Remote Extensions

Hi there,

I am able to make and receive calls to a remote FXS gateway but there is no audio.

I’m using the VPN on Freepbx (Asterisk v19, Freepbx v16) to connect to a HT818 Gateway at a remote site (using the FreePBX FQDN). The remote gateway is connected to the internet router through a wireless extender ethernet port (only viable way). I’ve set each endpoint as an extension (rather than using trunks). I’ve set up port forwarding for RTP and SIP with the port numbers configured in the settings (10000-20000 and 5060-5078). I’ve looked at the Asterisk log but nothing much shows there for the RTP packets / codec information. I’ve also tried disabling the firewalls.

On the remote gateway, I’ve enabled NAT (Keep alive on the HT818 with qualify turned off on both the HT818 and Freepbx settings). I’ve tried the options/notify setting but I am unclear if that should be chosen. I’ve double checked the codecs (ulaw and alaw) are configured on the HT818, FreePBX and GXW4232.

I believe NAT isn’t required for the remote extension settings on the Freepbx as those extensions are on the VPN? I’ve tried with NAT anyway.

Regarding the SIP range for port forwarding, is it required or should it just be 5060?

Also, the routers at both ends (Virgin Media Hitron Chita, and Hitron CGNV4 Router) have 4 RJ11 phone ports, so could the routers be interfering with the RTP packets with overlapping port ranges? We use 2 of them for the PSTN lines. They mimic the PSTN audio. I asked them but neither the customer service team nor the engineer could answer that question. The engineer even called his office.

I feel like I might have missed something obvious but I can’t find the answer after searching this forum.

I really appreciate any help.

If your using the inbuilt OpenVPN server

  1. NAT is not required
  2. Make sure is in the SIP settings for local networks
  3. Make sure the extension(s) are registered to Server in ATA)
  4. Port forwarding not required as all SIP-RTP transverse the OpenVPN connection

For all this above to be true the OpenVPN client needs to be the ATA, that is the ca, cert and key are uploaded into the ATA and OpenVPN enabled, when connected you should see a 10.8.0.x IP address in the status page of the ATA

Also some Grandstream devices in the account setting “NAT Transversal” select OpenVPN

So the NAT option on the remote gateway is ‘VPN’ which I’ve selected
Primary SIP Server on remote gateway is
Proxy on remote gateway is the FQDN
Using notepad to copy and paste, I’ve used the client key, ca, certificate (from the UCP on the Freepbx) into the ‘OpenVPN’ settings.
I’ve selected RSA-Sha256 for the digest and BF-CBC for the encryption type which I found from reading the certificate file
I’ve turned of NAT for the extensions and in the SIP settings

Tell me if I’ve done anything wrong above.
Also, should I remove “-----BEGIN CERTIFICATE-----” and “-----END CERTIFICATE-----” and “-----BEGIN PRIVATE KEY-----” and “-----END PRIVATE KEY-----” from the certificate and text on the remote gateway or leave it as it is?
I was also wondering if the Primary SIP server is the address, what should be the OpenVPN server or should that be as well?

Thanks for your help

Windows “notepad” uses a ‘non linux’ way of representing ‘end of line’ characters, which might mess up your pasted keys, , (leave the END,BEGIN qualifiers in though)

Leave all, copy exactly as is
Remove proxy not required

Thanks so much, it’s all working. Port forwarding set up just for VPN.

At first, I couldn’t get them to register but I found that the IP address assigned to the gateway was banned, so I’ve whitelisted it.

When the certificate expires, do I manually have to update them on the gateway?

Yes but have a look at URL for OpenVPN cert download to phone - #3 by MacDonald9

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.