Good question. I have never tried tunneling IAX over SSH but it seems like it should work just like anything else.<br><br>How about a port opened up for OpenVPN. You know you can run IAX on any port you wish, port 80 may work for you if you have some extra external IPs not being used for HTTP. The same is true for OpenVPN.
<br><br>Thanks,<br>Steve Totaro<br><br><div class="gmail_quote">On Jan 17, 2008 8:09 PM, John Constalgie <<a href="mailto:caduceus_abode@hotmail.com">caduceus_abode@hotmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><br>Hi there<br>
<br>
this is an interesting topic that I see here and a problem that I am trying to solve too.<br>
<br>
But I was wondering if the forwarding solution will work for my case. <br>
<br>
So I have two Asterisk boxes A and B.<br>
<br>
A is behind a corporate NAT such that A can SSH to B, but not vice versa( "One-way SSH" ) . The UDP port 5060 of the corporate NAT is blocked off and I will not be able to have it unblocked for security reasons.
<br>
<br>
Hence, is my only choice using an SSH tunnel between A and B for the IAX connection to work? Will it work though with that "One-way SSH" factor mentioned before?<br>
<br>
Thanks<br>
John<br><br><br><br>
<hr>
<br>
> From: <a href="mailto:thp@westhawk.co.uk" target="_blank">thp@westhawk.co.uk</a><br>> To: <a href="mailto:asterisk-users@lists.digium.com" target="_blank">asterisk-users@lists.digium.com</a><br>> Date: Wed, 2 Jan 2008 16:29:45 +0000
<br>> Subject: Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk<br>> <br>> Sure, but if (as is often the case) you only have control over the <br>> firewall at one end of the
<br>> link, you set the forwarding at the end you control and have the far <br>> end to register to you every<br>> 30 seconds.<br>> <br>> Tim.<br>> On 2 Jan 2008, at 15:13, Rob Hillis wrote:<br>> <br>
> > Perhaps. I've never been one to trust that firewalls operate as <br>> > they should - I've been bitten far too many times by a firewall that <br>> > doesn't quite behave as you expect. Also, when diagnosing network
<br>> > connectivity problems, I find that it helps to have the rules in <br>> > place rather than having to infer the rule.<br>> ><br>> > Tim Panton wrote:<br>> >><br>> >> If you are careful, you only need to setup a port forward at one end
<br>> >> of the IAX trunk.<br>> >><br>> >> Have one Asterisk register (regularly) with the other.<br>> >> The second asterisk (server) will need to have port 4569 forwarded<br>> >> through it's router.
<br>> >> The first asterisk (client) wont need any port forwarding.<br>> >><br>> >> Tim.<br>> >> On 2 Jan 2008, at 10:18, Rob Hillis wrote:<br>> >><br>> >><br>> >>> The reason that IAX2 is considered good for NAT issues is that it
<br>> >>> uses only one port for both control messages and voice traffic as<br>> >>> opposed to SIP that uses a predictable port for control messages and<br>> >>> an unpredictable one for voice/video traffic.
<br>> >>><br>> >>> If both servers are behind NAT servers, you will need to ensure that<br>> >>> the appropriate UDP port (by default 4569) are forwarded to your<br>> >>> Asterisk servers. Only this port is required - RTP isn't used by
<br>> >>> IAX2.<br>> >>><br>> >>> bilal ghayyad wrote:<br>> >>><br>> >>>> Hi List;<br>> >>>><br>> >>>> I heared that IAX is good for NATing issues, but I do
<br>> >>>> not know if it can help me in that senario:<br>> >>>><br>> >>>> I have two Asterisks machines in different sites and<br>> >>>> both are behind NAT (both have private IP address), I
<br>> >>>> need to link these two asterisks with IAX trunk (if it<br>> >>>> help really in such senario), but I do not know if it<br>> >>>> will work without doing special routing settings on
<br>> >>>> the router (like TCP/UDP port mapping or IP<br>> >>>> forwarding)? How that will be it if possible? Or I<br>> >>>> have to do a kind of port mapping?<br>> >>>>
<br>> >>>> If I will need to use port mapping, then I have to map<br>> >>>> the TCP and UDP ports that are determined in iax.conf<br>> >>>> and rtp.conf files at site A for asterisk ip address
<br>> >>>> at site A? Or I have to map the TCP and UDP ports that<br>> >>>> are in iax.conf and rtp.conf at site B for asterisk ip<br>> >>>> address at site A? In other words, if I am at site B
<br>> >>>> then I have to go for router B and do mapping for<br>> >>>> TCP/UDP ports of the asterisk at site B or the<br>> >>>> asterisk at site A?<br>> >>>><br>
> >>>> Any help.<br>> >>>> Regards<br>> >>>> Bilal<br>> >>>><br>> >>>><br>> >>>><br>> >>>> ____________________________________________________________________________________
<br>> >>>> Looking for last minute shopping deals?<br>> >>>> Find them fast with Yahoo! Search. <a href="http://tools.search.yahoo.com/newsearch/category.php?category=shopping" target="_blank">
http://tools.search.yahoo.com/newsearch/category.php?category=shopping</a><br>> >>>><br>> >>>> _______________________________________________<br>> >>>> --Bandwidth and Colocation Provided by
<a href="http://www.api-digital.com--" target="_blank">http://www.api-digital.com--</a><br>> >>>><br>> >>>> asterisk-users mailing list<br>> >>>> To UNSUBSCRIBE or update options visit:
<br>> >>>> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>> >>>><br>> >>>><br>
> >>> _______________________________________________<br>> >>> --Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--" target="_blank">http://www.api-digital.com--</a><br>> >>>
<br>> >>> asterisk-users mailing list<br>> >>> To UNSUBSCRIBE or update options visit:<br>> >>> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users
</a><br>> >>><br>> >><br>> >> _______________________________________________<br>> >> --Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--" target="_blank">http://www.api-digital.com--
</a><br>> >><br>> >> asterisk-users mailing list<br>> >> To UNSUBSCRIBE or update options visit:<br>> >> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">
http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>> >><br>> > _______________________________________________<br>> > --Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--" target="_blank">
http://www.api-digital.com--</a><br>> ><br>> > asterisk-users mailing list<br>> > To UNSUBSCRIBE or update options visit:<br>> > <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">
http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>> <br>> <br>> _______________________________________________<br>> --Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--" target="_blank">
http://www.api-digital.com--</a><br>> <br>> asterisk-users mailing list<br>> To UNSUBSCRIBE or update options visit:<br>> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users
</a><br><div class="WgoR0d"><br><br><hr>Shed those extra pounds with MSN and The Biggest Loser!! <a href="http://biggestloser.msn.com/" target="_blank">Learn more.</a></div></div><div class="WgoR0d">
</div><br>_______________________________________________<br>-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br><br>asterisk-users mailing list
<br>To UNSUBSCRIBE or update options visit:<br> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br>