[Asterisk-Dev] Uncommon callback

Paul digium-list at 9ux.com
Sun May 22 12:51:04 MST 2005 

SteveK wrote:

>
> On May 22, 2005, at 1:45 PM, Paul wrote:
>
>>>
>>> Normally you'd have system #1 forward the call to system #2 itself
>>> rather than having system #2 call back to #1. It sounds like you're
>>> trying to work around the fact that system #2 is behind some kind  
>>> of NAT
>>> or stupid firewalling.
>>> If that's the case, you'd do better just to fix that problem at  source
>>> rather than inventing complicated way of working around it. Or if you
>>> really can't fix it, put up a VPN tunnel between the two machines to
>>> bypass the firewalling.
>>>
>> I use port forwarding over SSH a lot. It's a lot easier than  
>> modifying routers and firewalls. There are also things like PPP  over 
>> SSH. I googled up a few helpful pages on that one and am going  to 
>> try it out soon for something I want to do.
>>
>> To use either of the above for SIP or IAX transport I would do some  
>> bandwidth testing untunneled and tunneled. I remember seeing some  
>> comparison charts for vpn methods with bandwidth and latency  
>> measurements. IIRC - it seemed to indicate some mathods would  really 
>> suck for voip.
>>
>
> You can't tunnel IAX over ssh, because ssh port forwarding is UDP  
> only.  And you don't really want to tunnel VoIP at all over TCP if  
> you can avoid it, because if you drop a couple of packets, you end up  
> with a lot of latency.  Same goes for PPP over SSH, for the same reason.
>
I use it a lot for simple things like:

Forward 192.168.1.1:8080 back to my localhost:portnumber so I can access 
a broadband router.

Forward vnc or terminal services ports back so I can get the desktop of 
a windows workstation.

Forward remote host port 631 to localhost:port so I can access the cups 
web interface. I modify or setup a printer and then call to see if the 
test page printed okay.

Do you mean that ssh uses udp to transport the tcp involved in these cases?

I don't dispute that it might not be the best vpn method available. For 
things not so temporary I usually use router based vpn. Whatever is the 
best method for tunneling voip, I would hope that some hardware router 
already supports it. If not, I have some unslung linksys nslu2 units 
here that need to feel useful.

More information about the asterisk-dev mailing list