[strongSwan] Android Strongswan + VOIP

Michael Blake michael.blake at tridsys.com
Wed Oct 16 05:52:51 CEST 2013 

Hello list,



I have a configuration where I have 3 site to site strongswan connections.



On one of my gateways I have an asterisk server.



I am able to happily voip between my asterisk servers and cisco call
managers.



Now I am testing the roadwarrior case where I have an android handset (Note
II) running the android strongswan client.



If I use any android voip client from one of my remote sites and do not use
the android strongswan client, everything works.



When I set up a roadwarrior android/win7 connection from my android handset
using the pk12 file I am able to reach the web configuration page of the
cisco call manager behind the gateway.



However, the VOIP traffic goes from the handset to the internal network,
but the rtp packets do not make it back to the android voip client (tried
several clients).



The SDP part of the SIP invite from the android handset specifies my wifi
router’s subnet, not the virtual ip of the client.



>From the sip invite (contact line shows virtual ip)

….

Contact: sip:mabandroid at 172.16.3.71:35469;ob



However the Sdp part shows the wifi address



c=IN IP4 192.168.10.106

a=rtcp:4001 IN IP4 192.168.10.106



When I turn on RTP debugging on the asterisk gateway machine I see



Got  RTP packet from    172.16.3.71:4002 (type 00, seq 007834, ts 055840,
len 000160)

Sent RTP packet to      192.168.10.106:4002 (type 00, seq 065441, ts
055520, len 000160)



So packets coming from the virtual IP are received from asterisk, but my
voip client is listening for UDP RTP packets on the wireless subnet as
indicated.  This happened because of the SDP part of the message from the
call setup.



Phones I call from the android handset can hear audio coming from the
android handset, but the android handset does not receive any audio.



I have tried other voip clients that let you specify which network to use
(i.e. cellular, wifi,etc) but the strongswan userspace network is not a
selectable option.



I don’t have any knowledge of the potential roadwarriors subnet so it seems
an impossible scenario.  I assume that the default route gets used since
the 10 subnet is not configured anywhere (and would be impossible to
predict for a road warrior).



Does anyone have experience using the android strongswan client and a voip
android app successfully?



Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131015/7787f9a5/attachment.html>

More information about the Users mailing list