Bill Michaelson
2008-Sep-13 11:58 UTC
[asterisk-users] Which internet phone protocol best to, choose
From: Tzafrir Cohen <tzafrir.cohen at xorcom.com>> Subject: Re: [asterisk-users] Which internet phone protocol best to > choose > > On Fri, Sep 12, 2008 at 09:14:40PM -0400, Steve Totaro wrote: > > > I think the most notably missing solution is OpenVPN and SIP. > > > > One port for the tunnel, encrypted traffic, benefits of IAX as far as > > firewalls and hostile governments (BTW, IAX2 is not as obscure as it > > once was, therefore, the hostile government argument is not as > > anywhere as strong as a VPN). > > > > Since you will be running SIP over the VPN, you get the > > interoperability that SIP provides. > > > > I am sure you could pretty quickly find someone to offer you the > > gateway side of the VPN for a small charge, or a virtual hosted server > > should do fine. I have not looked but there may be some VoIP > > providers that offer or would accommodate OpenVPN tunnels. > > How does Asterisk live with the extra network interface used for the > tunnel? > (Specifically with SIP) >Tzafrir - I'm not exactly sure what you are asking - I have had issues with how SIP calls are presented on different subnets which were a side effect of using multiple ethernets (for example, on an asterisk box with a wireless card running in AP mode providing SIP access). But in my experience, openvpn presents no issues per se. Most of my asterisk boxes have multiple ethernets, and in the case of openvpn, the additional tap (I tunnel layer 2) interface(s) are simply that many more. In fact, I typically run two instances of openvpn for each virtual subnet server so that clients have a choice of connecting via UDP and TCP. But they are usually bridged with a physical interface and share the IP, so maybe that simplifies matters. Steve implied that his configuration might separate the openvpn onto a separate box, but I have run client side on the same box as asterisk and SIP'ed in with Polycom phones via a subnet that was running the openvpn client on one node. I have another box that runs openvpn in server mode alongside asterisk, and it currently provides connections to two Polycom's on a subnet that is bridged (brctl) via a separate box running openvpn client. I have also run openvpn client on Windows XP over Verizon EVDO and bridged it to the physical ethernet on the notebook, then attached it via crossover ethernet cable to a Polycom phone. No SIP problems - it just works. I like the combination, and I think Steve has suggested a very workable and versatile alternative in this Coke vs. Pepsi thread. And the encryption is gravy. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3234 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20080913/80cad45f/attachment.bin