[asterisk-users] Which internet phone protocol best to, choose

Bill Michaelson bill at cosi.com
Sat Sep 13 06:58:50 CDT 2008 

From: Tzafrir Cohen <tzafrir.cohen at xorcom.com>
> Subject: Re: [asterisk-users] Which internet phone protocol best to
> 	choose
>
> On Fri, Sep 12, 2008 at 09:14:40PM -0400, Steve Totaro wrote:
>
> > I think the most notably missing solution is OpenVPN and SIP.
> > 
> > One port for the tunnel, encrypted traffic, benefits of IAX as far as
> > firewalls and hostile governments (BTW, IAX2 is not as obscure as it
> > once was, therefore, the hostile government argument is not as
> > anywhere as strong as a VPN).
> > 
> > Since you will be running SIP over the VPN, you get the
> > interoperability that SIP provides.
> > 
> > I am sure you could pretty quickly find someone to offer you the
> > gateway side of the VPN for a small charge, or a virtual hosted server
> > should do fine.  I have not looked but there may be some VoIP
> > providers that offer or would accommodate OpenVPN tunnels.
>
> How does Asterisk live with the extra network interface used for the
> tunnel?
> (Specifically with SIP)
>   

Tzafrir - I'm not exactly sure what you are asking - I have had issues 
with how SIP calls are presented on different subnets which were a side 
effect of using multiple ethernets (for example, on an asterisk box with 
a wireless card running in AP mode providing SIP access).

But in my experience, openvpn presents no issues per se.  Most of my 
asterisk boxes have multiple ethernets, and in the case of openvpn, the 
additional tap (I tunnel layer 2) interface(s) are simply that many 
more.  In fact, I typically run two instances of openvpn for each 
virtual subnet server so that clients have a choice of connecting via 
UDP and TCP.  But they are usually bridged with a physical interface and 
share the IP, so maybe that simplifies matters.

Steve implied that his configuration might separate the openvpn onto a 
separate box, but I have run client side on the same box as asterisk and 
SIP'ed in with Polycom phones via a subnet that was running the openvpn 
client on one node.  I have another box that runs openvpn in server mode 
alongside asterisk, and it currently provides connections to two 
Polycom's on a subnet that is bridged (brctl) via a separate box running 
openvpn client.  I have also run openvpn client on Windows XP over 
Verizon EVDO and bridged it to the physical ethernet on the notebook, 
then attached it via crossover ethernet cable to a Polycom phone.  No 
SIP problems - it just works.

I like the combination, and I think Steve has suggested a very workable 
and versatile alternative in this Coke vs. Pepsi thread.  And the 
encryption is gravy.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3234 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20080913/80cad45f/attachment.bin

More information about the asterisk-users mailing list