On Thursday 25 Dec 2014 08:43:23 Bill Kenworthy wrote: > On 25/12/14 15:43, Joseph wrote: > > I've installed "zoiper" (this is an softphone app to connect to my > > Asterisk server) on my old phone and it works on my private network over > > wifi. > > I'm using standard IAX port 4569 to register, so this port is open on my > > firewall. > > > > But when I catch an open public wifi network in a Mall or a Tim Horton > > "zoiper" failed to register. > > > > Do they block outgoing ports of public WiFi networks? What are my > > alternatives? > > > > I can open any port on my DD-Wrt and redirect it to my Asterisk server. > > Quite often happens in this part of the world. I run an openvpn ssl vpn > on port 443 with an ssl multiplexor on the server end - route all the > voip traffic through the vpn. Doesnt work well if bandwidth is really > constrained but its the difference between having at least something or > nothing at all. > > BillK
Most public WiFi hot spots in Europe, especially in multinational coffee shop chains, not only block privileged ports to thwart SOCK proxies, ssh, ipsec, et al., but also use deep-packet inspection and Man-In-The-Middle attack to decrypt your TLS connection to http, https, IMAP4, and POP3 and check your payload. They do this to make sure that you are not some unsavoury character, using their Internet connection for questionable activities. A number of companies (like Websense) offer this kind of helpful services to those who need to spy on our private communications. If you check the SSL certificate that is returned from e.g. gmail, you'll see that it has not been issued by gmail, or their CA. Most client applications should warn you when you try to connect to a website over TLS. In such cases I would consider your communications over this channel compromised, should you decide to proceed. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
