[TriLUG] Tunneling SIP over OpenVPN

Chander Ganesan chander at otg-nc.com
Tue Jul 22 10:03:05 EDT 2008 

Mark Turner wrote:
> This is almost certainly a firewall issue. Run tcpdump and see if you're 
> blocking the missing audio traffic.
>   
Yeah, actually I had thought of that and assumed (erroneously) that 
there wasn't an ipkg package for tcpdump for dd-wrt.  Apparently there 
is one.  I just installed it.  However, it seems like the firewall is 
"off" altogether on the LAN side...the following commands are run:

    iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
    iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
    iptables -t filter -I INPUT -i tun0 -j ACCEPT
    iptables -t filter -I FORWARD -i tun0 -j ACCEPT

Looking at TCPdump, I can see the following (just some excerpts):
08:59:55.303082 IP 10.0.2.9.5060 > polycom.5060: SIP, length: 408
08:59:55.305159 IP 10.0.2.9.5060 > polycom.5060: SIP, length: 476
08:59:55.418764 IP polycom.5060 > 10.0.2.9.5060: SIP, length: 664
08:59:55.425656 IP 10.0.2.9.5060 > polycom.5060: SIP, length: 408
08:59:55.429089 IP 10.0.2.9.5060 > polycom.5060: SIP, length: 476
08:59:55.431177 IP 10.0.2.9.5060 > polycom.5060: SIP, length: 487
08:59:55.493775 IP polycom.5060 > 10.0.2.9.5060: SIP, length: 481
08:59:56.502959 IP 10.0.2.9.5060 > polycom.5060: SIP, length: 543
08:59:56.567013 IP polycom.5060 > 10.0.2.9.5060: SIP, length: 406
08:59:58.022909 IP 10.0.2.9.5060 > polycom.5060: SIP, length: 543
08:59:58.099474 IP polycom.5060 > 10.0.2.9.5060: SIP, length: 406
08:59:59.106785 IP 10.0.2.9.5060 > polycom.5060: SIP, length: 543
08:59:59.159703 IP polycom.5060 > 10.0.2.9.5060: SIP, length: 406

09:01:44.373961 IP 10.0.2.9.11558 > polycom.2222: UDP, length 172
09:01:44.389167 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
09:01:44.393937 IP 10.0.2.9.11558 > polycom.2222: UDP, length 172
09:01:44.409165 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
09:01:44.414113 IP 10.0.2.9.11558 > polycom.2222: UDP, length 172
09:01:44.429188 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
09:01:44.434003 IP 10.0.2.9.11558 > polycom.2222: UDP, length 172
09:01:44.449169 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
09:01:44.453977 IP 10.0.2.9.11558 > polycom.2222: UDP, length 172
09:01:44.469170 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
09:01:44.473970 IP 10.0.2.9.11558 > polycom.2222: UDP, length 172
09:01:44.489171 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
09:01:44.493961 IP 10.0.2.9.11558 > polycom.2222: UDP, length 172
09:01:44.509291 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
09:01:44.513638 IP 10.0.2.9.11558 > polycom.2222: UDP, length 172
09:01:44.529179 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172


Thoughts?

thanks
> Cheers,
> --
> Mark
> www.markturner.net
>
> Chander Ganesan wrote:
>   
>> A little background...
>>
>> We use OpenVPN here as our VPN solution (works great, highly recommend 
>> it, fairly idiot-proof once installed, and is smart enough to only route 
>> specific networks through the VPN), and Asterisk here for our PBX.  
>> We've more-or-less standardized on Polycom Soundpoint IP 50x series 
>> phones for the office as well.
>>     


-- 
Chander Ganesan
Open Technology Group, Inc.
One Copley Parkway, Suite 210
Morrisville, NC  27560
919-463-0999/877-258-8987
http://www.otg-nc.com

More information about the TriLUG mailing list