I have asked about this before, but it is really become a serious need.
Situation:
Hosted PBX in our data centers
Remote locations connected via pepVPN.
Remote pepwaves usually have an untagged network with the store point of sale (POS) terminals plus a VLAN network for the IP phones.
Example:
Untagged LAN IP 192.168.3.1/24
VLAN 15 addr 10.108.5.17/28
virtually all other phone companies have to use a local “callerid box” such as a vertex from callerid.com to send the callerid packets to the POS stations. The vertex sniffs the SIP packets on a bridge pair of prts and generates callerid info for the POS stations via another ethernet port on the POS network. Vertex boxes cost $350 to $900 for 2 to 8 channels
We have a very unique phone system in that we have written code to generate those same packets directly from the phone system. We send these over the VPN to the POS network. About half our customers function this way.
The callerid boxes send to the broadcast address on the network, and of course they are sitting on the local network.
Since we are sending from a different subnet over routed connections, it is not possible to send to the broadcast address. Instead we send duplictae packets directly to the IP of each POS station.
Now the problem…several popular POS systems will NOT recognize the callerid packet if it is sent directly to the POS station - only if TO the broadcast addr and FROM some address on the local network.
Now, in some cases there is a Sonicwall between the Pepwave and the POS stations. In this case I am able to send to the Sonicwall and do port forwarding that does just what I need - rewrite TO the broadcast and rewrite the form to be FROM the Sonicwall.
But in more and more cases the Pepwave is the only firewall, and then I am stuck.
Note that due to how everything else functions I CANNOT use NAT mode on the pepvpn. That is just not an option.
Specifics of my request:
- Allow port forwarding to rewrite the source address to the LAN address of the Pepwave for that subnet. So the packet appears to have been generated by the pepwave, not passed through it.
- Allow port forwarding not just on WAN interfaces, but also on LAN interfaces. I need this because I am coming over the VPN. I need to address the packet to the VLAN interface addr of the pepwave, with port forwarding to the broadcast of the untagged network. In the example above:
On vlan interface UDP port 3520
Server IP address 192.168.3.255
rewrite source to 192.168.3.1
Now for the urgency. I just landed an opportunity for a 4,300 location customer. And of courseemphasized text** they use a POS system that will not respond to packets unless as above.
Since they have only three phones per location, requiring a Vertex box increases hardware cost by a solid 40%. they SPECIFICALLY sought me out because I can do it without that box.
So this one is honestly of higher priority than anything else I have asked for.
Thanks.