Mart,
everything is on Asterisk box (I am using it as a router also, ADSL
router is only used as a bridge). I prefer all-in-one setup, though
many argue that it is better to have dedicated machines, but that is
impractical for obvious reasons.
I am not using Astlinux in this case (I had a powerful machine
available so there was no need), but I believe OpenVPN is configurable
from Astlinux GUI.
Regards,
Niksa Baldun
Martin Rogers wrote:
Niksa
could you please advise which model of router you have got working with
OpenVPN. Also can you confirm that you are running the VPN on the PBX
rather itself than in front of it (e.g. rather than on its own router in
box-to-box vpn mode).
Out of interest, if you are running it on the PBX did you use the
astlinux web tool to configure this ?
Thanks
Mart
Niksa Baldun wrote:
Martin,
you are unlikely to find OpenVPN support on the phone. The router on the remote
site should be responsible for maintaining VPN connection. I have such setup
with ADSL line (3M/512k), eight phones and 3 PCs on remote site, all working
over OpenVPN. So far it works flawlessly, users are not even aware they are not
using traditional telephony (admittedly the phone traffic is pretty low, rarely
more that two simultaneous calls).
Niksa Baldun
Martin Rogers wrote:
Darrick,
interesting point about the VPN. I have to have three classes of port
opened up for my AstLinux to work on the internet. A VPN solution would
certainly simplify things in this respect.
However, in reality, how ubiquitous is VPN support on VOIP phones. I use
three types of phone (two PolyCom models and a Snom model) and none of
them seem to offer any VPN client support.
The other point is that steam encryption is going to slow down
transmission of the media stream (to some extent anyway). I have
experienced some bad degradation running a couple of phones with
Asterisk through a PIX hardware VPN over a residential ADSL line.
Stuttery MOH is not nice.
How practical is the VPN suggestion, does anyone actually use this.
What steps are others taking to secure AstLinux/Asterisk on public
networks. It would be useful if we could get a list of ideas together.
My very short and inadequate list so far is as follows:
-Limit the number of ports available
-Use UnionFS and change the root password
-Use hashed secrets
-Disable allowguest if using SIP
Thoughts anyone?
Thanks,
Mart
Darrick Hartman wrote:
David,
You could use openvpn to secure the connection. MAC address
restrictions are pretty weak and easy to spoof.
Darrick
David Kerr wrote:
I would like to permit a softphone on my laptop to connect to my
astlinux box from anywhere in the world. This would mean keeping port
5060 open, which is a potential security risk? Is there a way to
restrict access by mac address? so that my softphone on *my* laptop can
connect, but no one else's can (even if they know the extension/password.
Thanks.
David
On Mon, Nov 10, 2008 at 2:40 PM, Daniel Aeberli <[EMAIL PROTECTED]>
wrote:
Hi Darrick,
You right, I had miss-configured my Firewall: I open the voip ports when
I initially was try to my Asterisk trunk working. As I now know, the
trunk goes through a tunnel so I closed them just after my last post and
everything still works (no duh).
I still need to dig into my config (Firewall and Asterisk), I'm sure I
have other doors wide open why I tried to get things working.
Many thanks for the reply though.
Daniel
Darrick Hartman a écrit :
> Daniel,
>
> Not necessarily. It sounds like you have the firewall misconfigured.
> What ports are you opening? You should really only have your ssh
port
> and vpn port open. All others should be closed. How are these
people
> getting in?
>
> Darrick
>
> Daniel Aeberli wrote:
>
>> Sorry, just realised this is more an Astersik general question
than a
>> ASTLinux one ... of to search other forums...
>>
>> Daniel Aeberli a écrit :
>>
>>> Well after the brute force attack ssh login attempts, last
month, I have
>>> an undesirable outsider that successfully made calls from my
ASTlinux
>>> box. I locked out the brute force, by disabling WAN requests,
turning of
>>> WAN ping response and turning off ssh access, but obviously my
box is
>>> not secure.
>>>
>>> I'm not savvy enough to know how to secure by AstLinux box from
outside
>>> callers (hackers). I only use AstLinux to call my parents
AstLinux box
>>> via a VPN trunk over our ADSL lines. All my local calls go via
ISDN line
>>> (since I have to have it for the ADSL link and local call are
free).
>>>
>>> Could someone tell me how to lock outside calls (internet /
ADSL) from
>>> using my ISDN lines?
>>>
>>> Thanks
>>>
>>> Daniel
>>>
>>>
-------------------------------------------------------------------------
>>> This SF.Net email is sponsored by the Moblin Your Move
Developer's challenge
>>> Build the coolest Linux based applications with Moblin SDK &
win great prizes
>>> Grand prize is a trip for two to an Open Source event anywhere
in the world
>>> http://moblin-contest.org/redirect.php?banner_id=100&url="">
<http://moblin-contest.org/redirect.php?banner_id=100&url="">
>>> _______________________________________________
>>> Astlinux-users mailing list
>>> Astlinux-users@lists.sourceforge.net
<mailto:Astlinux-users@lists.sourceforge.net>
>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>>
>>> Donations to support AstLinux are graciously accepted via
PayPal to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>.
>>>
>>>
>>
-------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move
Developer's challenge
>> Build the coolest Linux based applications with Moblin SDK & win
great prizes
>> Grand prize is a trip for two to an Open Source event anywhere
in the world
>> http://moblin-contest.org/redirect.php?banner_id=100&url="">
<http://moblin-contest.org/redirect.php?banner_id=100&url="">
>> _______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
<mailto:Astlinux-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal
to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>.
>>
>
>
>
-------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move
Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win
great prizes
> Grand prize is a trip for two to an Open Source event anywhere in
the world
> http://moblin-contest.org/redirect.php?banner_id=100&url="">
<http://moblin-contest.org/redirect.php?banner_id=100&url="">
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
<mailto:Astlinux-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal
to [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>.
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win
great prizes
Grand prize is a trip for two to an Open Source event anywhere in
the world
http://moblin-contest.org/redirect.php?banner_id=100&url="">
<http://moblin-contest.org/redirect.php?banner_id=100&url="">
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
<mailto:Astlinux-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>.
------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url="">
------------------------------------------------------------------------
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED].
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url="">
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED].
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url="">
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED].
------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url="">
------------------------------------------------------------------------
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED].
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url="">
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED].
|
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to [EMAIL
PROTECTED]
