[VOIPSEC] openvpn and voip
vtlists at wyae.de
Tue Aug 2 14:17:45 PDT 2005
On Tue, 02 Aug 2005 14:58:06 -0400
"Eric \"Skippy\" Hope" <ehope at intrex.net> wrote:
> Has anyone heard of or know about using openvpn with sip softphones?
Yes and no. We (http://www.innominate.com) do with our device attached
security appliances which works transparently with hardware phones, too...
We are using IPSec, but should be comparable to OpenVPN with respect to
Some ideas for the VPN:
- If you do not use the asterisk as 100% proxy (i.e. each and every voice is
routed over the asterisk), each system has to be able to reach each other
directly. You must have a fully meshed VPN.
- Ale all VoIP systems (= all softphones + asterisk server) within the
same VPN network?
- If you are not 100% sure, test a plain UDP connection between two phones
by setting up a connection with e.g. netcat. If that's working, the
problem is NOT the VPN. If you have problems, your full mesh has some
So if it's not a VPN issue, it has to be addressing:
- How do you address the VoIP phones? FQDN? Then see below.
"Phone number"? How's that configured in Asterisk?
- Dou you use DNS? Is Asterisk configured to do so? Do the FQDNs resolve
to the VPN or the public address? Where do the PTRs resolve to?
- Trace the SIP connection. I assume you are going from phone to registrar
(asterisk) to phone? What addresses are being used within the SIP
trialogue? Check at each single step (leaving the caller, reaching the
registrar, leaving the registrar, reaching the called).
Volker Tanger http://www.wyae.de/volker.tanger/
vtlists at wyae.de PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
More information about the Voipsec