> Hello All, > > I have installed Asterisk 1.6 with openVPN in the same machine. I have set > up a VPN connection between 2 SIP clients and Asterisk using x-lite. > > The 2 clients connects to Asterisk. SIP signaling goes ok over the vpn > tunnel. > > When attempting to make a call between the clients, the siganling part of > the call goes well. But, when the call is set up, some RTP packets are > exchanged at the beginning and then the RTP flow stops (no RTP is exchangd). > > Wireshark demonstrates no problem with SIP signaling. > > I am using OpenVPN 2.1.1. > > Has anyone had such a problem.
I had a vaguely-similar problem, getting a Nokia N810's Telepathy- based SIP client to talk to Asterisk over an OpenVPN connection. The problem in that case turned out to be the fact that the Nokia was sending all of the packets to the Asterisk server, using its primary-network (WiFi) IP address, rather than the address to which its end of the OpenVPN tunnel was bound. The SIP packets from the Asterisk server had no way to get back to the client. The fix for this was to stick a couple of scripts into the Nokia, to be executed when OpenVPN started or stopped the VPN tunnel. The "up" script changes the SIP configuration, setting its "local IP address" parameter to that of the Nokia end of the tunnel, while the "down" script clears this override. Works fine. That doesn't sound like exactly the problem you're having, though, since you're getting SIP through the tunnel OK. The problem sounds more as if the RTP packets from one client are either not being send through the tunnel at all, or are being dropped prior to getting to the other. There may be a couple of ways to fix this: (1) As another poster suggested, specify "canreinvite=no" (or, in 1.6, "directmedia=no") for each of your SIP clients. This will prevent them from trying to send the RTP "directly" to one another, instead sending it to Asterisk for forwarding. This is probably the most reliable approach. It's also probably the only one which will allow reliable connections between these clients, and SIP endpoints which aren't part of your own local IP-address space. (2) If you really do want to try to allow directmedia connections between the clients, you'll need to make certain of two things: [A] Your OpenVPN setup, for each client, must install a route on each client which directs the client to send all packets for any address on the entire VPN back to the VPN server. Without such a route being installed, it's likely that the OpenVPN-installed routing would only channel packets for the OpenVPN server itself into the tunnel. Packets for other IP addresses in the OpenVPN range would end up being sent out through the client's normal IP route, and probably lost forever in the grand stew of the Intertube. [B] Make sure that your OpenVPN setup allows direct client-to- client communications. There's a parameter which can disable this, and permits only client-to-server packets to survive... make sure you haven't set this. (3) You may need to make sure that your iptables (or similar) configuration isn't accidentally NAT'ing packets which are trying to come in through the OpenVPN tunnel and then go back out through another OpenVPN tunnel. -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users