[Asterisk-Users] Re: asterisk + OH323 + NAT + gnomemeeting

Sun Apr 17 17:56:05 MST 2005

Jesse Guardiani wrote:

>On Sun, 17 Apr 2005 01:39:09 -0400, Karl J. Vesterling wrote:
>
>  
>
>>H.323 will not traverse NAT.
>>
>>Sorry...  I know, I was a big proponent of it when H.323 was the only 
>>"standard" VoIP protocol out there.  Probably because when it came out NAT 
>>wasn't even thought of.
>>
>>The problem is that the control channel in H.323 discloses the internal IP 
>>address, and the various connections attempt to connect to each other.  So 
>>you wind up with problems like audio only in one direction, etc...
>>    
>>
>
>I thought SIP had the same problem though. Can't this be solved with
>address translation inside asterisk? You know, like the externip,
>localnet, and nat=yes options in sip.conf?
>  
>
It should be possible with h323, if you have control over the NAT 
points, with linux iptables/netfilter and the h323 NAT and conntrack 
helper modules. (netfilter.org patch-o-matic)  And you stated you don't 
have control over one of the NATs, so that'd be out anyway.  (better to 
go a different direction anyway, IMHO)  And yes, SIP has the same 
problem, although many clients (hard and softphones) and * can usually 
compensate for this.

>Or is it simply impossible due to limitations within the H.323 spec? It's
>difficult to find information about this sort of thing on the internet.
>H.323 is such a broad spec...
>
>  
>
>>Wait a sec...  COME TO THINK OF IT!
>>Why not run asterisk on your linux box that you are running GnomeMeeting 
>>on, and use it to convert between H.323 and IAX and SIP???
>>
>>After all, it is a penguin...
>>    
>>
>
>That's certainly a good alternative. I'm currently in the process of
>hacking up the latest linphone (1.0.1) to fix a few personal
>show-stoppers. If I can get it to the point that I like it, then I'll
>probably just go with linphone. But you're right. If it's took much work,
>then I'll probably just start running asterisk on my laptop to do H.323 to
>SIP conversions. Thanks for the suggestion! I hadn't thought of that yet.
>I'd been looking at things like the commercial sip323 program, but I
>hadn't thought of doing it with a local copy of asterisk.
>
>  
>
Wouldn't it be simpler (and less resources) to set up an openvpn tunnel 
between the client and the * box? (since you're talking about softphones 
- for hardphones obviously you'd need to tunnel from another box then 
NAT or bridge)  With openvpn or another vpn/tunnel solution, you can 
either bridge the client and asterisk LANs, or just create 1-1 tunnels 
from the client machine (if it's a softphone) to the * box.  Either way 
you don't need to worry about NATs.  (I'm doing this now for one of our 
hardphones,with an openVPN tunnel between linux gateway routers at each 
end.)

j

disclaimer - I know linux routing and firewalling, but only have a few 
months exposure to VOIP...