Am Freitag, den 18.01.2008, 04:21 -0800 schrieb bilal ghayyad: > Hi; > > Via OpenVPN or port forwarding is known for me, but > via SSH is new for me, how I can do it and what is the > difference by SSH and OpenVPN?
In principle both use a packet stream (SSH is TCP, OpenVPN is TCP or UDP) for encapsulating IP packets. The main difference is that SSH port forwarding forwards the packet data, but not the header: The packet is stripped at side A and a seemingly different TCP connection is established on side B. This also implies the main limitation of SSH, that it is restricted to tunneling TCP (afaik). OpenVPN in contrast takes entire IP packets, applies routing and tunnels the entire packet through. You can tunnel any IP traffic through OpenVPN, and the remote side IP address will persist. (You can even tunnel IPX or Appletalk, if using the BRIDGE mode with virtual TAP interfaces). Basically OpenVPN appears to the tunnel endpoint as a virtual wire that behaves like an ethernet port. OpenVPN is far more flexible when it comes to network restrictions. On the other hand the SSH main idea is not VPN but secure shell access :) For VoIP I'd imagine SSH is quite impractical, if usable at all. Most likely the TCP-only restriction will make life difficult. SIP over OpenVPN works - I used it to tunnel from a trip to California to my Asterisk back home in Germany. The voice quality was a bit poor, but this might also relate to the WLAN and the multi-hop-internet route in between. Speaking generally, of course an aditional layer (which both OpenVPN and SSH introduce) does not improve the signal path quality, or latency, or everything. I have read recommendations to use OpenVPN in UDP mode to reduce packetizing problems which would result in choppy sound as well. No comparison numbers available here though. BR Anselm _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
