REGUS Serviced Office - Networking Nightmare

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › REGUS Serviced Office - Networking Nightmare

jimbob79

673 posts

Ultimate Geek

#222879 1-Sep-2017 18:32

I've been in the new serviced office (REGUS) for two days and their networking is driving me mad.

The single office has 8 RJ45 network ports. Each port has access to the internet but even though all 8 network port is on the same subnet, none of the computers, NAS or printers can access each other. Now I'm quite competent in the networking as I been doing this kind of thing for 20 years.

I have never been so frustrated. If I want to get any kind of IT support it going to cost me $$.

Also, my VoIP phones are not working correctly either, suffering from the one-way audio issue. They can hear me but I can't hear them. But I think this is a common problem with Serviced Offices as they block the VoIP traffic so you have to use their phone system. $$

So does anybody know how to set-up a local LAN network in a REGUS serviced office?

1 | 2

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1856906 1-Sep-2017 19:20

Offering isolated ports in a serviced office is a perfectly normal way of configuring things - you don't want people being able to see each other's devices.

As for one way voice that just sounds like an organisation who won't know how to configure their router or have double NAT rather than an intentional attempt to block VoIP traffic.

If you want your devices to be able to talk to each other you may be able to plug in your own switch, assuming they're just using isolated ports rather than firewall rules also blocking L3 connectivity.

Lenovo

Lenovo computer and accessories deals (affiliate link).

jimbob79

673 posts

Ultimate Geek

#1856911 1-Sep-2017 19:36

sbiddle:

Offering isolated ports in a serviced office is a perfectly normal way of configuring things - you don't want people being able to see each other's devices.

As for one way voice that just sounds like an organization who won't know how to configure their router or have double NAT rather than an intentional attempt to block VoIP traffic.

If you want your devices to be able to talk to each other you may be able to plug in your own switch, assuming they're just using isolated ports rather than firewall rules also blocking L3 connectivity.

I can imagine having a logical separation between offices, but to have the same level of separation within the same office room gets a bit frustrating?

So starting from basics, how to I get our MFC printer connected to four desktops using the existing infrastructure?

Double NATing of the VoIP has been particularly frustrating.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1856928 1-Sep-2017 20:10

If you plug your own switch into an existing port and plug your devices into that switch they may talk to each other. This assumes there is no L3 blocking occurring in the router. If that is the case then you're out of luck.

What do they say when you complain about the VoIP issue?

vulcannz

436 posts

Ultimate Geek
Inactive user

#1857460 3-Sep-2017 09:05

Sounds like they've setup Private VLANs which is perfect good in a serviced office. In fact I'd go as far to say what they are doing is good practice. You don't want some numpty spreading something like wannacry across the LAN.

As for the VOIP it's most likely your VoIP system if it's based on SIP. SIP is the most arse protocol known to mankind, the standard was ratified by drunk orangutans. The clown that decided that SIP would ignore packet header information needs to be taken out and disemboweled.

Plugging a switch in should work. sboiddle not sure what you mean by Layer 3 blocking? A switch is a layer 2 device.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1857513 3-Sep-2017 10:39

vulcannz:

sboiddle not sure what you mean by Layer 3 blocking? A switch is a layer 2 device.

It's not uncommon in such a setup to also block L3 connectivity at the router as well as port isolation.

As somebody who's spent 15 years playing with SIP I highly dissagree with everything you've said about SIP. It's a great protocol that's only hampered by 2 things - vendors who build SIP ALG's into hardware, and people who build networks with double NAT.

vulcannz

436 posts

Ultimate Geek
Inactive user

#1857617 3-Sep-2017 14:21

sbiddle:

vulcannz:

sboiddle not sure what you mean by Layer 3 blocking? A switch is a layer 2 device.

It's not uncommon in such a setup to also block L3 connectivity at the router as well as port isolation.

As somebody who's spent 15 years playing with SIP I highly dissagree with everything you've said about SIP. It's a great protocol that's only hampered by 2 things - vendors who build SIP ALG's into hardware, and people who build networks with double NAT.

A switch is a layer 2 device. Layer 3 would block by IP. A typical unmanaged switch does not have an IP address. Port Isolation aka private VLANs works on port, not IP nor MAC address even.

SIP is terrible. SIP assumes it is direct connected to the internet, hence it doesn't honour/recognize the header data in the packet but uses its own embedded data. Hence is struggles with single NAT even. It also typically uses the same source port as the destination port making things even more difficult (this is why vendors need SIP ALGs). Finally SIP has no security, it's the most insecure protocol known to the universe.

jimbob79

673 posts

Ultimate Geek

#1858042 4-Sep-2017 12:05

Quick update.

I got one PC and I have it working with a local NAS (Synology) server and a printer bundled together on one switch. However, the other side of the room is without access until I get another switch and a very long cable.

My VoIP provider is 2talk and we use Yealink t22p desk phones. I setup the phones to use 2talks own Auto Provisioning service and the desk phone configured correctly i.e. it Registered with 2talk. However, I can't receive incoming calls. I can make out going calls but still, have the audio issue where I cannot hear the other party's voice, but they can hear me.

2talk is also a bit strange as it showing the IP address of my desk phone (Yealink T22p) and not a public facing IP address??

Is there a tool I can use to check my firewall VoIP access?

vulcannz

436 posts

Ultimate Geek
Inactive user

#1858053 4-Sep-2017 12:13

Yeah that's what SIP does. Instead of looking at the packet header for your public IP it embeds it in the data and uses the actual IP of the device behind the NAT.

I have a Yealink IP phone (the wireless one). I don't think you need to do anything special though I do have the Enable Outbound Proxy set as the same IP as the SIP gateway.

jimbob79

673 posts

Ultimate Geek

#1858059 4-Sep-2017 12:19

Just in case anybody whats to knows the setting used for Yealink phones to configure with 2talk using 2talk's own auto provisioning tool.

rphenix

978 posts

Ultimate Geek

Lifetime subscriber

#1858066 4-Sep-2017 12:32

I've dealt with Regus overseas at least - and was able to get in their serviced office all of our staff plugged into our own switch - so network was separate and we could do things 'our way' we also organised dedicated IP and bandwidth.

vulcannz

436 posts

Ultimate Geek
Inactive user

#1858091 4-Sep-2017 13:13

Here are my settings. The only thing I've done on my firewall is disabled NAPT (doesn't translate source port). Source port remapping could be enough to cause the problems you're having - SIP don't like that.

jimbob79

673 posts

Ultimate Geek

#1858097 4-Sep-2017 13:23

vulcannz:

Here are my settings. The only thing I've done on my firewall is disabled NAPT (doesn't translate source port). Source port remapping could be enough to cause the problems you're having - SIP don't like that.

Currently, my desk phone is plugged directly into the network wall socket. I don't' have access to the firewall.

I'm thinking about getting a static IP address to resolve my issues, but I'm still not sure if it's going to work.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1858327 4-Sep-2017 17:33

vulcannz:

Here are my settings. The only thing I've done on my firewall is disabled NAPT (doesn't translate source port). Source port remapping could be enough to cause the problems you're having - SIP don't like that.

I do have to say in the many thousands of phones I've deployed I've never encountered that as an issue. What type of firewall are you using? A Sonicwall by any chance?

chevrolux

4962 posts

Uber Geek
Inactive user

#1858329 4-Sep-2017 17:37

If you are using 2talk, then port 50600 is an alternate you can register on. May help if there is a router screwing with 5060 traffic.

vulcannz

436 posts

Ultimate Geek
Inactive user

#1858342 4-Sep-2017 18:15

sbiddle:

vulcannz:

Here are my settings. The only thing I've done on my firewall is disabled NAPT (doesn't translate source port). Source port remapping could be enough to cause the problems you're having - SIP don't like that.

I do have to say in the many thousands of phones I've deployed I've never encountered that as an issue. What type of firewall are you using? A Sonicwall by any chance?

Yip and it is standard practice for most firewalls. It avoids port conflicts. For example here is Fortinets document http://kb.fortinet.com/kb/documentLink.do?externalID=FD30357 (I am a certified engineer on other firewalls like Netscreen/Juniper/McAfee/Palo Alto etc).

This is what an ALG is for, it detects the SIP traffic and at the very least turns off NAPT. An ALG may also modify the SIP contents.

In some cases you find custom VoIP systems have modified the SIP standard - and ALGs fail to see them (3CX is a good example).

However 2Talk has a pretty standard setup, nothing odd or different (I've been using them for about 4 and a half years on UFB... behind a Sonicwall obviously ;) ).

The other thing to consider is 2Talk have a custom Android app that just seems to work no matter what network you are on.

1 | 2