Hi List, After some research, it seems the only reasonable thing to do in order to get SIP phones behind NAT working reasonably well without fiddling with the DSL router is to have some kind of far end nat traversal mechanism. Is there any way to do this with open source tools? I've seen somewhere that far end nat traversal can be achieved with SER + nathelper does the job... has anybody gotten this working in conjunction with Asterisk? Another question... Are you aware of a SIP ATA or phone that has some kind of VPN (i.e. PPTP) client embedded in? This would make the NAT problem go away nicely and provide added security... Cheers, Jean-Michel.
Hello, i'm using ser+nathelper+rtpproxy in front of asterisk. It has been terrific. The only problem i have is with some DSL modems that grab port 5060 for themselves (why, i don't know, it's very annoying but easily solvable). Other than that, no issues at all, in the NAT, in the DMZ, between the modem and the router, all good. You can also look into ser+stun in front of asterisk. Or, you could just use IAX :-) -yair On Tue, 08 Mar 2005 17:49:36 +0400, Jean-Michel Hiver <hiver.j@wanadoo.fr> wrote:> Hi List, > > After some research, it seems the only reasonable thing to do in order > to get SIP phones behind NAT working reasonably well without fiddling > with the DSL router is to have some kind of far end nat traversal mechanism. > > Is there any way to do this with open source tools? I've seen somewhere > that far end nat traversal can be achieved with SER + nathelper does the > job... has anybody gotten this working in conjunction with Asterisk? > > Another question... Are you aware of a SIP ATA or phone that has some > kind of VPN (i.e. PPTP) client embedded in? This would make the NAT > problem go away nicely and provide added security... > > Cheers, > Jean-Michel. > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
> > Another question... Are you aware of a SIP ATA or phone that has some > kind of VPN (i.e. PPTP) client embedded in? This would make the NAT > problem go away nicely and provide added security...The Zulty's phones support VPN. Then again, many firewalls don't pass through VPN traffic nicely. Would be cool if we can have a phone that supports SSL VPNs like OpenVPN. leo
I am very interested in this idea, mainly from the "protection from a hostile telco" point of view. What are the problems that this is likely to cause: additional overhead, delay, firewall problems etc? Perhaps this is a little off-topic and should be discussed in another forum but if people are interested I would appreciate your input. Cameron --------------- Original message Date: Wed, 09 Mar 2005 08:11:39 +0800 From: Leo Ann Boon <leo@innovax.com.sg> Subject: Re: [Asterisk-Users] NAT Far End Traversal To: Asterisk Users Mailing List - Non-Commercial Discussion <asterisk-users@lists.digium.com> Message-ID: <422E3F3B.6060700@innovax.com.sg> Content-Type: text/plain; charset=ISO-8859-1; format=flowed>> Another question... Are you aware of a SIP ATA or phone that has some> kind of VPN (i.e. PPTP) client embedded in? This would make the NAT> problem go away nicely and provide added security...The Zulty's phones support VPN. Then again, many firewalls don't pass through VPN traffic nicely. Would be cool if we can have a phone that supports SSL VPNs like OpenVPN. leo