Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
On Tue, Jan 31, 2012 at 12:54:41PM +, Arthur Stanfield wrote: Hi Gilles, You can't tunnel UDP through SSH. For the record: you can. But it's not really a good idea. Two options: 1. ssh -D: dynamic port forwarding. Which basically means that it creates a socks4/socks5 proxy. You can now use e.g. sockify and connect UDP-based programs over that connection. 2. ssh -w: create a tun device and create a tunnel on top of that (root access of some sort is required). That said, the ssh connection is TCP. The basic reasoning in http://sites.inka.de/sites/bigred/devel/tcp-tcp.html applies to the VoIP UDP payload as well. Oh, and for the record, you can tunnel practically on top of anything. Just in case you're not familiar with it: IP over DNS (which means you don't even need direct access, and can use proxied DNS queries). http://code.kryo.se/iodine/ I figure you won't get quality audio with that, though. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
On Thu, 2 Feb 2012, Tzafrir Cohen wrote: Oh, and for the record, you can tunnel practically on top of anything. Just in case you're not familiar with it: IP over DNS (which means you don't even need direct access, and can use proxied DNS queries). http://code.kryo.se/iodine/ I figure you won't get quality audio with that, though. Don't forget RFC 1149! j -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] [NAT] SSH vs. OpenVPN?
Hello In case a NAT firewall prevents using STUN to open SIP/RTP ports, a solution is to first connect the phone to the Asterisk server through a tunnel, and then have data go through the tunnel. Are there hardphones that support OpenVPN? If none, what about SSH? Is this a good alternative to use VoIP with SIP? If you've tried either or both solutions, I'm interested in any feedback. Thank you. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
Gilles wrote: Are there hardphones that support OpenVPN? I've seen people mention snom with OpenVPN: http://wiki.snom.com/Networking/Virtual_Private_Network_%28VPN%29 Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
Hi Gilles, You can't tunnel UDP through SSH. Some of the newer Grandstream handsets support OpenVPN and are a bit cheaper than the Snom alternatives. - Regards, AJ Stanfield t: 0161-850-4001 e: a...@dmcip.com w: http://www.dmcip.com - Original Message - From: Gilles codecompl...@free.fr To: asterisk-users@lists.digium.com Sent: Tuesday, 31 January, 2012 12:32:20 PM Subject: [asterisk-users] [NAT] SSH vs. OpenVPN? Hello In case a NAT firewall prevents using STUN to open SIP/RTP ports, a solution is to first connect the phone to the Asterisk server through a tunnel, and then have data go through the tunnel. Are there hardphones that support OpenVPN? If none, what about SSH? Is this a good alternative to use VoIP with SIP? If you've tried either or both solutions, I'm interested in any feedback. Thank you. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
hello, yeallink T26 and T28 support OpenVPN too Regards -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
On Tue, 31 Jan 2012 12:54:41 + (GMT), Arthur Stanfield a...@dmcip.com wrote: You can't tunnel UDP through SSH. Some of the newer Grandstream handsets support OpenVPN and are a bit cheaper than the Snom alternatives. Thanks for the infos. So the only way to use SIP through locked-down NAT routers is to use OpenVPN, either with the few hardphones that support it or with a softphone on a computer. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
On Tue, 31 Jan 2012 07:57:22 -0500, bakko asannu...@gmail.com wrote: yeallink T26 and T28 support OpenVPN too Thanks for the infos. If someone tried the Snom, Grandstream, or Yeallink, how good is their OpenVPN connection? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
On Tue, 2012-01-31 at 14:13 +0100, Gilles wrote: On Tue, 31 Jan 2012 07:57:22 -0500, bakko asannu...@gmail.com wrote: yeallink T26 and T28 support OpenVPN too Thanks for the infos. If someone tried the Snom, Grandstream, or Yeallink, how good is their OpenVPN connection? Using Yealink T-28 with OpenVPN works fine - about three weeks now with no issues. Bummed that it seems to only support one tunnel, though. I asked their support team if they could make whatever changes necessary to support multiple, and their response made it sound promising :) I love this phone, actually. j -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
On Tue, 31 Jan 2012 10:03:46 -0600, Jeff LaCoursiere j...@sunfone.com wrote: Using Yealink T-28 with OpenVPN works fine - about three weeks now with no issues. Bummed that it seems to only support one tunnel, though. I asked their support team if they could make whatever changes necessary to support multiple, and their response made it sound promising :) Thanks for the feedback. Multiple tunnels are for conference calls? -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
Jeff LaCoursiere wrote: Bummed that it seems to only support one tunnel, though As in you can't register the phone to more then 1 remote Asterisk server via 2 different VPN tunnels or you can't have more then 1 call per VPN link? Doug -- Ben Franklin quote: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
On Tue, 2012-01-31 at 11:29 -0500, Doug Lytle wrote: Jeff LaCoursiere wrote: Bummed that it seems to only support one tunnel, though As in you can't register the phone to more then 1 remote Asterisk server via 2 different VPN tunnels or you can't have more then 1 call per VPN link? The former - I have the phone registered to several asterisk servers, and would like to have multiple tunnels in place to each of those asterisk servers, which it will not do. Multiple calls through the tunnel is no problem. j -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
On Tue, 2012-01-31 at 17:23 +0100, Gilles wrote: On Tue, 31 Jan 2012 10:03:46 -0600, Jeff LaCoursiere j...@sunfone.com wrote: Using Yealink T-28 with OpenVPN works fine - about three weeks now with no issues. Bummed that it seems to only support one tunnel, though. I asked their support team if they could make whatever changes necessary to support multiple, and their response made it sound promising :) Thanks for the feedback. Multiple tunnels are for conference calls? No - the phone allows you to register with multiple servers, and I would like to reach each server over its own tunnel. It won't do that today. I've had good luck requesting features from Yealink and having them show up in new firmware releases, though, and I think this will probably go that way too. OpenVPN supports multiple tunnels, and I am not sure how they managed to break it in such a way that it won't on their platform. To make it work you have to name the tunnel conf file vpn.conf, and I am sure their openvpn startup routines are just hardcoded for that one conf file. I don't expect it would be a major mod to look for additional conf files at startup, like the stock init.d scripts do... Cheers, j -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
On Tue, 31 Jan 2012 10:44:12 -0600, Jeff LaCoursiere j...@sunfone.com wrote: No - the phone allows you to register with multiple servers, and I would like to reach each server over its own tunnel. It won't do that today. Thanks for the info. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
On 01/31/2012 06:57 AM, Gilles wrote: Thanks for the infos. So the only way to use SIP through locked-down NAT routers is to use OpenVPN, either with the few hardphones that support it or with a softphone on a computer. You can also setup OpenVPN to connect a remote subnet (remote office) and it will route all traffic between subnets. Configure the hard/soft phones on the remote subnet to route through the OpenVPN. This works pretty well for me. -- The truth speaks for itself. I'm just the messenger. Lyta Alexander - Babylon 5 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [NAT] SSH vs. OpenVPN?
On Tue, 31 Jan 2012 16:25:37 -0600, Dale Noll dn...@wi.rr.com wrote: You can also setup OpenVPN to connect a remote subnet (remote office) and it will route all traffic between subnets. Configure the hard/soft phones on the remote subnet to route through the OpenVPN. This works pretty well for me. Thanks for the info. I was thinking of connecting while on the road/vacation, but it's a good use to connect a remote office to the main office. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
