[asterisk-users] VPN and Asterisk

Dave Platt dplatt at radagast.org
Sat Feb 7 12:50:14 CST 2009 

> One of my user was asking, can he use VPN to access asterisk ?
> What does it mean ?
>
> And its possible ?
>
> How ?VPN

Yes, it's possible.

As one example: I have the OpenVPN software installed on my Asterisk
server, and on my Nokia N810 wireless Internet tablet.  The tablet is
configured to use the VPN's server-side IP address as its SIP server.
A similar sort of system could be set up with other VPN packages (e.g.
CIPE, Cisco's offerings, etc.),

This approach has several advantages, compared to the alternative (not
using a VPN, and turning on STUN support in the client):

-  All of the SIP and RTP traffic to/from the tablet is encrypted, and
   thus relatively resistant to evesdropping.
   
-  The tablet and the Asterisk server have IP addresses for each other
   which are being established by the VPN software, and don't need to
   be (and aren't) altered or translated by access-point or corporate
   routers.  This pretty much eliminates the common "I can't get audio
   in one or both directions" problem with using SIP through private
   IP networks and NAT routers.
   
-  Most network firewalls will pass VPN traffic, even if they haven't
   been configured to pass "raw" SIP and RTP.
   
There are some disadvantages, though:

-  Some amount of CPU overhead at both ends, and perhaps some
   increased latency (the latter is minor, I believe).
   
-  The RTP traffic must flow through the VPN/Asterisk server... it
   cannot be "reinvited" into a direct connection between the tablet
   and the destination, because the tablet is using an IP address for
   the connection which exists only on the VPN and isn't externally
   reachable.

This sort of VPN setup (where the Asterisk client is on the same
system that's running the VPN software) is the one you'd want to use
for many "road warrior" setups.

VPNs can also be used to set up secure IP tunnels between two
different, remotely-located networks.  This might be done to tie
together (e.g.) two different offices, each having its own Asterisk
server.

More information about the asterisk-users mailing list