At our office, we've been having this problem for some time, and I haven't found a solution for it. Some of our employees have a work phone at home, that is a Samsung IP telephone (SMT-i3105), that establishes a VoIP connection to our Samsung OfficeServ 7200 at our office, and the connection has to go through our MikroTik router.
Then we also use VPN connections (L2TP/IPsec) to access our NAS remotely and for Remote Desktop.
The problem occurs, whenever someone connects through the VPN connection, their VoIP connection will be lost, and the phone will disconnect, and when you disconnect from the VPN, the phone will work normally again.

The following ports and NAT rules are opened and set:
6000 UDP = IP data SIP connection
9000 UDP = IP connection setup
30000-30030 = IP MGI channels

Does anyone have any ideas, as to how to configure the router, for it to distinguish the 2 different connections, the VPN one, and the VoIP one, and so that both can work at the same time and has anyone had similar issues?

What's establishing the l2tp vpn at the houses?


You meed to goto 30031 for the mgi.

What version of software are you running on the os7200?

It sounds like a routing issue on the microtik.
The system is told both the local and public ip addresses of the phone when it connects from memory.
You'll need to-do a wireshark have at the system sends to be sure, I suspect the microtik is sending the traffic back via the vpn for some reason when the vpn is connected but as the users pc won't be setup to route the traffic to the phone it's not reaching its destination.

You could try todo a trace route to the users public ip address when the vpn is connected and see if it tried to use the vpn tunnel or not

What's establishing the l2tp vpn at the houses?


You meed to goto 30031 for the mgi.

What version of software are you running on the os7200?

It sounds like a routing issue on the microtik.
The system is told both the local and public ip addresses of the phone when it connects from memory.
You'll need to-do a wireshark have at the system sends to be sure, I suspect the microtik is sending the traffic back via the vpn for some reason when the vpn is connected but as the users pc won't be setup to route the traffic to the phone it's not reaching its destination.

You could try todo a trace route to the users public ip address when the vpn is connected and see if it tried to use the vpn tunnel or not

L2TP VPN is established with the built in Win10 VPN client.

Why would 30031 be needed? If the VPN connection is not established, the IP phone works normally.

The OS7200 is on version 4.82, since this is the one we have used for years and have not updated to the newest version yet.

Yes I assume this is a issue on our router, but I do not know what I would need to change on it for this to work. And the users do not use the LAN port on the phones for internet access, they have separate cables coming from their home routers.
When users connect with the VPN, they get a specified IP from a VPN pool and it can communicate with the IP Pool on which the OS7200 is located on, because you can ping the OS7200 IP with the VPN connection.

I will try and see what I can find out with a traceroute

Mgi ports work in pairs.
Since you have a os7200 you'll have a mgi16 or oas card, so 16mgi channels.
16x2=32 ports required, which is why it goes to 30031.
Each even port is rtp
Each odd port is rtcp

Adjusting your mgi port foward around fix this issue.
The pc port on the phone has no bearing in this case even if it was being used.

Yes we use a MGI 16 card. Will enable also 30031 to be sure.

I will have to play around with this, one thing I need to test is once the VPN is established, if I change the server IP on the phone to the local IP of our 7200, instead of the public IP of our router in the office.

Does the private IP the phone gets from users home routers have any effect in the connection to our os7200?

If you enter the private IP of the phone, you will also have to enter that subnet or ip in 5.2.8 so that the phone system knows what ip address it is going to be receiving connections from for phones.

That won't work as the phone can't see the vpn tunnel, only the pc can see it.

Nameless do you think adding the Local IP address for the Samsung server into the server list on the phone might work?
I"m thinking the Phone would possibly re-establish over the "Local" Lan when the VPN comes up

Nevermind I just reread the post about L2TP from Win 10 I was thinking the Mikrotek was the local router.

Rok did you ever get this figured out? After rereading what you posted. I was wondering if your MirkoTek router is only allowing one connection from each persons location. Therefore when the VPN kicks on it is prioritizing it over the phone connection.

Sadly I did not. I haven't been able to figure out, what exactly is the root cause of this, and I've asked around on Mikrotik forums and no one has been able to help me with it.

The issue is definetly on our Mikrotik router, but I'm at a loss on what to change. All the needed ports are all forwarded to the OfficeServ IP and or the MGI card IP.

From the research I've done, this seems to be a protocol issue, when using a L2TP/IPsec connection it will "block" any other connection from the same source IP.