How to set up an Asterisk server with 2 interfaces?

D

Dmitry Lebedev2018-03-17 07:23:24

Asterisk

Dmitry Lebedev, 2018-03-17 07:23:24

Greetings.
Colleagues, I need your advice.
There is telephony from Megafon. The service is provided via SIP. The problem is that you need to be sure to connect to their internal mesh IP 172.20.42.6 SB 255.255.255.252 GW 172.20.42.5, since their server for SIP registration is located in this mesh
. I have a configured Asterisk server with 2 network cards: one looks into local LAN (IP 192.168.92.5), the other to the provider’s LAN (172.20.42.6)
Everything works fine, but the problem is that I can’t reach the Asterisk server from other subnets, since the default gateway on the server is provider’s. If you change to an internal LAN, problems with telephony begin (most likely due to NAT). The problems are as follows with an incoming external call, the caller does not hear.
I thought to try to register an External interface on Zywall 1100 with IP settings 172.20.42.6 SB 255.255.255.252 GW 172.20.42.5 (without binding to ZONE).
Make a Policy Route with the Asterisk server output to this interface, but even it doesn’t work.
Tell me how to make the ASterisk server visible to other VPN subnets, and at the same time go out and work through the provider's interface?
At the moment, the server settings are as follows:

[[email protected] ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 70:85:c2:50:48:d7 brd ff:ff:ff:ff:ff:ff
    inet 172.20.42.6/30 brd 172.20.42.7 scope global enp2s0
       valid_lft forever preferred_lft forever
    inet6 fe80::7285:c2ff:fe50:48d7/64 scope link
       valid_lft forever preferred_lft forever
3: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 70:85:c2:50:48:d9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.92.5/24 brd 192.168.92.255 scope global enp0s31f6
       valid_lft forever preferred_lft forever
    inet6 fe80::7285:c2ff:fe50:48d9/64 scope link
       valid_lft forever preferred_lft forever

[[email protected] ~]# ip r
default via 172.20.42.5 dev enp2s0 proto static metric 100
default via 192.168.92.254 dev enp0s31f6 proto static metric 101
172.20.42.4/30 dev enp2s0 proto kernel scope link src 172.20.42.6 metric 100
192.168.92.0/24 dev enp0s31f6 proto kernel scope link src 192.168.92.5 metric 100

If you make such manipulations, the server is visible from other VPN subnets, but after a while, problems with external incoming calls begin:

route add -net 192.168.92.0 netmask 255.255.255.0 gw 192.168.92.254
route add default gw 192.168.92.254
route add -host 172.16.54.8 gw 172.20.42.5

Reply

Answer the question

In order to leave comments, you need to log in

[[+comments_count]] answer(s)

D

Drill, 2018-03-21
@Drill

1. Leave only one default route towards the provider.
2. What does "the problem is from other subnets" mean? Through what interface are they available? Add routes for them.
route add -net ХХХ.ХХХ.ХХХ.ХХХ netmask YYY.YYY.YYY.YYY gw ZZZ.ZZZ.ZZZ.ZZZ
3. In sip.conf, in the "general" section, in the "externip" parameter, specify the IP address of your interface 172.20. 42.6, and LAN address(es):
[general]
externip=172.20.42.6
localnet=192.168.92.0/255.255.255.0
localnet=net2/mask
localnet=net3/mask