[asterisk-users] SIP and NAT best practices since recent changes?
Hi, Since the recent update to the NAT configuration options and defaults in chan_sip.so, I am interested in any SIP/NAT best practices advice. What I've always done in the past is: Global: nat=no SIP handsets that are local: nat=no SIP handsets that are remote: nat=yes ITSP SIP trunks: nat=yes I will then set externip and localnet to reflect the local setup, UNLESS there is a functional SIP ALG doing the work in the gateway device. I make this statement because I've found one or two firewalls where it is best to disable the SIP ALG, and one or two where it is best to leave it enabled. The above always worked very well, but I now find my asterisk logs being spammed with warnings containing lots of !! and I'd like to know the best way to operate to achieve what I've always had while following the new rules in order to be as secure as possible with clean logs. I should add that we do not accept unsolicited connections, and 99% of attempts to connect will be stopped at the firewall. Thanks, Steve -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP and NAT best practices since recent changes?
On 01/11/2012 05:29 AM, Steve Davies wrote: Hi, Since the recent update to the NAT configuration options and defaults in chan_sip.so, I am interested in any SIP/NAT best practices advice. What I've always done in the past is: Global: nat=no SIP handsets that are local: nat=no SIP handsets that are remote: nat=yes ITSP SIP trunks: nat=yes I will then set externip and localnet to reflect the local setup, UNLESS there is a functional SIP ALG doing the work in the gateway device. I make this statement because I've found one or two firewalls where it is best to disable the SIP ALG, and one or two where it is best to leave it enabled. The above always worked very well, but I now find my asterisk logs being spammed with warnings containing lots of !! and I'd like to know the best way to operate to achieve what I've always had while following the new rules in order to be as secure as possible with clean logs. I should add that we do not accept unsolicited connections, and 99% of attempts to connect will be stopped at the firewall. The simplest answer is to always use 'nat=yes' (or at least 'nat=force_rport' in recent versions of Asterisk that support it), until you come across a SIP endpoint that fails to work properly with that setting. If you do come across such an endpoint, try hard to get it to work with that setting; if you can't, then set 'nat=no' for that endpoint, and understand that the endpoint's name could be discoverable using the attack methods previously disclosed. If the endpoint's configuration is suitably locked down (permit/deny, for example) this may not be a concern for you. If it's not locked down (for example, if it has to register to your Asterisk server from random locations), then the next step would be to seriously consider requesting that the user of that endpoint consider switching to some other SIP endpoint. To date, the only endpoints that have been identified that do *not* work with Asterisk's 'rport' handling forced upon them are Cisco phones. -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies Jabber: kflem...@digium.com | SIP: kpflem...@digium.com | Skype: kpfleming 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP and NAT best practices since recent changes?
On 11 January 2012 15:43, Kevin P. Fleming kpflem...@digium.com wrote: On 01/11/2012 05:29 AM, Steve Davies wrote: Hi, Since the recent update to the NAT configuration options and defaults in chan_sip.so, I am interested in any SIP/NAT best practices advice. What I've always done in the past is: Global: nat=no SIP handsets that are local: nat=no SIP handsets that are remote: nat=yes ITSP SIP trunks: nat=yes I will then set externip and localnet to reflect the local setup, UNLESS there is a functional SIP ALG doing the work in the gateway device. I make this statement because I've found one or two firewalls where it is best to disable the SIP ALG, and one or two where it is best to leave it enabled. The above always worked very well, but I now find my asterisk logs being spammed with warnings containing lots of !! and I'd like to know the best way to operate to achieve what I've always had while following the new rules in order to be as secure as possible with clean logs. I should add that we do not accept unsolicited connections, and 99% of attempts to connect will be stopped at the firewall. The simplest answer is to always use 'nat=yes' (or at least 'nat=force_rport' in recent versions of Asterisk that support it), until you come across a SIP endpoint that fails to work properly with that setting. If you do come across such an endpoint, try hard to get it to work with that setting; if you can't, then set 'nat=no' for that endpoint, and understand that the endpoint's name could be discoverable using the attack methods previously disclosed. If the endpoint's configuration is suitably locked down (permit/deny, for example) this may not be a concern for you. If it's not locked down (for example, if it has to register to your Asterisk server from random locations), then the next step would be to seriously consider requesting that the user of that endpoint consider switching to some other SIP endpoint. To date, the only endpoints that have been identified that do *not* work with Asterisk's 'rport' handling forced upon them are Cisco phones. Excellent. Thanks as always Kevin. (Why am I not surprised about Cisco!) Regards, Steve -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP and NAT best practices since recent changes?
From: Steve Davies davies...@gmail.com Sent: Wednesday, January 11, 2012 12:51 PM To: Asterisk Users Mailing List - Non-Commercial Discussion asterisk-users@lists.digium.com Subject: Re: [asterisk-users] SIP and NAT best practices since recent changes? On 11 January 2012 15:43, Kevin P. Fleming kpflem...@digium.com wrote: On 01/11/2012 05:29 AM, Steve Davies wrote: Hi, Since the recent update to the NAT configuration options and defaults in chan_sip.so, I am interested in any SIP/NAT best practices advice. What I've always done in the past is: Global: nat=no SIP handsets that are local: nat=no SIP handsets that are remote: nat=yes ITSP SIP trunks: nat=yes I will then set externip and localnet to reflect the local setup, UNLESS there is a functional SIP ALG doing the work in the gateway device. I make this statement because I've found one or two firewalls where it is best to disable the SIP ALG, and one or two where it is best to leave it enabled. The above always worked very well, but I now find my asterisk logs being spammed with warnings containing lots of !! and I'd like to know the best way to operate to achieve what I've always had while following the new rules in order to be as secure as possible with clean logs. I should add that we do not accept unsolicited connections, and 99% of attempts to connect will be stopped at the firewall. The simplest answer is to always use 'nat=yes' (or at least 'nat=force_rport' in recent versions of Asterisk that support it), until you come across a SIP endpoint that fails to work properly with that setting. If you do come across such an endpoint, try hard to get it to work with that setting; if you can't, then set 'nat=no' for that endpoint, and understand that the endpoint's name could be discoverable using the attack methods previously disclosed. If the endpoint's configuration is suitably locked down (permit/deny, for example) this may not be a concern for you. If it's not locked down (for example, if it has to register to your Asterisk server from random locations), then the next step would be to seriously consider requesting that the user of that endpoint consider switching to some other SIP endpoint. To date, the only endpoints that have been identified that do *not* work with Asterisk's 'rport' handling forced upon them are Cisco phones. Excellent. Thanks as always Kevin. (Why am I not surprised about Cisco!) Regards, Steve Steve I can't get my grandstream phones to work with force_rport behind a pfsense firewall. but yes and comedia work fine. Bryant -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP and NAT best practices since recent changes?
On 01/11/2012 12:09 PM, Bryant Zimmerman wrote: *From*: Steve Davies davies...@gmail.com *Sent*: Wednesday, January 11, 2012 12:51 PM *To*: Asterisk Users Mailing List - Non-Commercial Discussion asterisk-users@lists.digium.com *Subject*: Re: [asterisk-users] SIP and NAT best practices since recent changes? On 11 January 2012 15:43, Kevin P. Fleming kpflem...@digium.com wrote: On 01/11/2012 05:29 AM, Steve Davies wrote: Hi, Since the recent update to the NAT configuration options and defaults in chan_sip.so, I am interested in any SIP/NAT best practices advice. What I've always done in the past is: Global: nat=no SIP handsets that are local: nat=no SIP handsets that are remote: nat=yes ITSP SIP trunks: nat=yes I will then set externip and localnet to reflect the local setup, UNLESS there is a functional SIP ALG doing the work in the gateway device. I make this statement because I've found one or two firewalls where it is best to disable the SIP ALG, and one or two where it is best to leave it enabled. The above always worked very well, but I now find my asterisk logs being spammed with warnings containing lots of !! and I'd like to know the best way to operate to achieve what I've always had while following the new rules in order to be as secure as possible with clean logs. I should add that we do not accept unsolicited connections, and 99% of attempts to connect will be stopped at the firewall. The simplest answer is to always use 'nat=yes' (or at least 'nat=force_rport' in recent versions of Asterisk that support it), until you come across a SIP endpoint that fails to work properly with that setting. If you do come across such an endpoint, try hard to get it to work with that setting; if you can't, then set 'nat=no' for that endpoint, and understand that the endpoint's name could be discoverable using the attack methods previously disclosed. If the endpoint's configuration is suitably locked down (permit/deny, for example) this may not be a concern for you. If it's not locked down (for example, if it has to register to your Asterisk server from random locations), then the next step would be to seriously consider requesting that the user of that endpoint consider switching to some other SIP endpoint. To date, the only endpoints that have been identified that do *not* work with Asterisk's 'rport' handling forced upon them are Cisco phones. Excellent. Thanks as always Kevin. (Why am I not surprised about Cisco!) Regards, Steve Steve I can't get my grandstream phones to work with force_rport behind a pfsense firewall. but yes and comedia work fine. That's rather strange, since 'yes' includes 'force_rport'. Can you describe what 'not work' means in this case? -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies Jabber: kflem...@digium.com | SIP: kpflem...@digium.com | Skype: kpfleming 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at www.digium.com www.asterisk.org -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] SIP and NAT - best practices?
Apart of what everyone writes with the NAT=YES I would suggest using canreinvite=no as well as normally asterisk cans the reinvite and this might cause the audio not to get through the NAT and cause dead air for the users specially if the users are behind 2 seperate NAT servers eg. different private networks. By using canreinvite=no and nat=yes most of the NAT problems go away. In this scenario the example would look like this: [2201] user=blah secret=blah auth=blah allow=blah host=dynamic *nat=yes canreinvite=no* Mark Phillips wrote: Most often the simple addition of nat=yes in the relevant sip.conf stanza is all that's required to make a remote SIP phone work from behind a firewall. for example [2201] user=blah secret=blah auth=blah allow=blah host=dynamic nat=yes I've been running 4 remote SIP phones across the internet from my families houses all over the world in this manner. The only issues I get are those of bandwidth availability or rather occasional lack of it. Hosted PBX's are no different. The hosting service should be providing a similar mechanism (although it might not be Asterisk based). Mark, G7LTT/KC2ENI Randolph, NJ http://www.g7ltt.com Michaël Gaudette wrote: Thanks Moises. I was kind of hoping that, at least if I hosted my Asterisk server somewhere where there was no NAT for the * box that the SIP phones wouldn't create any issues. How do you people with Hosted PBX handle the deployment of SIP phones behind NAT firewalls? Is it just elbow grease and configuring every single phone for the customer, or is there a way? Mike you can redirect the ports of the router as well. Or you can configure your SIP phone to use a STUN server. Please read in voip-info.org about SIP NAT, there are good suggestions. regards On 1/20/06, Michakl Gaudette [EMAIL PROTECTED] wrote: Hello, I'm a bit new to SIP, and I've set up a SIP line with Asterisk and my wholesale provider. That worked, fine. I ahd to open up the ports on my router, forward them to the correct box, again fine. Now, if I get one of my customers to connect his SIP phone to my Asterisk box, and HE'S behind a NAT firewall, does he have to go through the same process, or is it just the Asterisk box that needs to translate the SIP and RTP port? In other words: if my SIP phone is behind a Linksys router, do I need to configure the Router for any reason? Mike ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] SIP and NAT - best practices?
I thing, that configuring nat device/firewall at consumer site isn't always possible, thus simplest (but not optimal) way is to configure phone in sip.conf as nat=yes canreinvite=no, this should work in most cases even if multiple phones are behind same nat, like adsl router. disadvatage is, that rtp stream will go always through asterisk server (even for calls between phones in same location-behind same nat/fw). so, as I ask before, if is planned in asterisk development to make canreinvite function more flexible, e.g. possibility specify that for call, e.g. inside one context, to do reinvite and for other calls (between different contexts) don't do reinvite ... PJ ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] SIP and NAT - best practices?
Leo Ann Boon wrote on Saturday, 21 January 2006 6:21 PM: Trevor G. Hammonds wrote: How about when you have four or five SIP devices at a single location? Do you manually assign each phone a separate port and add firewall/router rules? I am looking for an inexpensive device or method that will allow this happen automatically. Rather than going that route, my current solution is to put an Asterisk server at the client's location to handle the SIP clients and do an outbound trunked IAX connection back to the main server. Use an outbound proxy either a stanadlone appliance like ix-66 or you can build one using Siproxd running on your Linux gateway. http://siproxd.sourceforge.net/ There's a WIP port of siproxd to OpenWRT so you can run it on a Linksys WRT54G. While I have not used siproxd, I have read a bit about it. From my understanding of the docs, the local SIP agents register to siproxd, but siproxd does not register to Asterisk. So the calls will traverse the NAT properly, but features like MWI will not work in this scenario. Also, this would be pure SIP URL dialling (e.g. [EMAIL PROTECTED]) as opposed to traditional telephone dialling (e.g. 1-213-555-8080). Please correct me if I am wrong, because I would really like to be (in this case). :-) Sincerely, Trevor Hammonds ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] SIP and NAT - best practices?
Trevor G. Hammonds wrote: While I have not used siproxd, I have read a bit about it. From my understanding of the docs, the local SIP agents register to siproxd, but siproxd does not register to Asterisk. So the calls will traverse the NAT properly, but features like MWI will not work in this scenario. Also, this would be pure SIP URL dialling (e.g. [EMAIL PROTECTED]) as opposed to traditional telephone dialling (e.g. 1-213-555-8080). Please correct me if I am wrong, because I would really like to be (in this case). :-) The docs are a little confusing. Look in the FAQ section: What types of operation does siproxd support? Here's the text. 1) Siproxd as outbound proxy: - Configure your local client to register with some 3rd party service like Sipphone, FWD, Sipgate or any other. - Configure your local client to use siproxd as OUTBOUND PROXY Note: In this case, the local client does NOT register with siproxd but only with the external SIP restration service. The only condition is that siproxd needs to stay in the path of communication, therefore the local client must be configured as to use an OUTBOUND PROXY. That's all you need to do. All your clients will still register to Asterisk through siproxd, siproxd will take care of rewritting the SIP headers to differentiate requests for each client. Leo ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] SIP and NAT - best practices?
Leo Ann Boon wrote on Sunday, 22 January 2006 4:32 PM: Trevor G. Hammonds wrote: While I have not used siproxd, I have read a bit about it. From my understanding of the docs, the local SIP agents register to siproxd, but siproxd does not register to Asterisk. So the calls will traverse the NAT properly, but features like MWI will not work in this scenario. Also, this would be pure SIP URL dialling (e.g. [EMAIL PROTECTED]) as opposed to traditional telephone dialling (e.g. 1-213-555-8080). Please correct me if I am wrong, because I would really like to be (in this case). :-) The docs are a little confusing. Look in the FAQ section: What types of operation does siproxd support? Here's the text. 1) Siproxd as outbound proxy: - Configure your local client to register with some 3rd party service like Sipphone, FWD, Sipgate or any other. - Configure your local client to use siproxd as OUTBOUND PROXY Note: In this case, the local client does NOT register with siproxd but only with the external SIP restration service. The only condition is that siproxd needs to stay in the path of communication, therefore the local client must be configured as to use an OUTBOUND PROXY. That's all you need to do. All your clients will still register to Asterisk through siproxd, siproxd will take care of rewritting the SIP headers to differentiate requests for each client. Leo Thank you, Leo! This is exactly what I need. I am going to play around with that really soon. Trevor ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] SIP and NAT - best practices?
Thanks Moises. I was kind of hoping that, at least if I hosted my Asterisk server somewhere where there was no NAT for the * box that the SIP phones wouldn't create any issues. How do you people with Hosted PBX handle the deployment of SIP phones behind NAT firewalls? Is it just elbow grease and configuring every single phone for the customer, or is there a way? Mike you can redirect the ports of the router as well. Or you can configure your SIP phone to use a STUN server. Please read in voip-info.org about SIP NAT, there are good suggestions. regards On 1/20/06, Michakl Gaudette [EMAIL PROTECTED] wrote: Hello, I'm a bit new to SIP, and I've set up a SIP line with Asterisk and my wholesale provider. That worked, fine. I ahd to open up the ports on my router, forward them to the correct box, again fine. Now, if I get one of my customers to connect his SIP phone to my Asterisk box, and HE'S behind a NAT firewall, does he have to go through the same process, or is it just the Asterisk box that needs to translate the SIP and RTP port? In other words: if my SIP phone is behind a Linksys router, do I need to configure the Router for any reason? Mike ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] SIP and NAT - best practices?
Most often the simple addition of nat=yes in the relevant sip.conf stanza is all that's required to make a remote SIP phone work from behind a firewall. for example [2201] user=blah secret=blah auth=blah allow=blah host=dynamic nat=yes I've been running 4 remote SIP phones across the internet from my families houses all over the world in this manner. The only issues I get are those of bandwidth availability or rather occasional lack of it. Hosted PBX's are no different. The hosting service should be providing a similar mechanism (although it might not be Asterisk based). Mark, G7LTT/KC2ENI Randolph, NJ http://www.g7ltt.com Michaël Gaudette wrote: Thanks Moises. I was kind of hoping that, at least if I hosted my Asterisk server somewhere where there was no NAT for the * box that the SIP phones wouldn't create any issues. How do you people with Hosted PBX handle the deployment of SIP phones behind NAT firewalls? Is it just elbow grease and configuring every single phone for the customer, or is there a way? Mike you can redirect the ports of the router as well. Or you can configure your SIP phone to use a STUN server. Please read in voip-info.org about SIP NAT, there are good suggestions. regards On 1/20/06, Michakl Gaudette [EMAIL PROTECTED] wrote: Hello, I'm a bit new to SIP, and I've set up a SIP line with Asterisk and my wholesale provider. That worked, fine. I ahd to open up the ports on my router, forward them to the correct box, again fine. Now, if I get one of my customers to connect his SIP phone to my Asterisk box, and HE'S behind a NAT firewall, does he have to go through the same process, or is it just the Asterisk box that needs to translate the SIP and RTP port? In other words: if my SIP phone is behind a Linksys router, do I need to configure the Router for any reason? Mike ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
RE: [Asterisk-Users] SIP and NAT - best practices?
How about when you have four or five SIP devices at a single location? Do you manually assign each phone a separate port and add firewall/router rules? I am looking for an inexpensive device or method that will allow this happen automatically. Rather than going that route, my current solution is to put an Asterisk server at the client's location to handle the SIP clients and do an outbound trunked IAX connection back to the main server. Sincerely, Trevor Hammonds Mark Phillips wrote on Saturday, 21 January 2006 12:36 PM: Most often the simple addition of nat=yes in the relevant sip.conf stanza is all that's required to make a remote SIP phone work from behind a firewall. for example [2201] user=blah secret=blah auth=blah allow=blah host=dynamic nat=yes I've been running 4 remote SIP phones across the internet from my families houses all over the world in this manner. The only issues I get are those of bandwidth availability or rather occasional lack of it. Hosted PBX's are no different. The hosting service should be providing a similar mechanism (although it might not be Asterisk based). Mark, G7LTT/KC2ENI Randolph, NJ http://www.g7ltt.com Michaël Gaudette wrote: Thanks Moises. I was kind of hoping that, at least if I hosted my Asterisk server somewhere where there was no NAT for the * box that the SIP phones wouldn't create any issues. How do you people with Hosted PBX handle the deployment of SIP phones behind NAT firewalls? Is it just elbow grease and configuring every single phone for the customer, or is there a way? Mike you can redirect the ports of the router as well. Or you can configure your SIP phone to use a STUN server. Please read in voip-info.org about SIP NAT, there are good suggestions. regards On 1/20/06, Michakl Gaudette [EMAIL PROTECTED] wrote: Hello, I'm a bit new to SIP, and I've set up a SIP line with Asterisk and my wholesale provider. That worked, fine. I ahd to open up the ports on my router, forward them to the correct box, again fine. Now, if I get one of my customers to connect his SIP phone to my Asterisk box, and HE'S behind a NAT firewall, does he have to go through the same process, or is it just the Asterisk box that needs to translate the SIP and RTP port? In other words: if my SIP phone is behind a Linksys router, do I need to configure the Router for any reason? Mike ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] SIP and NAT - best practices?
Trevor G. Hammonds wrote: How about when you have four or five SIP devices at a single location? Do you manually assign each phone a separate port and add firewall/router rules? I am looking for an inexpensive device or method that will allow this happen automatically. Rather than going that route, my current solution is to put an Asterisk server at the client's location to handle the SIP clients and do an outbound trunked IAX connection back to the main server. Use an outbound proxy either a stanadlone appliance like ix-66 or you can build one using Siproxd running on your Linux gateway. http://siproxd.sourceforge.net/ There's a WIP port of siproxd to OpenWRT so you can run it on a Linksys WRT54G. ___ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users