[Asterisk-Users] Re: {SPAM?} Asterisk VIA SSH Tunnels

Tom Ivar Helbekkmo tih at eunetnorge.no
Sat Oct 16 01:28:21 MST 2004


Chris Travers <chris at metatrontech.com> writes:

> Now, TCP connections will probably be interrupted in any case if
> your IP address changes, but that is the nature of the protocol.

That's why I use a tunnel.  All TCP connections are bound to the
address of the tunnel end point, which doesn't change.  So as long as
IPsec can keep that tunnel up as the "real" network comes and goes,
and skips from interface to interface, and everything else is kept
from trying to use anything but the tunnel, things should work.

This is the stuff that OpenVPN has built-in support for handling,
including the needed routing table manipulations.  If, as Aidan says,
an IPsec tunnel can be set up to survive under those same conditions, 
TCP connections should be able to stay up as well.

I though the physical end points of IPsec tunnels had to have fixed
addresses.  If I understand Aidan correctly, they don't, and that
means IPsec can do what I need.

-tih
-- 
Tom Ivar Helbekkmo, Senior System Administrator, EUnet Norway Hosting
www.eunet.no  T +47-22092958 M +47-93013940 F +47-22092901 FWD 484145



More information about the asterisk-users mailing list