Expose the local Asterisk network publicly

aroupdhruba · April 28, 2019, 12:11pm

Hi there,

I have an Asterisk server running on Centos docker image in my office. We use a local IP phone number in Bangladesh for the server. Whenever consumers call in the IP phone number, our agents get a call in the Xlite in the local network.

Now we want to have our agents staying home and receive calls in their Xlite. The person who built the system is no longer with us, but he suggested that I should try to expose the server publicly to get our agents to work remotely.

As I am new in this field I need some guidelines about:

How to expose the asterisk network publicly.
How to configure Xlite for this usage such that users can get access to the calls remotely.

Thanks in advance.

Edit: In our country, we don’t have access to sip packets from outside of the country. So I can’t deploy it to a server like digital ocean, gcloud etc.

david551 · April 28, 2019, 12:16pm

If you want to send calls to the X-Lites, Asterisk is a a client.

These questions are mainly basic TCP/IP network management ones, although you may have to consider NAT issues as well. Whilst they are basic, there is too much involved to expect a complete canned solution on a forum like this and such a solution will involve your understanding your networking environment quite well.

Best practice in this sort of case is to use VPNs, so that the phone appear to be on your intranet, as far as Asterisk is concerned. However, as a loss leader for the Bria range, X-Lite may well not support VPNs.

aroupdhruba · April 28, 2019, 12:37pm

Hi David,

Thanks for your response. I know it’s too much to ask for a complete solution for this type. I just need some sources to look at so that I can figure the rest of the things out.

Best practice in this sort of case is to use VPNs, so that the phone appear to be on your intranet, as far as Asterisk is concerned.

So what I understand is I have to build a VPN originating in my country because the SIP packets from outside are restricted in our country. Then, use the IP for both asterisk and the softphone. Am I right here?

However, as a loss leader for the Bria range, X-Lite may well not support VPNs.

In my case, X-lite isn’t really needed, I can use any other softphones that support VPNs. What are the best options here?

david551 · April 28, 2019, 1:43pm

The reasons for using VPNs are to protect your system from attack.

Unfortunately, the term VPN has been hijacked by some companies that use VPN protocols but to connect to their gateways to the internet. The original meaning of VPN is a Virtual Private Network, i.e. a network that is private and only carries your internal traffic, but is implemented over a public network, rather than with, say, dedicated cables.

aroupdhruba · April 29, 2019, 4:56pm

Hi there,

Thanks for the reply. I helped me a great lot.

I have implemented a openVPN in the ubuntu machine where the asterisk server is running on a Centos docker. My other mac laptop can connect the machine with TunnelBlick.

From where I have been learning things, they told us to edit the sip.conf and the extensions.conf file after that.

I can not find the sip.conf file in the asterisk file. However there is a pjsip.conf file. I really don’t know where to change to get the calls in the VPN.
Also the extensions.conf changes are quite unclear.

Can I get some resources from where I can get some context?

Thanks in advance.

avayax · April 30, 2019, 8:33am

You shouldn’t have to make any changes to your dial plan.
You run a VPN server on your network, then you issue VPN client certificates that allow your users to connect to your network.
They will register their x-lite clients to the private IP address of your Asterisk server, just like they would be if they were local.

jeanfrancois.barsocc · April 30, 2019, 11:45am

and I think when you 're on a NAT it 's more complicated to send notify from your Asterisk to the endpoints
VPN is a very good way to proceed

aroupdhruba · May 5, 2019, 10:06am

Hi there,

I am finding some problems with configuring the OpenVPN with my computer. When I run my ifconfig, there is no eth0 available on the list. Although I can see the tunnel tun0 properly configured.

My asterisk server is running at the enx283737011303. When I connect with X-lite, I enter 192.168.1.187 as the domain address when connected in my local wifi. My public IP is 103.4.145.154, which is not shown by any eth0.

br-b97edea6663f: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255
        ether 02:42:49:ea:80:ef  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:16:d7:1d:3c  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp5s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether e0:d5:5e:2e:db:0a  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 18  

enx283737011303: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.187  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::59a2:a030:9da1:775b  prefixlen 64  scopeid 0x20<link>
        ether 28:37:37:01:13:03  txqueuelen 1000  (Ethernet)
        RX packets 108876  bytes 19860435 (19.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 93873  bytes 41047054 (41.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 175889  bytes 67953296 (67.9 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 175889  bytes 67953296 (67.9 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.255  destination 10.8.0.2
        inet6 fe80::3db4:f8fc:f8ef:b1ed  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5  bytes 240 (240.0 B)

First I tried to add in my client openvpn configuration.

remote 192.168.1.187 1194

With this, I can ping within the same wifi network, but I can’t do from a remote location. Putting my real IP also isn’t helping here.

Thanks in advance.

jeanfrancois.barsocc · May 17, 2019, 8:02pm

on stretch eth0 becomes enx

the interface enx shows the LAN address of your server

I suppose you have a router to access to the internet with a LAN IP address (192.168.1.x)
the routeur also has a public address. It’s that address that must be configured in your client configuration
you also have to configure a NAT rule on your router to redirect openpnv data toward your server

when the tunnel is on, your remote phone will register on the private address of your server (10.8.0.1)

don’t forget the firewall (iptables for example) configuration to protect your server

if you’re not comfortable with openvpn VPN, it could be risky to activate an openvpn server with asterisk

system · June 16, 2019, 8:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.