>We are setting up a site to site OpenVPN network with a main office >and several remote sites. I'm looking for advice how to route the >sites connected to a main site where a Asterisk VoIP call manager >resides. The phones at the sites are Cisco and if I understand the >technology VoIP calls must communicate with the call manager at the >main site to initiate calls but then with each other directly once the >call set up is complete. To me this implies the call routes from a >remote subnet to the main office subnet which is the normal behavior >in a hub/spoke set up but then the routing will be from a remote >subnet to another remote subnet. Can/should this be handled with >OpenVPN or pfSense?
Speaking only about the vpn setup, this is pretty simple. Setup client-specific overrides and set ccd-exclusive on the server, also set the route directive to let openvpn know about all subnets it should be responsible for. In client-specific overrides, define a Tunnel Network with a unique /30 address and send the iroute directive to the client with the info about the subnet behind it that it is responsible for. Push the routes for all the other subnets of the other clients so it knows those are to be sent through the vpn. Create an opt interface for the vpn's tun interface and setup rules allowing only the traffic you need. Do not enable the client-to-client directive, or packets never leave the OpenVPN process and would not be subjected to these firewall rules. This will allow for your use case and provide the ability to filter the traffic between clients to only what you want. jlc _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
