[asterisk-users] Same provider - IAX sounds bad, SIP sounds great
Steve Totaro
stotaro at asteriskhelpdesk.com
Tue Feb 28 19:51:05 CST 2012
On Tue, Feb 28, 2012 at 7:07 PM, Alejandro Imass <ait at p2ee.org> wrote:
> On Tue, Feb 28, 2012 at 6:36 PM, Steve Totaro
> <stotaro at asteriskhelpdesk.com> wrote:
>
> [...]
>
> > Without trunking, you only have the single port thing. It is quite easy
> to
>
> Nope. The main reason _we_ use IAX is because it's easier for NAT
>
>
And it is easier for NAT because it uses one port as I stated, next....
> > open the correct ports for SIP, some just have GUI with a SIP checkbox,
>
> It may be true for you but it's certainly not "the truth".
>
> - SIP requires redirection of ports if behind a NAT which is about 99%
> of home users, whether behind a WiFi router or an ISP private network.
>
>
Um, not when the server is on a public IP and the phones are configured
correctly.
> - SIP requires far more set-up and support effort and it's not a valid
> choice for a simple to use home-phone. (a) ISP routers change IPs
> frequently, (b) the router may change the ATA's private IP rendering
> the port redirection broken.
>
What about Magic Jack or Vonage? The phone registers regularly with the
server so that negates everything above.
I don't do simple home setups, but they are simple home setups, your words,
not mine. I have only had to redirect ports if the server is behind a NAT.
Get a SNOM 370, flash with OpenVPN, run as a client and no problems, not
that there would be anyway. I have placed 20 business phones behind NAT
with no special configuration and no issues but a bad phone or two in two
years....
I have hostage negotiators with OpenVPN and a softphone on their laptops,
they travel the world and never have problems except maybe bandwidth.
> - A public SIP (w/o a VPN) requires careful control (e.g.
> contactpermit in Asterisk) to limit the IPs that can connect to the
> public box. Else you will get serous harm from things like SIPVicious
> attacks.
This can easily be mitigated by running on nonstandard ports. Fail2Ban,
and a ton of other products can help, but yes, you are correct. A
competent Admin is required to check logs daily and configure things
correctly.
> ISP change their IPs frequently so maintaining your user/ip
> list is almost impossible.
I use IP=dynamic with no problems but people tying to guess a password that
is the extension and MAC of the phone. Dictionary attack is nothing. With
a Gig pipe and fail2ban, no problems.
Also, I don't know where you live but I got Comcast at home when it first came
out and my IP has never changed. ISPs in this area say dynamic but they
are static, at least the big two, Verizon and Comcast for home use.
> IAX2 was very vulnerable as well up to 2009
> but many things in this regard have changed and are much better.
> Granted, these security issues are common for both SIP and IAX2 but
> IMHO it's easier to manage with IAX.
>
Security was never really the issue if you read the thread. It is about
voice quality.
>
> - In a NAT scenario SIP requires a couple of redirected ports per
> extension, which is a no-go for SMB installations requiring several
> ATAs without going to the extent of installing a more powerful
> equipment than a simple ATA.
>
>
Not in my experience, phone registers with server on public IP, no problems
except some obscure setting on a firewall. Easy enough to google away.
> - You may use OpenVPN with SIP as you said but requires a PC which is
> not an option for a simple VoIP business that delivers something like
> Vonage, just plug it and it works.
Wrong, the SNOM 370 works great with OpenVPN. You just contradicted
yourself as far as plug and play.
The SNOM 370 can also act as a bridge over the VPN tunnel using the LAN
port so the whole office is behind either split tunnel or direct VPN.
Any other SIP phone behind the SNOM with VPN bridging will also be on the
VPN as well as workstations.
> AFAIK there is no port redirection
> or any special configuration to use Vonage and it works almost on any
> network set-up (I don't use Vonage but know people that do). So if
> something like Vonage is using SIP it's probably using a VPN software
> like you recommend.
>
>
Magic Jack is pure SIP, no VPN
> Anyway, the point is that SIP and IAX2 have both pros and cons and I
> don't consider IAX2 to be a broken bat like you state. On the
> contrary, I think it works pretty well, and we use both SIP and IAX2
> targeted to simple Home, SOHO and SMBs that just want to plug it and
> work. We get that with IAX2 and not with SIP so from our experience is
> completely the opposite of what you say.
>
>
That is fine, I added disclaimers and small shops. I deal in the 15,000
calls a day minimum realm, so we live in different worlds. Two cups and
and a string work too....
> --
> Alejandro Imass
>
>
>
> IAX2 is supported on cheap ATAs by several chineese companies and they
> work quite well.
>
> > IPTables is simple and there are tons of howtos.
> >
> > Thanks,
> > Steve T
> >
> >
> > On Tue, Feb 28, 2012 at 6:29 PM, Steve Totaro <
> stotaro at asteriskhelpdesk.com>
> > wrote:
> >>
> >> They said the same thing in 2005, 2008, now.... Every release.
> >>
> >> You never answered the question as to why you don't want to use SIP. Is
> >> there a reason, or do you just want to torture yourself?
> >>
> >> Thanks,
> >> Steve T
> >>
> >>
> >> On Tue, Feb 28, 2012 at 6:23 PM, Troy Telford <
> ttelford.groups at gmail.com>
> >> wrote:
> >>>
> >>> On 2012-02-28 21:22:44 +0000, Kevin P. Fleming said:
> >>>
> >>>>
> >>>> A serious bug with IAX2 trunking in recent versions of Asterisk (you
> did
> >>>> not mention what version you are using) was just resolved last week.
> You
> >>>> should test with 'trunk=no' to see if that is the cause of your
> problem;
> >>>> it seems very likely.
> >>>
> >>>
> >>> For the record: 1.8.8.2~dfsg-1 (via Debian packages).
> >>>
> >>> I've tried "trunk=no", and it might have made a difference (I'll have a
> >>> better idea after some more testing.)
> >>> --
> >>> Troy Telford
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> _____________________________________________________________________
> >>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> >>> New to Asterisk? Join us for a live introductory webinar every Thurs:
> >>> http://www.asterisk.org/hello
> >>>
> >>> asterisk-users mailing list
> >>> To UNSUBSCRIBE or update options visit:
> >>> http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >>
> >
> >
> > --
> > _____________________________________________________________________
> > -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> > New to Asterisk? Join us for a live introductory webinar every Thurs:
> > http://www.asterisk.org/hello
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> > http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20120228/1607240a/attachment.htm>
More information about the asterisk-users
mailing list