Thanks for that Carlos. I am playing with that right now. What do you suggest localnet should say?<div><br></div><div>Server A = OpenVPN Server:</div><div>localnet=127.0.01</div><div>localnet=<a href="http://192.168.100.0/255.255.255.0">192.168.100.0/255.255.255.0</a></div>
<div><br></div><div>Where 192.168.100.0 is the DHCPd subnet of Server B (the openvpn client)</div><div><br></div><div>Server A doesn't have any localnet other than the loop back and then a Vnet to internet (public ip address).</div>
<div><br></div><div>Thanks,</div><div>Bruce</div><div><br><div class="gmail_quote">On Wed, Sep 22, 2010 at 11:36 AM, Carlos Chavez <span dir="ltr"><<a href="mailto:cursor@telecomabmex.com">cursor@telecomabmex.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Do you have a localnet statement in your sip.conf? That and using<br>
nat=no will make sure Asterisk does not replace the IP address in the<br>
Invite.<br>
<div><div></div><div class="h5"><br>
On Wed, 2010-09-22 at 01:27 -0400, bruce bruce wrote:<br>
> Hi Everyone,<br>
><br>
><br>
> I have setup an OpenVPN tunnel between Server A (running Asterisk) and<br>
> Server B suppling it's SIP Phones with DHCP pool of IPs.<br>
><br>
><br>
> So, the tunnel is established nicely and everyone can ping others.<br>
> "sip show peers" shows the local subnet of the SIP Phones registered<br>
> (<a href="http://192.168.100.0/24" target="_blank">192.168.100.0/24</a>).<br>
><br>
><br>
> But there is the old bad one-way audio. Calls also drop after few<br>
> seconds. In the SIP debug I can see that asterisk uses it's external<br>
> public IP address to communicate to endpoints that are known to it as<br>
> the <a href="http://192.168.100.0/24" target="_blank">192.168.100.0/24</a> endpoints and the endpoints identify themselves<br>
> with the OpenVPN tunnel IP address scheme in one part of the sip<br>
> handshake. How can this be fixed? After all, with the OpenVPN this<br>
> should all look like an internal network to Asterisk.<br>
><br>
><br>
> I have added my comments followed by # to lines below that are<br>
> problematic.<br>
><br>
><br>
> <--- SIP read from UDP:<a href="http://192.168.100.5:5060" target="_blank">192.168.100.5:5060</a> ---> #This line is good<br>
> as it uses the local DHCP supplied network address scheme<br>
> INVITE <a href="http://sip:203@172.16.0.1:5060" target="_blank">sip:203@172.16.0.1:5060</a> SIP/2.0 #This line is BAD. Why are we<br>
> inviting Ext. 203 with it's OpenVPN IP while it's on the same network<br>
> of <a href="http://192.168.50.0/24" target="_blank">192.168.50.0/24</a> as 202?<br>
> Via: SIP/2.0/UDP<br>
> 192.168.100.5:5060;branch=z9hG4bK695f8c1cfc7cdee96.1c65dc2eb25a46fc6 Max-Forwards: 70<br>
> From: "SIP Phone - Ext. 202" <<a href="http://sip:202@172.16.0.1:5060" target="_blank">sip:202@172.16.0.1:5060</a>>;tag=6d6f8c4226<br>
> #BAD line again. Should be <a href="mailto:SIP%3A202@192.168.100.6">SIP:202@192.168.100.6</a><br>
> To: "203" <<a href="http://sip:203@172.16.0.1:5060" target="_blank">sip:203@172.16.0.1:5060</a>> #Bad again....<br>
> Call-ID: 43af67a634e06e75<br>
> CSeq: 32058 INVITE<br>
> Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, OPTIONS, UPDATE,<br>
> PRACK, SUBSCRIBE, INFO<br>
> Allow-Events: talk, hold, conference, LocalModeStatus<br>
> Contact: "SIP Phone - Ext. 202"<br>
> <sip:202@192.168.50.5:5060;transport=udp>;<br>
> +sip.instance="<urn:uuid:00000000-0000-1000-8000-00085D25B72F>"<br>
> Supported: gruu, path, timer, 100rel, replaces<br>
> User-Agent: Aastra 55i/2.5.2.1500<br>
> Content-Type: application/sdp<br>
> Content-Length: 594<br>
><br>
><br>
> Basically the phones should only send with FROM their local<br>
> <a href="http://192.168.100.0/24" target="_blank">192.168.100.0/24</a> address and Asterisk should only send ANSWER and ACK<br>
> back to <a href="http://192.168.100.0/24" target="_blank">192.168.100.0/24</a> rather than sending it to <a href="http://172.16.0.0/24" target="_blank">172.16.0.0/24</a><br>
> (which is the openvpn client ip).<br>
><br>
><br>
> Once above is fixed, I think all the audio and call cut will go away.<br>
> I hate to use a sip proxy in this situation since I already have an<br>
> openvpn connection.<br>
><br>
><br>
> Any feed back is appreciated.<br>
><br>
><br>
> Thanks,<br>
</div></div><div class="im">> --<br>
> _____________________________________________________________________<br>
> -- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
> New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
> <a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
><br>
> asterisk-users mailing list<br>
> To UNSUBSCRIBE or update options visit:<br>
> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</div><font color="#888888">--<br>
Carlos Chavez<br>
Director de Tecnología<br>
Telecomunicaciones Abiertas de México S.A. de C.V.<br>
Tel: +52-55-91169161 Ext 2001<br>
</font><div><div></div><div class="h5"><br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a></div></div></blockquote></div><br></div>