Posted: Sat Nov 30, 2019 20:15 Post subject: Strange routing problem
I have two Netgear WNR3500L routers in different locations, one running V24-sp2 and the other running v3.0-r30471 big. A few months ago I set up OpenVPN to run bi-directionally between the two locations and eventually got it working so that I can see both notworks from both locations.
So far so good.
For a long time I have also been running Asterisk systems in the two locations with both IAX and SIP connections using the remote address of the router with ports forwarded to the correct ones for Asterisk listeners. That has been running without issue as well.
A couple of weeks ago I though it might be better if I changed the Asterisk systems to use the OpenVPN connection directly rather than going across the internet. Sure enough, changing the Asterisk client end to address the remote end directly worked. That is until I restarted the OpenVPN client, then it all goes wrong, but only with Asterisk - everything else works without any problem.
After looking carefully at the data flow, mainly with tcpdump, I discovered that after the OpenVPN client is restarted the source address going into the tunnel has become the WAN address of the router. But, it wasn't before the client restart and I can't find any way of making it change back. If I send an nc from the client to the server, using the same port, it routes correctly and the nc connects.
This is one of the strangest problems I've come across so if anyone can shed some light I would love to be able to understand why this is happening and if there is a way of correcting it.
Joined: 08 May 2018 Posts: 2602 Location: Texas, USA
Posted: Sat Nov 30, 2019 21:40 Post subject:
Probably related to using antique DD-WRT builds. So much has changed to OpenVPN since then. _________________ E4200 v1 DD-WRT 41663 mega (12/06/19) (K3.x)
R7000P DD-WRT 40270M kongac
E4200 v1 FreshTomato 2019.3
E4200 v1 FreshTomato 2019.4.development
R7000 FreshTomato 2019.4.development
E4200 v1 1.0.07.development
WRT3200ACM OpenWRT 18.06.5
Asterisk has a config entry that defines local networks. If the remote network is not in that config then asterisk assumes the SIP connection to that remote is going through a NAT and may rewrite the SIP packet. In some cases (with broken phone firmware, etc.) you want that even when the remote network is directly routable. But not when it's 2 asterisk systems talking to each other and NOT going through a translator.
I had noticed that about Asterisk and configured the localnetwork, including the local address of the VPN link. However, tcpdump shows that the data coming from Asterisk is still using the local address of the server when it gets to the router, it's when it appears on the tunnel that the address has changed.