[Asterisk-Dev] Making libiax2 speak TCP (through udp tunnelin g)

Whisker, Peter Peter.Whisker at logicacmg.com
Mon Jun 14 06:23:41 MST 2004 

I have had some success bypassing a firewall using UDP tunelling through TCP
to a machine outside the firewall using the program Zebedee
(http://www.winton.org.uk/zebedee/index.html).

The zebedee client and server setup files are as follows:

Server:
======
E:\Zebedee>type server.zbd
#
verbosity 2     # Slightly more than basic messages
detached true
server true     # Yes, it's a server!
ipmode both     # Operate in mixed TCP/UDP mode
compression zlib:9      # Allow maximum zlib compression
keylength 256           # Allow keys up to 256 bits
keylifetime 36000       # Shared keys last 10 hours
maxbufsize 16383        # Allow maximum possible buffer size
logfile './server.log'
keygenlevel 2   # Generate maximum strength private keys
checksumlevel 7     # Allow maximum strength checksums
minchecksumlevel 0  # Allow no checksums if client requests
checkidfile './clients.id'
serverport 750
target iax2.fwdnet.net
target localhost

Client:
======
/etc# cat zeb_cli.conf
include "/etc/zebedee.key"

multiuse true
detached true
serverhost 146.101.4.28
serverport 750
ipmode both
compression zlib:0
checksumlevel 0
maxbufsize 1024
tunnel 4569/udp:iax2.fwdnet.net:4569

The client and server use TCP port 750 which is open outbound on my
firewall. The Client sets the Max buffer size to 1024 (a bit bigger than we
need but not too big otherwise latency goes up) - you can go down to < 800
but then start to have problems. The Asterisk server can not be the same as
the Zebedee client otherwise both want to bind 4569/udp. Use the
zebedee_client at your.net as the address of the server (iax2.fwdnet.net in
this case) in iax.conf. You can't connect to more than one IAX server doing
it this way as something (Asterisk?  Zebedee?) gets confused, even using
different UDP ports. It seems to try and register everything on one server.

Zebedee works well in Linux & Windows but get the latest development
version.

This setup works for me for now while I get my firewall opened.

Peter

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.

More information about the asterisk-dev mailing list