Reply
Thread Tools
Posts: 306 | Thanked: 106 times | Joined on Feb 2010
#1
Hi,

I have finally a working sip over openvpn today and wanted to post about it for everybodys benefit. I have tested this both on 3g (using three UK) and wifi. Here are the following files needed. All these files go in /etc/openvpn.

First the client config
Code:
#cat  openvpn_client.conf
client
script-security 2
up /etc/openvpn/nokia.up
down /etc/openvpn/nokia.down
ipchange /etc/openvpn/add_default_route.sh
dev tun
proto udp
remote xx.dyndns.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3
nokia.up script
Code:
 
# cat nokia.up 
#!/bin/bash

case $script_type in

up)
    for optionname in ${!foreign_option_*} ; do
        option="${!optionname}"
        echo $option
        part1=$(echo "$option" | cut -d " " -f 1)
        if [ "$part1" == "dhcp-option" ] ; then
            part2=$(echo "$option" | cut -d " " -f 2)
            part3=$(echo "$option" | cut -d " " -f 3)
            if [ "$part2" == "DNS" ] ; then
                IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
            fi
            if [ "$part2" == "DOMAIN" ] ; then
                IF_DNS_SEARCH="$part3"
            fi
        fi
    done
    R=""
    if [ "$IF_DNS_SEARCH" ] ; then
        R="${R}search $IF_DNS_SEARCH\n"
    fi
    for NS in $IF_DNS_NAMESERVERS ; do
        R="${R}nameserver $NS\n"
    done
    if [ ! -f /etc/resolv.conf.prevpn ] ; then
        mv /etc/resolv.conf /etc/resolv.conf.prevpn
    fi
    echo -e "$R" > /etc/resolv.conf
    ;;

down)
    if [ -f /etc/resolv.conf.prevpn ] ; then
        mv /etc/resolv.conf.prevpn /etc/resolv.conf
    fi
    ;;

esac


source /etc/osso-af-init/af-defines.sh

for acct in `mc-tool list | grep sofiasip/sip`; do 
        mc-tool update $acct string:local-ip-address=$4

done
nokia.down script


Code:
#cat nokia.down

#!/bin/bash

case $script_type in

up)
    for optionname in ${!foreign_option_*} ; do
        option="${!optionname}"
        echo $option
        part1=$(echo "$option" | cut -d " " -f 1)
        if [ "$part1" == "dhcp-option" ] ; then
            part2=$(echo "$option" | cut -d " " -f 2)
            part3=$(echo "$option" | cut -d " " -f 3)
            if [ "$part2" == "DNS" ] ; then
                IF_DNS_NAMESERVERS="$IF_DNS_NAMESERVERS $part3"
            fi
            if [ "$part2" == "DOMAIN" ] ; then
                IF_DNS_SEARCH="$part3"
            fi
        fi
    done
    R=""
    if [ "$IF_DNS_SEARCH" ] ; then
        R="${R}search $IF_DNS_SEARCH\n"
    fi
    for NS in $IF_DNS_NAMESERVERS ; do
        R="${R}nameserver $NS\n"
    done
    if [ ! -f /etc/resolv.conf.prevpn ] ; then
        mv /etc/resolv.conf /etc/resolv.conf.prevpn
    fi
    echo -e "$R" > /etc/resolv.conf
    ;;

down)
    if [ -f /etc/resolv.conf.prevpn ] ; then
        mv /etc/resolv.conf.prevpn /etc/resolv.conf
    fi
    ;;

esac


source /etc/osso-af-init/af-defines.sh

for acct in `mc-tool list | grep sofiasip/sip`; do
        mc-tool update $acct clear:local-ip-address
done
andf finally default route script

Code:
#cat add_default_route.sh

#!/bin/sh

#if gprs0 up and no flagged default route ; then create one
#use with ipchange /etc/openvpn/add_default_route.sh in openvpn conf
#after setting script-security 2
gprsroute=`route | grep gprs` ; defroute=`route | grep default | grep G` ; if [ -n "$gprsroute" -a -z "$defroute" ]; then nexthop=`ifconfig gprs0 | grep "inet addr" | cut -d : -f 3 | cut -d " " -f 1` ; route add -host $nexthop dev gprs0 ; route add default gw $nexthop ; fi
Also wanted to add that this method works well if the sip provider is hosted outside the network. However in my case i have an asterisk server running inside my local network at 172.16.1.10. Thus i have to change my sip uri to reflect the internal asterisk server to 50@172.16.1.10 whereas normally i would simply use 50@xx.dyndns.org. This is a big pain because i have to keep switching between the two accounts depending on whether i am usng vpn or not. If somebody has any workaround please let me know.

Ok. The above issue is sorted. I use a Linksys WRT54GL router running dd-wrt. I had to simply add an extra arguement to dnsmasq as

Code:
address=/xx.dyndns.org/172.16.1.10
__________________
------------------------------------------------------------------
Voice choppy on sip calls
Please vote for bug number 10388

Last edited by rajil.s; 2010-07-16 at 22:23. Reason: Fixed dnsmasq in the router
 

The Following 5 Users Say Thank You to rajil.s For This Useful Post:
Posts: 1,425 | Thanked: 983 times | Joined on May 2010 @ Hong Kong
#2
I don't use it atm but I'll bookmark it for future use. Thank you very much for your sharing.
 
Posts: 22 | Thanked: 17 times | Joined on Jan 2010 @ IDN
#3
thank you very much good sir.
 
Posts: 1 | Thanked: 0 times | Joined on Jan 2011
#4
Hi Rajil.S

Iīm trying your way, but something wonīt work.

I think i donīt need the way with default route.

The problem is in executing the scripts.

OpenVPN throws an error :

script failed: could not execute external program

in my openvpn config i have also set the script-security to 2 and the rights on the scripts are 755 but i donīt work.

Do you have an idea?

Thanks very much
Greetz

Mr.
 
Posts: 306 | Thanked: 106 times | Joined on Feb 2010
#5
do you have mc-tool installed?
__________________
------------------------------------------------------------------
Voice choppy on sip calls
Please vote for bug number 10388
 
Posts: 440 | Thanked: 203 times | Joined on May 2010
#6
rajil, i want to setup sip over openvpn, please let me know step by step procedure. I have dyndns account, have installed mc-tools, but dnt know how to configure that, please explain. thanks.
 
Posts: 3 | Thanked: 0 times | Joined on Mar 2011
#7
Hi rajil,

I know this is a dead thread. but any chance you could show the server config file for openvpn? That's were most of the action seems to be taking place. I have windows running openvpn server. I hope it is something that windows can handle without iptables.

I know you used the dev tun and I'd like to know if you think bridging (dev tap) works as well.
 
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 04:41.