[asterisk-users] asterisk and openvpn and sip
Giorgio Incantalupo
gincantalupo at fgasoftware.com
Thu Jun 18 07:55:00 CDT 2009
Hi John,
I already have the ccd dir with the iroute (mandatory for routing to
pc/phone connected to vpn client). During the last test I could register
and make a call but voice disappears after 1, 2 seconds. I'm trying to
understand if it is a bandwidth problem. At the moment I have my phone
connected to the openvpn client (which is its gateway) but I have to use
the vpn ip (10.0.0.1) to register the phone, the openvpn server local ip
(192.168.1.12) is not working. I suppose it is a sip protocol problem:
I had to change the sip.conf setting nat=yes to make the phone dial and
domain = 10.0.0.1 to make the voice pass (or at least the first 2 seconds).
I keep on working on the vpn since it seems so little is missing to have
a clear conversation. Let me know if your tests are successfull.
Thank you.
Giorgio
John A. Sullivan III wrote:
> On Thu, 2009-06-18 at 10:31 +0200, Giorgio Incantalupo wrote:
>
>> Hi all,
>>
>> I'm trying to connect one phone to a remote asterisk server via openvpn.
>> First of all, I put the vpn server on the box hosting asterisk and the
>> vpn client on another box, both with public ips.
>> Then I set the client ip as my phone IP gateway and the remote pbx ip as
>> the registrar and outbound proxy.
>>
>> I see in the phone log register packets are sent but nothing in return.
>> Asterisk console shows it tries to give back the packets but they seem
>> to be lost somewhere.
>>
>> I made some tests with my pc setting its gateway with the vpn client IP
>> and I can reach the pbx machine (ping, ssh,...) but sipsak gets no response.
>> It seems ping and ssh response packets are correctly routed but sip
>> packets aren't.
>>
>> I tried to set nat=yes in sip.conf but without result.
>> Is there any asterisk parameter to set to make it work with openvpn?
>>
>> Any help really appreciated.
>>
> <snip>
> Hi, Giorgio. I am a complete noob to Asterisk (well ... an eight year
> noob but only now learning to do more than recipe approaches) but I
> wonder if this is more of a routing than Asterisk issue.
>
> I am also doing my initial testing with OpenVPN and it is working. My
> setup is slightly different. OpenVPN is running on the firewall in the
> data center to support remote access; * is on a separate system. Given
> that you are running * on the OpenVPN gateway, you might want to ensure
> that * is listening on the address of the tun interface.
>
> I found the routing somewhat complicated to set up. If the clients are
> routed through the VPN client, I found I had to do two things to my data
> center router/firewall:
> * I had to add a route on the firewall to the network behind the
> client - ip route add 192.168.5.0/24 via 192.168.7.18 (virtual
> openvpn address of my openvpn client)
> * I had to use a ccd file to add an iroute command telling OpenVPN
> to use my OpenVPN client as a route to the client's network
> (iroute 192.168.5.0 255.255.255.0)
> That worked to allow me to fake a public IP address inside my test lab
> so I could configure some additional gateways; the OpenVPN also worked
> with a softphone running on my OpenVPN client. Today I will test
> putting these together using hardphones behind my OpenVPN client. Hope
> this helps - John
>
More information about the asterisk-users
mailing list