MagicJack/Support Resources/How-To/VPN

Telecommuters often connect to their employer through a VPN (a secure tunnel). VPNs make the client computer part of the host network. The problem is, the firewall of the host network may block the connections initiated by the softphone to MagicJack's servers.

This can be fixed by using the "route" command to associate MagicJack IP addresses to your local gateway instead of the VPN (and your employer's gateway).

You must first understand the addresses used by your MagicJack.

Prerequisite
To use a VPN, you will need to understand MagicJack's use of SIP/proxy, RTP/vms and administrative servers. You may need to create static routes for all of them.


 * 1) Review the  background information in the How-To: Find your proxy regarding the SIP, RTP and administrative servers MagicJack connects to.
 * 2) Next, you must identify your actual proxy (and vms) server as described in  How-To: Find your proxy.
 * 3) Finally, you should review how to identify all possible proxy servers in the  How-To: Find your proxy, identify all available proxies.

Preparation
Determine the IP addresses you will later create routes for.

SIP and RTP Servers
As mentioned in the Prerequisite section, you can identify the SIP/proxy and RTP/vms server you are currently connected to. Initially, these addresses are all you need.

However, MagicJack may connect to other servers when it is unable to connect to the proxy server associated with your area code. Therefore, you should follow the instructions in the How-To: force a specific server to find all the SIP/proxy servers you could possibly use.

After obtaining that list you can resolve them to hostnames (using nslookup), change the hostnames from "proxy1" to "vms1," and then obtain the IP addresses for those RTP/vms servers.

These SIP/proxy and RTP/vms IP addresses are all the possible SIP and RTP servers MagicJack may connect to.

Administrative servers
As mentioned in the Prerequisite, administrative servers exist. It may not be necessary to route the traffic associated with these servers too.

Use nslookup to resolve those hostnames into IP addresses. But, be aware that


 * 1) Administrative servers may use the same IP address.
 * 2) nslookup may return two addresses for some administrative servers. (For example, at the time of this writing, render.talk4free.com returns two addresses associated with that hostname.). You should record all the IP addresses associated a hostname. It will be important to route each one.

The route command
There are two ways to create static routes to MagicJack servers. 1) Route each server individually. Or, 2) route all addresses for a first-level octet. Your choice depends on how much control you want, and whether routing an entire top-level octet interferes with your use of the VPN connection. (For example, some private networks unwisely use public IP addresses internally.).

Notes:
 * The following route commands must be executed each time you start your computer.
 * You can simulate restarting your computer (clearing any routes you made) by executing
 * ipconfig /release
 * ipconfig /renew.


 * You can make routes persistent (so you don't have to create them each time you start your computer) by adding the -p option. (Ex. route -p add.).
 * Be careful creating persistent routes. You can wreck your network. Keep track of the routes you create so you can delete them if you encounter a problem.
 * You can delete a route (even persistent route) using:
 * route delete {MJ server address}.


 * For more information:
 * Windows: type route /? from a Windows command (DOS) window.

Route individual addresses
Using the IP addresses you obtained from the preparation section, perform the following route command for each one:

 Windows 

The format of the route command is:

route add {ip address of MJ server} mask 255.0.0.0 {your local gateway address} metric 1

For example, if you connect to the Phoenix servers and your local gateway is 192.168.1.1, you would do this:

route add 66.104.81.70 192.168.1.1 metric 1
 * 1) Phoenix SIP/proxy server

route add 66.104.81.75 192.168.1.1 metric 1
 * 1) Phoenix RTP/voice server

Notes:
 * You may want to create routes for other proxy1/vms1 servers in case your MagicJack accesses a different server due to problems connecting to the one which your area code is associated with.
 * You may want to create routes for the administrative servers.

Route an entire block of addresses
Using the IP addresses you obtained from the preparation section, use only the first-level octet (the first number in the dotted decimal string), and remove duplicate values. The resulting unique numbers are the only routes necessary to create.

Windows

The format of the route command:

route add {octet}.0.0.0 mask 255.0.0.0 {your local gateway address} metric 1

For example, if the unique first-level octets are 64, 66, 67, 71, 207, 216, you would create the following routes:

route add 64.0.0.0 mask 255.0.0.0 192.168.1.1 metric 1 route add 66.0.0.0 mask 255.0.0.0 192.168.1.1 metric 1 route add 67.0.0.0 mask 255.0.0.0 192.168.1.1 metric 1 route add 71.0.0.0 mask 255.0.0.0 192.168.1.1 metric 1 route add 207.0.0.0 mask 255.0.0.0 192.168.1.1 metric 1 route add 216.0.0.0 mask 255.0.0.0 192.168.1.1 metric 1

Note: There are more servers under those high-level octets than just MagicJack's. The above routes may route more traffic through your local gateway if you happen to access other servers which fall into those blocks of addresses. This shouldn't be a problem unless the VPN you connect to uses any of these public IP addresses internally. Private networks shouldn't do that. But, some do. If the above block routes affect your VPN, try routing individual addresses as described in the previous sub-topic.