Hi all, I'm trying to connect one phone to a remote asterisk server via openvpn. First of all, I put the vpn server on the box hosting asterisk and the vpn client on another box, both with public ips. Then I set the client ip as my phone IP gateway and the remote pbx ip as the registrar and outbound proxy. I see in the phone log register packets are sent but nothing in return. Asterisk console shows it tries to give back the packets but they seem to be lost somewhere. I made some tests with my pc setting its gateway with the vpn client IP and I can reach the pbx machine (ping, ssh,...) but sipsak gets no response. It seems ping and ssh response packets are correctly routed but sip packets aren't. I tried to set nat=yes in sip.conf but without result. Is there any asterisk parameter to set to make it work with openvpn? Any help really appreciated. Thank you. Giorgio
Usually this is a routing error with openvpn setup and asterisk thinking it needs to route someway other than the vpn. If the originating packets have an external ip address asterisk might send them back out another route Have a look using tcpdump on the server to see where the returned packets are destined Cheers Duncan Giorgio Incantalupo wrote:> Hi all, > > I'm trying to connect one phone to a remote asterisk server via openvpn. > First of all, I put the vpn server on the box hosting asterisk and the > vpn client on another box, both with public ips. > Then I set the client ip as my phone IP gateway and the remote pbx ip as > the registrar and outbound proxy. > > I see in the phone log register packets are sent but nothing in return. > Asterisk console shows it tries to give back the packets but they seem > to be lost somewhere. > > I made some tests with my pc setting its gateway with the vpn client IP > and I can reach the pbx machine (ping, ssh,...) but sipsak gets no response. > It seems ping and ssh response packets are correctly routed but sip > packets aren't. > > I tried to set nat=yes in sip.conf but without result. > Is there any asterisk parameter to set to make it work with openvpn? > > Any help really appreciated. > > Thank you. > > Giorgio > > _______________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
On Thu, 2009-06-18 at 10:31 +0200, Giorgio Incantalupo wrote:> Hi all, > > I'm trying to connect one phone to a remote asterisk server via openvpn. > First of all, I put the vpn server on the box hosting asterisk and the > vpn client on another box, both with public ips. > Then I set the client ip as my phone IP gateway and the remote pbx ip as > the registrar and outbound proxy. > > I see in the phone log register packets are sent but nothing in return. > Asterisk console shows it tries to give back the packets but they seem > to be lost somewhere. > > I made some tests with my pc setting its gateway with the vpn client IP > and I can reach the pbx machine (ping, ssh,...) but sipsak gets no response. > It seems ping and ssh response packets are correctly routed but sip > packets aren't. > > I tried to set nat=yes in sip.conf but without result. > Is there any asterisk parameter to set to make it work with openvpn? > > Any help really appreciated.<snip> Hi, Giorgio. I am a complete noob to Asterisk (well ... an eight year noob but only now learning to do more than recipe approaches) but I wonder if this is more of a routing than Asterisk issue. I am also doing my initial testing with OpenVPN and it is working. My setup is slightly different. OpenVPN is running on the firewall in the data center to support remote access; * is on a separate system. Given that you are running * on the OpenVPN gateway, you might want to ensure that * is listening on the address of the tun interface. I found the routing somewhat complicated to set up. If the clients are routed through the VPN client, I found I had to do two things to my data center router/firewall: * I had to add a route on the firewall to the network behind the client - ip route add 192.168.5.0/24 via 192.168.7.18 (virtual openvpn address of my openvpn client) * I had to use a ccd file to add an iroute command telling OpenVPN to use my OpenVPN client as a route to the client's network (iroute 192.168.5.0 255.255.255.0) That worked to allow me to fake a public IP address inside my test lab so I could configure some additional gateways; the OpenVPN also worked with a softphone running on my OpenVPN client. Today I will test putting these together using hardphones behind my OpenVPN client. Hope this helps - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan at opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society
Possibly Parallel Threads
- how to show called name on calling polycomdisplay
- Hub/Spoke OpenVPN can't communicate from Client A to Client B - FORWARD:REJECT:IN=tun0 OUT=tun0
- OT: Snom 320, displaying text on the scree n from *
- * 1.8: cannot load g729 free codec (on 1.4 it worked!)
- proposal: a new mailing list for asterisk 1.4, why not?