I'm having a problem with one phone and it has me puzzled. I solved it in a way I don't like, so I'm hoping for some insight.
I have a RentPBX machine with OpenVPN installed. I'm connecting to it from Yealink T46G phones. I have a main office and several home workers; with more home workers coming I see problems in my future.
The one remote user is getting connected and staying connected to the server and the pbx shows his extension connecting via a VPN IP (10.11.12.X). When he RECEIVES calls, all is well. When he makes them he gets cut off very quickly.
Looking at output with SIP/RPT debug on, I'm seeing several curious things. MY_NONVPN_IP is my (poster's) IP - I don't connect via the VPN. REMOTEIP is the public IP address of the remote user. This is for a call TO the remote user:
I thought the whole idea of VPN was that all traffic is through 10.11.12.X and the actual IP of the user is NEVER used/seen - just the tunnel?
So why is this substitution being made?
2. Here's more of the info using the VPN connection (this comes earlier, prior to the call):
So, we're using the VPN.
In a call from Remote User to my cell, I get the following (abbreviated):
iptables ACCEPTS all traffic on 10.11.12.
To 'fix' the problem, I used /root/add-ip REMOTEUSER IP_Addy, but that's hardly a fix. If I wanted to do that, I wouldn't use the VPN at all.
My concern is that I can't do this 'solution' for all the other users we will be adding to the system.
Happy to post additional info, but I'm confused about where to start.
Thanks for the help.
Andrew
I have a RentPBX machine with OpenVPN installed. I'm connecting to it from Yealink T46G phones. I have a main office and several home workers; with more home workers coming I see problems in my future.
The one remote user is getting connected and staying connected to the server and the pbx shows his extension connecting via a VPN IP (10.11.12.X). When he RECEIVES calls, all is well. When he makes them he gets cut off very quickly.
Looking at output with SIP/RPT debug on, I'm seeing several curious things. MY_NONVPN_IP is my (poster's) IP - I don't connect via the VPN. REMOTEIP is the public IP address of the remote user. This is for a call TO the remote user:
Code:
pbx*CLI> [2014-09-15 16:04:07] DEBUG[3557][C-00000053]: res_rtp_asterisk.c:3513 ast_rtcp_read: RTCP NAT: Got RTCP from other end. Now sending to address REMOTEIP:11781
pbx*CLI> > 0xb7411270 -- Probation passed - setting RTP source address to MY_NONVPN_IP:11800
[2014-09-15 16:04:07] DEBUG[3557][C-00000053]: res_rtp_asterisk.c:3967 ast_rtp_read: RTP NAT: Got audio from other end. Now sending to address MY_NONVPN_IP:11800
Got RTP packet from MY_NONVPN_IP:11800 (type 00, seq 000000, ts 3221661647, len 000160)
pbx*CLI> Sent RTP packet to 10.11.12.38:11780 (type 00, seq 059320, ts 3221661640, len 000160)
pbx*CLI> > 0xb5775080 -- Probation passed - setting RTP source address to REMOTEIP:11780
[2014-09-15 16:04:08] DEBUG[3557][C-00000053]: res_rtp_asterisk.c:3967 ast_rtp_read: RTP NAT: Got audio from other end. Now sending to address REMOTEIP:11780
Got RTP packet from REMOTEIP:11780 (type 00, seq 000000, ts 1638191900, len 000160)
pbx*CLI> Sent RTP packet to MY_NONVPN_IP:11800 (type 00, seq 003404, ts 1638191896, len 000160)
> 0xb7411270 -- Probation passed - setting RTP source address to MY_NONVPN_IP:11800
Got RTP packet from MY_NONVPN_IP:11800 (type 00, seq 000001, ts 3221661807, len 000160)
Sent RTP packet to REMOTEIP:11780 (type 00, seq 059321, ts 3221661800, len 000160)
pbx*CLI> > 0xb5775080 -- Probation passed - setting RTP source address to REMOTEIP:11780
pbx*CLI> Got RTP packet from REMOTEIP:11780 (type 00, seq 000001, ts 1638192060, len 000160)
Sent RTP packet to MY_NONVPN_IP:11800 (type 00, seq 003405, ts 1638192056, len 000160)
pbx*CLI> Got RTP packet from MY_NONVPN_IP:11800 (type 00, seq 000002, ts 3221661967, len 000160)
Sent RTP packet to REMOTEIP:11780 (type 00, seq 059322, ts 3221661960, len 000160)
pbx*CLI> Got RTP packet from MY_NONVPN_IP:11800 (type 00, seq 000003, ts 3221662127, len 000160)
Sent RTP packet to REMOTEIP:11780 (type 00, seq 059323, ts 3221662120, len 000160)
pbx*CLI> Got RTP packet from REMOTEIP:11780 (type 00, seq 000002, ts 1638192220, len 000160)
Sent RTP packet to MY_NONVPN_IP:11800 (type 00, seq 003406, ts 1638192216, len 000160)
pbx*CLI> Got RTP packet from REMOTEIP:11780 (type 00, seq 000003, ts 1638192380, len 000160)
Sent RTP packet to MY_NONVPN_IP:11800 (type 00, seq 003407, ts 1638192376, len 000160)
pbx*CLI> Got RTP packet from MY_NONVPN_IP:11800 (type 00, seq 000004, ts 3221662287, len 000160)
I thought the whole idea of VPN was that all traffic is through 10.11.12.X and the actual IP of the user is NEVER used/seen - just the tunnel?
So why is this substitution being made?
2. Here's more of the info using the VPN connection (this comes earlier, prior to the call):
Code:
<--- Transmitting (NAT) to 10.11.12.38:5062 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.11.12.38:5062;branch=z9hG4bK678706115;received=10.11.12.38;rport=5062
From: "USERNAME" <sip:[email protected]>;tag=1936430616
To: "USERNAME" <sip:[email protected]>;tag=as57b9e839
Call-ID: [email protected]
CSeq: 2 REGISTER
Server: FPBX-2.11.0(11.12.0)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Expires: 3600
Contact: <sip:[email protected]:5062>;expires=3600
Date: Mon, 15 Sep 2014 23:03:01 GMT
Content-Length: 0
So, we're using the VPN.
In a call from Remote User to my cell, I get the following (abbreviated):
Code:
<--- Transmitting (NAT) to 10.11.12.38:5062 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.11.12.38:5062;branch=z9hG4bK678706115;received=10.11.12.38;rport=5062
From: "USERNAME" <sip:[email protected]>;tag=1936430616
To: "USERNAME" <sip:[email protected]>;tag=as57b9e839
Call-ID: [email protected]
CSeq: 2 REGISTER
Server: FPBX-2.11.0(11.12.0)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Expires: 3600
Contact: <sip:[email protected]:5062>;expires=3600
Date: Mon, 15 Sep 2014 23:03:01 GMT
Content-Length: 0
pbx*CLI> Sent RTP packet to MYCELLIP:25070 (type 00, seq 022064, ts 53074296, len 000160)
pbx*CLI> [2014-09-15 16:06:40] WARNING[1576]: chan_sip.c:4024 retrans_pkt: Retransmission timeout reached on transmission [email protected] for seqno 2 (Critical Response) -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 10175ms with no response
[2014-09-15 16:06:40] WARNING[1576]: chan_sip.c:4053 retrans_pkt: Hanging up call [email protected] - no reply to our critical packet (see https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions).
iptables ACCEPTS all traffic on 10.11.12.
To 'fix' the problem, I used /root/add-ip REMOTEUSER IP_Addy, but that's hardly a fix. If I wanted to do that, I wouldn't use the VPN at all.
My concern is that I can't do this 'solution' for all the other users we will be adding to the system.
Happy to post additional info, but I'm confused about where to start.
Thanks for the help.
Andrew