Monday, July 13, 2020

SIP phone and NAT: No audio

I have the following setup:

  • 192.168.0.1 is a SIP server and internet router.
  • 192.168.0.2 is an OpenVPN server in TAP mode, i.e. it bridges its eth0 with the vpnserver interface.
  • A remote RPi Wi-Fi AP acts as OpenVPN client getting 192.168.0.100 on tap0 and providing VPN tunneled internet on 192.168.4.0/24 for its WiFi clients using NAT. Kernel modules nf_conntrack_sip and nf_nat_sip are loaded upon boot and -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT following this note.
  • 192.168.0.1 has a static route 192.168.4.0/24 via 192.168.0.2.
  • SIP Wi-Fi-phone at 192.168.4.2.

I have Internet on 192.168.4.0/24 and registering the SIP phone at 192.168.0.1 and connecting calls works, but there is no audio.

Details:

RPi # iptables -S

-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i wl0 -o tap0 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

RPi # iptables -S -t nat

-P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -A POSTROUTING -o tap0 -j MASQUERADE

OpenVPN server # iptables -S

-N forwarding_vpnserver_rule -N input_vpnserver_rule -N output_vpnserver_rule -N zone_vpnserver_dest_ACCEPT -N zone_vpnserver_dest_REJECT -N zone_vpnserver_forward -N zone_vpnserver_input -N zone_vpnserver_output -N zone_vpnserver_src_ACCEPT -A zone_vpnserver_forward -m comment --comment "!fw3: Custom vpnserver forwarding rule chain" -j forwarding_vpnserver_rule -A zone_vpnserver_forward -m comment --comment "!fw3: Zone vpnserver to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_vpnserver_forward -m comment --comment "!fw3: Zone vpnserver to lan forwarding policy" -j zone_lan_dest_ACCEPT -A zone_vpnserver_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_vpnserver_forward -m comment --comment "!fw3" -j zone_vpnserver_dest_REJECT -A zone_vpnserver_input -m comment --comment "!fw3: Custom vpnserver input rule chain" -j input_vpnserver_rule -A zone_vpnserver_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_vpnserver_input -m comment --comment "!fw3" -j zone_vpnserver_src_ACCEPT -A zone_vpnserver_output -m comment --comment "!fw3: Custom vpnserver output rule chain" -j output_vpnserver_rule -A zone_vpnserver_output -m comment --comment "!fw3" -j zone_vpnserver_dest_ACCEPT


at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)