<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-2022-JP"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Thanks for your reply,<br>
<br>
Wolverine looks OK, but we aren't in a position to set up another box
yet (the NAT is a router). I've set up PoPToP on the Linux box and I'm
able to connect to it from another machine fine, but we need the same
Linux box to be able to connect to it. Unfortunately, both pptpclient
and PoPToP operate on the same (non-configurable) port, so the client
can't connect to the server!<br>
<br>
Any ideas with my short elaboration in mind? :)<br>
<br>
Ted<br>
<br>
Sunrise Ltd wrote:
<blockquote
cite="mid20040729051816.10397.qmail@web2604.mail.mci.yahoo.co.jp"
type="cite">
<pre wrap="">On Wed, 28 Jul 2004, programmer_ted wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I have an X-Lite phone on my box and I'm trying
to register it with a remote Asterisk box. Both
the X-Lite and Asterisk are behind a NAT.
I know it's a pain to do because of SIP not
working well with NATs, but I know there
are ways to do such a thing...moving the
Asterisk box outside the NAT is not a
possibility at the moment.
</pre>
</blockquote>
<pre wrap=""><!---->
Then, how about the possibility to replace your NAT box
with something like this ...
<a class="moz-txt-link-freetext" href="http://www.coyotelinux.com/products.php?Product=wolverine">http://www.coyotelinux.com/products.php?Product=wolverine</a>
It's a very easy set up. Once you've burned the install
CD, it'll take you only about 2 mins to get a VPN server
up and running. The web based admin interface is the best
I have seen on any firewall or VPN product across the
entire industry and if you are so inclined, you can also
edit the configuration directly via SSH - it's command
compatible with Cisco's PIX firewalls, so if you or your
network admin are familar with PIX, you'll feel at home
with Wolverine right away.
It supports both IPPTP and Psec, so whether your X-Lite is
running on a Windoze box or a Mac, you'll be able to
tunnel in without much effort on the client side as well.
This will solve your NAT problem and do so *properly*. Any
other SIP/NAT setup should not be considered a proper
solution - those are dirty hacks that introduce more
problems than they solve, just like NAT itself. So, if you
want to do it right, your only two choices are
- get rid of NAT; or
- build a VPN
Of course there are other ways of doing VPN, but Wolverine
is by far the easiest way to set it up. It's based on
OpenSwan, by the way. As a nice bonus, all your
conversations will be secure from eavesdropping.
rgds
benjk
--
Sunrise Telephone Systems Ltd
9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Shibuya-ku, Tokyo, Japan
__________________________________________________
GANBARE! NIPPON!
Yahoo! JAPAN JOC OFFICIAL INTERNET PORTAL SITE
<a class="moz-txt-link-freetext" href="http://mail.ganbare-nippon.yahoo.co.jp/">http://mail.ganbare-nippon.yahoo.co.jp/</a>
_______________________________________________
Asterisk-Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Asterisk-Users@lists.digium.com">Asterisk-Users@lists.digium.com</a>
<a class="moz-txt-link-freetext" href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a>
To UNSUBSCRIBE or update options visit:
<a class="moz-txt-link-freetext" href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a>
</pre>
</blockquote>
</body>
</html>