[asterisk-users] asterisk and openvpn and sip

[Giorgio Incantalupo]

Hi John,

I already have the ccd dir with the iroute (mandatory for routing to 
pc/phone connected to vpn client). During the last test I could register 
and  make a call but voice disappears after 1, 2 seconds. I'm trying to 
understand if it is a bandwidth problem. At the moment I have my phone 
connected to the openvpn client (which is its gateway) but I have to use 
the vpn ip (10.0.0.1) to register the phone, the openvpn server local ip 
(192.168.1.12) is not working. I suppose it is a  sip protocol problem: 
I had to change the sip.conf setting nat=yes to make the phone dial and 
domain = 10.0.0.1 to make the voice pass (or at least the first 2 seconds).
I keep on working on the vpn since it seems so little is missing to have 
a clear conversation. Let me know if your tests are successfull.

Thank you. 

Giorgio

John A. Sullivan III wrote:
> On Thu, 2009-06-18 at 10:31 +0200, Giorgio Incantalupo wrote:
>   
>> Hi all,
>>
>> I'm trying to connect one phone to a remote asterisk server via openvpn. 
>> First of all, I put the vpn server on the box hosting asterisk and the 
>> vpn client on another box, both with public ips.
>> Then I set the client ip as my phone IP gateway and the remote pbx ip as 
>> the registrar and outbound proxy.
>>
>> I see in the phone log register packets are sent but nothing in return. 
>> Asterisk console shows it tries to give back the packets but they seem 
>> to be lost somewhere.
>>
>> I made some tests with my pc setting its gateway with the vpn client IP 
>> and I can reach the pbx machine (ping, ssh,...) but sipsak gets no response.
>> It seems ping and ssh response packets are correctly routed but sip 
>> packets aren't.
>>
>> I tried to set nat=yes in sip.conf but without result.
>> Is there any asterisk parameter to set to make it work with openvpn?
>>
>> Any help really appreciated.
>>     
> <snip>
> Hi, Giorgio.  I am a complete noob to Asterisk (well ... an eight year
> noob but only now learning to do more than recipe approaches) but I
> wonder if this is more of a routing than Asterisk issue.
>
> I am also doing my initial testing with OpenVPN and it is working.  My
> setup is slightly different.  OpenVPN is running on the firewall in the
> data center to support remote access; * is on a separate system.  Given
> that you are running * on the OpenVPN gateway, you might want to ensure
> that * is listening on the address of the tun interface.
>
> I found the routing somewhat complicated to set up.  If the clients are
> routed through the VPN client, I found I had to do two things to my data
> center router/firewall:
>       * I had to add a route on the firewall to the network behind the
>         client - ip route add 192.168.5.0/24 via 192.168.7.18 (virtual
>         openvpn address of my openvpn client)
>       * I had to use a ccd file to add an iroute command telling OpenVPN
>         to use my OpenVPN client as a route to the client's network
>         (iroute 192.168.5.0 255.255.255.0)
> That worked to allow me to fake a public IP address inside my test lab
> so I could configure some additional gateways; the OpenVPN also worked
> with a softphone running on my OpenVPN client.  Today I will test
> putting these together using hardphones behind my OpenVPN client.  Hope
> this helps - John
>