Promiscious monitoring to sniff VoIP calls

[Dunc the Punk]

Yes the title sounds dodgy but let me explain.

My company currently has a hosted VoIP solution to which we record calls to and from our call centre. To record, a server hangs off a monitoring port on the local switch where all call centre phones are patched into mirroring ports. This means the server can see the VoIP packets to record them. Because the VoIP solution is hosted, we don't have the option to mirror the PBX server. Who knows where it is. Somewhere in that cloud.

Now I have been requested to configure call recording for two phones in a remote branch. My first thought was to use a switch with remote port mirroring. But I have found that most switches only support remote mirroring via a VLAN. Because the remote site is across a managed MPLS WAN, the VLAN cannot traverse.

This got me experimenting with OpenVPN to tunnel the traffic across our WAN before I stumbled across SoftEther. To the developers, well done on a fantastic VPN suite. It has so many great features.

I have read through to doco and experimented with the interface. I can see that SoftEther can do bridging and monitoring which is excellent. It sounds like it will do exactly what I need. Unfortunately, I cannot get it working.

In my test lab here is what I have done:
1) Setup a Linux VM to ping to the web to simulate a packet not destined to our network. I have configured this Hyper-V VM to by a source for 'mirroring mode'. This Hyper-V mirroring feature simulates mirroring mode on a physical switch.
2) Setup a SoftEther Server on a Windows VM. This VM is the destination for Hyper-V mirroring mode. If I run Wireshark, I can see the outbound packets fine. This simulates a potential VM for the remote site to capture packets and send them over the WAN via a VPN tunnel.
3) Created a new Virtual Hub and a new Bridge to the vNIC that can see the outbound packets.
4) Modified the server configuration file (vpn_server.config) to enable 'MonitorMode' as true for the new bridge.
5) Created a single user with a password and a Security Policy to 'Allow Monitoring Mode'.
6) Created a Windows VM, installed the SoftEther client, and created a new Virtual Network Adapter and VPN Connection. I edited the connection to use 'Monitoring Mode' in 'Advanced Settings'.
7) Connected and attempted to capture the outbound packets via Wireshark on the VPn client VM with no avail.

Is there anything else I need to configure?
Is there any way to troubleshoot where the packets are being dropped? I.e. on the server or client?

[Dunc the Punk]

Ops, should have read 'before posting a question'.

1. Operating system name and the type of CPU-bits
Server: Windows 7 Enterprise w/SP1 64-bit
Client: Windows 7 Professional w/SP1 32-bit

2. The result of "ifconfig –a" (UNIX) or "ipconfig /all" (Windows)
[attachment=1]ipconfig.txt[/attachment]


3. The result of "uname –a" (UNIX) or "systeminfo" (Windows)
[attachment=2]systeminfo.txt[/attachment]

4. The build number of SoftEther VPN
SoftEther VPN 4.0 VPN 4.0 (Ver 4.21, Build 9613) (server and client)

5. Which SoftEther VPN component are you using?
'Server' and 'Client'

6. Whether or not there is a NAT or Firewall between your VPN server and the Internet.
No or N/A not travering Internet

7. Are you using SecureNAT?
No. It's disabled.

8. Your current vpn_server.config or vpn_bridge.config file should be attached on the post.
[attachment=0]vpn_server.config.txt[/attachment]

[thisjun]

I think you can sniff on bridge on the Linux.
I think you don't need SoftEther VPN.