Dynamic IP's connecting multiple asterisk servers

Case: Two Asterisk servers want to call each other.
If both servers have Dynamic IP’s the only way to connect them is with a dynamic DNS service. Is that correct?
Thanks :smile:

On Saturday 28 December 2024 at 07:20:20, PatTheRat via Asterisk Community
wrote:

Case: Two Asterisk servers want to call each other.
If both servers have Dynamic IP’s the only way to connect them is with a
dynamic DNS service. Is that correct?

That’s certainly one way of approaching the problem (a VPN would be my other
suggestions) however you still have the problem where:

  • server A registers its address with some dynamic DNS service
  • server B registers its address with some dynamic DNS service
  • server A looks up B’s name and connects to the IP address
  • server B looks up A’s name and connects to the IP address
  • server A changes its address and updates dynamic DNS
  • server B has no idea this has happened and continues using the old address

Asterisk cannot help you solve this networking problem.

Antony.


I know I always wanted to be somebody, but I guess I should have been more
specific.

                                               Please reply to the list;
                                                     please *don't* CC me.

@Pooh,
Thank you for the reply. If possible could you please explain the VPN solution you suggested, or point to a link that has a guide? I am weighing up my options. :pray:

An IP VPN (virtual private network) is an IP sub-network implemented on top of the underlying public and private networks, so appears like a single local network to both local and remote sides, and hides the NAT that underlies it.

Maybe you are confused by the hijacking of the term by anonymisation services, that always break out to the public internet, over NAT. They’re more like virtual Public networks, than virtual private ones, and their aims go against what one is trying to achieve when making two SIP user agents talk to each other.

Implementing a VPN is an OS and a router level thing, not something that should be visible to higher level software, llike Asterisk.

@david551 I already know what a VPN is and have a wireguard server on my router which I connect to remotely. What I would like is for Pooh or someone else to suggest a way to set it up to specifically connect asterisk’s together and ONLY asterisk’s.

@Pooh can you please tell me how you have your VPN set up, is it specific to the asterisk software (Split tunneling) something like this - Step by step guide for VPN & split tunneling - Network and Wireless Configuration - OpenWrt Forum or is it specific to a port? or something else?

Just connecting one asterisk box to another asterisk box will only allow the whole box to be on the wireguard tunnel so the user can not use the wan port for other network activities from their own IP. I am looking for a way to allow just the asterisk software to connect via VPN so as to use the routers for regular internet.

Any help would be appreciated. :slight_smile:

On Tuesday 07 January 2025 at 06:07:06, PatTheRat via Asterisk Community
wrote:

@Pooh can you please tell me how you have your VPN set up

I have two locations with dynamic IPs. Note that in my case “dynamic” means
they change every several weeks or few months. I use IPsec (strongswan) and
have a network-to-network VPN (ie: any machine at one location can connect,
using private IP addresses, to any machine at the other location).

The advantage for Asterisk here is that each server has a fixed private IP
address and can use a fixed private IP address for the machine at the other
location. My “internal network addresses” do not change, even if the VPN has
to re-connect itself because one end or the other has changed its public IP
address.

Each Asterisk server registers to external telephony service providers, who
don’t care what public IP address the connection comes from.

When location A gets a new public IP address it can re-connect the VPN so long
as location B hasn’t changed address at the same time (I’ve never had that
situation) and it then updates DNS so that when location B gets a new public
IP address at some point in the future, it can find the new address of location
A and re-connect.

It works for my needs.

Antony.


1960s: Let’s build a network which can withstand a nuclear war!
1970s: Hm, that looks good, we’ll run it on TCP/IPv4.
1980s: Nice, how about letting everyone join?
1990s: Hey, you can make money out of this!
2000s: Oh, you can lose it, too.
2010s: Alright, let’s just plug absolutely everything into it.
2020s: Meh, my lightswitch is now connected to my lamp via China.

@Pooh Thank you so much for the info. :+1: :slightly_smiling_face:

May I just clarify is your VPN is on your server, or is it cloud based (therefore acting as a dynamic DNS would do otherwise)?

If it is on your server do you have to set the VPN up so it knows to update the new IP address of the server that has changed or does it do it automatically? How does it know where to connect to?

Thank you.