Answer the question
In order to leave comments, you need to log in
How to forward ports in an Asterisk tunnel?
Task:
There is a server with Asterisk with a gray IP address in the office, SIP-phones are connected to it. An analog gateway is also connected to it.
Everything works, inside the office everyone calls each other. also make calls to the outside world via an analog line.
It is necessary that softphones, sipphones and other backgrounds from the outside connect to this server.
We rented a VDS server with a white IP, rolled out OPENVPN on it. An office Asterisk was connected to it. There is a connection between them, both ping.
specified the following rules in IPtables on OPENVPN:
iptables -t nat -A PREROUTING -p udp -d 194.xx.yy.zz --dport 5060 -j DNAT --to-destination 10.0.0.2:5060
iptables -A FORWARD -i eth0 -d 10.0.0.2 -p tcp --dport 5060 -j ACCEPT
in IPtables on Asterisk:
iptables -t nat -A PREROUTING -p udp -d 10.0.0.2 --dport 5060 -j DNAT --to-destination 192.168.0.2:5060
in sip.conf
localnet 10.0.0.2
localnet 192.168.0.2
externip 194.xx.yy .zz
Registration from the softphone does not work =(
Please help me, I'm confused about the rules, where and how to specify whom. Or maybe I need to dig in the other direction altogether. I would be grateful for good advice. Good luck everyone!
Answer the question
In order to leave comments, you need to log in
The connection scheme has changed slightly
From the terminal (optical Huawei Rostelecom), forwarding to the VPN Server has been made;
from VPN server through the tunnel to Asterisk.
VPN server
-A PREROUTING -i eth1 -p udp -m udp --dport 5060 -j DNAT --to-destination 10.0.0.2:5060
-A PREROUTING -i eth1 -p udp -m udp --dport 5061 -j DNAT --to-destination 10.0.0.2:5061
-A PREROUTING -i eth1 -p udp -m udp --dport 10000:20000 -j DNAT --to-destination 10.0.0.2:10000-20000
-A FORWARD -d 10.0. 0.2/32 -i eth1 -p udp -m udp --dport 5060 -j ACCEPT
-A FORWARD -d 10.0.0.2/32 -i eth1 -p udp -m udp --dport 5061 -j ACCEPT
-A FORWARD -d 10.0.0.2/32 -i eth1 -p udp -m udp --dport 10000:20000 -j
ACCEPT
Now authorization passes, even I call. But, clients who are connected locally to the SIP server by dialers do not hear me from the SOFT dialer from the outside.
As I understand it, the voice gets stuck, hence the RTP ports. But where to dig further, I do not know. I tried on clients and turn STUN on and off, on Asterisk turn on and off NAT passage modes, it does not help =(
It is not clear why click on Asterisk?
In addition to SIP ports, RTP ports also need to be forwarded.
externip you have 194.xx.yy.zz It is
better to install Sip-proxy on the VDS, rather than forwarding ports.
And even easier - rent a white IP from a provider
Hello! You have something moved. I have a similar problem and diagram. Also, calls go through and there is no voice on both sides.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question