Perhaps your users live in an internet ghetto where the routers are similar to Yugos with spinners. We haven't run into any routers that don't do NAT properly in a very very long time.
On Tue, Feb 28, 2012 at 5:07 PM, Alejandro Imass <a...@p2ee.org> wrote: > On Tue, Feb 28, 2012 at 6:36 PM, Steve Totaro > <stot...@asteriskhelpdesk.com> wrote: > > [...] > >> Without trunking, you only have the single port thing. It is quite easy to > > Nope. The main reason _we_ use IAX is because it's easier for NAT > >> open the correct ports for SIP, some just have GUI with a SIP checkbox, > > It may be true for you but it's certainly not "the truth". > > - SIP requires redirection of ports if behind a NAT which is about 99% > of home users, whether behind a WiFi router or an ISP private network. > > - SIP requires far more set-up and support effort and it's not a valid > choice for a simple to use home-phone. (a) ISP routers change IPs > frequently, (b) the router may change the ATA's private IP rendering > the port redirection broken. > > - A public SIP (w/o a VPN) requires careful control (e.g. > contactpermit in Asterisk) to limit the IPs that can connect to the > public box. Else you will get serous harm from things like SIPVicious > attacks. ISP change their IPs frequently so maintaining your user/ip > list is almost impossible. IAX2 was very vulnerable as well up to 2009 > but many things in this regard have changed and are much better. > Granted, these security issues are common for both SIP and IAX2 but > IMHO it's easier to manage with IAX. > > - In a NAT scenario SIP requires a couple of redirected ports per > extension, which is a no-go for SMB installations requiring several > ATAs without going to the extent of installing a more powerful > equipment than a simple ATA. > > - You may use OpenVPN with SIP as you said but requires a PC which is > not an option for a simple VoIP business that delivers something like > Vonage, just plug it and it works. AFAIK there is no port redirection > or any special configuration to use Vonage and it works almost on any > network set-up (I don't use Vonage but know people that do). So if > something like Vonage is using SIP it's probably using a VPN software > like you recommend. > > Anyway, the point is that SIP and IAX2 have both pros and cons and I > don't consider IAX2 to be a broken bat like you state. On the > contrary, I think it works pretty well, and we use both SIP and IAX2 > targeted to simple Home, SOHO and SMBs that just want to plug it and > work. We get that with IAX2 and not with SIP so from our experience is > completely the opposite of what you say. > > -- > Alejandro Imass > > > > IAX2 is supported on cheap ATAs by several chineese companies and they > work quite well. > >> IPTables is simple and there are tons of howtos. >> >> Thanks, >> Steve T >> >> >> On Tue, Feb 28, 2012 at 6:29 PM, Steve Totaro <stot...@asteriskhelpdesk.com> >> wrote: >>> >>> They said the same thing in 2005, 2008, now.... Every release. >>> >>> You never answered the question as to why you don't want to use SIP. Is >>> there a reason, or do you just want to torture yourself? >>> >>> Thanks, >>> Steve T >>> >>> >>> On Tue, Feb 28, 2012 at 6:23 PM, Troy Telford <ttelford.gro...@gmail.com> >>> wrote: >>>> >>>> On 2012-02-28 21:22:44 +0000, Kevin P. Fleming said: >>>> >>>>> >>>>> A serious bug with IAX2 trunking in recent versions of Asterisk (you did >>>>> not mention what version you are using) was just resolved last week. You >>>>> should test with 'trunk=no' to see if that is the cause of your problem; >>>>> it seems very likely. >>>> >>>> >>>> For the record: 1.8.8.2~dfsg-1 (via Debian packages). >>>> >>>> I've tried "trunk=no", and it might have made a difference (I'll have a >>>> better idea after some more testing.) >>>> -- >>>> Troy Telford >>>> >>>> >>>> >>>> >>>> -- >>>> _____________________________________________________________________ >>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >>>> New to Asterisk? Join us for a live introductory webinar every Thurs: >>>> http://www.asterisk.org/hello >>>> >>>> asterisk-users mailing list >>>> To UNSUBSCRIBE or update options visit: >>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>> >>> >> >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- Carlos Alvarez TelEvolve 602-889-3003 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users