I have this problem and I don’t see a simple solution to it.
We have an office Lan with a 255.255.0.0 range
We have an asterisk server on a 192.168.1.21 IP that is accessible from the Lan.
We have a VPN allowing to access the 192.168.2.0 subnet of our office lan (we use the 192.168.2.0 subnet instead of 192.168.1.0 subnet to avoid address collision with the remote lan )
I would like to register a sip phone on the remote lan with the asterisk server on the office lan.
Of course, the easy way would be to change the asterisk server ip to an address in the 192.168.2.0 range, but I would prefer not to do it.
How can I “redirect” the sip traffic coming from the VPN on the 192.168.2.0 subnet to the asterisk server which is on the 192.168.1.0 subnet, to allow registering of my remote phone ?
First of all if you want to have 192.168.1.0 and 192.168.2.0 as two separate network, you need to use a subnet mask 255.255.255.0.
Asterisk IP is just fine. Set up the subnet mask correcty and the Asterisk will communicate with the remote network via the router that is taking care of the VPN link.
How will my remote sip phone (on a 192.168.2.0 subnet) register to the asterisk server on the 192.168.1.00 subnet ?
Do I have to do a static registration ?
If I understand correctly, two routers are taking care of the VPN connection between two remote sites (two remote LANs). If this is the case, IP Phone and Asterisk just need to send remote-bound packets to the routers (default gateway), they take care of the traffic routing between the two locations.
We have a router on the office side, but the remote site connects via a VPN client directly (no router on the remote side)
Thus the traffic from the remote client to 192.168.1.21 (my asterisk IP address on the office lan) will not be routed to the VPN tunnel.
Should I enter a static route on my remote client to direct 192.168.1.21 traffic to the VPN tunnel ?
Indeed, my setup is a bit complicated. The problem I had to face is to allow remote users to connect (via a VPN tunnel) to the office lan (192.168.1.0 IP range) from different remote locations. Those locations can be the user home, but also an hotel. Remote user is usually connected locally to internet via a lan, with a IP range that can be 192.168.1.0 an thus could conflict with the office lan range.
To avoid this problem, I extends the office lan range to 192.168.0.0, and gave all devices that have to be accessible via VPN addresses like 192.168.2.x.
The remote client can then connect (VPN tunnel) to the 192.168.2.0 subnet of the office lan, without conflicting with the remote lan addresses.
Of course, a simpler solution could be to use 192.168.2.0 for the office lan, but this is not practical.
Everything is working fine, except for the asterisk server, which is at 192.168.1.21. Again, I could change the ip of the asterisk server, but I would prefer not.
The problem you seem to have is that the VPN is not a proper part of your intranet. Fixing that is a much better approach than trying to get Asterisk to cope with two disjoint networks.
Once your intranet is fully routable, you will not need to do anything special to deal with hosts across the VPN.