So, I have a remote network I use for testing, I’ve discussed it before, here:
The original problem I brought up 4 years ago has been mostly fixed with a combination of things, newer openvpn code, faster OpenVPN gateways, and changes to the configuration.
The subnets involved are: 172.16.1.0/24 (the FreePBX 17 server is on this net) 192.168.1.0/24 (this is connected to the 172.16.1.0/24 subnet via a 2 port ethernet router) and 172.16.100.0/24
The 172.16.100.0/24 subnet is 100 miles away from the 172.16.1.0/24 subnet, connected by 2 Netgear Nighthawk routers running DD-WRT both with OpenVPN configured in a LAN2LAN configuration, similarly to the overview of how to do this located here:
RoutedLans – OpenVPN Community
nat is disabled on the client openvpn router.
I have verified NAT is not involved on EITHER of the DD-WRT routers with the
iptables -t nat -L -n -v
command run on each, as the tun interface is not listed as being masqueraded to.
All apps work normally. If I ssh into a server on the 172.16.100.0/24 subnet, from the 192.168.1.0/24 subnet, and run the w command, it shows me logged in from a 192.168.1.x IP address, not from a masqueraded public address.
I have a variety of Cisco and Polycom phones located on 172.16.100.0/24, 172.16.1.0/24 and 192.168.1.0/24
Calls between phones on each subnet work. All phones register into the FreePBX server no problem.
Calls to and from all phones (Cisco and Polycom) from the 172.16.1.0/24 and 192.168.1.0/24 subnets, as well as to the outside PSTN, work fine.
Calls from the Polycom phones on 172.16.100.0/24 to the PSTN and other phones and vis-versa, all work fine.
Calls from the Cisco phones on all networks, to other phones and to the PSTN work fine.
Calls from the PSTN to the Cisco phones on the 172.16.100.0/24 network have 1 way audio. The caller on the PSTN cannot hear the talker on a Cisco phone on the 172.16.100.0/24 network.
I have read and understand:
Easy Guide: How To Configure NAT For PJSIP Endpoints
Configuring res_pjsip to work through NAT - Asterisk Documentation
and have tried playing with all of the different options and no setting makes a difference. I’ve tried both chan_pjsip and chan_sip, tried setting and disabling NAT and no difference.
I have wireguard captures of the successful outgoing calls from the Polycom and Cisco phones, and wireguard captures of the successful incoming calls to the Polycom from the PSTN and the one-way, failed audio incoming calls from the PSTN to the Cisco phone.
The same problem exists on pjsip and chan sip with the Cisco phones not with the Polycom
I noticed this post:
OpenVPN + OpenWRT - General Help - FreePBX Community Forums
It’s the same problem with the Cisco SPA phones. (since Cisco developed their phones from what they bought from Linksys, this makes sense)
I can only conclude that even though OpenVPN is being told to NOT nat - it’s actually still rewriting the packets.
I know it’s a border case but I’d sure love to know what openVPN is doing behind the scenes with SIP traffic and why it works with 1 model phone and not others.