In this kind of discussion, it is pretty safe to assume that the VOIP PABX used is an asterisk running either SIP/IAX2/H323/RTP protocols. Googling will provide us with the corresponding range of ports in each of them either in UDP or in TCP.
Now, it is easy to get this working. In the IP phones, one has to enable the NAT feature and for the asterisk server running OpenBSD it is educational to allow first both incoming/outgoing traffic as pass in as well as pass all. The major easy here is on how the voice traffic from OBSD-VPN-A to OBSD-VPN-B and vice versa encrypted. That is, an encryption of the voice traffic as full-duplex. Any comments? >Jeroen Massar > Bob DeBolt wrote: > [ Note your PGP armor was broken in the previous message, please check > and fix if possible, it could be of course that the mailinglist peeped > it up somewhere. Best solution: don't use inline PGP signing, but use > the MIME variant, which is available in enigmail, eg I use it :) ] > >> If anyone reading this understands the VOIP / NAT issue, preferably via >> experience, and has an answer to what is involved making VOIP work >> through a pf enabled OpenBSD 4.0 stable firewall, Could you please lend >> a hand, offer direction? > > It all depends on what exact components you have and how strict the > firewall is. I wonder how related it is for [email protected] but.... > > Questions: > - Which exact protocols are being used > - What is the client (software/hardware/version) > - What is the server (software/hardware/version) > - What does the network look like > and probably some other info I forget ;) > > Generic VoIP (read: SIP) over NAT solutions: > http://www.voip-info.org/wiki/view/STUN > http://www.voip-info.org/wiki/view/MediaProxy > http://www.voip-info.org/wiki/view/Asterisk+SIP+NAT+solutions > ... rest of that site ;) > > and of course throwing any VPN tunnel over the NAT to get a public > address and using that for everything. > > Greets, > Jeroen > > [demime 1.01d removed an attachment of type application/pgp-signature > which had a name of signature.asc]
