VoIP Mailing List Archives
Mailing list archives for the VoIP community |
|
| View previous topic :: View next topic |
| Author |
Message |
jsmith at digium.com
Guest
|
 Posted: Thu Jan 17, 2008 8:24 pm Post subject: [asterisk-users] Two Asterisks behind NAT and need to link t |
 |
|
On Thu, 2008-01-17 at 17:09 -0800, John Constalgie wrote:
| Quote: | Hence, is my only choice using an SSH tunnel between A and B for the
IAX connection to work? Will it work though with that "One-way SSH"
factor mentioned before?
|
It's my understanding that SSH tunneling will only work with TCP
traffic. IAX2 uses UDP packets, so I don't think that'll work. You
might try setting up a VPN or something along those lines. (Also, IAX2
defaults to port 4569, not port 5060.)
--
Jared Smith
Community Relations Manager
Digium, Inc. |
|
| Back to top |
|
 |
anselm at hoffmeister-...
Guest
|
| Posted: Fri Jan 18, 2008 1:24 pm Post subject: [asterisk-users] Two Asterisks behind NAT and need to link t |
|
|
Am Freitag, den 18.01.2008, 04:21 -0800 schrieb bilal ghayyad:
| Quote: | Hi;
Via OpenVPN or port forwarding is known for me, but
via SSH is new for me, how I can do it and what is the
difference by SSH and OpenVPN?
|
In principle both use a packet stream (SSH is TCP, OpenVPN is TCP or
UDP) for encapsulating IP packets. The main difference is that SSH port
forwarding forwards the packet data, but not the header: The packet is
stripped at side A and a seemingly different TCP connection is
established on side B. This also implies the main limitation of SSH,
that it is restricted to tunneling TCP (afaik).
OpenVPN in contrast takes entire IP packets, applies routing and tunnels
the entire packet through. You can tunnel any IP traffic through
OpenVPN, and the remote side IP address will persist. (You can even
tunnel IPX or Appletalk, if using the BRIDGE mode with virtual TAP
interfaces). Basically OpenVPN appears to the tunnel endpoint as a
virtual wire that behaves like an ethernet port. OpenVPN is far more
flexible when it comes to network restrictions.
On the other hand the SSH main idea is not VPN but secure shell
access 
For VoIP I'd imagine SSH is quite impractical, if usable at all. Most
likely the TCP-only restriction will make life difficult.
SIP over OpenVPN works - I used it to tunnel from a trip to California
to my Asterisk back home in Germany. The voice quality was a bit poor,
but this might also relate to the WLAN and the multi-hop-internet route
in between. Speaking generally, of course an aditional layer (which both
OpenVPN and SSH introduce) does not improve the signal path quality, or
latency, or everything.
I have read recommendations to use OpenVPN in UDP mode to reduce
packetizing problems which would result in choppy sound as well. No
comparison numbers available here though.
BR
Anselm |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
Search
