[HELP] Asterisk@home with remote user through VPN


Here is the setup i want to install but not sure what if possible and want configuration changed are required on Firewall and Asterisk server.

I have 2 sites, both behind FW and connected via VPN through internet.

In Site A:
FWA Inside address:
FWA Outisde address: x.x.x.x (dynamic public address at the moment)
SIP server:
Soft Phone:
VoiP Phone:

In Site B:
FWB Inside address:
FWB Outisde address: x.x.x.x (dynamic public address at the moment)
Soft Phone:

Phone in site A can register ok to SIP server.
But softphone in site B unable to register to SIP server.

ping from phone B, to SIP server work fine.

SIP server is used only to make calls inside VPN only, no calls from public ip address should be expected.

Questions are:
Which port do i need to open on each FW A and B ?
What do i need to modify on Asterisk ?
Do i need public static ip address for FW outisde @ ?

I’ve read about port forwarding on FW. Do i need to implement this ?

Thank you very much in advance for support.


i have a couple of sites that do this. IPSEC VPN between them, with softphones on the remote PC working just fine (well, as good as a softphone gets) with Asterisk.

having said that, my sites all use static IPs, but if the VPN is up and other traffic can pass, then that shouldn’t be an issue.

do you see any output on the CLI (or in the logs) for the failed registration ?

what have you got set for localnet in sip.conf ? mine is

Port forwarding nor firewall holes should not be required if you are using a VPN tunnel. Have you tried a different phone or softphone? Can you access the asterisk box from a pc at site B (try to ssh to it)?

Thanks for the infos, I will try again and keep posted.
Test from outside is working using port fowarding.