Asterisk VOIP and pfSense IPSec VPN Clients

I had setup a pfSense 2.1 based IPSec VPN following the instructions at https://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0 which worked well for my mobile devices and machines.

However, using a SIP based softphone over VPN connecting to my workplace’s Asterisk based VOIP setup never really worked properly. I dabbled in changing the subnet masks, changing asterisk settings, phone settings, NAT and many other things – all of which didn’t really work. The maximum I was able to achieve was calling up *43 which is the echo number and hear my own voice.

The reason for it to not work was that my VPN setup was having a different IP Address range (e.g. 192.168.10.x/24), and my LAN network was different (say 192.168.5.x/24). This is how the VPN is setup, but this allows one way communication – my VPN clients can reach the LAN, but LAN cannot reach the VPN clients. So, Asterisk server, while signaling worked, the media didn’t. So the ring was there, but no voice, since it was trying to send it back to 192.168.10.x series and my pfSense box wasn’t passing it through.

The simple solution was adding a firewall rule in LAN settings, and allowing the LAN subnet to pass traffic to the 192.168.10.x/24 network (Protocol: any, Ports: any). By default it is blocked. And THEN I could ping my VPN clients from LAN too which was the ideal setup, even for remote troubleshooting.

Advertisements

Asterisk Basics, and Load Balancing via DUNDi

IMPORTANT: The configurations, that is, the code sections underneath are not wrapped. However, if you want to copy paste them, you can just select them and despite they being not visible to you, they’ll get copied into the clipboard. Otherwise you may want to refer to the PDF version.

Prepared by : Vivek Kapoor http://exain.com
Prepared on : 01 July 2010
PDF Version : Asterisk_Basics_Load_Balancing_DUNDi_Vivek_Kapoor

Purpose of this document

Asterisk is an open source PBX. Which means, you can setup your own little telephone exchange in your home/office environment. On a much larger usage, you may look forward to setting up a redundant phone setup wherein multiple boxes are interconnected with each other and provide some sort of failover capability and easier management, which is possible through something called DUNDi. This document aims to provide such a solution with a possibility of horizontal scaling instead of vertical scaling. So, this may mean that by using low-end commodity hardware, you can setup a strong telephone infrastructure which can cater to thousands of users.

Read the document carefully. Read it fully before you start implementing it. It is intentionally detailed so that you know what you’re doing.

Acknowledgements

All credit of this document goes to JR Richardson. I’m afraid I’ve not been able to find a suitable link for him, but his whitepapers and presentations are the ones which helped me move forward. And of course, Mark Spencer – the guy behind Asterisk. Without him this document wouldn’t have existed.

The writings by JR Richardson

Continue reading