Thanks Lonnie. Yep I have it in my lab now and I will give it a go. Whoops silly error. Thats what happens when you don’t have much sleep :(
Regards Michael Knill On 17 Oct 2014, at 11:48 am, Lonnie Abelbeck <[email protected]> wrote: Michael, For your example: -- Site A External IP - 59.1.1.1 Internal Network - 192.168.0.0/24 Site B External IP - 59.2.2.2 Internal Network - 192.168.1.0/24 -- Site A VPN: Remote-Host - 59.2.2.2 Remote-Net - 192.168.1.0/24 Local-Host - 59.1.1.1 Local-Net - 192.168.0.0/24 Site B VPN: Remote-Host - 59.1.1.1 Remote-Net - 192.168.0.0/24 Local-Host - 59.2.2.2 Local-Net - 192.168.1.0/24 Note if a site has a dynamic IP, then Local-Host must be 0.0.0.0 since it can change. Of course Local-Host - 0.0.0.0 should always work. Pull out two spare test AstLinux boxes and breadboard this in your lab, as usual the devil is in the details. Getting ICMP between networks should be straightforward, but getting Asterisk to behave may not be as easy. I have something similar in my test setup using OpenVPN. In theory IPSec should be a little simpler, but relying on static IPv4 public addresses can be a problem and often at an additional charge. Lonnie On Oct 16, 2014, at 6:37 PM, Michael Knill <[email protected]> wrote: > At least the Head Office is static however I want them all to be static > eventually. > So I want to connect Site A and Site B local networks to be able to talk to > each other: > > Site A > External IP - 59.1.1.1 > Internal Network - 192.168.0.0/24 > > Site B > External IP - 59.2.2.2 > Internal Network - 192.168.1.0/24 > > Would I configure it like this? > Site A: > Remote-Host - 59.1.1.2 > Remote-Net - 192.168.1.0/24 > Local-Host - 59.1.1.1 > Local-Net - 192.168.0.0/24 > > Site B: > Remote-Host - 59.1.1.1 > Remote-Net - 192.168.0.0/24 > Local-Host - 59.1.1.2 > Local-Net - 192.168.1.0/24 > > Regards > Michael Knill > > > > > On 17 Oct 2014, at 10:26 am, Lonnie Abelbeck <[email protected]> > wrote: > > Michael, > > You can also do that with OpenVPN. > > To use IPsec as you stated you need static IP addresses and all ends, do you > have that? > > It is possible to configure one IPsec endpoint with a static IP and dynamic > IP for all the other IPsec endpoints, but that is usually for single IP > mobile endpoints. > > Lonnie > > > > On Oct 16, 2014, at 6:10 PM, Michael Knill > <[email protected]> wrote: > >> I am thinking that an ipsec tunnel would be more appropriate for my >> configuration with strong PSK >> Can someone explain what the Remote-Host, Local-Host, Remote-Net and >> Local-Net means in the configuration? >> How would I configure multiple tunnels? >> >> The goal is to allow Site A internal network to communicate with Site B >> internal network. >> >> Regards >> Michael Knill >> >> >> >> >> On 17 Oct 2014, at 8:42 am, Michael Keuter <[email protected]> wrote: >> >> >> Am 16.10.2014 um 23:25 schrieb Michael Knill >> <[email protected]>: >> >>> Thanks Michael. That sounds perfect. >>> I am thinking though that the SIP trunk does not really need to go through >>> the VPN e.g. no NAT problems as its on the external Astlinux addresses. >>> The only traffic going through the VPN is the console extension traffic >>> (and BLF). >>> >>> What do you think? >>> >>> Regards >>> Michael Knill >> >> For me it works perfectly fine with the SIP trunk going through the VPN >> tunnel. >> >>> On 17 Oct 2014, at 8:01 am, Michael Keuter <[email protected]> wrote: >>> >>> >>> Am 16.10.2014 um 22:20 schrieb Michael Knill >>> <[email protected]>: >>> >>>> Hi group >>>> >>>> I have been struggling to work out how to set up a multisite company with >>>> Astlinux. >>>> Basically they want to have a central answering point but essentially all >>>> sites are autonomous e.g. each site has their own SIP service which is >>>> routed to the main site but used for outgoing calls from that site. I have >>>> SIP trunks set up between them and thats working fine however as their >>>> Internet connections are slow, I cannot afford to have hair pinning of >>>> calls or at least one hop only. >>>> >>>> I first tried routing via the SIP trunk, but when the call is transferred >>>> (usually back to the original site) the call is hair pinned all the way to >>>> the Head Office and back. direct media does not fix the problem either. >>>> I then though that I could remotely register extensions to each site on >>>> the head office console phone so the transfer is local to the remote >>>> system. Good thought but Im having lots of trouble having both a SIP trunk >>>> and a passthrough SIP extension on the same box. >>>> My next thought was using the above idea but getting rid of the NAT >>>> problem with a VPN. >>>> >>>> Does anyone have any other ideas. Im losing my hair. >>>> >>>> Regards >>>> Michael Knill >>> >>> Hi Michael, >>> >>> I have a customer with a similar setup: one main office with 4 branch >>> offices. Every site has its own SIP trunk to an VoIP provider for outgoing >>> calls. >>> Most incoming calls are going through the main office with has 3 queues. >>> Each branch office has an OpenVPN client connection to the main office and >>> a SIP trunk to the main office. >>> The important point is: the host (IP) of the main office SIP trunk in the >>> branch offices needs to be the virtual VPN IP address (e.g. 10.8.x.1) not >>> the LAN address! >>> >>> All SIP endpoints (of the branch offices) can login as agents into each of >>> the 3 queues of the main office. That works fine in combination with FOP2. >>> Prosody is needed for distributed device status (if needed). >>> I never had any routing or NAT issue. >>> >>> Michael >>> >>> http://www.mksolutions.info >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Comprehensive Server Monitoring with Site24x7. >>> Monitor 10 servers for $9/Month. >>> Get alerted through email, SMS, voice calls or mobile push notifications. >>> Take corrective actions from your mobile device. >>> http://p.sf.net/sfu/Zoho >>> _______________________________________________ >>> Astlinux-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> [email protected]. >>> >>> >>> ------------------------------------------------------------------------------ >>> Comprehensive Server Monitoring with Site24x7. >>> Monitor 10 servers for $9/Month. >>> Get alerted through email, SMS, voice calls or mobile push notifications. >>> Take corrective actions from your mobile device. >>> http://p.sf.net/sfu/Zoho >>> _______________________________________________ >>> Astlinux-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> [email protected]. >> >> >> Michael >> >> http://www.mksolutions.info >> >> >> >> >> >> ------------------------------------------------------------------------------ >> Comprehensive Server Monitoring with Site24x7. >> Monitor 10 servers for $9/Month. >> Get alerted through email, SMS, voice calls or mobile push notifications. >> Take corrective actions from your mobile device. >> http://p.sf.net/sfu/Zoho >> _______________________________________________ >> Astlinux-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> [email protected]. >> >> >> ------------------------------------------------------------------------------ >> Comprehensive Server Monitoring with Site24x7. >> Monitor 10 servers for $9/Month. >> Get alerted through email, SMS, voice calls or mobile push notifications. >> Take corrective actions from your mobile device. >> http://p.sf.net/sfu/Zoho >> _______________________________________________ >> Astlinux-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> [email protected]. >> >> > > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. > > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. > > ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected]. ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
