (len 4), Reply Router.MyDomain.com is-at d0:50:99:7c:27:8b (oui Unknown), length 28
13:01:12.509560 IP (tos 0x0, ttl 64, id 2, offset 0, flags [none], proto UDP (17), length 428)
    Avaya.MyDomain.com.ah-esp-encap > 1.2.3.4.isakmp: isakmp 1.0 msgid 00000000: phase 1 I agg:
    (sa: doi=ipsec situation=identity
        (p: #2 protoid=isakmp transform=2
            (t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=fde9)(type=lifetype value=sec)(type=lifeduration len=4 value=00069780))
            (t: #2 id=ike (type=enc value=3des)(type=hash value=md5)(type=group desc value=modp1024)(type=auth value=fde9)(type=lifetype value=sec)(type=lifeduration len=4 value=00069780))))
    (ke: key len=128)
    (nonce: n len=20)
    (id: idtype=keyid protoid=0 port=0 len=4)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=8)
13:01:12.509699 IP (tos 0x0, ttl 63, id 2, offset 0, flags [none], proto UDP (17), length 428)
    ip11-23-58-13.ph.ph.cox.net.ah-esp-encap > 1.2.3.4.isakmp: isakmp 1.0 msgid 00000000: phase 1 I agg:
    (sa: doi=ipsec situation=identity
        (p: #2 protoid=isakmp transform=2
            (t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=fde9)(type=lifetype value=sec)(type=lifeduration len=4 value=00069780))
            (t: #2 id=ike (type=enc value=3des)(type=hash value=md5)(type=group desc value=modp1024)(type=auth value=fde9)(type=lifetype value=sec)(type=lifeduration len=4 value=00069780))))
    (ke: key len=128)
    (nonce: n len=20)
    (id: idtype=keyid protoid=0 port=0 len=4)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=8)
13:01:12.585406 IP (tos 0x0, ttl 247, id 19512, offset 0, flags [none], proto UDP (17), length 468)
    1.2.3.4.isakmp > ip11-23-58-13.ph.ph.cox.net.ah-esp-encap: isakmp 1.0 msgid 00000000: phase 1 R agg:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1
            (t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=fde9)(type=lifetype value=sec)(type=lifeduration len=4 value=00069780))))
    (ke: key len=128)
    (nonce: n len=20)
    (id: idtype=IPv4 protoid=udp port=0 len=4 1.2.3.4)
    (hash: len=20)
    (vid: len=16)
    (vid: len=8)
    (vid: len=16)
    (vid: len=16)
    (pay20)
    (pay20)
    (vid: len=20)
    (vid: len=16)
13:01:12.585529 IP (tos 0x0, ttl 246, id 19512, offset 0, flags [none], proto UDP (17), length 468)
    1.2.3.4.isakmp > Avaya.MyDomain.com.ah-esp-encap: isakmp 1.0 msgid 00000000: phase 1 R agg:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1
            (t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=fde9)(type=lifetype value=sec)(type=lifeduration len=4 value=00069780))))
    (ke: key len=128)
    (nonce: n len=20)
    (id: idtype=IPv4 protoid=udp port=0 len=4 1.2.3.4)
    (hash: len=20)
    (vid: len=16)
    (vid: len=8)
    (vid: len=16)
    (vid: len=16)
    (pay20)
    (pay20)
    (vid: len=20)
    (vid: len=16)
13:01:13.011470 IP (tos 0x0, ttl 64, id 3, offset 0, flags [none], proto UDP (17), length 164)
    Avaya.MyDomain.com.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 00000000: phase 1 I agg[E]: [encrypted pay20]
13:01:13.011580 IP (tos 0x0, ttl 63, id 3, offset 0, flags [none], proto UDP (17), length 164)
    ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 00000000: phase 1 I agg[E]: [encrypted pay20]
13:01:13.087833 IP (tos 0x0, ttl 247, id 13538, offset 0, flags [none], proto UDP (17), length 100)
    1.2.3.4.ipsec-nat-t > ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 01bb9075: phase 2/others ? inf[E]: [encrypted hash]
13:01:13.087944 IP (tos 0x0, ttl 246, id 13538, offset 0, flags [none], proto UDP (17), length 100)
    1.2.3.4.ipsec-nat-t > Avaya.MyDomain.com.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 01bb9075: phase 2/others ? inf[E]: [encrypted hash]
13:01:13.088178 IP (tos 0x0, ttl 247, id 12914, offset 0, flags [none], proto UDP (17), length 108)
    1.2.3.4.ipsec-nat-t > ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 17bccc91: phase 2/others R #6[E]: [encrypted hash]
13:01:13.088287 IP (tos 0x0, ttl 246, id 12914, offset 0, flags [none], proto UDP (17), length 108)
    1.2.3.4.ipsec-nat-t > Avaya.MyDomain.com.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 17bccc91: phase 2/others R #6[E]: [encrypted hash]
13:01:13.089559 IP (tos 0x0, ttl 247, id 15527, offset 0, flags [none], proto UDP (17), length 116)
    1.2.3.4.ipsec-nat-t > ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 0c728a95: phase 2/others ? inf[E]: [encrypted hash]
13:01:13.089668 IP (tos 0x0, ttl 246, id 15527, offset 0, flags [none], proto UDP (17), length 116)
    1.2.3.4.ipsec-nat-t > Avaya.MyDomain.com.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 0c728a95: phase 2/others ? inf[E]: [encrypted hash]
13:01:13.134880 IP (tos 0x0, ttl 64, id 4, offset 0, flags [none], proto UDP (17), length 116)
    Avaya.MyDomain.com.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 17bccc91: phase 2/others I #6[E]: [encrypted hash]
13:01:13.134978 IP (tos 0x0, ttl 63, id 4, offset 0, flags [none], proto UDP (17), length 116)
    ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 17bccc91: phase 2/others I #6[E]: [encrypted hash]
13:01:13.213163 IP (tos 0x0, ttl 247, id 8794, offset 0, flags [none], proto UDP (17), length 100)
    1.2.3.4.ipsec-nat-t > ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 3571bc88: phase 2/others R #6[E]: [encrypted hash]
13:01:13.213273 IP (tos 0x0, ttl 246, id 8794, offset 0, flags [none], proto UDP (17), length 100)
    1.2.3.4.ipsec-nat-t > Avaya.MyDomain.com.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 3571bc88: phase 2/others R #6[E]: [encrypted hash]
13:01:13.215545 IP (tos 0x0, ttl 64, id 5, offset 0, flags [none], proto UDP (17), length 100)
    Avaya.MyDomain.com.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 3571bc88: phase 2/others I #6[E]: [encrypted hash]
13:01:13.215644 IP (tos 0x0, ttl 63, id 5, offset 0, flags [none], proto UDP (17), length 100)
    ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 3571bc88: phase 2/others I #6[E]: [encrypted hash]
13:01:13.230865 IP (tos 0x0, ttl 64, id 6, offset 0, flags [none], proto UDP (17), length 180)
    Avaya.MyDomain.com.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 76a7cac8: phase 2/others I #6[E]: [encrypted hash]
13:01:13.230962 IP (tos 0x0, ttl 63, id 6, offset 0, flags [none], proto UDP (17), length 180)
    ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 76a7cac8: phase 2/others I #6[E]: [encrypted hash]
13:01:13.305884 IP (tos 0x0, ttl 247, id 2004, offset 0, flags [none], proto UDP (17), length 252)
    1.2.3.4.ipsec-nat-t > ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 76a7cac8: phase 2/others R #6[E]: [encrypted hash]
13:01:13.305995 IP (tos 0x0, ttl 246, id 2004, offset 0, flags [none], proto UDP (17), length 252)
    1.2.3.4.ipsec-nat-t > Avaya.MyDomain.com.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 76a7cac8: phase 2/others R #6[E]: [encrypted hash]
13:01:14.339829 IP (tos 0x0, ttl 64, id 7, offset 0, flags [none], proto UDP (17), length 572)
    Avaya.MyDomain.com.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 8ac7dccd: phase 2/others I oakley-quick[E]: [encrypted hash]
13:01:14.339936 IP (tos 0x0, ttl 63, id 7, offset 0, flags [none], proto UDP (17), length 572)
    ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 8ac7dccd: phase 2/others I oakley-quick[E]: [encrypted hash]
13:01:14.415010 IP (tos 0x0, ttl 247, id 32596, offset 0, flags [none], proto UDP (17), length 124)
    1.2.3.4.ipsec-nat-t > ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 15fe156f: phase 2/others R inf[E]: [encrypted hash]
13:01:14.415129 IP (tos 0x0, ttl 246, id 32596, offset 0, flags [none], proto UDP (17), length 124)
    1.2.3.4.ipsec-nat-t > Avaya.MyDomain.com.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 15fe156f: phase 2/others R inf[E]: [encrypted hash]
13:01:14.419660 IP (tos 0x0, ttl 247, id 12871, offset 0, flags [none], proto UDP (17), length 228)
    1.2.3.4.ipsec-nat-t > ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 8ac7dccd: phase 2/others R oakley-quick[E]: [encrypted hash]
13:01:14.419772 IP (tos 0x0, ttl 246, id 12871, offset 0, flags [none], proto UDP (17), length 228)
    1.2.3.4.ipsec-nat-t > Avaya.MyDomain.com.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 8ac7dccd: phase 2/others R oakley-quick[E]: [encrypted hash]
13:01:14.535930 IP (tos 0x0, ttl 64, id 8, offset 0, flags [none], proto UDP (17), length 84)
    Avaya.MyDomain.com.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 8ac7dccd: phase 2/others I oakley-quick[E]: [encrypted hash]
13:01:14.536029 IP (tos 0x0, ttl 63, id 8, offset 0, flags [none], proto UDP (17), length 84)
    ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 8ac7dccd: phase 2/others I oakley-quick[E]: [encrypted hash]
13:01:14.830235 IP (tos 0x0, ttl 58, id 18341, offset 0, flags [DF], proto UDP (17), length 29)
    1.2.3.4.ipsec-nat-t > ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t: isakmp-nat-keep-alive
13:01:14.830340 IP (tos 0x0, ttl 57, id 18341, offset 0, flags [DF], proto UDP (17), length 29)
    1.2.3.4.ipsec-nat-t > Avaya.MyDomain.com.ipsec-nat-t: isakmp-nat-keep-alive
13:01:17.597202 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has Avaya.MyDomain.com tell Router.MyDomain.com, length 28
13:01:17.597818 ARP, Ethernet (len 6), IPv4 (len 4), Reply Avaya.MyDomain.com is-at 00:1b:4f:34:70:9d (oui Unknown), length 46
13:01:34.824429 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has Router.MyDomain.com (00:1b:4f:34:70:9d (oui Unknown)) tell Avaya.MyDomain.com, length 46
13:01:34.824485 ARP, Ethernet (len 6), IPv4 (len 4), Reply Router.MyDomain.com is-at d0:50:99:7c:27:8b (oui Unknown), length 28
13:01:34.825074 IP (tos 0x0, ttl 64, id 18, offset 0, flags [none], proto UDP (17), length 29)
    Avaya.MyDomain.com.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: isakmp-nat-keep-alive
13:01:34.825181 IP (tos 0x0, ttl 63, id 18, offset 0, flags [none], proto UDP (17), length 29)
    ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: isakmp-nat-keep-alive
13:01:54.823977 IP (tos 0x0, ttl 63, id 19, offset 0, flags [none], proto UDP (17), length 29)
    ip11-23-58-13.ph.ph.cox.net.ipsec-nat-t > 1.2.3.4.ipsec-nat-t: isakmp-nat-keep-alive

Offline

#6 2016-05-13 16:44:12

oliver
Member
Registered: 2007-12-12
Posts: 448

Re: IP Phone Unable to Communicate Through Arch-based Router

Is your phone running SIP or the proprietary Avaya thing?  If it's the former, wireshark and the 'voip' filter might help

Offline

#7 2016-05-13 21:21:16

apoletti
Member
From: Arizona
Registered: 2016-02-17
Posts: 16

Re: IP Phone Unable to Communicate Through Arch-based Router

I believe it to be using the H.323 protocol, though I'm no expert with VoIP. Unfortunately, it appears my Avaya phone cleared its settings (including the VPN password, which I do not know nor will my company tell me), so my company says they need to reprogram it in their network, which means I have to send it back to them... Just my luck I suppose.That basically means I can't do any more testing until I get it reprogrammed.

Offline

Board footer

Powered by FluxBB