[TriLUG] Tunneling SIP over OpenVPN

Chander Ganesan chander at otg-nc.com
Tue Jul 22 09:19:20 EDT 2008 

A little background...

We use OpenVPN here as our VPN solution (works great, highly recommend 
it, fairly idiot-proof once installed, and is smart enough to only route 
specific networks through the VPN), and Asterisk here for our PBX.  
We've more-or-less standardized on Polycom Soundpoint IP 50x series 
phones for the office as well.

I'm trying to put a phone at the home of one of our employees, and am 
running into a bit of a problem.  I've configured a DD-WRT router as an 
OpenVPN endpoint (very nice!).  Basically, it is on the "lan" side of 
the firewall, and as such packets can flow freely through it (iptables 
is in accept/forward mode for that interface) both ways. 

The problem I have is with SIP.  A polycom on one side of the endpoint 
can communicate with the back-end asterisk server and register with no 
problems.  However, phone calls have some issues.  Voice is 
uni-directional, with some significant lag (the phone transmits audio, 
but does not receive it).  In my experience, this is typically a result 
of NAT, but I specifically have NAT disabled on that interface...so I'm 
at a loss.

As a side note, I'm not using bridging ...

Has anyone else tried/done this?  Any tips/pointers/suggestions?  I have 
the milkfish firmware installed, but I really don't want to go the 
milkfish route - unless I can install a local milkfish server and 
traffic never leaves my private network...

thanks

PS.  This setup, IMHO, is really cool.  I can put a $70 linksys at 
someones home or a remote office, they can plug their PC into it (any 
number of PC's actually), and get access to the corporate network.  It's 
basically a VPN endpoint that allows me to almost seamlessly extend my 
network, is secure, has some DoS prevention stuff in place, and is 
manageable from our main office....  I can go further with the endpoint 
to disallow attached devices by MAC, and even use syslogd to push logs 
to a central log server.  And once its out of the office, I can upgrade 
it remotely as needed...

-- 
Chander Ganesan
Open Technology Group, Inc.
One Copley Parkway, Suite 210
Morrisville, NC  27560
919-463-0999/877-258-8987
http://www.otg-nc.com

More information about the TriLUG mailing list