[asterisk-users] odd issue with the with SIP over VPN
Dave Platt
dplatt at radagast.org
Sun Jan 24 12:30:13 CST 2010
> I've run into a odd issue where inbound calls to the SIP client work
> fine, but outbound from the SIP client do not.
>
> The path between the client and the server is as below.
>
> N900 SIP client <-- OpenVPN --> Asterisk
>
> The version of Asterisk in question is 1.6.0.18.
>
> Any suggestions?
You may have run into a problem I've encountered with the
SIP client in the N810, or something related to it.
One of the complexities/weaknesses of the SIP protocol,
is that each SIP node puts its own IP address into the
protocol packets it sends to its peer. The peer uses
this IP address (embedded in the SIP headers) rather than
the IP address in the actual IP headers, to manage the
conversation. This means that each SIP peer needs to
know what IP address to announce.... and it has to be an
IP address which is usable to the peer, or the protocol
won't work.
The SIP client on the N810 (and the N900 I imagine)
will, under normal circumstances, *always* specify the
IP address of the main IP interface (wireless). This
happens even if the call is being routed through a VPN.
Or, if you have STUN support turned on, it may specify
whatever IP address the system deduces is the "visible"
public IP address of whatever NAT it's living behind.
Neither of these IP addresses is likely to be usable,
if the conversation is taking place through a VPN.
What you probably want, in this case, is for the SIP
packets to contain the N900's VPN endpoint address.
The Maemo SIP client doesn't know how to do this, at
least not without assistance.
Fortunately, it's possible to assist the client, via
some scripts or push-commands in your OpenVPN
configuration. The methods differ a bit depending
on whether one is running OS 2008 (Diablo) on the
N810, or Fremantle on the N900, but the principle
is the same.
See https://bugs.maemo.org/show_bug.cgi?id=1860
for a discussion of the problem, and for some sample
scripts.
I've been using this approach with my N180, and
(via manual configuration) with a Linux laptop with
OpenVPN and Twinkle. It works fine, and seems more
reliable than trying to use STUN.
More information about the asterisk-users
mailing list