[TriLUG] Tunneling SIP over OpenVPN

Chander Ganesan chander.ganesan at gmail.com
Tue Jul 22 10:28:25 EDT 2008


Okay...

Chander Ganesan wrote:
> Mark Turner wrote:
>   
>> This is almost certainly a firewall issue. Run tcpdump and see if you're 
>> blocking the missing audio traffic.
>>   
>>     
> Yeah, actually I had thought of that and assumed (erroneously) that 
> there wasn't an ipkg package for tcpdump for dd-wrt.  Apparently there 
> is one.  I just installed it.  However, it seems like the firewall is 
> "off" altogether on the LAN side...the following commands are run:
>
>     iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
>     iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
>     iptables -t filter -I INPUT -i tun0 -j ACCEPT
>     iptables -t filter -I FORWARD -i tun0 -j ACCEPT
>
> 08:59:58.099474 IP polycom.5060 > 10.0.2.9.5060: SIP, length: 406
> 08:59:59.106785 IP 10.0.2.9.5060 > polycom.5060: SIP, length: 543
> 08:59:59.159703 IP polycom.5060 > 10.0.2.9.5060: SIP, length: 406
>
> 09:01:44.489171 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
> 09:01:44.493961 IP 10.0.2.9.11558 > polycom.2222: UDP, length 172
> 09:01:44.509291 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
> 09:01:44.513638 IP 10.0.2.9.11558 > polycom.2222: UDP, length 172
> 09:01:44.529179 IP polycom.2222 > 10.0.2.9.11558: UDP, length 172
>
>   
So now it seems to work.  I cannot, for the life of me, figure out why 
though.  Didn't work at all yesterday, nor did it work last weekend.  
Seems to work very well too.

The only thing I can think of is that I overclocked the WRT to 250Mhz (a 
heat sink has been added to the CPU to compensate for the extra heat.)  
I had to jump through a bunch of hoops to get this whole setup working, 
so if anyone wants to do the same, let me know...I have it decently 
documented...and it will run on the WRT-54GL (I'm using a modded, 
overclocked, WRT54G-TM, which has 8 MB of NVRAM and 32 MB of RAM) - lots 
of room for extra apps on the router as well..

I have yet to put this in the field (that's tonite, when I go home), but 
assuming that it works there, this is a great alternative to opening up 
SIP ports on your firewall, and it obviates all the NAT issues that go 
along with SIP...

chander




More information about the TriLUG mailing list