[Asterisk-Users] X-Lite to Asterisk through NAT?
programmer_ted
ted at fusionapple.com
Thu Jul 29 14:43:24 MST 2004
Thanks for your reply,
Wolverine looks OK, but we aren't in a position to set up another box
yet (the NAT is a router). I've set up PoPToP on the Linux box and I'm
able to connect to it from another machine fine, but we need the same
Linux box to be able to connect to it. Unfortunately, both pptpclient
and PoPToP operate on the same (non-configurable) port, so the client
can't connect to the server!
Any ideas with my short elaboration in mind? :)
Ted
Sunrise Ltd wrote:
>On Wed, 28 Jul 2004, programmer_ted wrote:
>
>
>
>>I have an X-Lite phone on my box and I'm trying
>>to register it with a remote Asterisk box. Both
>>the X-Lite and Asterisk are behind a NAT.
>>I know it's a pain to do because of SIP not
>>working well with NATs, but I know there
>>are ways to do such a thing...moving the
>>Asterisk box outside the NAT is not a
>>possibility at the moment.
>>
>>
>
>Then, how about the possibility to replace your NAT box
>with something like this ...
>
>http://www.coyotelinux.com/products.php?Product=wolverine
>
>It's a very easy set up. Once you've burned the install
>CD, it'll take you only about 2 mins to get a VPN server
>up and running. The web based admin interface is the best
>I have seen on any firewall or VPN product across the
>entire industry and if you are so inclined, you can also
>edit the configuration directly via SSH - it's command
>compatible with Cisco's PIX firewalls, so if you or your
>network admin are familar with PIX, you'll feel at home
>with Wolverine right away.
>
>It supports both IPPTP and Psec, so whether your X-Lite is
>running on a Windoze box or a Mac, you'll be able to
>tunnel in without much effort on the client side as well.
>This will solve your NAT problem and do so *properly*. Any
>other SIP/NAT setup should not be considered a proper
>solution - those are dirty hacks that introduce more
>problems than they solve, just like NAT itself. So, if you
>want to do it right, your only two choices are
>
>- get rid of NAT; or
>- build a VPN
>
>Of course there are other ways of doing VPN, but Wolverine
>is by far the easiest way to set it up. It's based on
>OpenSwan, by the way. As a nice bonus, all your
>conversations will be secure from eavesdropping.
>
>rgds
>benjk
>
>
>--
>Sunrise Telephone Systems Ltd
>9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Shibuya-ku, Tokyo, Japan
>
>__________________________________________________
>GANBARE! NIPPON!
>Yahoo! JAPAN JOC OFFICIAL INTERNET PORTAL SITE
>http://mail.ganbare-nippon.yahoo.co.jp/
>
>_______________________________________________
>Asterisk-Users mailing list
>Asterisk-Users at lists.digium.com
>http://lists.digium.com/mailman/listinfo/asterisk-users
>To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20040729/8b5f920f/attachment.htm
More information about the asterisk-users
mailing list