[on-asterisk] Anyway to connect a soft-phone through an SSH Tunnel?
943 views
Skip to first unread message
Bruce N
May 19, 2010, 11:03:36 AM5/19/10
to asterisk Mailing
Hi Guys, it's easy to tunnel into any network device by a tunnel from Putty but I am stuck with registering X-lite that way. If I put "localhost:5060" it just gives me an error "method not accepted", etc...would this be possible?
Thanks,Bruce
_________________________________________________________________
Win a $10,000 shopping spree from Hotmail! Enter now.
http://go.microsoft.com/?linkid=9729711
--
You received this message because you are subscribed to the Google Groups "TAUG Archive" group.
To post to this group, send email to taug-a...@googlegroups.com.
To unsubscribe from this group, send email to taug-archive...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/taug-archive?hl=en.
Simon P. Ditner
May 19, 2010, 11:37:27 AM5/19/10
to Bruce N, asterisk Mailing
SIP usually uses UDP. Newer versions of asterisk support TCP, which is
what you can forward over SSH tunnels using Putty. If X-lite supports
TCP, and you're running asterisk 1.6+, the answer is likely yes if you
change your server and client settings to use TCP instead of UDP.
There are ways you can forward UDP over a TCP tunnel, but I think that's
outside the scope of reasonable for your use case.
Alternatively, set up OpenVPN. Then you don't have to worry about NAT
traversal, or setting up Putty.
--
| Simon P. Ditner <si...@uc.org> / 416-479-0542 / http://taug.ca
|
| Network:
| http://www.facebook.com/spditner
| http://www.linkedin.com/in/spditner
On Wed, 19 May 2010, Bruce N wrote:
>
> Hi Guys, it's easy to tunnel into any network device by a tunnel from
> Putty but I am stuck with registering X-lite that way. If I put
> "localhost:5060" it just gives me an error "method not accepted",
> etc...would this be possible?
>
> Thanks,Bruce
> _________________________________________________________________
> Win a $10,000 shopping spree from Hotmail! Enter now.
> http://go.microsoft.com/?linkid=9729711
---------------------------------------------------------------------
To unsubscribe, e-mail: asterisk-u...@uc.org
For additional commands, e-mail: asteri...@uc.org
what you can forward over SSH tunnels using Putty. If X-lite supports
TCP, and you're running asterisk 1.6+, the answer is likely yes if you
change your server and client settings to use TCP instead of UDP.
There are ways you can forward UDP over a TCP tunnel, but I think that's
outside the scope of reasonable for your use case.
Alternatively, set up OpenVPN. Then you don't have to worry about NAT
traversal, or setting up Putty.
--
| Simon P. Ditner <si...@uc.org> / 416-479-0542 / http://taug.ca
|
| Network:
| http://www.facebook.com/spditner
| http://www.linkedin.com/in/spditner
On Wed, 19 May 2010, Bruce N wrote:
>
> Hi Guys, it's easy to tunnel into any network device by a tunnel from
> Putty but I am stuck with registering X-lite that way. If I put
> "localhost:5060" it just gives me an error "method not accepted",
> etc...would this be possible?
>
> Thanks,Bruce
> _________________________________________________________________
> Win a $10,000 shopping spree from Hotmail! Enter now.
> http://go.microsoft.com/?linkid=9729711
To unsubscribe, e-mail: asterisk-u...@uc.org
For additional commands, e-mail: asteri...@uc.org
Martin Glazer
May 19, 2010, 11:43:47 AM5/19/10
to Bruce N, asterisk Mailing
Hi Bruce,
You are going to face a number of issues attempting this using an SSH
tunnel - one being sending UDP over a TCP SSH tunnel (as Simon just
mentioned), the other being your RDP traffic which normally occurs on a
random UDP port between 10,000 and 20,000.
You are probably better off using OpenVPN or at least IAX for your
remote softphone.
To send UDP over TCP, you would probably need to use netcat to create a
local UDP --> TCP bridge and then a TCP --> UDP bridge on your Asterisk
server.
Martin
On 05/19/2010 09:03 AM, Bruce N wrote:
> Hi Guys, it's easy to tunnel into any network device by a tunnel from Putty but I am stuck with registering X-lite that way. If I put "localhost:5060" it just gives me an error "method not accepted", etc...would this be possible?
> Thanks,Bruce
> _________________________________________________________________
> Win a $10,000 shopping spree from Hotmail! Enter now.
> http://go.microsoft.com/?linkid=9729711
>
You are going to face a number of issues attempting this using an SSH
tunnel - one being sending UDP over a TCP SSH tunnel (as Simon just
mentioned), the other being your RDP traffic which normally occurs on a
random UDP port between 10,000 and 20,000.
You are probably better off using OpenVPN or at least IAX for your
remote softphone.
To send UDP over TCP, you would probably need to use netcat to create a
local UDP --> TCP bridge and then a TCP --> UDP bridge on your Asterisk
server.
Martin
On 05/19/2010 09:03 AM, Bruce N wrote:
> Hi Guys, it's easy to tunnel into any network device by a tunnel from Putty but I am stuck with registering X-lite that way. If I put "localhost:5060" it just gives me an error "method not accepted", etc...would this be possible?
> Thanks,Bruce
> _________________________________________________________________
> Win a $10,000 shopping spree from Hotmail! Enter now.
> http://go.microsoft.com/?linkid=9729711
>
---------------------------------------------------------------------
To unsubscribe, e-mail: asterisk-u...@uc.org
For additional commands, e-mail: asteri...@uc.org
To unsubscribe, e-mail: asterisk-u...@uc.org
For additional commands, e-mail: asteri...@uc.org
Bruce N
May 19, 2010, 11:56:51 AM5/19/10
to sourc...@glazer.ca, asterisk Mailing
Thanks guys. Yes, I pass. Doesn't seem worth the hassle but good to know all that info.
-Bruce
> Date: Wed, 19 May 2010 09:43:47 -0600
> From: sourc...@glazer.ca
> To: het...@hotmail.com
> CC: aste...@uc.org
> Subject: Re: [on-asterisk] Anyway to connect a soft-phone through an SSH Tunnel?
>
> Hi Bruce,
>
> You are going to face a number of issues attempting this using an SSH
> tunnel - one being sending UDP over a TCP SSH tunnel (as Simon just
> mentioned), the other being your RDP traffic which normally occurs on a
> random UDP port between 10,000 and 20,000.
>
> You are probably better off using OpenVPN or at least IAX for your
> remote softphone.
>
> To send UDP over TCP, you would probably need to use netcat to create a
> local UDP --> TCP bridge and then a TCP --> UDP bridge on your Asterisk
> server.
>
> Martin
>
> On 05/19/2010 09:03 AM, Bruce N wrote:
> > Hi Guys, it's easy to tunnel into any network device by a tunnel from Putty but I am stuck with registering X-lite that way. If I put "localhost:5060" it just gives me an error "method not accepted", etc...would this be possible?
> > Thanks,Bruce
> > _________________________________________________________________
> > Win a $10,000 shopping spree from Hotmail! Enter now.
> > http://go.microsoft.com/?linkid=9729711
> >
_________________________________________________________________
> Hi Bruce,
>
> You are going to face a number of issues attempting this using an SSH
> tunnel - one being sending UDP over a TCP SSH tunnel (as Simon just
> mentioned), the other being your RDP traffic which normally occurs on a
> random UDP port between 10,000 and 20,000.
>
> You are probably better off using OpenVPN or at least IAX for your
> remote softphone.
>
> To send UDP over TCP, you would probably need to use netcat to create a
> local UDP --> TCP bridge and then a TCP --> UDP bridge on your Asterisk
> server.
>
> Martin
>
> On 05/19/2010 09:03 AM, Bruce N wrote:
> > Hi Guys, it's easy to tunnel into any network device by a tunnel from Putty but I am stuck with registering X-lite that way. If I put "localhost:5060" it just gives me an error "method not accepted", etc...would this be possible?
> > Thanks,Bruce
> > _________________________________________________________________
> > Win a $10,000 shopping spree from Hotmail! Enter now.
> > http://go.microsoft.com/?linkid=9729711
> >
30 days of prizes to be won with Hotmail. Enter Here.
http://go.microsoft.com/?linkid=9729709
Simon P. Ditner
May 19, 2010, 12:10:16 PM5/19/10
to Martin Glazer, Bruce N, asterisk Mailing
Oh right, I completely forgot about the RTP path.
Simon P. Ditner
May 19, 2010, 12:11:19 PM5/19/10
to Bruce N, asterisk Mailing
OpenVPN is not any more trouble than setting up a tunnel with Putty, and
has the advantage of being able to install on windows as a service, so
that it's always available to the end user.
has the advantage of being able to install on windows as a service, so
that it's always available to the end user.
---------------------------------------------------------------------
To unsubscribe, e-mail: asterisk-u...@uc.org
For additional commands, e-mail: asteri...@uc.org
To unsubscribe, e-mail: asterisk-u...@uc.org
For additional commands, e-mail: asteri...@uc.org
M Brown
May 19, 2010, 3:49:05 PM5/19/10
to Simon P. Ditner, Bruce N, asterisk Mailing
Agreed - OpenVPN works like a champ and I routinely use SIP or IAX
clients over the tunnel from just about any part of the world. Since it
is a tunnel, you can have both tcp and udp traffic over a tcp or udp
tunnel. I don't leave home without a openvpn capable system. With
OpenVPN, I don't need to worry if the remote network will allow specific
protocols - or not.. A rather new feature that works like a champ though
proxy servers too is running openvpn on port 443/tcp. You won't find
many system operators that won't allow https. Even your web server and
openvpn can co-exist on port 443. If openvpn can't decrypt the packet,
it simply forwards it to your specified web server. :-) Slick!
/M
clients over the tunnel from just about any part of the world. Since it
is a tunnel, you can have both tcp and udp traffic over a tcp or udp
tunnel. I don't leave home without a openvpn capable system. With
OpenVPN, I don't need to worry if the remote network will allow specific
protocols - or not.. A rather new feature that works like a champ though
proxy servers too is running openvpn on port 443/tcp. You won't find
many system operators that won't allow https. Even your web server and
openvpn can co-exist on port 443. If openvpn can't decrypt the packet,
it simply forwards it to your specified web server. :-) Slick!
/M
Mike Ashton
May 19, 2010, 4:24:04 PM5/19/10
to aste...@uc.org
Mark,
Interesting use of port 443. When travelling there are a lot of places that throttle encrypted traffic, specifically Thailand and some of the Middle East & Asian countries. From Bangkok was only getting like 1.8kb/sec from vpn but using http was 800kb both from 151, very frustrating. For moving files was easier to send IM and have files emailed.
I'll need to set this up and test it.
Thanks & Hoping,
Mike
Interesting use of port 443. When travelling there are a lot of places that throttle encrypted traffic, specifically Thailand and some of the Middle East & Asian countries. From Bangkok was only getting like 1.8kb/sec from vpn but using http was 800kb both from 151, very frustrating. For moving files was easier to send IM and have files emailed.
I'll need to set this up and test it.
Thanks & Hoping,
Mike
-- Mike Ashton Quality Track International Work: +1 647 724 3500 x251 Cell: +1 416 527 4995 QTI CONFIDENTIAL AND PROPRIETARY INFORMATION The contents of this material are confidential and proprietary to Quality Track International, Inc. and may not be reproduced, disclosed, distributed or used without the express permission of an authorized representative of QTI. Use for any purpose or in any manner other than that expressly authorized is prohibited. If you have received this communication in error, please immediately delete it and all copies, and promptly notify the sender.
Vardan Harutyunyan
May 20, 2010, 2:50:45 AM5/20/10
to aste...@uc.org
Hello
How I know, you can change the OpenVPN port. You can make connection
using this port.
I think in this countries, all ports that has relation with VPN is not
closed, but putted in low QOS pool (low bandwidth).
--
Vardan Harutyunyan,
Senior System Administrator
Enterprise Incubator Foundation
123 Hovsep Emin Street,
Yerevan 0051, Republic of Armenia
Tel: + 374 10 219735
Fax: + 374 10 219777
E-mail: in...@eif.am
www.eif-it.com
How I know, you can change the OpenVPN port. You can make connection
using this port.
I think in this countries, all ports that has relation with VPN is not
closed, but putted in low QOS pool (low bandwidth).
--
Vardan Harutyunyan,
Senior System Administrator
Enterprise Incubator Foundation
123 Hovsep Emin Street,
Yerevan 0051, Republic of Armenia
Tel: + 374 10 219735
Fax: + 374 10 219777
E-mail: in...@eif.am
www.eif-it.com
Reply all
Reply to author
Forward
0 new messages