Just thought I'd reply back on this and report it as solved.
The problems were several, among them was using the wrong IP address on the remote end of the Open VPN connection in the softphone client, and then also missing some settings on the Asterisk PBX that is local to the Docker instance hosting the KyleManna OpenVPN docker instance.
To recap, I have an Asterisk server in a remote office through which I want to make calls via an Open VPN instance using 3CX softphone from my home laptop while coming into the Asterisk through the KyleManna docker VPN.
To this end, I set up a docker instance with the KyleManna OpenVPN docker image on the Asterisk at the office, and then configured and set up an Open VPN user using the available guides.
I then wanted to use the Windows OpenVPN client on my home laptop to VPN into the Asterisk at work in the office, and then make calls over the VPN via the 3CX softphone through the office Asterisk, from home.
(I skip the required firewall setups, port forwards, etc. required at both ends to do the above, creating OpenVPN users, connecting with the GUI client from Windows, etc. etc.)
Problem 1 was I could then NOT get the 3CX softphone on my laptop at home to register and go on-hook on the Asterisk at the office, while VPN-ed into the Asterisk.
The issue was I was using the Asterisk's local office intranet IP as the SIP server in the 3CX settings on my laptop at home with the VPN up. This was incorrect, I had to use the KyleManna OpenVPN docker instance's Asterisk-local IP address in the 3CX softphone after opening up the VPN and connecting.
The asterisk was at IP a.a.a.a and I could ping and telnet etc. this IP to talk to the Asterisk from my home laptop once the VPN was up. But traffic was only flowing in one direction in that case when 3CX tried to SIP register from my laptop at home through the VPN, see my original post.
The KyleManna docker's IP on the Asterisk was b.b.b.b, and as soon as I pointed my 3CX softphone on my home laptop to the b.b.b.b IP, (instead of a.a.a.a for the Asterisk itself as previous) my VPN-ed instance of the 3cx softphone could register on the office Asteisk and traffic was flowing in both directions.
But then, if I made a call, there was no audio. At all.
Problem 2 was I was missing some settings for the Asterisk PBX to make this all work. I needed to add in the [general] section of the /etc/asterisk/sip.conf file the following
Code:
localnet=b.b.0.0/255.0.0.0
localnet=c.c.0.0/255.0.0.0
Where
b = the docker's IP on the Asterisk
c = the OpenVPN instance (via the KyleManna Docker) internal tunnel IP address range used for the VPN tunnel inside the KyleManna docker.
Then, for the specific extension I was testing [1010], I needed to change the extension settings in Asterisk in sip.conf from
Code:
[1010]
type=peer
user=1010
secret=xxxsecret
host=dynamic
disallow=all
allow=g729
allow=alaw
allow=ulaw
context=local
dtmfmode=rfc2833
call-limit=1
limitonpeers=yes
deny=0.0.0.0/0.0.0.0
permit=d.d.d.d/255.255.0.0
to
Code:
[1010]
type=peer
user=1010
secret=xxxsecret
host=dynamic
disallow=all
allow=g729
allow=alaw
allow=ulaw
context=local
dtmfmode=rfc2833
call-limit=1
limitonpeers=yes
deny=0.0.0.0/0.0.0.0
permit=d.d.d.d/255.255.0.0
permit=b.b.0.0/255.0.0.0
nat=force_port,comedia
E. g. the docker IP of the KyleManna OpenVPN docker (the b IPV4 address) had to be expressly permitted in the Asterisk sip.conf for the extension involved, and the "nat=force_port,comedia" had to be added in the Asterisk sip.conf for the extension involved, to ensure NATing works correctly to allow bi-directional audio, from and to the Asterisk behind the docker-ized OpenVPN instance, and from and to the 3CX softphone instance running on my laptop's Windows instance at home, while the docker-ized VPN instance is running.
In the above IP address (d) is a range describing the local office LAN address range.
E. g. this is now working and I can, using the KyleManna docker, generate and distribute VPN certificates to my colleagues which they can use to VPN in and do general work but also use company SIP trunks in the office, on the office Asterisk, via the SIP / RTP capable VPN connection they can now form using 3cx SIP phones on their laptops / desktops at home.