[asterisk-users] asterisk and openvpn and sip

John A. Sullivan III jsullivan at opensourcedevel.com
Thu Jun 18 06:43:27 CDT 2009 

On Thu, 2009-06-18 at 10:31 +0200, Giorgio Incantalupo wrote:
> Hi all,
> 
> I'm trying to connect one phone to a remote asterisk server via openvpn. 
> First of all, I put the vpn server on the box hosting asterisk and the 
> vpn client on another box, both with public ips.
> Then I set the client ip as my phone IP gateway and the remote pbx ip as 
> the registrar and outbound proxy.
> 
> I see in the phone log register packets are sent but nothing in return. 
> Asterisk console shows it tries to give back the packets but they seem 
> to be lost somewhere.
> 
> I made some tests with my pc setting its gateway with the vpn client IP 
> and I can reach the pbx machine (ping, ssh,...) but sipsak gets no response.
> It seems ping and ssh response packets are correctly routed but sip 
> packets aren't.
> 
> I tried to set nat=yes in sip.conf but without result.
> Is there any asterisk parameter to set to make it work with openvpn?
> 
> Any help really appreciated.
<snip>
Hi, Giorgio.  I am a complete noob to Asterisk (well ... an eight year
noob but only now learning to do more than recipe approaches) but I
wonder if this is more of a routing than Asterisk issue.

I am also doing my initial testing with OpenVPN and it is working.  My
setup is slightly different.  OpenVPN is running on the firewall in the
data center to support remote access; * is on a separate system.  Given
that you are running * on the OpenVPN gateway, you might want to ensure
that * is listening on the address of the tun interface.

I found the routing somewhat complicated to set up.  If the clients are
routed through the VPN client, I found I had to do two things to my data
center router/firewall:
      * I had to add a route on the firewall to the network behind the
        client - ip route add 192.168.5.0/24 via 192.168.7.18 (virtual
        openvpn address of my openvpn client)
      * I had to use a ccd file to add an iroute command telling OpenVPN
        to use my OpenVPN client as a route to the client's network
        (iroute 192.168.5.0 255.255.255.0)
That worked to allow me to fake a public IP address inside my test lab
so I could configure some additional gateways; the OpenVPN also worked
with a softphone running on my OpenVPN client.  Today I will test
putting these together using hardphones behind my OpenVPN client.  Hope
this helps - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

http://www.spiritualoutreach.com
Making Christianity intelligible to secular society

More information about the asterisk-users mailing list