-- edit: can't correct subject, sorry :) was ip_xonntrack_h323 config help needed ---
Hello,
I need to connect an avaya pbx to an asterisk through an openvpn. The call flows through just fine for the signalling part but on the asterisk end I see it tries to send RTP packets to the avaya private ip instead to the masquerated ip.
-- edit: can't correct subject, sorry :) was ip_xonntrack_h323 config help needed ---
Hello,
I need to connect an avaya pbx to an asterisk through an openvpn. The call flows through just fine for the signalling part but on the asterisk end I see it tries to send RTP packets to the avaya private ip instead to the masquerated ip.
avaya pbx (192.168.1.10/24)->(192.168.1.1/24:eth1)linux firewall(tun0:10.254.254.2)->(10.254.254.1)pfsense firewall(172.16.0.254)->(172.16.0.68:eth0) asterisk
on asterisk I see RTP from 10.254.254.2 and replays to 192.168.1.10.
[...]
H.225.0 CS
H323-UserInformation
h323-uu-pdu
h323-message-body: setup (0)
setup
protocolIdentifier: 0.0.8.2250.0.5 (Version 5)
sourceAddress: 1 item
Item 0
alertingAddress: h323-ID (1)
h323-ID: XXXXXXXXXXX
sourceInfo
vendor
vendor
t35CountryCode: United Kingdom (180)
t35Extension: 0
manufacturerCode: 10752
H.221 Manufacturer: Network Alchemy Limited (0xb4002a00)
productId: IP 500
versionId: 8.0 (43)
terminal
..0. .... mc: False
...0 .... undefinedNode: False
destinationAddress: 1 item
Item 0
alertingAddress: dialedDigits (0)
dialedDigits: XXXXXXXXXXX
destCallSignalAddress: ipAddress (0)
ipAddress
ip: 172.16.0.68 (172.16.0.68)
port: 1720
0... .... activeMC: False
conferenceID: ba43ae00-d0bb-11db-a6c6-00e0070362c7
conferenceGoal: create (0)
create: NULL
callType: pointToPoint (0)
pointToPoint: NULL
sourceCallSignalAddress: ipAddress (0)
ipAddress
ip: 192.168.1.10 (192.168.1.10)
port: 4110
callIdentifier
guid: ba43ae00-d0bb-11db-a6c7-00e0070362c7
fastStart: 14 items
Item 0
FastStart: 26 octets
OpenLogicalChannel
forwardLogicalChannelNumber: 1
forwardLogicalChannelParameters
dataType: audioData (3)
audioData: g729AnnexA (11)
g729AnnexA: 2
multiplexParameters: h2250LogicalChannelParameters (3)
h2250LogicalChannelParameters
sessionID: 1
mediaChannel: unicastAddress (0)
unicastAddress: iPAddress (0)
iPAddress
network: 192.168.1.10 (192.168.1.10)
tsapIdentifier: 49152
0... .... mediaGuaranteedDelivery: False
mediaControlChannel: unicastAddress (0)
unicastAddress: iPAddress (0)
iPAddress
network: 192.168.1.10 (192.168.1.10)
tsapIdentifier: 49153
0... .... mediaControlGuaranteedDelivery: False
.0.. .... silenceSuppression: False
[...]
on linux firewall I have
lsmod | grep h323
ip_nat_h323 11073 0
ip_conntrack_h323 51293 1 ip_nat_h323
ip_nat 21229 5 ip_nat_sip,ip_nat_h323,ip_nat_tftp,ipt_MASQUERADE,iptable_nat
ip_conntrack 53665 11 ip_nat_sip,ip_conntrack_sip,ip_nat_h323,ip_nat_tftp,ip_conntrack_h323,ip_conntrack_tftp,ip_conntrack_netbios_ns,xt_state,ipt_MASQUERADE,iptable_nat,ip_nat
and iptables config contains
[...]
-A POSTROUTING -o tun+ -j MASQUERADE
[...]
and allows all traffic for h323 and rtp through the tun* interface (openvpn)
Is there a way I can have this working ?
TIA !
giuliano
Last edit: Giuliano 2013-05-17