Hi there, I am trying to setup a configuration that requires me to use SIP and asterisk behind a firewall and over a VPN to a remote office and with some local Phones also.
I can't use IAX to my provider because they don't offer it and my handsets ( snom 300 ) also don't support IAX so it's all SIP. The configuration is a follows Asterisk PBX 10.202.17.217/24 ------>| 10/100-Switch |-----> Firewall1 pfsense X.Y.Z.250 -------->ITSP Sip Porvider public internet LocalPhones 10.202.17.1-25/24 -_---->| 10/100-Switch |-----> Firewall2 Watchguard ----->ISP internet Connection <-----Firewall3 | remote office | ----Remote User Phone 192.168.97.74/24 There is a Lan2Lan VPN tunnel between the Firewall2 and the Remote Office Firewall3 I can Ping the remote office phone from the asterisk PBX at all times. Now I have my Sip.conf setup with externip= X.Y.Z.250 [general] port = 5060 bindaddr = 0.0.0.0 context = default allowoverlap=no srvlookup = yes : externip = externip = x.y.z.250 localnet=10.202.17.0/255.255.255.0 qualify=yes nat=yes register = xxxxxxx:SipServer/xxxxxxxx limitonpeers=yes allowsubscribe=yes notifyringing=yes notifyhold=yes useclientcode=yes canreinvite=no I have pfsense setup to forward ports 5060 and RTP ports over UDP back to the internal asterisk server. And a firewall rule to allow this traffic from only my ITSP SipServer. I can make a call from any phone on the local phones network to the outside world via the SIP proxy with asterisk in the media stream ( canreinvite=no) I can make a call from the remote user phone to a local phone or to any other phone outside the network but I don't get any audio . If I remove the IP address X.Y.Z.250 from the externip setting then I can call remote phone to local phones fine and get audio perfect, but I can't make any outbound calls from local to outside world via my ITSP. Do I need to setup a STUN server to tell the remote Phones that Asterisk is not on the Public address but rather on the LAN address accessible via the VPN? Or should I put a second Network Adapter in the Asterisk PBX and Setup Iptables on this removing the firewall from the equation ? I could send all users to the Public Address X.Y.Z.250 but I want to limit by IP address what is allowed in on this and the remote user has a dynamic IP address on their internet connection. So I want to leave this to the last resort. Has anyone any suggestions? Thanks Albert
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
