[TriLUG] Tunneling SIP over OpenVPN
chander.ganesan at gmail.com
Tue Jul 22 10:28:25 EDT 2008
Chander Ganesan wrote:
> Mark Turner wrote:
>> This is almost certainly a firewall issue. Run tcpdump and see if you're
>> blocking the missing audio traffic.
> Yeah, actually I had thought of that and assumed (erroneously) that
> there wasn't an ipkg package for tcpdump for dd-wrt. Apparently there
> is one. I just installed it. However, it seems like the firewall is
> "off" altogether on the LAN side...the following commands are run:
> iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
> iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
> iptables -t filter -I INPUT -i tun0 -j ACCEPT
> iptables -t filter -I FORWARD -i tun0 -j ACCEPT
> 08:59:58.099474 IP polycom.5060 > 10.0.2.9.5060: SIP, length: 406
> 08:59:59.106785 IP 10.0.2.9.5060 > polycom.5060: SIP, length: 543
> 08:59:59.159703 IP polycom.5060 > 10.0.2.9.5060: SIP, length: 406
> 09:01:44.489171 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
> 09:01:44.493961 IP 10.0.2.9.11558 > polycom.2222: UDP, length 172
> 09:01:44.509291 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
> 09:01:44.513638 IP 10.0.2.9.11558 > polycom.2222: UDP, length 172
> 09:01:44.529179 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
So now it seems to work. I cannot, for the life of me, figure out why
though. Didn't work at all yesterday, nor did it work last weekend.
Seems to work very well too.
The only thing I can think of is that I overclocked the WRT to 250Mhz (a
heat sink has been added to the CPU to compensate for the extra heat.)
I had to jump through a bunch of hoops to get this whole setup working,
so if anyone wants to do the same, let me know...I have it decently
documented...and it will run on the WRT-54GL (I'm using a modded,
overclocked, WRT54G-TM, which has 8 MB of NVRAM and 32 MB of RAM) - lots
of room for extra apps on the router as well..
I have yet to put this in the field (that's tonite, when I go home), but
assuming that it works there, this is a great alternative to opening up
SIP ports on your firewall, and it obviates all the NAT issues that go
along with SIP...
More information about the TriLUG