SSL VPN's can be a bit sketchy when it comes to QoS. Usually IPSEC is recommended for udp streaming media. However, people have shown some decent success with SSL VPN's and VoIP. Free S/WAN is a good option if you want to try IPSEC. It should be much more UDP friendly.
The following aren't VPN's. They are more like encrypted data pipes: Zebeedee is also a fun option for encrypted, compressed tunnels suitable for UDP. http://www.winton.org.uk/zebedee/ You can do some fun stuff when you setup IAX on an internal interface with a Zebeedee listener. It's not for the faint of heart though since setup can be a bit encumbering. Some people have also successfully use stunnel (SSL) and SSH to accomplish the same thing. I personally avoid SSL altogether. -------------------------------------------------- Salvatore Giudice [EMAIL PROTECTED] VoIP Security Training, LLC http://VoIPSecurityTraining.com 848 N. Rainbow Blvd. #1676 Las Vegas, NV 89107 Phone: (617) 959-7625 Fax: (214) 279-2906 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kai-Uwe Jensen Sent: Wednesday, May 02, 2007 3:25 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] VPN between Asterisk server and phone client Concur with Steve: OpenVPN is your friend. At one time, I used "VPN on Demand"-type functionality in my dial plan to trunk a certain subset of calls to a different * server via OpenVPN. This is what that dialplan looked like: [trunkfreecallsviaoffsite] exten => _X.,1,NoOp exten => _X.,n,Playback(creating_vpn) exten => _X.,n,System(/usr/local/bin/startvpn clientname ${CALLERID(name)}) exten => _X.,n,Wait(10) exten => _X.,n,Playback(success_vpn) exten => _X.,n,Dial(IAX2/vpnmaster/**${EXTEN},60,TW) exten => _X.,n,Hangup exten => h,1,System(/usr/local/bin/stopvpn clientname ${CALLERID(name)}) exten => h,n,Playback(stopping_vpn) The startvpn and stopvpn scripts (which I've since managed to lose) would establish the VPN between this server and the "vpnmaster" server. The scripts would also keep track of current users (${CALLERID(name)} of the VPN-trunk. As a side effect of user tracking, I'd know when the VPN was already established, so I didn't need to re-connect. Similarly, I'd only tear it down when no users were left. As I mentioned, this does not address your direct need to create a VPN between an endpoint (softphone) and your server. My example simply illustrates the straight-forward OpenVPN approach. You can install the OpenVPN GUI tools on your desktop/laptop and create the VPN manually when you need it. BTW, I stopped using this technique when we added a second local server, so I didn't have to go across the WAN for offloading certain calls anymore. _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
