i’ve tried to look to some information about this problem but i didn’t understand how to solve that
i have an asterisk 1.8 installed on ubuntu server who has two eth interfaces (eth0 and eth1); in particular eth0 is the lan directly connected to the modem (so i use it to connect external sip client) and eth1 is a lan dedicated to VPN client ( i have a DD-WRT router that handles the pptp VPN).
Once upon a time (XD) i configured all clients only as local on the eth1 LAN (so client from internet had to use the vpn connection in order to use asterisk) and everithing worked without any problem.
After some months i decided to get available the access directly by sip protocol (so i’ve configured the other iface).
Now everything work fine except clients connected by vpn that has one way audio (vpn client hear but don’t transmit voice). I’ve noticed that there’s some problem with NAT but i didn’t find a real HOW TO manage this issue (unfortunately i’m a newbie) . Can you please help me?
this is my sip.conf gereral section
[general]
context=unauthenticated
allowguest=no
svrlookup=yes
udpbindaddr=0.0.0.0
tcpenable=no
externIP=XXX.XXX.XXX.XX
localnet=192.168.0.0/255.255.255.0 ; this is the lan connected to the modem
localnet=192.168.2.0/255.255.255.0 ; this is the lan designed for VPN
thanks in advance, i hope i had exposed well my issue!
mrgab
I think this is the broken multi-homed scenario again.
You need to advertise a route to your 192.168.0 interface on the VPN, or trick Asterisk into considering the VPN interface to be the primary interface.
In a multi-interface case, Asterisk assumes that the network is fully routable and chooses the address of just one of the interfaces as its official address.
You shouldn’t be creating dual interface hosts unless you know how to configure routing; I can’t tell you in detail because I don’t know enough about your network. You may need to enable routing in the Linux kernel.
I don’t know how to trick Asterisk into preferring a particular interface.
As you are getting audio problems, make sure that directmedia (previously called canreinvite) is disabled, in case the problem is simply the routing of the media.
You may also find that you can configure your SIP devices to ignore the addresses in the SIP headers.
I think the problem is the line Contact that doesn’t permit to complete the registration. How can i change sip:Dubai@192.168.1.96:5060 to sip:Dubai@192.168.2.2:5060 ???
By convincing Asterisk that the preferred interface is the other one. You may well find that it is the lowest numbered interface that is being preferred, in which case switching the two interfaces may help.
However, this is all trying to work round a bad design. The correct solution is to make it so that the contact address is a valid address on the VPN, by updating the routing configuration appropriately. IP was designed to combine networks into one inter-network not to allow disjoint networks on different interfaces of the same machine.
Incidentally, I think your localnet is wrong, although it may work as it may be redundant, as I think directly connected sub-nets are local by default.
Also note that the localnet for the VPN needs to cover the whole VPN, not just the immediately adjacent sub-net.
thanks to your advices i’ve found a solution. It isn’t a general solution but it is good for me 'cause i need only one static sip client connected via vpn.
i’ve added on the server this routing command
route add -host 192.168.1.96 gw 192.168.2.11 dev eth1
