K
K
Koran2018-09-04 03:44:28
Asterisk
Koran, 2018-09-04 03:44:28

Why Sip telephony over VPN can only work in one direction?

Good afternoon, dear ones!
There is an asterisk server in the park from the outside world hidden behind a firewall on Centos7. It was
required not to connect a couple of three phones. I chose the option through OpenVPN
At home, I installed the Fanvil x3s phone, set up an account and specified the configuration file and certificates,
for convenience I created a second account on the computer.
As a result, the Sip client on the computer connects perfectly, and the connection works in both directions.
And x3s connects, registers, can call, but it’s impossible to call him,
it seems that asterisk does not see him and thinks that the phone is not registered.
You can log in from the server from the asterisk to the web interface of the phone, the status in the phone is registered, and it can call itself.
What could be the plug, please advise!
client config openvpn
client
dev tun
dev-type tun
proto tcp
remote 165.236.34.3
port 1194
resolv-retry infinite
nobind
auth SHA1
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
remote-cert-tls server
verb 3
sndbuf 0
rcvbuf 0
comp-lzo
Since the client works fine from a computer, I sin on the phone, on some kind of built-in security.
phone without vpn
363/363 192.168.10.250 D Yes Yes A 5060 OK (24 ms)
sip client on computer
377/377 10.0.0.14 D Yes Yes A 5060 OK (5 ms)
sip phone
373/373 10.0.0.10 D No No A 5816 UNREACHABLE

Answer the question

In order to leave comments, you need to log in

3 answer(s)
G
Gansterito, 2018-09-04
@Gansterito

Use tcpdump to dump a pcap dump in the case of a SIP client and in the case of a SIP phone, then compare them (or post them here).
Maybe you have STUN configured on Fanvil, which misleads the phone?

D
Dmitry Chervonobab, 2018-09-17
@maddimons

Dump won't help you. In the dump, there will not even be an attempt by the PBX to make a call to the phone, because ...
if you have UNREACHABLE in front of your phone, then it will not work to call it.
With PBX ping on 10.0.0.10 exactly passes? Is the device responding to a ping? If the web opens, I suspect that the ping is ok.
Show on PBX iptables -L -n -v

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question