Re: [AFMUG] OT AASTRA remote via vpn
In that case, I'd think it'd be faster/easier to tell your IT tech "set up the VPN server and a remote VPN box for me" then to make an all-cases drop-box. On Mon, Jul 2, 2018 at 5:52 PM, wrote: > Well, since I own or manage the companies... I think it is gonna be OK. > > *From:* Colin Stanners > *Sent:* Monday, July 2, 2018 4:47 PM > *To:* AnimalFarm Microwave Users Group > *Subject:* Re: [AFMUG] OT AASTRA remote via vpn > > Really, you want a plug-in backdoor into their network that the sysadmin > doesn't know about... this product isn't designed for low-tweaking use but > would probably do what you want. https://www.wired.com/2012/03/pwnie/ . > If you do the drive out to Las Vegas for DEFCON in a month there's probably > more of those that you can see in the vendor area. > > I can try doing the same myself with a few Mikrotik boxes and a bit of > scripting, and if successful you can order devices for yourself and I can > program them remotely (or just send them to me and pay the shipping to > yourself after). > > > On Mon, Jul 2, 2018 at 2:57 PM, wrote: > >> Yes, so I don’t want to involve anyone. Just plug in a box on the lan, >> take the phone with me. >> >> *From:* Colin Stanners >> *Sent:* Monday, July 2, 2018 1:54 PM >> *To:* AnimalFarm Microwave Users Group >> *Subject:* Re: [AFMUG] OT AASTRA remote via vpn >> >> The VPN would rarely ever be software on the server. A bigger factor is >> that most network admins would take a dim view of you asking to install VPN >> server devices that they can't control/update on their networks as that can >> be a massive security risk. >> >> On Mon, Jul 2, 2018, 1:28 PM wrote: >> >>> OK, but at the far end it would be good to have a small piece of >>> hardware too rather than depend on VPN software running on some random >>> server. I would rather not bother the various IT folks at these different >>> companies that all run asterisk. >>> >>> *From:* Trey Scarborough >>> *Sent:* Monday, July 2, 2018 12:19 PM >>> *To:* af@af.afmug.com >>> *Subject:* Re: [AFMUG] OT AASTRA remote via vpn >>> >>> >>> yep small mikrotik >>> >>> On 7/2/2018 1:14 PM, ch...@wbmfg.com wrote: >>> >>> Let’s say I am in a random hotel room and I want to use my Aastra phone >>> back to my office asterisk. >>> >>> That is similar to what I need to accomplish. >>> >>> *From:* Sean Heskett >>> *Sent:* Monday, July 2, 2018 11:55 AM >>> *To:* AnimalFarm Microwave Users Group >>> *Subject:* Re: [AFMUG] OT AASTRA remote via vpn >>> >>> Instead of a vpn it might be better to just allow it to connect through >>> the firewall (assuming you are able to manage the firewall) >>> >>> On Mon, Jul 2, 2018 at 1:32 PM wrote: >>> >>>> Other way around, I want to use my Aastra from my home office but I >>>> want it to connect to two other companies’ business office asterisk >>>> systems. >>>> >>>> *From:* Sean Heskett >>>> *Sent:* Monday, July 2, 2018 11:06 AM >>>> *To:* AnimalFarm Microwave Users Group >>>> *Subject:* Re: [AFMUG] OT AASTRA remote via vpn >>>> Hey Chuck, >>>> >>>> What about using a sip client app on your mobile phone? You can turn >>>> on vpn on the phone. >>>> >>>> Or do you want an actual desk phone? >>>> >>>> -sean >>>> >>>> >>>> On Sun, Jul 1, 2018 at 11:33 AM wrote: >>>> >>>>> I wonder what the simplest and cheapest method is to use an Aastra SIP >>>>> phone while away from the office. Our Asterisk is on private IP space so >>>>> I >>>>> have to have the phone tunnel into my internal LAN. There are firewall >>>>> boxes available that will do this. >>>>> -- >>>>> AF mailing list >>>>> AF@af.afmug.com >>>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>>> >>>> -- >>>> AF mailing list >>>> AF@af.afmug.com >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>> -- >>>> AF mailing list >>>> AF@af.afmug.com >>>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>>> >>> -- >>> -- >>> AF mailing list >>> AF@af.afmug.com >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >>> >>> >>> -- >>> -- >>> AF mailing list >>> AF@af.afmug.com >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> -- >>> AF mailing list >>> AF@af.afmug.com >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >> -- >> -- >> AF mailing list >> AF@af.afmug.com >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> -- >> AF mailing list >> AF@af.afmug.com >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> > > -- > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] OT AASTRA remote via vpn
The VPN would rarely ever be software on the server. A bigger factor is that most network admins would take a dim view of you asking to install VPN server devices that they can't control/update on their networks as that can be a massive security risk. On Mon, Jul 2, 2018, 1:28 PM wrote: > OK, but at the far end it would be good to have a small piece of hardware > too rather than depend on VPN software running on some random server. I > would rather not bother the various IT folks at these different companies > that all run asterisk. > > *From:* Trey Scarborough > *Sent:* Monday, July 2, 2018 12:19 PM > *To:* af@af.afmug.com > *Subject:* Re: [AFMUG] OT AASTRA remote via vpn > > > yep small mikrotik > > On 7/2/2018 1:14 PM, ch...@wbmfg.com wrote: > > Let’s say I am in a random hotel room and I want to use my Aastra phone > back to my office asterisk. > > That is similar to what I need to accomplish. > > *From:* Sean Heskett > *Sent:* Monday, July 2, 2018 11:55 AM > *To:* AnimalFarm Microwave Users Group > *Subject:* Re: [AFMUG] OT AASTRA remote via vpn > > Instead of a vpn it might be better to just allow it to connect through > the firewall (assuming you are able to manage the firewall) > > On Mon, Jul 2, 2018 at 1:32 PM wrote: > >> Other way around, I want to use my Aastra from my home office but I want >> it to connect to two other companies’ business office asterisk systems. >> >> *From:* Sean Heskett >> *Sent:* Monday, July 2, 2018 11:06 AM >> *To:* AnimalFarm Microwave Users Group >> *Subject:* Re: [AFMUG] OT AASTRA remote via vpn >> Hey Chuck, >> >> What about using a sip client app on your mobile phone? You can turn on >> vpn on the phone. >> >> Or do you want an actual desk phone? >> >> -sean >> >> >> On Sun, Jul 1, 2018 at 11:33 AM wrote: >> >>> I wonder what the simplest and cheapest method is to use an Aastra SIP >>> phone while away from the office. Our Asterisk is on private IP space so I >>> have to have the phone tunnel into my internal LAN. There are firewall >>> boxes available that will do this. >>> -- >>> AF mailing list >>> AF@af.afmug.com >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >> -- >> AF mailing list >> AF@af.afmug.com >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> -- >> AF mailing list >> AF@af.afmug.com >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > -- > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > > > -- > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] OT AASTRA remote via vpn
Ok, what about a VPN server box (Mikrotik or otherwise) which also runs dynamic DNS? The VPN client box connects to the dynamic hostname. Their IT dept will still need to forward traffic to the VPN server, but that's/all /they would need to do. They don't even need to have a static IP. For your part, you don't need to know what their IP's are. You could preconfigure a server box with a dyn hostname like "voiptunnel-1" and then provide one or more client side boxes which are already configured to open a tunnel to "voiptunnel-1". If you want to use this client box at a random hotel, then it needs to support being a wifi client bridge and have a simple way for the traveler to set the SSID and/or key. Mikrotik can certainly do the job, but I don't think it would be simple enough for any given business traveler. Just a couple cents. -Adam On 7/2/2018 2:28 PM, ch...@wbmfg.com wrote: OK, but at the far end it would be good to have a small piece of hardware too rather than depend on VPN software running on some random server. I would rather not bother the various IT folks at these different companies that all run asterisk. *From:* Trey Scarborough *Sent:* Monday, July 2, 2018 12:19 PM *To:* af@af.afmug.com *Subject:* Re: [AFMUG] OT AASTRA remote via vpn yep small mikrotik On 7/2/2018 1:14 PM, ch...@wbmfg.com wrote: Let’s say I am in a random hotel room and I want to use my Aastra phone back to my office asterisk. That is similar to what I need to accomplish. *From:* Sean Heskett *Sent:* Monday, July 2, 2018 11:55 AM *To:* AnimalFarm Microwave Users Group *Subject:* Re: [AFMUG] OT AASTRA remote via vpn Instead of a vpn it might be better to just allow it to connect through the firewall (assuming you are able to manage the firewall) On Mon, Jul 2, 2018 at 1:32 PM wrote: Other way around, I want to use my Aastra from my home office but I want it to connect to two other companies’ business office asterisk systems. *From:* Sean Heskett *Sent:* Monday, July 2, 2018 11:06 AM *To:* AnimalFarm Microwave Users Group *Subject:* Re: [AFMUG] OT AASTRA remote via vpn Hey Chuck, What about using a sip client app on your mobile phone? You can turn on vpn on the phone. Or do you want an actual desk phone? -sean On Sun, Jul 1, 2018 at 11:33 AM wrote: I wonder what the simplest and cheapest method is to use an Aastra SIP phone while away from the office. Our Asterisk is on private IP space so I have to have the phone tunnel into my internal LAN. There are firewall boxes available that will do this. -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] OT AASTRA remote via vpn
You'd probably want a VPN for your laptop anyways, so a mini onsite VPN router would be best. On Mon, Jul 2, 2018, 1:14 PM wrote: > Let’s say I am in a random hotel room and I want to use my Aastra phone > back to my office asterisk. > > That is similar to what I need to accomplish. > > *From:* Sean Heskett > *Sent:* Monday, July 2, 2018 11:55 AM > *To:* AnimalFarm Microwave Users Group > *Subject:* Re: [AFMUG] OT AASTRA remote via vpn > > Instead of a vpn it might be better to just allow it to connect through > the firewall (assuming you are able to manage the firewall) > > On Mon, Jul 2, 2018 at 1:32 PM wrote: > >> Other way around, I want to use my Aastra from my home office but I want >> it to connect to two other companies’ business office asterisk systems. >> >> *From:* Sean Heskett >> *Sent:* Monday, July 2, 2018 11:06 AM >> *To:* AnimalFarm Microwave Users Group >> *Subject:* Re: [AFMUG] OT AASTRA remote via vpn >> Hey Chuck, >> >> What about using a sip client app on your mobile phone? You can turn on >> vpn on the phone. >> >> Or do you want an actual desk phone? >> >> -sean >> >> >> On Sun, Jul 1, 2018 at 11:33 AM wrote: >> >>> I wonder what the simplest and cheapest method is to use an Aastra SIP >>> phone while away from the office. Our Asterisk is on private IP space so I >>> have to have the phone tunnel into my internal LAN. There are firewall >>> boxes available that will do this. >>> -- >>> AF mailing list >>> AF@af.afmug.com >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >>> >> -- >> AF mailing list >> AF@af.afmug.com >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> -- >> AF mailing list >> AF@af.afmug.com >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > -- > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] OT AASTRA remote via vpn
Let’s say I am in a random hotel room and I want to use my Aastra phone back to my office asterisk. That is similar to what I need to accomplish. From: Sean Heskett Sent: Monday, July 2, 2018 11:55 AM To: AnimalFarm Microwave Users Group Subject: Re: [AFMUG] OT AASTRA remote via vpn Instead of a vpn it might be better to just allow it to connect through the firewall (assuming you are able to manage the firewall) On Mon, Jul 2, 2018 at 1:32 PM wrote: Other way around, I want to use my Aastra from my home office but I want it to connect to two other companies’ business office asterisk systems. From: Sean Heskett Sent: Monday, July 2, 2018 11:06 AM To: AnimalFarm Microwave Users Group Subject: Re: [AFMUG] OT AASTRA remote via vpn Hey Chuck, What about using a sip client app on your mobile phone? You can turn on vpn on the phone. Or do you want an actual desk phone? -sean On Sun, Jul 1, 2018 at 11:33 AM wrote: I wonder what the simplest and cheapest method is to use an Aastra SIP phone while away from the office. Our Asterisk is on private IP space so I have to have the phone tunnel into my internal LAN. There are firewall boxes available that will do this. -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] OT AASTRA remote via vpn
Instead of a vpn it might be better to just allow it to connect through the firewall (assuming you are able to manage the firewall) On Mon, Jul 2, 2018 at 1:32 PM wrote: > Other way around, I want to use my Aastra from my home office but I want > it to connect to two other companies’ business office asterisk systems. > > *From:* Sean Heskett > *Sent:* Monday, July 2, 2018 11:06 AM > *To:* AnimalFarm Microwave Users Group > *Subject:* Re: [AFMUG] OT AASTRA remote via vpn > Hey Chuck, > > What about using a sip client app on your mobile phone? You can turn on > vpn on the phone. > > Or do you want an actual desk phone? > > -sean > > > On Sun, Jul 1, 2018 at 11:33 AM wrote: > >> I wonder what the simplest and cheapest method is to use an Aastra SIP >> phone while away from the office. Our Asterisk is on private IP space so I >> have to have the phone tunnel into my internal LAN. There are firewall >> boxes available that will do this. >> -- >> AF mailing list >> AF@af.afmug.com >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] OT AASTRA remote via vpn
you could just do NAT from specific addresses to the internal IP of the servers. On 7/2/2018 12:32 PM, ch...@wbmfg.com wrote: Other way around, I want to use my Aastra from my home office but I want it to connect to two other companies’ business office asterisk systems. *From:* Sean Heskett *Sent:* Monday, July 2, 2018 11:06 AM *To:* AnimalFarm Microwave Users Group *Subject:* Re: [AFMUG] OT AASTRA remote via vpn Hey Chuck, What about using a sip client app on your mobile phone? You can turn on vpn on the phone. Or do you want an actual desk phone? -sean On Sun, Jul 1, 2018 at 11:33 AM wrote: I wonder what the simplest and cheapest method is to use an Aastra SIP phone while away from the office. Our Asterisk is on private IP space so I have to have the phone tunnel into my internal LAN. There are firewall boxes available that will do this. -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] OT AASTRA remote via vpn
Other way around, I want to use my Aastra from my home office but I want it to connect to two other companies’ business office asterisk systems. From: Sean Heskett Sent: Monday, July 2, 2018 11:06 AM To: AnimalFarm Microwave Users Group Subject: Re: [AFMUG] OT AASTRA remote via vpn Hey Chuck, What about using a sip client app on your mobile phone? You can turn on vpn on the phone. Or do you want an actual desk phone? -sean On Sun, Jul 1, 2018 at 11:33 AM wrote: I wonder what the simplest and cheapest method is to use an Aastra SIP phone while away from the office. Our Asterisk is on private IP space so I have to have the phone tunnel into my internal LAN. There are firewall boxes available that will do this. -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] OT AASTRA remote via vpn
Hey Chuck, What about using a sip client app on your mobile phone? You can turn on vpn on the phone. Or do you want an actual desk phone? -sean On Sun, Jul 1, 2018 at 11:33 AM wrote: > I wonder what the simplest and cheapest method is to use an Aastra SIP > phone while away from the office. Our Asterisk is on private IP space so I > have to have the phone tunnel into my internal LAN. There are firewall > boxes available that will do this. > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] OT AASTRA remote via vpn
I'd imagine your internal LAN's router/firewall already supports VPN-in. Such a setup can be quickly configured, I may even have sample configurations somewhere if you want one. On Sun, Jul 1, 2018 at 12:00 PM, wrote: > I kinda expected that answer... > I would need one on both ends. > > *From:* Colin Stanners > *Sent:* Sunday, July 1, 2018 10:02 AM > *To:* AnimalFarm Microwave Users Group > *Subject:* Re: [AFMUG] OT AASTRA remote via vpn > > Something like a small and inexpensive Mikrotik router can be setup as an > auto-VPN box for a case like this; one port gets DHCP from whatever network > it's connected to and does VPN, other port connects phone. > > On Sun, Jul 1, 2018 at 10:33 AM, wrote: > >> I wonder what the simplest and cheapest method is to use an Aastra SIP >> phone while away from the office. Our Asterisk is on private IP space so I >> have to have the phone tunnel into my internal LAN. There are firewall >> boxes available that will do this. >> >> -- >> AF mailing list >> AF@af.afmug.com >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com >> >> > > -- > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
Re: [AFMUG] OT AASTRA remote via vpn
Something like a small and inexpensive Mikrotik router can be setup as an auto-VPN box for a case like this; one port gets DHCP from whatever network it's connected to and does VPN, other port connects phone. On Sun, Jul 1, 2018 at 10:33 AM, wrote: > I wonder what the simplest and cheapest method is to use an Aastra SIP > phone while away from the office. Our Asterisk is on private IP space so I > have to have the phone tunnel into my internal LAN. There are firewall > boxes available that will do this. > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
