[VOIPSEC] openvpn and voip

Volker Tanger vtlists at wyae.de
Tue Aug 2 14:17:45 PDT 2005


Greetings!

On Tue, 02 Aug 2005 14:58:06 -0400
"Eric \"Skippy\" Hope" <ehope at intrex.net> wrote:
>
> Has anyone heard of or know about using openvpn with sip softphones?  

Yes and no. We (http://www.innominate.com) do with our device attached
security appliances which works transparently with hardware phones, too...
We are using IPSec, but should be comparable to OpenVPN with respect to 
your issues.

Some ideas for the VPN:

- If you do not use the asterisk as 100% proxy (i.e. each and every voice is
  routed over the asterisk), each system has to be able to reach each other
  directly. You must have a fully meshed VPN.

- Ale all VoIP systems (= all softphones + asterisk server) within the
  same VPN network? 
  
- If you are not 100% sure, test a plain UDP connection between two phones
  by setting up a connection with e.g. netcat. If that's working, the
  problem is NOT the VPN. If you have problems, your full mesh has some
  holes.
  
  
So if it's not a VPN issue, it has to be addressing:

- How do you address the VoIP phones? FQDN? Then see below.
  "Phone number"? How's that configured in Asterisk?

- Dou you use DNS? Is Asterisk configured to do so? Do the FQDNs resolve
  to the VPN or the public address? Where do the PTRs resolve to?

- Trace the SIP connection. I assume you are going from phone to registrar
  (asterisk) to phone? What addresses are being used within the SIP
  trialogue? Check at each single step (leaving the caller, reaching the
  registrar, leaving the registrar, reaching the called).

Good luck!

Volker


-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists at wyae.de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB




More information about the Voipsec mailing list