Hi John, I already have the ccd dir with the iroute (mandatory for routing to pc/phone connected to vpn client). During the last test I could register and make a call but voice disappears after 1, 2 seconds. I'm trying to understand if it is a bandwidth problem. At the moment I have my phone connected to the openvpn client (which is its gateway) but I have to use the vpn ip (10.0.0.1) to register the phone, the openvpn server local ip (192.168.1.12) is not working. I suppose it is a sip protocol problem: I had to change the sip.conf setting nat=yes to make the phone dial and domain = 10.0.0.1 to make the voice pass (or at least the first 2 seconds). I keep on working on the vpn since it seems so little is missing to have a clear conversation. Let me know if your tests are successfull.
Thank you. Giorgio John A. Sullivan III wrote: > On Thu, 2009-06-18 at 10:31 +0200, Giorgio Incantalupo wrote: > >> Hi all, >> >> I'm trying to connect one phone to a remote asterisk server via openvpn. >> First of all, I put the vpn server on the box hosting asterisk and the >> vpn client on another box, both with public ips. >> Then I set the client ip as my phone IP gateway and the remote pbx ip as >> the registrar and outbound proxy. >> >> I see in the phone log register packets are sent but nothing in return. >> Asterisk console shows it tries to give back the packets but they seem >> to be lost somewhere. >> >> I made some tests with my pc setting its gateway with the vpn client IP >> and I can reach the pbx machine (ping, ssh,...) but sipsak gets no response. >> It seems ping and ssh response packets are correctly routed but sip >> packets aren't. >> >> I tried to set nat=yes in sip.conf but without result. >> Is there any asterisk parameter to set to make it work with openvpn? >> >> Any help really appreciated. >> > <snip> > Hi, Giorgio. I am a complete noob to Asterisk (well ... an eight year > noob but only now learning to do more than recipe approaches) but I > wonder if this is more of a routing than Asterisk issue. > > I am also doing my initial testing with OpenVPN and it is working. My > setup is slightly different. OpenVPN is running on the firewall in the > data center to support remote access; * is on a separate system. Given > that you are running * on the OpenVPN gateway, you might want to ensure > that * is listening on the address of the tun interface. > > I found the routing somewhat complicated to set up. If the clients are > routed through the VPN client, I found I had to do two things to my data > center router/firewall: > * I had to add a route on the firewall to the network behind the > client - ip route add 192.168.5.0/24 via 192.168.7.18 (virtual > openvpn address of my openvpn client) > * I had to use a ccd file to add an iroute command telling OpenVPN > to use my OpenVPN client as a route to the client's network > (iroute 192.168.5.0 255.255.255.0) > That worked to allow me to fake a public IP address inside my test lab > so I could configure some additional gateways; the OpenVPN also worked > with a softphone running on my OpenVPN client. Today I will test > putting these together using hardphones behind my OpenVPN client. Hope > this helps - John > _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
