Sent from my iPhone
> On 19/04/2017, at 11:43 AM, Ernie Dunbar <[email protected]> wrote: > >> On 2017-04-18 03:38 PM, Duncan Turnbull wrote: >> ------ Original Message ------ >> From: "Ernie Dunbar" <[email protected]> >> To: "'Asterisk Users Mailing List - Non-Commercial Discussion'" >> <[email protected]> >> Sent: 19-Apr-17 10:25:59 AM >> Subject: [asterisk-users] SIP connections over OpenVPN connection get >> one-way voice. >> >>> Hi everyone. I'm having some trouble with an OpenVPN tunnel that isn't >>> working *quite* as well as we'd hoped. >>> >>> First, here's our technical details: >>> >>> The OpenVPN server (v2.3.4-5+deb8u1) is a Debian 8 box behind a NAT router. >>> The router has UDP port 1194 forwarded to our server. This server >>> also runs our office Asterisk PBX, so there isn't any networking hardware >>> or firewall between the VPN tunnel and the Asterisk PBX. >> >> >> Asterisk maybe replying from the TUN address which may confuse your sip >> client - if you set the TUN address as a proxy that seems to solve it. If >> asterisk is bound to every address then implicitly it shouldn't matter where >> it replies from, but in the openvpn case it seems to reply from a different >> address to the one it was called on and that can definitely fool clients. >> tcpdump on the tunnel can help you see whats happening >> > > I think I'll need a bit more detail about how to set the TUN address as a > proxy. Is this done on the OpenVPN server, or at the client end? I'm also > going to tell Asterisk to bind to all IPs and then restart it when there's no > calls in progress, perhaps that's all I need to do? Set it as a proxy server in your sip phone client, we found using the tun ip on the vpn server works, we keep the actual asterisk address as the sip server and use the tun ip as the proxy server Asterisk is probably already bound to all the addresses netstat -nupl should show you the addresses it's listening on for udp, if it says 0.0.0.0 it means all addresses sudo tcpdump -i tun0 -s0 -A udp port 5060 Should show you the sip messages going through the tunnel and you can check the reply addresses
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
