Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
Glad to hear it helped you Dennison. VPN is such a confusing beast to lots of people I think and hence the responses to this thread were all sort of work around and sometimes off-topic. It's also not well documented or maybe the feature is not widely used within the Asterisk community. I think it would be very good if some standard guidelines become available from the Asterisk side on this. Good day, Bruce On Wed, Oct 6, 2010 at 7:33 PM, Dennison Williams < dennison.willi...@gmail.com> wrote: > On 09/22/2010 08:36 AM, Carlos Chavez wrote: > > Do you have a localnet statement in your sip.conf? That and using > > nat=no will make sure Asterisk does not replace the IP address in the > > Invite. > > > > I just wanted to give a +1 for this response. I am using openvpn to > connect road warriors and remote offices to a central asterisk server. > When setting up the configuration for the road warriors I created a new > subnet for them, but forgot to include their subnet as a localnet > directive in sip.conf. The result was that sip clients on the road > warrior network would be able to register, but then when initiating a > sip call the 200 response (to the INVITE from the client) from the > asterisk server would include a contact address for some external ip > that I did not recognize. This hint here allowed me to fix this bug, > now calls from the road warrior subnet are coming in fine. Thanks! > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
On 09/22/2010 08:36 AM, Carlos Chavez wrote: > Do you have a localnet statement in your sip.conf? That and using > nat=no will make sure Asterisk does not replace the IP address in the > Invite. > I just wanted to give a +1 for this response. I am using openvpn to connect road warriors and remote offices to a central asterisk server. When setting up the configuration for the road warriors I created a new subnet for them, but forgot to include their subnet as a localnet directive in sip.conf. The result was that sip clients on the road warrior network would be able to register, but then when initiating a sip call the 200 response (to the INVITE from the client) from the asterisk server would include a contact address for some external ip that I did not recognize. This hint here allowed me to fix this bug, now calls from the road warrior subnet are coming in fine. Thanks! -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy? (bruce bruce)
Thanks for the detailed info. Problem was solved by including Server B subnet as the localnet of the Server A (OpenVPN server) and setting each extension NAT=NO. Your points are good guides for future problem diagnoses. Thanks again, Bruce On Thu, Sep 23, 2010 at 1:56 PM, Dave Platt wrote: > > > I don't think it's an endpoint issue. I think the SIP packet headers get > > over-written by the tunnel (openvpn) protocol. > > I'd be rather astonished if OpenVPN itself were responsible for this. > As far as I know, OpenVPN doesn't do higher-level-protocol rewriting > of any sort. It just provides the "bit pipe" through the tunnel. > > I'd suggest several other possible culprits: > > (1) Server B might be doing higher-level protocol rewriting (i.e. >SIP border gateway stuff) prior to routing the SIP packets >through the OpenVPN tunnel. > >This might happen if Server B were configured to use the >Linux "iptables" features, with a SIP protocol module and >Network Address Translation features. > >The fix would be to disable NAT and boundary processing in >Server B's routing functions. > > (2) The SIP endpoints (phones) might be configured to "discover >their external address", via STUN or a similar mechanism. > >The fix would be to change the endpoint device configuration. > > I think you'll need to use Wireshark or a similar sniffer, to see > what the SIP traffic looks like at several points along the path, > so you can locate the earliest point at which the wrong address is > in the SIP packet payload. > > Several examination points come to mind: > > - Right after the packet leaves the endpoint device. I'd suggest > using a laptop running Wireshark as a passive packet sniffer... > connect the endpoint device and the laptop to an Ethernet hub > (not a switch!) and sniff the packets before any router gets > its hands on them. > > - As the packets enter Server B - use Wireshark on Server B and > have it tap into the incoming Ethernet interface. > > - As the packets are pushed out of Server B's routing layer into > the OpenVPN tunnel. Use Wireshark to monitor the "tap" or > "tun" virtual interface, to which the kernel transmits the packets > that OpenVPN is to convey. > > - As the packets come out of the tap/tun device on Server A. > > In scenario (1) I described above, you'd see the packets be correct > at the first and second Wireshark sniffing points, and incorrect at the > third and fourth (i.e. the modifications are being performed in > Server B's routing/NAT'ing layer). > > In Scenario (2), they'd be incorrect at every point, including just > after they come out of the IP-phone. > > In the scenario you described, they'd be correct at the first, second, > and third points, and wrong at the fourth. > > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy? (bruce bruce)
> I don't think it's an endpoint issue. I think the SIP packet headers get > over-written by the tunnel (openvpn) protocol. I'd be rather astonished if OpenVPN itself were responsible for this. As far as I know, OpenVPN doesn't do higher-level-protocol rewriting of any sort. It just provides the "bit pipe" through the tunnel. I'd suggest several other possible culprits: (1) Server B might be doing higher-level protocol rewriting (i.e. SIP border gateway stuff) prior to routing the SIP packets through the OpenVPN tunnel. This might happen if Server B were configured to use the Linux "iptables" features, with a SIP protocol module and Network Address Translation features. The fix would be to disable NAT and boundary processing in Server B's routing functions. (2) The SIP endpoints (phones) might be configured to "discover their external address", via STUN or a similar mechanism. The fix would be to change the endpoint device configuration. I think you'll need to use Wireshark or a similar sniffer, to see what the SIP traffic looks like at several points along the path, so you can locate the earliest point at which the wrong address is in the SIP packet payload. Several examination points come to mind: - Right after the packet leaves the endpoint device. I'd suggest using a laptop running Wireshark as a passive packet sniffer... connect the endpoint device and the laptop to an Ethernet hub (not a switch!) and sniff the packets before any router gets its hands on them. - As the packets enter Server B - use Wireshark on Server B and have it tap into the incoming Ethernet interface. - As the packets are pushed out of Server B's routing layer into the OpenVPN tunnel. Use Wireshark to monitor the "tap" or "tun" virtual interface, to which the kernel transmits the packets that OpenVPN is to convey. - As the packets come out of the tap/tun device on Server A. In scenario (1) I described above, you'd see the packets be correct at the first and second Wireshark sniffing points, and incorrect at the third and fourth (i.e. the modifications are being performed in Server B's routing/NAT'ing layer). In Scenario (2), they'd be incorrect at every point, including just after they come out of the IP-phone. In the scenario you described, they'd be correct at the first, second, and third points, and wrong at the fourth. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
Calls are not going outside of the network. I had to setup up the subnet of the other side (openvpn client) as the localnet of the Asterisk server for Asterisk to not handle it with NAT or hand shake it with external IP. Thanks, -Bruce On Wed, Sep 22, 2010 at 1:58 PM, Paul Belanger wrote: > On Wed, Sep 22, 2010 at 1:46 PM, bruce bruce wrote: > > Thanks, but Carlos Chavez was right on point. This fixed the problem: > > externip=123.123.123.123 > > localnet=192.168.100.0/255.255.255.0 > > nat=no in each extension. > > > So now I am confused, If you have a VPN setup between sites, why are > calls going outside the VPN? Or do you have remote agents that are > not using a VPN? > > -- > Paul Belanger | dCAP > Polybeacon | Consultant > Jabber: paul.belan...@polybeacon.com | IRC: pabelanger (Freenode) > blog.polybeacon.com > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
On Wed, Sep 22, 2010 at 1:46 PM, bruce bruce wrote: > Thanks, but Carlos Chavez was right on point. This fixed the problem: > externip=123.123.123.123 > localnet=192.168.100.0/255.255.255.0 > nat=no in each extension. > So now I am confused, If you have a VPN setup between sites, why are calls going outside the VPN? Or do you have remote agents that are not using a VPN? -- Paul Belanger | dCAP Polybeacon | Consultant Jabber: paul.belan...@polybeacon.com | IRC: pabelanger (Freenode) blog.polybeacon.com -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
Thanks, but Carlos Chavez was right on point. This fixed the problem: externip=123.123.123.123 localnet=192.168.100.0/255.255.255.0 nat=no in each extension. Maybe combination of both or only the localnet just fixed it. Thanks, Bruce On Wed, Sep 22, 2010 at 1:35 PM, Steve Edwards wrote: > Un-top-posting... > > > On Wed, Sep 22, 2010 at 1:27 AM, bruce bruce > wrote: > > > Any feed back is appreciated. > > > On Wed, Sep 22, 2010 at 9:49 AM, Paul Belanger < > paul.belan...@polybeacon.com> wrote: > > > Then configure you endpoints to use the 192.168.100.0/24 network. This > > is not an Asterisk issue, since your Aastra 55i/2.5.2.1500 is sending > > the INVITE message. > > On Wed, 22 Sep 2010, bruce bruce wrote: > > > I don't think it's an endpoint issue. I think the SIP packet headers get > > over-written by the tunnel (openvpn) protocol. > > Would wireshark shed some light? > > -- > Thanks in advance, > - > Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST > Newline Fax: +1-760-731-3000 > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
Un-top-posting... > On Wed, Sep 22, 2010 at 1:27 AM, bruce bruce > wrote: > > Any feed back is appreciated. > On Wed, Sep 22, 2010 at 9:49 AM, Paul Belanger > wrote: > Then configure you endpoints to use the 192.168.100.0/24 network. This > is not an Asterisk issue, since your Aastra 55i/2.5.2.1500 is sending > the INVITE message. On Wed, 22 Sep 2010, bruce bruce wrote: > I don't think it's an endpoint issue. I think the SIP packet headers get > over-written by the tunnel (openvpn) protocol. Would wireshark shed some light? -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
Thanks for that Carlos. I am playing with that right now. What do you suggest localnet should say? Server A = OpenVPN Server: localnet=127.0.01 localnet=192.168.100.0/255.255.255.0 Where 192.168.100.0 is the DHCPd subnet of Server B (the openvpn client) Server A doesn't have any localnet other than the loop back and then a Vnet to internet (public ip address). Thanks, Bruce On Wed, Sep 22, 2010 at 11:36 AM, Carlos Chavez wrote: > Do you have a localnet statement in your sip.conf? That and using > nat=no will make sure Asterisk does not replace the IP address in the > Invite. > > On Wed, 2010-09-22 at 01:27 -0400, bruce bruce wrote: > > Hi Everyone, > > > > > > I have setup an OpenVPN tunnel between Server A (running Asterisk) and > > Server B suppling it's SIP Phones with DHCP pool of IPs. > > > > > > So, the tunnel is established nicely and everyone can ping others. > > "sip show peers" shows the local subnet of the SIP Phones registered > > (192.168.100.0/24). > > > > > > But there is the old bad one-way audio. Calls also drop after few > > seconds. In the SIP debug I can see that asterisk uses it's external > > public IP address to communicate to endpoints that are known to it as > > the 192.168.100.0/24 endpoints and the endpoints identify themselves > > with the OpenVPN tunnel IP address scheme in one part of the sip > > handshake. How can this be fixed? After all, with the OpenVPN this > > should all look like an internal network to Asterisk. > > > > > > I have added my comments followed by # to lines below that are > > problematic. > > > > > > <--- SIP read from UDP:192.168.100.5:5060 --->#This line is good > > as it uses the local DHCP supplied network address scheme > > INVITE sip:2...@172.16.0.1:5060 SIP/2.0 #This line is BAD. Why are we > > inviting Ext. 203 with it's OpenVPN IP while it's on the same network > > of 192.168.50.0/24 as 202? > > Via: SIP/2.0/UDP > > 192.168.100.5:5060;branch=z9hG4bK695f8c1cfc7cdee96.1c65dc2eb25a46fc6 > Max-Forwards: 70 > > From: "SIP Phone - Ext. 202" ;tag=6d6f8c4226 > >#BAD line again. Should be > > SIP:2...@192.168.100.6 > > To: "203" #Bad again > > Call-ID: 43af67a634e06e75 > > CSeq: 32058 INVITE > > Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, OPTIONS, UPDATE, > > PRACK, SUBSCRIBE, INFO > > Allow-Events: talk, hold, conference, LocalModeStatus > > Contact: "SIP Phone - Ext. 202" > > ; > > +sip.instance="" > > Supported: gruu, path, timer, 100rel, replaces > > User-Agent: Aastra 55i/2.5.2.1500 > > Content-Type: application/sdp > > Content-Length: 594 > > > > > > Basically the phones should only send with FROM their local > > 192.168.100.0/24 address and Asterisk should only send ANSWER and ACK > > back to 192.168.100.0/24 rather than sending it to 172.16.0.0/24 > > (which is the openvpn client ip). > > > > > > Once above is fixed, I think all the audio and call cut will go away. > > I hate to use a sip proxy in this situation since I already have an > > openvpn connection. > > > > > > Any feed back is appreciated. > > > > > > Thanks, > > -- > > _ > > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > New to Asterisk? Join us for a live introductory webinar every Thurs: > >http://www.asterisk.org/hello > > > > asterisk-users mailing list > > To UNSUBSCRIBE or update options visit: > >http://lists.digium.com/mailman/listinfo/asterisk-users > -- > Carlos Chavez > Director de Tecnología > Telecomunicaciones Abiertas de México S.A. de C.V. > Tel: +52-55-91169161 Ext 2001 > > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
I don't think it's an endpoint issue. I think the SIP packet headers get over-written by the tunnel (openvpn) protocol. Thanks, Bruce On Wed, Sep 22, 2010 at 9:49 AM, Paul Belanger wrote: > On Wed, Sep 22, 2010 at 1:27 AM, bruce bruce wrote: > > Any feed back is appreciated. > > > Then configure you endpoints to use the 192.168.100.0/24 network. > This is not an Asterisk issue, since your Aastra 55i/2.5.2.1500 is > sending the INVITE message. > > -- > Paul Belanger | dCAP > Polybeacon | Consultant > Jabber: paul.belan...@polybeacon.com | IRC: pabelanger (Freenode) > blog.polybeacon.com > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
Do you have a localnet statement in your sip.conf? That and using nat=no will make sure Asterisk does not replace the IP address in the Invite. On Wed, 2010-09-22 at 01:27 -0400, bruce bruce wrote: > Hi Everyone, > > > I have setup an OpenVPN tunnel between Server A (running Asterisk) and > Server B suppling it's SIP Phones with DHCP pool of IPs. > > > So, the tunnel is established nicely and everyone can ping others. > "sip show peers" shows the local subnet of the SIP Phones registered > (192.168.100.0/24). > > > But there is the old bad one-way audio. Calls also drop after few > seconds. In the SIP debug I can see that asterisk uses it's external > public IP address to communicate to endpoints that are known to it as > the 192.168.100.0/24 endpoints and the endpoints identify themselves > with the OpenVPN tunnel IP address scheme in one part of the sip > handshake. How can this be fixed? After all, with the OpenVPN this > should all look like an internal network to Asterisk. > > > I have added my comments followed by # to lines below that are > problematic. > > > <--- SIP read from UDP:192.168.100.5:5060 --->#This line is good > as it uses the local DHCP supplied network address scheme > INVITE sip:2...@172.16.0.1:5060 SIP/2.0 #This line is BAD. Why are we > inviting Ext. 203 with it's OpenVPN IP while it's on the same network > of 192.168.50.0/24 as 202? > Via: SIP/2.0/UDP > 192.168.100.5:5060;branch=z9hG4bK695f8c1cfc7cdee96.1c65dc2eb25a46fc6 > Max-Forwards: 70 > From: "SIP Phone - Ext. 202" ;tag=6d6f8c4226 >#BAD line again. Should be SIP:2...@192.168.100.6 > To: "203" #Bad again > Call-ID: 43af67a634e06e75 > CSeq: 32058 INVITE > Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, OPTIONS, UPDATE, > PRACK, SUBSCRIBE, INFO > Allow-Events: talk, hold, conference, LocalModeStatus > Contact: "SIP Phone - Ext. 202" > ; > +sip.instance="" > Supported: gruu, path, timer, 100rel, replaces > User-Agent: Aastra 55i/2.5.2.1500 > Content-Type: application/sdp > Content-Length: 594 > > > Basically the phones should only send with FROM their local > 192.168.100.0/24 address and Asterisk should only send ANSWER and ACK > back to 192.168.100.0/24 rather than sending it to 172.16.0.0/24 > (which is the openvpn client ip). > > > Once above is fixed, I think all the audio and call cut will go away. > I hate to use a sip proxy in this situation since I already have an > openvpn connection. > > > Any feed back is appreciated. > > > Thanks, > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: >http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users -- Carlos Chavez Director de Tecnología Telecomunicaciones Abiertas de México S.A. de C.V. Tel: +52-55-91169161 Ext 2001 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
On Wed, Sep 22, 2010 at 1:27 AM, bruce bruce wrote: > Any feed back is appreciated. > Then configure you endpoints to use the 192.168.100.0/24 network. This is not an Asterisk issue, since your Aastra 55i/2.5.2.1500 is sending the INVITE message. -- Paul Belanger | dCAP Polybeacon | Consultant Jabber: paul.belan...@polybeacon.com | IRC: pabelanger (Freenode) blog.polybeacon.com -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
Thanks for the feedback. I thought about that but it's not an option for me right now. Any other ways folks? Thanks On Wed, Sep 22, 2010 at 4:06 AM, Roger Burton West wrote: > On Wed, Sep 22, 2010 at 01:27:07AM -0400, bruce bruce wrote: > >I have setup an OpenVPN tunnel between Server A (running Asterisk) and > >Server B suppling it's SIP Phones with DHCP pool of IPs. > > Have you considered running Asterisk on Server B as well, and using IAX > to trunk between them? This is working well for me. > > Roger > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
On Wed, Sep 22, 2010 at 01:27:07AM -0400, bruce bruce wrote: >I have setup an OpenVPN tunnel between Server A (running Asterisk) and >Server B suppling it's SIP Phones with DHCP pool of IPs. Have you considered running Asterisk on Server B as well, and using IAX to trunk between them? This is working well for me. Roger -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] OpenVPN tunnel and one-way audio - Do I still need a SIP proxy?
Hi Everyone, I have setup an OpenVPN tunnel between Server A (running Asterisk) and Server B suppling it's SIP Phones with DHCP pool of IPs. So, the tunnel is established nicely and everyone can ping others. "sip show peers" shows the local subnet of the SIP Phones registered (192.168.100.0/24 ). But there is the old bad one-way audio. Calls also drop after few seconds. In the SIP debug I can see that asterisk uses it's external public IP address to communicate to endpoints that are known to it as the 192.168.100.0/24 endpoints and the endpoints identify themselves with the OpenVPN tunnel IP address scheme in one part of the sip handshake. How can this be fixed? After all, with the OpenVPN this should all look like an internal network to Asterisk. I have added my comments followed by # to lines below that are problematic. <--- SIP read from UDP:192.168.100.5:5060 --->#This line is good as it uses the local DHCP supplied network address scheme INVITE sip:2...@172.16.0.1:5060 SIP/2.0 #This line is BAD. Why are we inviting Ext. 203 with it's OpenVPN IP while it's on the same network of 192.168.50.0/24 as 202? Via: SIP/2.0/UDP 192.168.100.5:5060;branch=z9hG4bK695f8c1cfc7cdee96.1c65dc2eb25a46fc6 Max-Forwards: 70 From: "SIP Phone - Ext. 202" ;tag=6d6f8c4226 #BAD line again. Should be SIP:2...@192.168.100.6 To: "203" #Bad again Call-ID: 43af67a634e06e75 CSeq: 32058 INVITE Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, OPTIONS, UPDATE, PRACK, SUBSCRIBE, INFO Allow-Events: talk, hold, conference, LocalModeStatus Contact: "SIP Phone - Ext. 202" ;+sip.instance="" Supported: gruu, path, timer, 100rel, replaces User-Agent: Aastra 55i/2.5.2.1500 Content-Type: application/sdp Content-Length: 594 Basically the phones should only send with FROM their local 192.168.100.0/24address and Asterisk should only send ANSWER and ACK back to 192.168.100.0/24 rather than sending it to 172.16.0.0/24 (which is the openvpn client ip). Once above is fixed, I think all the audio and call cut will go away. I hate to use a sip proxy in this situation since I already have an openvpn connection. Any feed back is appreciated. Thanks, -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
