I hope you can help me with this. I’ve searched the forums but so far cannot find what I’m looking for…
Here is my setup:
I have Asterisk running on a hosted server here in the UK. It all works fine and I have 2 SIP clients talking perfectly well over NAT most of the time and I can carry my SIP phones around and use various open networks to connect to the server.
The problem I have is that some networks (with a particularly annoying ISP) seem to block the RTP ports for their own use. This means that although my phones register with the server correctly, the RTP cannot travel anywhere and no calls can be generated. It’s obviously impossible for me to disable this behaviour on routers that I don’t administer so I’m looking at ways to circumvent the router.
There are three methods that are viable:
- Install Asterisk on my laptop and use IAX2 to talk to the server with phones registering to the laptop.
- Setup siproxd on my laptop.
- Use OpenVPN and fire all traffic down an encrypted tunnel.
Option 1 seems a little bit of overkill for simply setting up relay link (but the use of IAX2 would definitely solve the problem). I’d rather not go down this route unless I have to.
Option 2 I don’t think will make any difference. I would only shift the problem from the phone to the laptop and the RTP ports would still be blocked by the annoying router.
Option 3 is the best solution I can think of. The OpenVPN tunnel is working perfectly (well, most of the time) and I can talk to the server quite happily through it. This option also means that I don’t need to worry about a firewall on the server (the main IP is firewalled but the VPN tunnel is secured enough that it doesn’t need firewalling).
Now, whilst it’s not a problem for me to carry my laptop around and use it as a router and end-point for the VPN tunnel when I need it, the SIP phones cannot be configured to use my laptop as a router (they pick up the routes from the DSL routers that I use and there’s no way of configuring each one to add my laptop as another route) so what I ultimately want to do is configure IPTables to throw all traffic on ports 5060 and 10000-11000 straight down the tunnel silently and relay the replies as they come back through. Essentially, this would mean that all I would need to do is point the SIP registration details on the phone to my laptop’s IP and it will talk directly to the server through the tunnel (note: tunnel is UDP) but it simply doesn’t seem to work.
Could anyone give me some advice here on what I need to configure or if there is another option that I haven’t considered?
Many thanks in advance.