Re: [asterisk-users] Asterisk 1.6 and OpenVPN RTP problem
Hello Platt, Thank you for help. I have tested and it works fine. -- Please discover scientific miracles of CORAN http://www.55a.net/ -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk 1.6 and OpenVPN RTP problem
Hello, Thank you for your reply. The first proposed solution has resolved the problem for a test in the local network. Another test is planned today later with a client in the same NAT and another in the public internet with a public static ip address. Do you have any advice for that case? -- *Please discover scientific miracles of CORAN* http://www.55a.net/ -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk 1.6 and OpenVPN RTP problem
Thank you for your reply. The first proposed solution has resolved the problem for a test in the local network. Another test is planned today later with a client in the same NAT and another in the public internet with a public static ip address. Do you have any advice for that case? That case should work out fine if you've specified directmedia=no for the client(s) on the NAT/OpenVPN side, as long as the Asterisk server has a public IP address. Asterisk will forward the RTP between the client on the public Internet, and the client on the OpenVPN tunnel. You won't need to have a routable connection directly between the two clients. I run my own setup this way. All clients on my home LAN, and my OpenVPN'ed mobile (Nokia N810) specify directmedia=no. I can make calls (RTP both ways, no trouble) between them, between one of them and a client on the public Internet, and between them and various VoIP providers' systems. Using OpenVPN, and depending on Asterisk to forward the RTP, seems to be a *lot* more reliable than trying to do direct SIP/RTP and depending on STUN or SIP-aware NAT gateways. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk 1.6 and OpenVPN RTP problem
mosbah.abdelkader wrote: Hello All, I have installed Asterisk 1.6 with openVPN in the same machine. I have set up a VPN connection between 2 SIP clients and Asterisk using x-lite. Just a guess, set canreinvite=no in the sip.conf for each of the end points Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk 1.6 and OpenVPN RTP problem
Hello All, I have installed Asterisk 1.6 with openVPN in the same machine. I have set up a VPN connection between 2 SIP clients and Asterisk using x-lite. The 2 clients connects to Asterisk. SIP signaling goes ok over the vpn tunnel. When attempting to make a call between the clients, the siganling part of the call goes well. But, when the call is set up, some RTP packets are exchanged at the beginning and then the RTP flow stops (no RTP is exchangd). Wireshark demonstrates no problem with SIP signaling. I am using OpenVPN 2.1.1. Has anyone had such a problem. I had a vaguely-similar problem, getting a Nokia N810's Telepathy- based SIP client to talk to Asterisk over an OpenVPN connection. The problem in that case turned out to be the fact that the Nokia was sending all of the packets to the Asterisk server, using its primary-network (WiFi) IP address, rather than the address to which its end of the OpenVPN tunnel was bound. The SIP packets from the Asterisk server had no way to get back to the client. The fix for this was to stick a couple of scripts into the Nokia, to be executed when OpenVPN started or stopped the VPN tunnel. The up script changes the SIP configuration, setting its local IP address parameter to that of the Nokia end of the tunnel, while the down script clears this override. Works fine. That doesn't sound like exactly the problem you're having, though, since you're getting SIP through the tunnel OK. The problem sounds more as if the RTP packets from one client are either not being send through the tunnel at all, or are being dropped prior to getting to the other. There may be a couple of ways to fix this: (1) As another poster suggested, specify canreinvite=no (or, in 1.6, directmedia=no) for each of your SIP clients. This will prevent them from trying to send the RTP directly to one another, instead sending it to Asterisk for forwarding. This is probably the most reliable approach. It's also probably the only one which will allow reliable connections between these clients, and SIP endpoints which aren't part of your own local IP-address space. (2) If you really do want to try to allow directmedia connections between the clients, you'll need to make certain of two things: [A] Your OpenVPN setup, for each client, must install a route on each client which directs the client to send all packets for any address on the entire VPN back to the VPN server. Without such a route being installed, it's likely that the OpenVPN-installed routing would only channel packets for the OpenVPN server itself into the tunnel. Packets for other IP addresses in the OpenVPN range would end up being sent out through the client's normal IP route, and probably lost forever in the grand stew of the Intertube. [B] Make sure that your OpenVPN setup allows direct client-to- client communications. There's a parameter which can disable this, and permits only client-to-server packets to survive... make sure you haven't set this. (3) You may need to make sure that your iptables (or similar) configuration isn't accidentally NAT'ing packets which are trying to come in through the OpenVPN tunnel and then go back out through another OpenVPN tunnel. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
