QUESTION One way audio over VPN

[AndyInNYC]

I have a RentPBX account on which I have installed OpenVPN. The VPN connection works. I can register a 3cx softphone on my iPhone. I can make/receive a call, but there is no audio from my softphone to the other party - I can hear them/they can't hear me. The VPN is set for 10.8.0.x

I know one-way audio is a common problem, but I'm not sure of the solution given the VPN.

I have NAT set to yes on the phones and freepbx.
I have the 10.8.0.0 network in Asterisk SIP Settings, Local Networks

I have in iptables accepting the 1194 port (or else the VPN wouldn't work)

iptables has the commands:
-A INPUT -s 10.8.0.0/16 -j ACCEPT
and
*nat
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
(along with other *nat info)

TM3 is running and installed

my server.conf file in the OpenVPN has the lines:

push "route 10.2.1.0 255.255.255.0"
push "dhcp-option DNS 10.2.1.1"

which I admit to not understanding
under ifconfig I show that the PBX is on 127.0.0.1 (which doesn't match my VPN (???))

So, lots of info - hopefully enough for someone to point out my stupidity.

This is a Purple installation:

 Asterisk  = ONLINE  | Dahdi    = ONLINE  | MySQL    = ONLINE    x
                                                    x  SSH        = ONLINE  | Apache    = ONLINE  | Iptables  = ONLINE    x
                                                    x  Fail2ban  = ONLINE  | Internet  = ONLINE  | Ip6Tables = ONLINE    x
                                                    x  Disk Free  = ADEQUATE| Mem Free  = ADEQUATE| NTPD      = ONLINE    x
                                                    x  SendMail  = ONLINE  | Samba    = OFFLINE | Webmin    = ONLINE    x
                                                    x  Ethernet0  = ONLINE  | Ethernet1 = N/A    | Wlan0    = N/A      x
                                                    x                                                                    x
                                                    x  PIAF Installed Version  = 2.0.6.3 under *XEN* on Rent PBX        x
                                                    x  FreePBX Version          = 2.9.0.11                                x
                                                    x  Running Asterisk Version = 1.8.19.1                                x
                                                    x  Asterisk Source Version  = 1.8.19.1                                x
                                                    x  Dahdi Source Version    = 2.6.1+2.6.1                            x
                                                    x  Libpri Source Version    = 1.4.12                                  x
                                                    x  IP Address              = 209.159.x.y on eth0                x
                                                    x  Operating System        = CentOS release 6.3 (Final)              x
                                                    x  Kernel Version          = 2.6.32-279.19.1.el6.i686 - 32 Bit      x
                                                    x  Incredible PBX 3 Version = 3.1.0

I'm happy to provide any additional info. This same one-way audio occurred while testing my RPi with OpenVPN - at the time I thought it was a Pi issue. I can also try other softphones if we think the problem is with the 3cx.

 

[AndyInNYC]

As a follow up, if I put the call on hold on either side, my MOH music can be heard by the other side. In other words, if the softphone puts the phone on hold, the phone hears the music (having not heard any voice at any time). This doesn't fix the voice issue.

Andrew

 

[islandtech]

What is the IP address of the vpn extension shown in Reports>Asterisk Info>Sip Info?

MOH is generated from the pbx. Are the RTP ports (10000-20000) open?

 

[AndyInNYC]

So, I downloaded Zoiper - it worked the very first time with two way audio.

The remote phone (VPN extension) registers as 10.8.0.6 (as it should).

RTP ports are open on the PBX - I have other extensions which work just fine.

I'll probably spend the $7 and try Bria as well - any other 'better' softphone over VPN on iPhone/Android choices out there?

Andrew

 

[tbrummell]

my server.conf file in the OpenVPN has the lines:

push "route 10.2.1.0 255.255.255.0"
push "dhcp-option DNS 10.2.1.1"

So, I downloaded Zoiper - it worked the very first time with two way audio.

The remote phone (VPN extension) registers as 10.8.0.6 (as it should).

Andrew

Is that just a typo there between the route and the IP the VPN client gets? Or is that for real?

 

[AndyInNYC]

Sorry for the really slow response.

No typos in my post <g>.

server.conf reads:

local X.Y.Z.A
port 1194
proto udp
dev tun
# added based on pbxinaflaah.com
daemon
persist-tun
persist-key
cipher BF-CBC
tls-server
#end added
 
mode server
server 10.8.0.0 255.255.255.0
push "route 10.2.1.0 255.255.255.0"
push "dhcp-option DNS 10.2.1.1"
keepalive 20 60
client-to-client
duplicate-cn
comp-lzo
verb 3
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
log-append /etc/openvpn/openvpn.log

The iptables lines are still the same above.

I have no idea why/what the 10.2.1.0 255.255.255.0 line does - it came (I think) from a yealink setup howto.

I think that the 3cx should work, so I think I have some kind of a config problem (even though the zoiper works fine).

Thanks for your thoughts.

Andrew

 

[briankelly63]

http://forum.yealink.com/forum/showthread.php?tid=599

 

[BeerCan]

"push route" is to advertise the 10.2.1.0 subnet to vpn clients. This is so vpn clients that connect to your server can access that subnet. Do you have anything on that subnet?
Same with "push dhcp-option dns" this sets the dns server you wish the vpn clients to use. Is 10.2.1.1 a good dns server? I would also look into the "client-to-client" option, do you need that function? If so there are better methods.

 

[AndyInNYC]

Since I'm setting this up on a RentPBX account, there are no other settings going on (that I know of), so 10.2.1.0 doesn't 'exist' on the PC. All of those settings - including the client-to-client - come from the Yealink HOWTO.

Should I be pushing 10.8.1.0? Should I be pushing anything?

Andrew

 

[BeerCan]

If there is no 10.2.1.0 subnet you should not be pushing those settings. You will need to push only if you have other subnets (on the rentpbx side) that you need to access. I personally would remove them. Don't follow those howto's so literally all the time, sometimes you have to use them more as a guide and plug in the settings that are meaningful to your situation. If you want I can lay my config out and you can try and work from it. VPN and Yealink phones work great once you get the kinks out.