[strongSwan] VoIP Data Leaks around VPN

Levine, Daniel J. Daniel.Levine at jhuapl.edu
Wed Sep 10 22:52:24 CEST 2014

I have a VPN road warrior configuration using StrongSwan client apps on 2 Android phones (the road warriors). The VPN tunnels establish fine using IKEv2.  The phones can now see each other on the VPN subnet ( as well as the private network ( behind the firewall. For completeness, the public network the VPN goes over is the network. So the phones, a wireless router, and the outer half of the VPN server live over there.  I think that covers the topology.

So, once this network is established, I'm using a SIP phone app on the Androids to register with an Asterisk server on the private network. That actually works nicely as well. I can even call an extension on the Asterisk server that plays a canned message just fine.  Looking at the traffic, I see that everything is confined to the and network. Which is what I'd expect.  Both phones work fine this way.

If I place a call to the other phone through the Asterisk server the call works great. Both phones send and receive the audio of their microphones.  However, when I use tcpdump to examine the traffic on the Asterisk server (which is different from the VPN server on the network) on the network, I see that the traffic goes over the network!

I have found that turning on SDP NAT rewrite causes causes the data confine itself to the network, but I only get one way audio transmission in a direction related to who calls whom.

Any thoughts on what kind of issue I might have here?  As I describe this, I'm thinking I should probably talk to the Asterisk people to figure out why it doesn't like talking over the VPN and then discovers the path.

Thoughts?  Anyone solve a problem like this?


Sent with Good (www.good.com)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140910/3916124a/attachment-0001.html>

More information about the Users mailing list