SOLVED: SIP from OpenVPN to LAN server



  • Hi,

    Im connecting from WAN to pfsense using openvpn.
    I would like to access a SIP server on the LAN side but I just keep getting errors.As far as i could get its connected with the the way NAT does port-mapping.
    Is there an easy way to solve this?

    Thanks



  • If you are connecting to the SIP server behind the pfsense thru the openvpn tunnel, you should not be doing any NAT.  I think you need to tell the sip server that the remote NAT subnet is local.  What SIP server?  If it is asterisk, you should already have a localnet directive telling asterisk the LAN subnet, all you need to do then is add the subnet used for openvpn.



  • The sip server is an elmeg ICT88 (http://www.funkwerk-ec.com/prod_elmeg_ict46_main_en,,837.html)
    The problem is that I see no traffic to the LAN.Just a bunch DNS requests to the DNS server and that's it.
    On the SIP server side I also see no attempt to connect.This is why i think the problem is related to the pfsense not sip server.
    What should I try?

    Thanks!



  • It would help to give us a network diagram, including subnets…



  • Does this help?

    SIP SERVER (192.168.1.250) –- LAN (192.168.1.0/24) -- PFSENSE (192.168.1.1) ---- WAN
                                                                                                    \ VPN (10.0.8.0/24) (tun device with 'push "route 192.168.1.0 255.255.255.0";' )

    My rule for pfsense is to allow all openvpn traffic with any destination.



  • You are presumably using the localnet directive in asterisk?  If so, your stock entry will be 192.168.1.0/24.  Add to that 10.0.8.0/24, and that should keep asterisk from rewriting the headers.  You said NAT, but pfsense should not be NAT'ing anything in this context?



  • @danswartz:

    You are presumably using the localnet directive in asterisk?  If so, your stock entry will be 192.168.1.0/24.  Add to that 10.0.8.0/24, and that should keep asterisk from rewriting the headers.  You said NAT, but pfsense should not be NAT'ing anything in this context?

    There is no asterisk. Its an elmeg ICT88.I see no field to add other subnets.
    I suppose there is no NAT between 10.0.8.0 and 192.168.1.0 but the truth is that I just see DNS requests going thru pfsense.No attempt to connect no nothing.
    On the SIP server side i also see no attempts to connect on the logs so thats why i suppose its a pfsense problem  ???



  • by default, pfsense will not NAT traffic going into a tunnel.  do you have it set up otherwise?



  • @danswartz:

    by default, pfsense will not NAT traffic going into a tunnel.  do you have it set up otherwise?

    No.I'm using automatic nat rule generation.
    So what else could be wrong?



  • Ah, okay.  Re-reading the thread, I'm thinking it is something basic (nothing openvpn related anyway).  How does the elmeg know how to reach the sip server?  A name?  How is the name resolved?



  • @danswartz:

    Ah, okay.  Re-reading the thread, I'm thinking it is something basic (nothing openvpn related anyway).  How does the elmeg know how to reach the sip server?  A name?  How is the name resolved?

    My dear friends,

    Finally i found the problem.It was connected to the elmeg PBX.
    For some reason it messed up badly the network confs and it didnt allowed to correct them.I had to call the distributor to reset the confs and now everything is working perfectly!!!
    Thank you very much for your help and for your work!


Log in to reply