Anyone ever set up Asterisk to use SSH Tunneling? Anyone know the pros & cons? Thanks, Chris
Christopher Jacob wrote:> Anyone ever set up Asterisk to use SSH Tunneling? Anyone know the pros & > cons? > > Thanks, > > ChrisThis search on google turned up close to 300 messages: site:lists.digium.com ssh If you give it some more keywords, it'll probably narrow the results down to exactly what you're looking for. -- Andrew Thompson http://aktzero.com/
Christopher Jacob wrote: > Anyone ever set up Asterisk to use SSH Tunneling? Anyone know the pros > & cons? Asterisk has a command line interface that can be called from probably any shell. I ssh into my Linux box that runs asterisk then tweak my settings/run asterisk -r with no special configuration other than actually turning on and configuring the sshd, which should be done anyway. Are you sure you mean ssh? Could you possibly mean VPN(in all it's varieties)? If you want to know about securing the voip traffic, remove ssh from my previous statement and try these keywords: site:Linux.digium.com ipsec site:Linux.digium.com vpn Sugar to taste... (ie, add any other keywords that you think are helpful) -- Andrew Thompson http://aktzero.com/
Thanks for the response... Of course you can SSH in to a machine and run the Asterisk CL. That is not what I am asking about. Specifically I am asking about tunneling. (ie establish an SSH session between my machine and the server, initiating a tunnel on the SIP/IAX ports, and connecting a client ((x-ten or the like)) to the server using "localhost" as the server address) I know there is a ton of information on Google about SSH Tunnels, and I know that this is theoretically possible, what I was specifically asking for was user experience, not a how do I? I am all about an optimal signal / noise ratio on this list, but just because a topic was discussed once or twice in the past doesn't mean it can't ever be brought up again. As this software evolves, things are bound to change and necessitate revisiting a subject. Again, thanks for the response! Anyone have any experiences (good or bad) trying to accomplish this? Thanks, Chris ------------------------------ Message: 13 Date: Tue, 12 Oct 2004 23:05:42 -0400 From: Andrew Thompson <asteriskuser@aktzero.com> Subject: Re: [Asterisk-Users] Asterisk VIA SSH Tunnels To: Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users@lists.digium.com> Message-ID: <416C9B86.7000304@aktzero.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Christopher Jacob wrote: > Anyone ever set up Asterisk to use SSH Tunneling? Anyone know the pros > & cons? Asterisk has a command line interface that can be called from probably any shell. I ssh into my Linux box that runs asterisk then tweak my settings/run asterisk -r with no special configuration other than actually turning on and configuring the sshd, which should be done anyway. Are you sure you mean ssh? Could you possibly mean VPN(in all it's varieties)? If you want to know about securing the voip traffic, remove ssh from my previous statement and try these keywords: site:Linux.digium.com ipsec site:Linux.digium.com vpn Sugar to taste... (ie, add any other keywords that you think are helpful) -- Andrew Thompson http://aktzero.com/
Just my 2p. But might it not be a better idea to push for proper secure SIP support. However this requires a number of steps in the * dev: - TCP Support for SIP - TLS Support for SIP - SIPS Support - Secure codec support via * (SRTP - http://www.voip-info.org/wiki-SRTP) tho transcoding is probably not needed as that would defeat the object. Else would VPN's with IPSec or whatever incur less overhead???? alex -----Original Message----- From: Eric Wieling [mailto:eric@fnords.org] Sent: 13 October 2004 13:23 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Asterisk VIA SSH Tunnels Christopher Jacob wrote:>Thanks for the response... Of course you can SSH in to a machine and >run the Asterisk CL. That is not what I am asking about. Specifically I>am asking about tunneling. (ie establish an SSH session between my >machine and the server, initiating a tunnel on the SIP/IAX ports, and >connecting a client ((x-ten or the like)) to the server using >"localhost" as the server address) > >I know there is a ton of information on Google about SSH Tunnels, and I>know that this is theoretically possible, what I was specifically >asking for was user experience, not a how do I? > >I am all about an optimal signal / noise ratio on this list, but just >because a topic was discussed once or twice in the past doesn't mean it>can't ever be brought up again. As this software evolves, things are >bound to change and necessitate revisiting a subject. > >Again, thanks for the response! > >Anyone have any experiences (good or bad) trying to accomplish this? > >From an IP networking standpoint you can tunnel UDP (which is all IAX is) over SSH. I suspect your call quality will suck, however. Dear Friends of Ubiquity Software: As you may have noticed, Ubiquity Software began using the web domain ubiquity.com earlier this year in addition to the previously established ubiquity.net for our website and email communications to you. However, since that time, a dispute has emerged with respect to actual ownership of the ubiquity.com domain. As an international software company founded over decade ago, you can always reach Ubiquity Software under the website www.ubiquity.net <http://www.ubiquity.net/> and via email at @ubiquity.net. However, we have also chosen to expand our domain to the more specific www.ubiquitysoftware.com <http://www.ubiquitysoftware.com/> for web and @ubiquitysoftware.com for email communications. Please use either the historical ubiquity.net or begin to use the new ubiquitysoftware.com domain for all email communications to Ubiquity employees from now on. Thank you. Regards, Ubiquity Software www.ubiquitysoftware.com <http://www.ubiquitysoftware.com/> info@ubiquitysoftware.com
Benjamin on Asterisk Mailing Lists
2004-Oct-13 06:47 UTC
[Asterisk-Users] Asterisk VIA SSH Tunnels
On Wed, 13 Oct 2004 13:39:38 +0100, Alex Barnes <abarnes@ubiquitysoftware.com> wrote:> > But might it not be a better idea to push for proper secure SIP support.*proper* *secure SIP* That will win you the gold medal for the double oxymoron of the year :-) rgds benjk -- Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Tokyo, Japan. NB: Spam filters in place. Messages unrelated to the * mailing lists may get trashed.
I've been running ssh tunnels for a couple of years now. For years, they've worked well. However, now that I've got asterisk up I do notice problems. Biggest indication of this is if I'm on a call and run a program in another window that scrolls and scrolls call quality drops off significantly. (I'm using FreeBSD on all the tunnel machines going back to the office. I work at an ISP, so I have a machine here at the office and use the tunnels across my DSL lines.) Based on advice from David McNett, I'm looking at moving to OpenBSD for the tunnel machines. With that, I'll be able to use pf+altq (http://slacker.com/~nugget/asterisk4.php) on the tunnel interfaces. Hopefully, that will take care of the only issue I've had with the tunnels since installing them. On Oct 12, 2004, at 9:42 PM, Christopher Jacob wrote:> Anyone ever set up Asterisk to use SSH Tunneling? Anyone know the pros > & > cons? > > Thanks, > > Chris > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users