Strange routing problem

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
px03afk
DD-WRT User


Joined: 09 Mar 2012
Posts: 95

PostPosted: Sat Nov 30, 2019 20:15    Post subject: Strange routing problem Reply with quote
I have two Netgear WNR3500L routers in different locations, one running V24-sp2 and the other running v3.0-r30471 big. A few months ago I set up OpenVPN to run bi-directionally between the two locations and eventually got it working so that I can see both notworks from both locations.

So far so good.

For a long time I have also been running Asterisk systems in the two locations with both IAX and SIP connections using the remote address of the router with ports forwarded to the correct ones for Asterisk listeners. That has been running without issue as well.

A couple of weeks ago I though it might be better if I changed the Asterisk systems to use the OpenVPN connection directly rather than going across the internet. Sure enough, changing the Asterisk client end to address the remote end directly worked. That is until I restarted the OpenVPN client, then it all goes wrong, but only with Asterisk - everything else works without any problem.

After looking carefully at the data flow, mainly with tcpdump, I discovered that after the OpenVPN client is restarted the source address going into the tunnel has become the WAN address of the router. But, it wasn't before the client restart and I can't find any way of making it change back. If I send an nc from the client to the server, using the same port, it routes correctly and the nc connects.

This is one of the strangest problems I've come across so if anyone can shed some light I would love to be able to understand why this is happening and if there is a way of correcting it.
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 6487
Location: Texas, USA

PostPosted: Sat Nov 30, 2019 21:40    Post subject: Reply with quote
Probably related to using antique DD-WRT builds. So much has changed to OpenVPN since then.
_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
RTFM/STFW - TL;DR is NOT an excuse.
Why Should I Care What Color the Bikeshed Is?

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
“Suitcase” v5: 4x (2x Intel® E5645) on Intel® S5500HV
“Suitcase” v1: 4xQuad P6pro-200 SL25A SMP Proliant 7000s
tedm
DD-WRT User


Joined: 13 Mar 2009
Posts: 286

PostPosted: Tue Dec 03, 2019 4:00    Post subject: Reply with quote
Asterisk has a config entry that defines local networks. If the remote network is not in that config then asterisk assumes the SIP connection to that remote is going through a NAT and may rewrite the SIP packet. In some cases (with broken phone firmware, etc.) you want that even when the remote network is directly routable. But not when it's 2 asterisk systems talking to each other and NOT going through a translator.
px03afk
DD-WRT User


Joined: 09 Mar 2012
Posts: 95

PostPosted: Tue Dec 03, 2019 22:59    Post subject: Reply with quote
I had noticed that about Asterisk and configured the localnetwork, including the local address of the VPN link. However, tcpdump shows that the data coming from Asterisk is still using the local address of the server when it gets to the router, it's when it appears on the tunnel that the address has changed.
tedm
DD-WRT User


Joined: 13 Mar 2009
Posts: 286

PostPosted: Tue Dec 10, 2019 11:07    Post subject: Reply with quote
is this only SIP traffic or dues the same rewriting happen with all other traffic?
px03afk
DD-WRT User


Joined: 09 Mar 2012
Posts: 95

PostPosted: Fri Dec 13, 2019 18:55    Post subject: Reply with quote
The problem I've seen only happens with SIP traffic from Asterisk itself. If I run an nc udp command to the remote system over VPN it connects.
px03afk
DD-WRT User


Joined: 09 Mar 2012
Posts: 95

PostPosted: Fri Dec 27, 2019 3:56    Post subject: Reply with quote
I've now seen this with the IAX interface as well and I've tried using a number of different ports with the remote end pointing back to the correct port on the Asterisk server. All goes well for some time and then the local end reports Unreachable and inspecting with tcpdump once again the address going into the tunnel is the WAN address of the router. If I switch to another port it will immediately start working and the source address is the one for the tunnel.
That implies that the iptables are set up correctly but something happens which is causing the effect but only on the port currently in use.
I am somewhat stumped as to what to do next to see why this is happening.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum