VoIP NAT Config questions

mwarrior2050 · March 21, 2017, 7:30pm

Does anyone have a sample config with a working SIP Based VoIP system behind VyOS when using IPSEC VPN?

Our scenario is the following:

SIP PBX <-> VyOS <-> public internet <-> remote Site IPSEC connected <-> ip phones

We are able to get the IP Sec connection working properly and audio in some scenarios (extension to extension).

However when we try and make external calls our translation keeps getting sent out as the LAN address of the PBX rather than WAN so the traffic from provider is either rejected since its a LAN ip or sent back to the LAN ip which will not work.

Anyone have any sample NAT configs we can look at?

16again · March 23, 2017, 10:16pm

1st of all, try disabling sip helper:
set system conntrack modules sip disable

mwarrior2050 · March 27, 2017, 7:29pm

Thank you we have disabled this and it does help. We found most of are issue are related to IPSEC and it’s non-ability to actually create interfaces (unlike OpenVPN).

socket · April 19, 2017, 7:18am

Did you try to pair ipsec site-to-site with VTI interface instead of setting up tunnel mode?

This is my actually in-prod scenario (a leg of it): PBX ↔ VYOS ↔ IPSEC ↔ VYOS ↔ OVPN ↔ Phone