[Asterisk-Users] [new user] VPN or NAT? (and a FAQ)

Jamie Carl me at jazz-inc.net
Mon May 26 16:26:31 MST 2003 

Rob,

The only problem Asterisk has with NAT is when using SIP. 
 I've managed to get it working myself by making a few 
minor changes to the code, but for your application I'd 
say go for IAX.  You will have to setup a port forward for 
the IAX packets on your firewall, but that's it really.

I have a pretty secure firewall in me lab, for incoming 
traffic that is, and I was able to call Digium over the 
net 5 minutes after installing Asterisk.

So to answer your question.  I'd say, if you want the 
security, go for the VPN.  But it will without a doubt run 
a bit better without the extra overhead, so if you're not 
worried about security on your voice, go for NAT.

Jamie Carl

On Mon, 26 May 2003 15:18:22 -0500
  Rob McGee <asterisk at richardthecomputerguy.com> wrote:
>*This message was transferred with a trial version of 
>CommuniGate(tm) Pro*
>I live in Tennessee, USA, and work 1000km away in Texas. 
>Thanks to the 
>wonders of broadband I never leave home (well, not for 
>WORK, that is. 
>:) I'm setting up an Asterisk system whereby I'll have an 
>extension in 
>Texas, so clients can reach me at a local telephone 
>number.
>
>We have a VPN set up already (OpenVPN, which I highly 
>recommend to 
>anyone needing such a thing.) It does encryption. While 
>the throughput 
>is slightly less than a direct route, it's still pretty 
>responsive. (I 
>never did any benchmarking beyond a simple comparison of 
>ping times and 
>a few scp's.) Each side has a dedicated firewall/gateway 
>router (one of 
>which, a 386, is definitely NOT suited for service as a * 
>server) and a 
>separate VPN gateway behind the firewall. I'm thinking 
>that the VPN 
>servers will become the * servers.
>
>>From reading this list and the * docs, it sounds like NAT 
>>could be made 
>to work. But if I use the VPN I don't need to mess with 
>NAT, and the 
>connection security is already assured.
>
>So, what would you recommend, VPN or NAT?
>
>Now for the FAQ: minimum CPU requirements:
>
>Another option would be to decommission my 386 router. I 
>have a P166 
>(128MB RAM) standing by which could assume the role of 
>firewall / 
>gateway. I could put * on both routers, using neither VPN 
>nor NAT.
>
>Would a P166 be adequate to play the role of * server? 
>Its other tasks 
>aren't very CPU-intensive in general. I might be able to 
>upgrade that 
>one to a P200MMX.
>
>I want to run 1-2 extensions at the most, with a 1-port 
>TDM400P 
>(TDM10B?) card, on the end with the P166. Bandwidth is 
>supplied by 
>cable modems on both ends, 256KB/s upstream.
>
>I've been looking through the docs and the list archives 
>(better search 
>features would be nice :) and this question comes up a 
>lot, but no 
>definitive answer is provided, that I have found anyway. 
>I do 
>understand that the answer is relative to the anticipated 
>load. Could 
>this be added to the FAQ, please?
>-- 
>     Rob McGee ( rob0 at richardthecomputerguy dot com )
>     Richard the Computer Guy, L.L.C.
>
>_______________________________________________
>Asterisk-Users mailing list
>Asterisk-Users at lists.digium.com
>http://lists.digium.com/mailman/listinfo/asterisk-users

Regards,

Jamie Carl
Jazz Inc.
Email:  me at jazz-inc.net
Web:    www.jazz-inc.net
Phone:  +61-414-365-466
Jabber: jazz at netmindz.net

More information about the asterisk-users mailing list