I have freepbx 14 set up and working internally on my LAN, I dont have pbx internet facing so i VPN into my network to make an internal call. Everything works fine as long as im on my LAN and no VPN, The moment i VPN into my LAN I cant get audio to my softphone. I have some logs of ‘asterisk -rvvvv’ of a succesful LAN call and the one way audio VPN call and it seems to me that RTP is setting the wrong IP.
My wireguard host has ip of 10.0.0.201, the wireguard interface/server is 10.100.100.1 and my phone is 10.100.100.2. When i make a call thru VPN first RTP says 10.100.100.2:xxxx than a few lines down it changes it to 10.0.0.201. I think this is where the problem is and IDK how to fix it. any insight would be helpful.
Ive added my external IP to network settings and added 10.0.0.0/255.0.0.0 under local networks (and rebooted), Intrusion detection and firewall are off for now until i resolve this issue, all other nat settings are stock. I changed chan_sip to 5060 but other than that its fairly stock. Id like to be able to vpn ini instead of having it initernet facing. Ive seen alot of instructions regarding openvpn or other protocols that work on level 2 but wireguard is level 3, could that be causing the issue? Or is there an iptables rule i need to implement on my wireguard host?
Thanks!
OK, I PLZ READ and you need to supply more details.
A SIP DEBUG of the call would have gone a lone way to solving this.
One-way audio is almost always a NAT issue, so you need to tell us about your NAT settings and network setting in both the softphone and the Advanced Settings for your SIP connections in Asterisk.
There are other issues that cause one-way audio, but none of those look like they apply here. Somewhere, one of your connections is losing it on NAT. The fact that the address is changing is (as you noted) a likely symptom of the problem, and a SIP DEBUG from the Asterisk CLI should help you tune that up.
Thanks, here are some sip trace logs for failed via vpn and succesful via LAN, also i did asterisk -rvvvv and will post logs for a VPN call and a LAN call.
My network is an ISP combo router, using 10.0.0.0/24 for subnet, no advanced settings in this unit i can get to. Default firewall is set to low, no SIP or anything advanced I can find. its an xb6 technicolor (broadcom) router/modem/AP.
freePBX (10.0.0.152) and my wireguard host (10.0.0.201/ubuntu 18.04) are virtualized in proxmox, both using a bridged interface from my host. wireguard interface on ubuntu is 10.100.100.1 and the peer is 10.100.100.2
(I have an extra NIC I could use to give freePBX its own physical interface?)
NAT and network settings for softphone -> no nat settings at all i can find, its set to connect to 10.0.0.152 via udp. (Linphone from F-droid repo)
Settings in Asterisk SIP Settings ->
General SIP -> NAT settings -
External IP: (correct WAN IP)
Local networks: 10.0.0.0/255.0.0.0
chan_SIP settings ->
NAT settings -
NAT: yes
IP Configuration: Static with correct WAN IP in ‘override external IP’
Ended up adding wireguard to freepbx host machine and all is well now.
I tried all sorts of different iptables rules with SNAT, DNAT, and other tricks to try and make it work but I just couldnt figure it out so i installed wireguard onto freepbx (centOS 7) which means i have my wg port internet facing. I have an iptables rule to only allow my wg peer IP to pass thru to the machine so hopefully that does the trick.
If anyone wants to further try and figure out the original problem with me I will go through the steps with you.