HD Видеоконференции на OpenMCU



Добавлено зеркало для сайта и форума. http://videoswitch.ru/
Если будут проблемы с доступом - все изменения так же будут отображены в github репозитории.

Автор Тема: VPN connection  (Прочитано 1447 раз)

ohnague

  • Новичок
  • *
  • Сообщений: 5
  • Карма: 0
VPN connection
« : 08 Май 2017, 23:50:47 »
Good afternoon how can I connect to the video conferencing server while on a VPN
172.16.0.0/16 with Firewall 172.16.1.1

The firewall has two network cards 172.16.1.1 / 192.168.x.x

The ip of the 192.168.x.x video conferencing server

What are the rules in an iptables?

ohnague

  • Новичок
  • *
  • Сообщений: 5
  • Карма: 0
Re: VPN connection
« Ответ #1 : 19 Май 2017, 21:13:54 »
The error that is giving me now
  13: 31.360 ThreadID = 0x7f1a55787700 SIP Listen ... er: 19da140 sip.cxx (200) tport_by_addrinfo (0x7f1a180056d0): not found by name * / 172.16.80.4:5060 $

Something that can be done to solve this problem

Server: 192.168.10.12
Firewall: 172.16.40.6 - 192.168.10.16
Router: 172.16.40.5

To the rooms comes the call with the IP 172.16.80.4, but after 60 seconds the connection is dropped and does not receive video or audio.

I have a user configured for the nat router ip: 172.16.40.5

What is happening to me

APP: Jitsi

regards

blanchae

  • Постоялец
  • ***
  • Сообщений: 155
  • Карма: 5
    • Telecomworld 101
Re: VPN connection
« Ответ #2 : 29 Май 2017, 18:47:52 »
I need a network picture to see what you are trying to do. It should show the server, firewall, adsl router and VPN plus client trying to connect. This would help.

blanchae

  • Постоялец
  • ***
  • Сообщений: 155
  • Карма: 5
    • Telecomworld 101
Re: VPN connection
« Ответ #3 : 29 Май 2017, 18:54:56 »
What network is 172.16.80.4 on? What is the subnet masks that you are using?

blanchae

  • Постоялец
  • ***
  • Сообщений: 155
  • Карма: 5
    • Telecomworld 101
Re: VPN connection
« Ответ #4 : 29 Май 2017, 18:56:40 »
In the OpenMCU-ru configure, you have the NAT IP set to 172.16.60.5? Where are you getting this IP from?

blanchae

  • Постоялец
  • ***
  • Сообщений: 155
  • Карма: 5
    • Telecomworld 101
Re: VPN connection
« Ответ #5 : 29 Май 2017, 18:59:19 »
The information that you provided makes NO sense. Are you randomly changing settings?:


Firewall 172.16.1.1?

The firewall has two network cards 172.16.1.1 / 192.168.x.x?




ohnague

  • Новичок
  • *
  • Сообщений: 5
  • Карма: 0
Re: VPN connection
« Ответ #6 : 29 Май 2017, 21:36:49 »
Server OPENMCU
IP: 192.168.1.7

The information that you provided makes NO sense. Are you randomly changing settings?:

Firewall 172.16.1.1?

The firewall has two network cards 172.16.1.1 / 192.168.x.x?



two network cards
Firewall: 172.16.60.6 / 192.168.1.10

Цитировать
In the OpenMCU-ru configure, you have the NAT IP set to 172.16.60.5? Where are you getting this IP from?
Router ADSL: 172.16.60.5

Цитировать
What network is 172.16.80.4 on? What is the subnet masks that you are using?
172.16.80.4: A connection to the VPN
masks: 255.255.255.252

ohnague

  • Новичок
  • *
  • Сообщений: 5
  • Карма: 0
Re: VPN connection
« Ответ #7 : 29 Май 2017, 21:45:01 »
In the rooms you can see the ip that connects from the VPN, only that at 60 seconds the connection falls.

As the RTP packets are not arriving nonetheless in the firewall configuration if they are enabled from 5000-6000 in UDP

kay27

  • Глобальный модератор
  • Ветеран
  • *****
  • Сообщений: 3058
  • Карма: 58
Re: VPN connection
« Ответ #8 : 30 Май 2017, 00:55:35 »
ohnague,
So, seems you set NAT Router IP properly...
Did you redirect UDP port range 5000-6000 to openmcu server by static NAT?

ohnague

  • Новичок
  • *
  • Сообщений: 5
  • Карма: 0
Re: VPN connection
« Ответ #9 : 30 Май 2017, 15:47:16 »
ohnague,
So, seems you set NAT Router IP properly...
Did you redirect UDP port range 5000-6000 to openmcu server by static NAT?

Rules on iptables

*nat
..........
-A PREROUTING -m comment --comment "Access to video conferencing ports"
-A PREROUTING -s 172.16.0.0/16 -d 172.16.60.6 -m tcp -p tcp -m multiport --dports 1420,1423,1554,1720,5060,5061,8090 -j DNAT --to-destination 192.168.1.7
-A PREROUTING -s 172.16.0.0/16 -d 172.16.60.6 -m udp -p udp --dport 5060 -j DNAT --to-destination 192.168.1.7
-A PREROUTING -s 172.16.0.0/16 -d 172.16.60.6 -m udp -p udp --dport 5000:5999 -j DNAT --to-destination 192.168.1.7
..........
-A POSTROUTING -m comment --comment "Access to video conferencing ports"
-A POSTROUTING -s 172.16.0.0/16 -d 192.168.1.7 -m tcp -p tcp -m multiport --dports 1420,1423,1554,1720,5060,5061,8090 -j ACCEPT
-A POSTROUTING -s 172.16.0.0/16 -d 192.168.1.7 -m udp -p udp --dport 5060 -j ACCEPT
-A POSTROUTING -s 172.16.0.0/16 -d 192.168.1.7 -m udp -p udp --dport 5000:5999 -j ACCEPT
...........
COMMINT

*filter
...........
-A FORWARD -m comment --comment "Access to video conferencing ports"
-A FORWARD -s 172.16.0.0/16 -d 192.168.1.7 -m tcp -p tcp -m multiport --dports 1420,1423,1554,1720,5060,5061,8090 -j ACCEPT
-A FORWARD -s 172.16.0.0/16 -d 192.168.1.7 -m udp -p udp --dport 5060 -j ACCEPT
-A FORWARD -s 172.16.0.0/16 -d 192.168.1.7 -m udp -p udp --dport 5000:5999 -j ACCEPT
...........
COMMINT

I can display the OPENMCU control panel from any VPN IP through port 1420

kay27

  • Глобальный модератор
  • Ветеран
  • *****
  • Сообщений: 3058
  • Карма: 58
Re: VPN connection
« Ответ #10 : 31 Май 2017, 00:06:51 »
1. PREROUTING part looks OK more or less

2. POSTROUTING part is unnecessary or wrong, it depends on the part of firewal you didn't show. I'd delete it or added -j SNAT --to-source 172.16.60.6 for reverse direction...

Take a look pls. I don't know if it is your case or not... please redraw my picture (attached) if I wrong

'172.16.80.4: A connection to the VPN' - what's this? We hope it is SIP endpoint's IP, but may be this is another NAT router on your client's side?
« Последнее редактирование: 31 Май 2017, 00:09:49 от kay27 »