-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Daniel,
Does the asterisk server have a route to the VPN network over the VPN server? What is SPD NAT rewrite?! Can you look at what sockets are used by the SIP software? Also check the routing table on the Android devices. I think it's a problem with the routing table, maybe caused by a route pushed to the phone via dhcp. Also, you might want to increase verbosity for the asterisk server and look how and why it does what it does. It sounds like a problem with asymmetric routing. Regards, Noel Kuntze GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 10.09.2014 um 22:52 schrieb Levine, Daniel J.: > I have a VPN road warrior configuration using StrongSwan client apps on 2 > Android phones (the road warriors). The VPN tunnels establish fine using > IKEv2. The phones can now see each other on the VPN subnet (10.3.0.0/24) as > well as the private network (10.1.0.0/24) behind the firewall. For > completeness, the public network the VPN goes over is the 10.2.0.0/24 > network. So the phones, a wireless router, and the outer half of the VPN > server live over there. I think that covers the topology. > > So, once this network is established, I'm using a SIP phone app on the > Androids to register with an Asterisk server on the private network. That > actually works nicely as well. I can even call an extension on the Asterisk > server that plays a canned message just fine. Looking at the traffic, I see > that everything is confined to the 10.3.0.0/24 and 10.1.0.0/24 network. Which > is what I'd expect. Both phones work fine this way. > > If I place a call to the other phone through the Asterisk server the call > works great. Both phones send and receive the audio of their microphones. > However, when I use tcpdump to examine the traffic on the Asterisk server > (which is different from the VPN server on the 10.1.0.0/24 network) on the > 10.1.0.0/24 network, I see that the traffic goes over the 10.2.0.0/24 network! > > I have found that turning on SDP NAT rewrite causes causes the data confine > itself to the 10.3.0.0/24 network, but I only get one way audio transmission > in a direction related to who calls whom. > > Any thoughts on what kind of issue I might have here? As I describe this, > I'm thinking I should probably talk to the Asterisk people to figure out why > it doesn't like talking over the VPN and then discovers the 10.2.0.0/24 path. > > Thoughts? Anyone solve a problem like this? > > Dan > > > > Sent with Good (www.good.com) > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJUEL0iAAoJEDg5KY9j7GZY7KcQAJ3SiKPEt6Ri5u7Fe8Oa6xHo DQOVJ++YrFDcl4G20O/EBHlY2lnnwPsY4RnQltzkX0/3LpKMoKilmhy3R21UjxCh eDx6OKRpp7zOBNFYM8sY9c/l5PfyJIG9FPbAIhgyekFRDH/0ko2HVW2VEUqtYFRW 9hGTX05tTqMH9a5quMW2qbUWs+q4uRaxtlRPL6lV0knb5HDZYC49MnRUig8dvPDZ +8LVrAAAVizq8faFxztCO6Qqjm4NVMfryzkpCYvbUttseuf9TXKvnH4I6kI6I4Ez vvb0aYzHVuTVMfbs9TdrB1e2mW+/AvshvMJ5UCpzZHsle7d0qC/WVh9mjoNtZTBR oHAvh36dRhBgMxeb4C9BA/XoEvdiLXd7Z0uxeW9DQQXvvevPC0XJ33FqKE3T/Nil JyoVFVNwQgqlUzPJO4n6OMJ2IqWf4nzEU9pYemqzy+0NOACYyKFkxOsgC1FPn7cd 987cvzSlf8MSBrbC6ndgnIioKLlaWdyT20o3URMrFfw2kh2+2sgrVqmY0FjJMidk T4vjXLW4Mbltf653lTb1hcMgOMgdyNhR2m4fRGNgHa0oZ3llL4g4viUs6rdx6bQ/ 2PKZ1TvyygXfmVjzz1JqBb1RHbSVXBI/qBNjjOCHwrEg/Uq028pn57b/Z1b81QfI siV0UfUyDik0yzx8jgNm =ctkR -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
