Remote SIP over VPN doesn't work

I have a FreePBX server working and a new OpenVPN server.
The VPN server has a iptables rule that masquerades all outgoing traffic. With a tcpdump at FreePBX server i see packets coming from 192.168.x.x but from asterisk console i see that the extension address is 10.8.x.x (the VPN client IP).

In practice, i am able to call from remote (client over VPN) to local extension. In this case, voice (sound) going from remote to local works fine. But the other way, local voice going to remote extension doesn’t works.
I am not able to call from local extension to remote over VPN.

Sorry for my bad english and i hope that you all can understand me.

Thanks!

Enable SIP debug, try a call from remote to local and look at the IPs, you will probably find that the IPs are not being correctly detected. You can start from there.

Thanks for the quick response!
I just did what you said and this is what i see:

Unable to get IP address of peer '15453'
    -- Unregistered SIP '15453'
    -- Registered SIP '15453' at 10.8.0.9:32772
[2018-03-27 09:13:25] NOTICE[2531]: chan_sip.c:29190 sip_poke_noanswer: Peer '15453' is now UNREACHABLE!  Last qualify: 0
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
    -- Executing [[email protected]:1] GotoIf("SIP/15453-00000006", "0?ext-local,5453,1") in new stack
    -- Executing [[email protected]:2] Macro("SIP/15453-00000006", "user-callerid,") in new stack
    -- Executing [[email protected]:1] Set("SIP/15453-00000006", "TOUCH_MONITOR=1522152806.22") in new stack
    -- Executing [[email protected]:2] Set("SIP/15453-00000006", "AMPUSER=15453") in new stack
    -- Executing [[email protected]:3] GotoIf("SIP/15453-00000006", "0?report") in new stack
    -- Executing [[email protected]:4] ExecIf("SIP/15453-00000006", "1?Set(REALCALLERIDNUM=15453)") in new stack
    -- Executing [[email protected]:5] Set("SIP/15453-00000006", "AMPUSER=15453") in new stack
    -- Executing [[email protected]:6] GotoIf("SIP/15453-00000006", "0?limit") in new stack
    -- Executing [[email protected]:7] Set("SIP/15453-00000006", "AMPUSERCIDNAME=Roberto Iglesias Cel") in new stack
    -- Executing [[email protected]:8] GotoIf("SIP/15453-00000006", "0?report") in new stack
    -- Executing [[email protected]:9] Set("SIP/15453-00000006", "AMPUSERCID=15453") in new stack
    -- Executing [[email protected]:10] Set("SIP/15453-00000006", "__DIAL_OPTIONS=TtrwW") in new stack
    -- Executing [[email protected]:11] Set("SIP/15453-00000006", "CALLERID(all)="Roberto Iglesias Cel" <15453>") in new stack
    -- Executing [[email protected]:12] GotoIf("SIP/15453-00000006", "0?limit") in new stack
    -- Executing [[email protected]:13] ExecIf("SIP/15453-00000006", "0?Set(GROUP(concurrency_limit)=15453)") in new stack
    -- Executing [[email protected]:14] GosubIf("SIP/15453-00000006", "7?sub-ccss,s,1(from-internal,5453)") in new stack
    -- Executing [[email protected]:1] ExecIf("SIP/15453-00000006", "0?Return()") in new stack
    -- Executing [[email protected]:2] Set("SIP/15453-00000006", "CCSS_SETUP=TRUE") in new stack
    -- Executing [[email protected]:3] GosubIf("SIP/15453-00000006", "0?monitor_config,1(from-internal,5453):monitor_default,1(from-internal,5453)") in new stack
    -- Executing [[email protected]:1] GotoIf("SIP/15453-00000006", "1?is_exten") in new stack
    -- Goto (sub-ccss,monitor_default,4)
    -- Executing [[email protected]:4] Set("SIP/15453-00000006", "CALLCOMPLETION(cc_monitor_policy)=generic") in new stack
    -- Executing [[email protected]:5] Set("SIP/15453-00000006", "CALLCOMPLETION(cc_max_monitors)=5") in new stack
    -- Executing [[email protected]:6] Return("SIP/15453-00000006", "TRUE") in new stack
    -- Executing [[email protected]:4] GosubIf("SIP/15453-00000006", "7?agent_config,1():agent_default,1()") in new stack
    -- Executing [[email protected]:1] Set("SIP/15453-00000006", "CALLCOMPLETION(cc_agent_policy)=generic") in new stack
    -- Executing [[email protected]:2] Set("SIP/15453-00000006", "CALLCOMPLETION(cc_offer_timer)=30") in new stack
    -- Executing [[email protected]:3] Set("SIP/15453-00000006", "CALLCOMPLETION(ccbs_available_timer)=") in new stack
    -- Executing [[email protected]:4] Set("SIP/15453-00000006", "CALLCOMPLETION(ccnr_available_timer)=") in new stack
    -- Executing [[email protected]:5] Set("SIP/15453-00000006", "CALLCOMPLETION(cc_callback_macro)=ccss-default") in new stack
[2018-03-27 09:13:26] WARNING[2881][C-0000000a]: ccss.c:1000 ast_set_cc_callback_macro: Usage of cc_callback_macro is deprecated.  Please use cc_callback_sub instead.
    -- Executing [[email protected]:6] ExecIf("SIP/15453-00000006", "1?Set(CALLCOMPLETION(cc_recall_timer)=)") in new stack
    -- Executing [[email protected]:7] ExecIf("SIP/15453-00000006", "1?Set(CALLCOMPLETION(cc_max_agents)=)") in new stack
    -- Executing [[email protected]:8] ExecIf("SIP/15453-00000006", "0?Set(CALLCOMPLETION(cc_agent_dialstring)=Local/[email protected])") in new stack
    -- Executing [[email protected]:9] Set("SIP/15453-00000006", "CALLCOMPLETION(cc_callback_macro)=ccss-default") in new stack
[2018-03-27 09:13:26] WARNING[2881][C-0000000a]: ccss.c:1000 ast_set_cc_callback_macro: Usage of cc_callback_macro is deprecated.  Please use cc_callback_sub instead.
    -- Executing [[email protected]:10] Return("SIP/15453-00000006", "") in new stack
    -- Executing [[email protected]:5] Set("SIP/15453-00000006", "DB(AMPUSER/15453/ccss/last_number)=5453") in new stack
    -- Executing [[email protected]:6] Return("SIP/15453-00000006", "") in new stack
    -- Executing [[email protected]d:15] GotoIf("SIP/15453-00000006", "0?continue") in new stack
    -- Executing [[email protected]:16] Set("SIP/15453-00000006", "__TTL=64") in new stack
    -- Executing [[email protected]:17] GotoIf("SIP/15453-00000006", "1?continue") in new stack
    -- Goto (macro-user-callerid,s,28)
    -- Executing [[email protected]:28] Set("SIP/15453-00000006", "CALLERID(number)=15453") in new stack
    -- Executing [[email protected]:29] Set("SIP/15453-00000006", "CALLERID(name)=Roberto Iglesias Cel") in new stack
    -- Executing [[email protected]:30] Set("SIP/15453-00000006", "CDR(cnum)=15453") in new stack
    -- Executing [[email protected]:31] Set("SIP/15453-00000006", "CDR(cnam)=Roberto Iglesias Cel") in new stack
    -- Executing [[email protected]:32] Set("SIP/15453-00000006", "CHANNEL(language)=es") in new stack
    -- Executing [[email protected]:3] Set("SIP/15453-00000006", "DIAL_OPTIONS=TtrwWI") in new stack
    -- Executing [[email protected]:4] Set("SIP/15453-00000006", "CONNECTEDLINE(num)=5453") in new stack
    -- Executing [[email protected]:5] Gosub("SIP/15453-00000006", "sub-presencestate-display,s,1(5453)") in new stack
[2018-03-27 09:13:26] NOTICE[2881][C-0000000a]: func_presencestate.c:269 custom_presence_callback: Not doing any base64 decoding
    -- Executing [[email protected]:1] Goto("SIP/15453-00000006", "state-available,1") in new stack
    -- Goto (sub-presencestate-display,state-available,1)
    -- Executing [[email protected]:1] Set("SIP/15453-00000006", "PRESENCESTATE_DISPLAY=(Available)") in new stack
    -- Executing [[email protected]:2] Return("SIP/15453-00000006", "") in new stack
    -- Executing [[email protected]:6] Set("SIP/15453-00000006", "CONNECTEDLINE(name,i)=Roberto Iglesias(Available)") in new stack
    -- Executing [[email protected]:7] Set("SIP/15453-00000006", "FM_DIALSTATUS=NOT_INUSE") in new stack
    -- Executing [[email protected]:8] Set("SIP/15453-00000006", "__EXTTOCALL=5453") in new stack
    -- Executing [[email protected]:9] Set("SIP/15453-00000006", "__PICKUPMARK=5453") in new stack
    -- Executing [[email protected]:10] Macro("SIP/15453-00000006", "blkvm-setifempty,") in new stack
    -- Executing [[email protected]:1] GotoIf("SIP/15453-00000006", "1?init") in new stack
    -- Goto (macro-blkvm-setifempty,s,4)
    -- Executing [[email protected]:4] Set("SIP/15453-00000006", "__BLKVM_CHANNEL=SIP/15453-00000006") in new stack
    -- Executing [[email protected]:5] Set("SIP/15453-00000006", "SHARED(BLKVM,SIP/15453-00000006)=TRUE") in new stack
    -- Executing [[email protected]:6] Set("SIP/15453-00000006", "GOSUB_RETVAL=TRUE") in new stack
    -- Executing [[email protected]:7] MacroExit("SIP/15453-00000006", "") in new stack
    -- Executing [[email protected]:11] GotoIf("SIP/15453-00000006", "1?skipov") in new stack
    -- Goto (from-internal,5453,14)
    -- Executing [[email protected]:14] Set("SIP/15453-00000006", "RRNODEST=") in new stack
    -- Executing [[email protected]:15] Set("SIP/15453-00000006", "__NODEST=5453") in new stack
    -- Executing [[email protected]:16] GosubIf("SIP/15453-00000006", "0?sub-fmsetcid,s,1()") in new stack
    -- Executing [[email protected]:17] Set("SIP/15453-00000006", "RecordMethod=Group") in new stack
    -- Executing [[email protected]:18] Gosub("SIP/15453-00000006", "sub-record-check,s,1(exten,5453,)") in new stack
    -- Executing [[email protected]:1] Set("SIP/15453-00000006", "REC_POLICY_MODE_SAVE=") in new stack
    -- Executing [[email protected]:2] GotoIf("SIP/15453-00000006", "1?check") in new stack
    -- Goto (sub-record-check,s,7)
    -- Executing [[email protected]:7] Set("SIP/15453-00000006", "__MON_FMT=wav") in new stack
    -- Executing [[email protected]:8] GotoIf("SIP/15453-00000006", "1?next") in new stack
    -- Goto (sub-record-check,s,11)
    -- Executing [[email protected]:11] ExecIf("SIP/15453-00000006", "0?Return()") in new stack
    -- Executing [[email protected]:12] ExecIf("SIP/15453-00000006", "0?Set(__REC_POLICY_MODE=)") in new stack
    -- Executing [[email protected]:13] GotoIf("SIP/15453-00000006", "0?exten,1") in new stack
    -- Executing [[email protected]:14] Set("SIP/15453-00000006", "__REC_STATUS=INITIALIZED") in new stack
    -- Executing [[email protected]:15] Set("SIP/15453-00000006", "NOW=1522152806") in new stack
    -- Executing [[email protected]:16] Set("SIP/15453-00000006", "__DAY=27") in new stack
    -- Executing [[email protected]:17] Set("SIP/15453-00000006", "__MONTH=03") in new stack
    -- Executing [[email protected]:18] Set("SIP/15453-00000006", "__YEAR=2018") in new stack
    -- Executing [[email protected]:19] Set("SIP/15453-00000006", "__TIMESTR=20180327-091326") in new stack
    -- Executing [[email protected]:20] Set("SIP/15453-00000006", "__FROMEXTEN=15453") in new stack
    -- Executing [[email protected]:21] Set("SIP/15453-00000006", "__CALLFILENAME=exten-5453-15453-20180327-091326-1522152806.22") in new stack
    -- Executing [[email protected]:22] Goto("SIP/15453-00000006", "exten,1") in new stack
    -- Goto (sub-record-check,exten,1)
    -- Executing [[email protected]:1] GotoIf("SIP/15453-00000006", "0?callee") in new stack
    -- Executing [[email protected]:2] Set("SIP/15453-00000006", "__REC_POLICY_MODE=dontcare") in new stack
    -- Executing [[email protected]:3] GotoIf("SIP/15453-00000006", "1?caller") in new stack
    -- Goto (sub-record-check,exten,10)
    -- Executing [[email protected]:10] Set("SIP/15453-00000006", "__REC_POLICY_MODE=dontcare") in new stack
    -- Executing [[email protected]:11] GosubIf("SIP/15453-00000006", "0?record,1(exten,5453,15453)") in new stack
    -- Executing [[email protected]:12] Return("SIP/15453-00000006", "") in new stack
    -- Executing [[email protected]:19] Set("SIP/15453-00000006", "RingGroupMethod=ringallv2") in new stack
    -- Executing [[email protected]:20] Set("SIP/15453-00000006", "_FMGRP=5453") in new stack
    -- Executing [[email protected]:21] GotoIf("SIP/15453-00000006", "0?doconfirm") in new stack
    -- Executing [[email protected]:22] Macro("SIP/15453-00000006", "dial,40,TtrwWI,5453-15453") in new stack
    -- Executing [[email protected]:1] GotoIf("SIP/15453-00000006", "1?dial") in new stack
    -- Goto (macro-dial,s,3)
    -- Executing [[email protected]:3] AGI("SIP/15453-00000006", "dialparties.agi") in new stack
    -- Launched AGI Script /var/lib/asterisk/agi-bin/dialparties.agi
 dialparties.agi: Starting New Dialparties.agi
 dialparties.agi: Caller ID name is 'Roberto Iglesias Cel' number is '15453'
       > dialparties.agi: USE_CONFIRMATION:  'FALSE'
       > dialparties.agi: RINGGROUP_INDEX:   ''
 dialparties.agi: Methodology of ring is  'ringallv2'
    -- dialparties.agi: Added extension 5453 to extension map
    -- dialparties.agi: Added extension 15453 to extension map
       > dialparties.agi: got fmgrp_prering: 2, fmgrp_grptime: 40
       > dialparties.agi: fmgrp_totalprering: 42
       > dialparties.agi: found extension in pre-ring and array
       > dialparties.agi: ringallv2 ring times: REALPRERING: 42, PRERING: 2
    -- dialparties.agi: Extension 5453 cf is disabled
    -- dialparties.agi: Extension 15453 cf is disabled
    -- dialparties.agi: Extension 5453 do not disturb is disabled
    -- dialparties.agi: Extension 15453 do not disturb is disabled
       > dialparties.agi: extnum 5453 has:  cw: 1; hascfb: 0 [] hascfu: 0 []
    -- dialparties.agi: dbset CALLTRACE/5453 to 15453
       > dialparties.agi: extnum 15453 has:  cw: 1; hascfb: 0 [] hascfu: 0 []
    -- dialparties.agi: dbset CALLTRACE/15453 to 15453
    -- dialparties.agi: Filtered ARG3: 5453-15453
       > dialparties.agi: NODEST: 5453 adding M(auto-blkvm) to dialopts: TtrwWIM(auto-blkvm)
       > dialparties.agi: NODEST: 5453 blkvm enabled macro already in dialopts: TtrwWIM(auto-blkvm)
    -- <SIP/15453-00000006>AGI Script dialparties.agi completed, returning 0
    -- Executing [[email protected]:7] Dial("SIP/15453-00000006", "Local/F[email protected]&Local/[email protected],42,TtrwWIM(auto-blkvm)") in new stack
    -- Called Local/[email protected]
    -- Executing [[email protected]:1] NoCDR("Local/[email protected];2", "") in new stack
    -- Called Local/[email protected]
    -- Executing [[email protected]:2] Set("Local/[email protected];2", "RingGroupMethod=") in new stack
    -- Executing [[email protected]:1] NoCDR("Local/[email protected];2", "") in new stack
    -- Executing [[email protected]:3] Set("Local/[email protected];2", "USE_CONFIRMATION=") in new stack
    -- Executing [[email protected]:2] Set("Local/[email protected];2", "ENDLOOP=1522152808") in new stack
    -- Executing [[email protected]:3] GotoIf("Local/[email protected];2", "0?dodnd") in new stack
    -- Executing [[email protected]:4] Wait("Local/[email protected];2", "1") in new stack
    -- Executing [[email protected]:4] Set("Local/[email protected];2", "RINGGROUP_INDEX=") in new stack
    -- Executing [[email protected]:5] Macro("Local/[email protected];2", "simple-dial,5453,42") in new stack
    -- Executing [[email protected]:1] Set("Local/[email protected];2", "__EXTTOCALL=5453") in new stack
    -- Executing [[email protected]:2] Set("Local/[email protected];2", "RT=42") in new stack
    -- Executing [[email protected]:3] Set("Local/[email protected];2", "CFUEXT=") in new stack
    -- Executing [[email protected]:4] Set("Local/[email protected];2", "CFBEXT=") in new stack
    -- Executing [[email protected]:5] Set("Local/[email protected];2", "CWI_TMP=") in new stack
    -- Executing [[email protected]:6] Macro("Local/[email protected];2", "dial-one,42,TtrwW,5453") in new stack
    -- Executing [[email protected]:1] Set("Local/[email protected];2", "DEXTEN=5453") in new stack
    -- Executing [[email protected]:2] Set("Local/[email protected];2", "DIALSTATUS_CW=") in new stack
    -- Executing [[email protected]:3] GosubIf("Local/[email protected];2", "0?screen,1()") in new stack
    -- Executing [[email protected]:4] GosubIf("Local/[email protected];2", "0?cf,1()") in new stack
    -- Executing [[email protected]:5] GotoIf("Local/[email protected];2", "1?skip1") in new stack
    -- Goto (macro-dial-one,s,8)
    -- Executing [[email protected]:8] GotoIf("Local/[email protected];2", "0?nodial") in new stack
    -- Executing [[email protected]:9] GotoIf("Local/[email protected];2", "0?continue") in new stack
    -- Executing [[email protected]:10] Set("Local/[email protected];2", "EXTHASCW=ENABLED") in new stack
    -- Executing [[email protected]:11] GotoIf("Local/[email protected];2", "0?next1:cwinusebusy") in new stack
    -- Goto (macro-dial-one,s,23)
    -- Executing [[email protected]:23] GotoIf("Local/[email protected];2", "1?next3:continue") in new stack
    -- Goto (macro-dial-one,s,24)
    -- Executing [[email protected]:24] ExecIf("Local/[email protected];2", "0?Set(DIALSTATUS_CW=BUSY)") in new stack
    -- Executing [[email protected]:25] GotoIf("Local/[email protected];2", "0?nodial") in new stack
    -- Executing [[email protected]:26] GosubIf("Local/[email protected];2", "1?dstring,1():dlocal,1()") in new stack
    -- Executing [[email protected]:1] Set("Local/[email protected];2", "DSTRING=") in new stack
    -- Executing [[email protected]:2] Set("Local/[email protected];2", "DEVICES=5453") in new stack
    -- Executing [[email protected]:3] ExecIf("Local/[email protected];2", "0?Return()") in new stack
    -- Executing [[email protected]:4] ExecIf("Local/[email protected]3;2", "0?Set(DEVICES=453)") in new stack
    -- Executing [[email protected]:5] Set("Local/[email protected];2", "LOOPCNT=1") in new stack
    -- Executing [[email protected]:6] Set("Local/[email protected];2", "ITER=1") in new stack
    -- Executing [[email protected]:7] Set("Local/[email protected];2", "THISDIAL=SIP/5453") in new stack
    -- Executing [[email protected]:8] GosubIf("Local/[email protected];2", "1?zap2dahdi,1()") in new stack
    -- Executing [[email protected]:1] ExecIf("Local/[email protected];2", "0?Return()") in new stack
    -- Executing [[email protected]:2] Set("Local/[email protected];2", "NEWDIAL=") in new stack
    -- Executing [[email protected]:3] Set("Local/[email protected];2", "LOOPCNT2=1") in new stack
    -- Executing [[email protected]:4] Set("Local/[email protected];2", "ITER2=1") in new stack
    -- Executing [[email protected]:5] Set("Local/[email protected];2", "THISPART2=SIP/5453") in new stack
    -- Executing [[email protected]:6] ExecIf("Local/[email protected];2", "0?Set(THISPART2=DAHDI/5453)") in new stack
    -- Executing [[email protected]:7] Set("Local/[email protected];2", "NEWDIAL=SIP/5453&") in new stack
    -- Executing [[email protected]:8] Set("Local/[email protected];2", "ITER2=2") in new stack
    -- Executing [[email protected]:9] GotoIf("Local/[email protected];2", "0?begin2") in new stack
    -- Executing [[email protected]:10] Set("Local/[email protected];2", "THISDIAL=SIP/5453") in new stack
    -- Executing [[email protected]:11] Return("Local/[email protected];2", "") in new stack
    -- Executing [[email protected]:9] Set("Local/[email protected];2", "DSTRING=SIP/5453&") in new stack
    -- Executing [[email protected]:10] Set("Local/[email protected];2", "ITER=2") in new stack
    -- Executing [[email protected]:11] GotoIf("Local/[email protected];2", "0?begin") in new stack
    -- Executing [[email protected]:12] Set("Local/[email protected];2", "DSTRING=SIP/5453") in new stack
    -- Executing [[email protected]:13] Return("Local/[email protected];2", "") in new stack
    -- Executing [[email protected]:27] GotoIf("Local/[email protected];2", "0?nodial") in new stack
    -- Executing [[email protected]:28] GotoIf("Local/[email protected];2", "0?skiptrace") in new stack
    -- Executing [[email protected]:29] GosubIf("Local/[email protected];2", "1?ctset,1():ctclear,1()") in new stack
    -- Executing [[email protected]:1] Set("Local/[email protected];2", "DB(CALLTRACE/5453)=15453") in new stack
    -- Executing [[email protected]:2] Return("Local/[email protected];2", "") in new stack
    -- Executing [[email protected]:30] Set("Local/[email protected];2", "D_OPTIONS=TtrwWM(auto-blkvm)") in new stack
    -- Executing [[email protected]:31] ExecIf("Local/[email protected];2", "0?SIPAddHeader(Alert-Info: )") in new stack
    -- Executing [[email protected]:32] ExecIf("Local/[email protected];2", "0?SIPAddHeader()") in new stack
    -- Executing [[email protected]:33] ExecIf("Local/[email protected];2", "0?Set(CHANNEL(musicclass)=)") in new stack
    -- Executing [[email protected]:34] GosubIf("Local/[email protected];2", "0?qwait,1()") in new stack
    -- Executing [[email protected]:35] Set("Local/[email protected];2", "__CWIGNORE=") in new stack
    -- Executing [[email protected]:36] Set("Local/[email protected];2", "__KEEPCID=TRUE") in new stack
    -- Executing [[email protected]:37] GotoIf("Local/[email protected];2", "0?usegoto,1") in new stack
    -- Executing [[email protected]:38] GotoIf("Local/[email protected];2", "1?godial") in new stack
    -- Goto (macro-dial-one,s,43)
    -- Executing [[email protected]:43] Dial("Local/[email protected];2", "SIP/5453,42,TtrwWM(auto-blkvm)") in new stack
  == Using SIP RTP TOS bits 184
  == Using SIP RTP CoS mark 5
    -- Called SIP/5453
    -- Connected line update to SIP/15453-00000006 prevented.
    -- Connected line update to SIP/15453-00000006 prevented.
    -- SIP/5453-00000007 is ringing
    -- Local/[email protected];1 is ringing
    -- Executing [[email protected]:5] GotoIf("Local/[email protected];2", "1?start") in new stack
    -- Goto (from-internal,FMGL-15453,3)
    -- Executing [[email protected]:3] GotoIf("Local/[email protected];2", "0?dodnd") in new stack
    -- Executing [[email protected]:4] Wait("Local/[email protected];2", "1") in new stack
    -- Executing [[email protected]:5] GotoIf("Local/[email protected];2", "0?start") in new stack
    -- Executing [[email protected]:6] Set("Local/[email protected];2", "SHARED(FM_DND,SIP/15453-00000006)=") in new stack
    -- Executing [[email protected]:7] Macro("Local/[email protected];2", "dial,40,TtrwW,15453") in new stack
    -- Executing [[email protected]:1] GotoIf("Local/[email protected];2", "1?dial") in new stack
    -- Goto (macro-dial,s,3)
    -- Executing [[email protected]:3] AGI("Local/[email protected];2", "dialparties.agi") in new stack
    -- Launched AGI Script /var/lib/asterisk/agi-bin/dialparties.agi
 dialparties.agi: Starting New Dialparties.agi
 dialparties.agi: Caller ID name is 'Roberto Iglesias Cel' number is '15453'
       > dialparties.agi: USE_CONFIRMATION:  'FALSE'
       > dialparties.agi: RINGGROUP_INDEX:   ''
 dialparties.agi: Methodology of ring is  'ringall'
    -- dialparties.agi: Added extension 15453 to extension map
    -- dialparties.agi: Extension 15453 cf is disabled
    -- dialparties.agi: Extension 15453 do not disturb is disabled
       > dialparties.agi: extnum 15453 has:  cw: 1; hascfb: 0 [] hascfu: 0 []
    -- dialparties.agi: dbset CALLTRACE/15453 to 15453
    -- dialparties.agi: Filtered ARG3: 15453
       > dialparties.agi: NODEST: 5453 adding M(auto-blkvm) to dialopts: TtrwWM(auto-blkvm)
       > dialparties.agi: NODEST: 5453 blkvm enabled macro already in dialopts: TtrwWM(auto-blkvm)
    -- <Local/[email protected];2>AGI Script dialparties.agi completed, returning 0
    -- Executing [[email protected]:7] Dial("Local/[email protected];2", "SIP/15453,40,TtrwWM(auto-blkvm)") in new stack
[2018-03-27 09:13:28] WARNING[2884][C-0000000a]: app_dial.c:2437 dial_exec_full: Unable to create channel of type 'SIP' (cause 20 - Subscriber absent)
  == Everyone is busy/congested at this time (1:0/0/1)
    -- Executing [[email protected]:8] Set("Local/[email protected];2", "DIALSTATUS=CHANUNAVAIL") in new stack
    -- Executing [[email protected]:9] GosubIf("Local/[email protected];2", "0?CHANUNAVAIL,1") in new stack
    -- Executing [[email protected]:8] Hangup("Local/[email protected];2", "") in new stack
  == Spawn extension (from-internal, FMGL-15453, 8) exited non-zero on 'Local/[email protected];2'
    -- Executing [[email protected]:1] Hangup("Local/[email protected];2", "") in new stack
  == Spawn extension (from-internal, h, 1) exited non-zero on 'Local/[email protected];2'
    -- Connected line update to SIP/15453-00000006 prevented.
    -- SIP/5453-00000007 answered Local/[email protected];2
    -- Executing [[email protected]:1] Set("SIP/5453-00000007", "__MACRO_RESULT=") in new stack
    -- Executing [[email protected]:2] Set("SIP/5453-00000007", "CFIGNORE=") in new stack
    -- Executing [[email protected]:3] Set("SIP/5453-00000007", "MASTER_CHANNEL(CFIGNORE)=") in new stack
    -- Executing [[email protected]:4] Set("SIP/5453-00000007", "FORWARD_CONTEXT=from-internal") in new stack
    -- Executing [[email protected]:5] Set("SIP/5453-00000007", "MASTER_CHANNEL(FORWARD_CONTEXT)=from-internal") in new stack
    -- Executing [[email protected]:6] Macro("SIP/5453-00000007", "blkvm-clr,") in new stack
    -- Executing [[email protected]:1] Set("SIP/5453-00000007", "SHARED(BLKVM,SIP/15453-00000006)=") in new stack
    -- Executing [[email protected]:2] Set("SIP/5453-00000007", "GOSUB_RETVAL=") in new stack
    -- Executing [[email protected]:3] MacroExit("SIP/5453-00000007", "") in new stack
    -- Executing [[email protected]:7] ExecIf("SIP/5453-00000007", "0?Set(MASTER_CHANNEL(CONNECTEDLINE(num))=5453)") in new stack
    -- Executing [[email protected]:8] ExecIf("SIP/5453-00000007", "0?Set(MASTER_CHANNEL(CONNECTEDLINE(name))=Roberto Iglesias)") in new stack
    -- Local/[email protected];1 answered SIP/15453-00000006
    -- Executing [[email protected]:1] Set("Local/[email protected];1", "__MACRO_RESULT=") in new stack
    -- Executing [[email protected]:2] Set("Local/[email protected];1", "CFIGNORE=") in new stack
    -- Executing [[email protected]:3] Set("Local/[email protected];1", "MASTER_CHANNEL(CFIGNORE)=") in new stack
    -- Executing [[email protected]:4] Set("Local/[email protected];1", "FORWARD_CONTEXT=from-internal") in new stack
    -- Executing [[email protected]:5] Set("Local/[email protected];1", "MASTER_CHANNEL(FORWARD_CONTEXT)=from-internal") in new stack
    -- Executing [[email protected]:6] Macro("Local/[email protected];1", "blkvm-clr,") in new stack
    -- Executing [[email protected]:1] Set("Local/[email protected];1", "SHARED(BLKVM,SIP/15453-00000006)=") in new stack
    -- Executing [[email protected]:2] Set("Local/[email protected];1", "GOSUB_RETVAL=") in new stack
    -- Executing [[email protected]:3] MacroExit("Local/[email protected];1", "") in new stack
    -- Executing [[email protected]:7] ExecIf("Local/[email protected];1", "0?Set(MASTER_CHANNEL(CONNECTEDLINE(num))[email protected])") in new stack
    -- Executing [[email protected]:8] ExecIf("Local/[email protected];1", "0?Set(MASTER_CHANNEL(CONNECTEDLINE(name))=)") in new stack
    -- Executing [[email protected]:1] Macro("Local/[email protected];2", "hangupcall,") in new stack
    -- Executing [[email protected]:1] GotoIf("Local/[email protected];2", "1?theend") in new stack
    -- Goto (macro-hangupcall,s,3)
    -- Executing [[email protected]:3] ExecIf("Local/[email protected];2", "0?Set(CDR(recordingfile)=)") in new stack
    -- Executing [[email protected]:4] Hangup("Local/[email protected];2", "") in new stack
  == Spawn extension (macro-hangupcall, s, 4) exited non-zero on 'Local/[email protected];2' in macro 'hangupcall'
  == Spawn extension (macro-dial-one, h, 1) exited non-zero on 'Local/[email protected];2'
  == Spawn extension (macro-dial-one, s, 43) exited non-zero on 'Local/[email protected];2' in macro 'dial-one'
  == Spawn extension (macro-simple-dial, s, 6) exited non-zero on 'Local/[email protected];2' in macro 'simple-dial'
  == Spawn extension (from-internal, FMPR-5453, 5) exited non-zero on 'Local/[email protected];2'
[2018-03-27 09:13:34] NOTICE[2531]: chan_sip.c:23325 handle_response_peerpoke: Peer '5500' is now Reachable. (194ms / 2000ms)
    -- Executing [[email protected]:1] Macro("SIP/15453-00000006", "hangupcall") in new stack
    -- Executing [[email protected]:1] GotoIf("SIP/15453-00000006", "1?theend") in new stack
    -- Goto (macro-hangupcall,s,3)
    -- Executing [[email protected]:3] ExecIf("SIP/15453-00000006", "0?Set(CDR(recordingfile)=)") in new stack
    -- Executing [[email protected]:4] Hangup("SIP/15453-00000006", "") in new stack
  == Spawn extension (macro-hangupcall, s, 4) exited non-zero on 'SIP/15453-00000006' in macro 'hangupcall'
  == Spawn extension (macro-dial, h, 1) exited non-zero on 'SIP/15453-00000006'
  == Spawn extension (macro-dial, s, 7) exited non-zero on 'SIP/15453-00000006' in macro 'dial'
  == Spawn extension (from-internal, 5453, 22) exited non-zero on 'SIP/15453-00000006'

Actually, if i could get freepbx to take the layer 3 ip address and not the address on the payload, the server will route traffic back just from where it comes and we all will be happy again.

What you posted is the call log without the SIP debug trace, you should enable sip debug first and then try the call. You can first try the call that works to see the IPs, and then try the call that fails to see how the IPs are changed.

Also, is there any NAT device involved in this setup? If there is, where is it? Could you explain your network in regards to FreePBX and OpenVPN server?

Of course.

FreePBX server and OpenVPN Server are both in different subnets.

FreePBX: 192.168.54.2
Firewall/Router: 192.168.1.3 | 192.168.54.3
OpenVPN: 192.168.1.135
VPN Client: 10.8.0.x

The VPN Server has an iptables rule, specifically on nat table, POSTROUTING chain, all traffic going out through eth0 (192.168.1.135) is being masqueraded.

I can’t reach 10.8.0.x network from freepbx server.

How are networks 192.168.1.x and 192.168.54.x communicating with each other?

Also, where is the public IP that is used for OpenVPN incoming connections from the exterior?

Is FreePBX behind a NAT device? If so, which one is it and how have you configured your SIP NAT settings?

You are leaving a lot of info out to be able to help you.

Sorry, i will describe you the entire path for a call with a remote phone over VPN in my scenario.

Remote smartphone starts OpenVPN negotiation. Talks to a public ip, lets say 1.1.1.1. This address is atached to an interface in SonicWall firewall.
Firewall routes the traffic to OpenVPN server with address 192.168.1.135 (first subnet), this answers and so on until the VPN tunnel is working. This is ok.
Now, open Grandstream app on remote client and starts registration. It goes over the VPN tunnel. When the traffic gets out from OpenVPN server, it masquerades (SNAT) all the traffic with his own IP address and send it to FreePBX server with address 192.168.54.2 (second subnet) through SonicWall Firewall (it has de capability to communicate between both subnets). The phone is registered and i start a call from there, it works but is one one way audio. I can hear what remote phone transmites over VPN tunnel, but he can’t hear me.

If so, which one is it and how have you configured your SIP NAT settings?

I’m a real noob in this. Can you help me to answer this?

Thanks for helping me. For real.

Since the OpenVPN server is on network 192.168.1.x, how have you configured it to talk to network 192.168.54.x

SIP settings can be seen on FreePBX web going to Settings link

Since the OpenVPN server is on network 192.168.1.x, how have you configured it to talk to network 192.168.54.x

It just needs to use the SonicWall firewall as gateway to talk with 192.168.54.x subnet. SonicWall does the trick. No problem with that.

# route -n | grep 192.168.54
192.168.54.0    192.168.1.3     255.255.255.0   UG    0      0        0 eth0

SIP settings can be seen on FreePBX web going to Settings link

[image attached]

Assuming all your networks are correctly configured, you should be able to set SIP settings correctly and fix this.

Set your public IP and local networks, including VPN network 10.x.x.x.x in SIP settings and try again. VPN network should be set as local network.

I have set both subnets, 192.168.54.0/24 and 10.8.0.0/24 and this is no working yet.
I also set public address, although this is not published to the internet.

From freepbx server console i can reach 10.8.0.x subnet without any problem.

If i do

Asterisk CLI> sip show peers

extension look like this

15453/15453               10.8.0.9                                 D              A  25646    UNREACHABLE

I achieved to set debug in this extension and make a call, you can see it here: textup loader .com/dgibf

If I understand correctly, because you didn’t specify caller nor callee, you are trying to call from 15452 to 15453 and the call is completely failing so this call doesn’t go through at all, this is not a “one-way audio” issue, rather a networking issue, as FreePBX is not getting any replies back from 15453, as you can see from the multiple re-sends and then the following error message
2018-03-28 09:53:57] WARNING[2531]: chan_sip.c:4169 retrans_pkt: Retransmission timeout reached on transmission [email protected] for seqno 31 (Critical Response) – See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions
Packet timed out after 6400ms with no response
[2018-03-28 09:53:57] WARNING[2531]: chan_sip.c:4198 retrans_pkt: Hanging up call [email protected] - no reply to our critical packet (see https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions).

You need to recheck your network configuration from point to point, also make sure you entered the 3 networks in SIP settings as local networks, and also verify the firewall module configuration on FreePBX if you have enabled it.

My quick guess is that since OpenVPN is not aware of network 192.168.54.x and you probably didn’t specify it as a reachable network on the client configuration file, the endpoint using OpenVPN client doesn’t know how to reach that network, and that is why you are seeing this behaviour.

I add 192.168.1.x network to the networks and make a call. I get one way audio (audio from remote to local works fine). So i made another debug, here you can see it: textuploader. com/dgi8u

I can’t call from local to remote. Remote is extension 15453 and local is 5453.

I don’t understand why both endpoints (VPN Client 10.8.0.9 and FreePBX 192.168.54.2) can reach each other (ping for example) and audio can’t go from local to remote. I’m a noob, i know, but my brain is gona implode.

But the log from the previous post shows a call that fails completely because FreePBX is not getting any replies from the client. Let me check at this log.

You are right. But after adding 192.168.1.x network i get 1 way audio again.

Post a SIP debug of a call that produces one-way audio so we can check the detected IPs

You didn’t post a SIP trace of a failing call. Please do so we can continue helping

Hi again! I apogolize for my late answer. In my country (Argentina) we had 5 days holydays.

I came back to work with fresh air and resolve this. You were right in some point:

Well, it was a firewall (iptables) probelm in my OpenVPN Server.

So i solved that and everything came back to life, except one remote phone. This is a Grandstream GXP1405. Someday it worked well. But now is one way audio… So i get into asterisk console

> asterisk -vvvvvr

And run this (i think that this is the right way to make a debug):

> sip set debug peer 5500
SIP Debugging Enabled for IP: 192.168.2.29

Then, i call from my extension 5453 to remote extension 5500.
Full logs are here: textuploader. com/du0ih

But this caught my attention

<------------->
--- (14 headers 0 lines) ---
Sending to 192.168.2.29:5060 (NAT)

<--- Transmitting (no NAT) to 192.168.2.29:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.2.29:5060;branch=z9hG4bK1054759457;received=192.168.2.29;rport=5060
From: <sip:[email protected]>;tag=1699203632
To: <sip:[email protected]>;tag=as71987245
Call-ID: [email protected]
CSeq: 2390 REGISTER
Server: FPBX-2.11.0(11.3.0)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="1eb14852"
Content-Length: 0

I think that maybe someone changed the phone configuration, but i can’t confirm.
You are not obligated to help me, because this is a new problem and maybe i should open a new thread.
As we say here, you are Master Blaster (very cool people)!
Thanks

I’m from Argentina too, but for sake of help to the rest of the community, I will reply in english. That 401 Unauthorized error doesn’t represent and error per-se, it might have been produced because the phone was not registered at that time. What is the IP of the phone?

Hi again! Thanks so much for your help. I resolved this adding the remote networks that doesn’t work in Settings -> Asterisk SIP Settings -> Local Networks.

My bad. Sorry for stealing your time.