Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
Hi Bilal, > How can I use SSH in that senario? Is there a link > that can help to understand what I have to install and > to configure? I don't think SSH is a recommended approach. You can't run an IAX2 trunk over SSH (IAX2 used UDP and SSH only supports TCP port forwarding. http://www.securityfocus.com/infocus/1816 documents TCP port forwarding over SSH. As above in this thread have a suggested, you'll need to implement OpenVPN (TCP tunnel) over SSH in order to establish an IAX2 trunk. It is much simpler to just use OpenVPN and forget about SSH altogether. The additional overhead in an IAX2 over OpenVPN over SSH, coupled with the use of TCP for the SSH and OpenVPN tunnels, will cause more problems with voice quality. The documentation on openvpn.net is excellent. Try http://openvpn.net/static.html for quick guide using static pre-shared keys. Installation of openvpn on your Linux distribution should be a simple as: Ubuntu/Debian: apt-get install openvpn Redhat based: http://dag.wieers.com/packages/openvpn will give you an RPM Gentoo: emerge openvpn Others: use tarball and compile, or find appropriate package Good luck and feel free to email back if you have troubles. Regards, Chris Bennett ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
Hi; How can I use SSH in that senario? Is there a link that can help to understand what I have to install and to configure? Regards Bilal -- bilal ghayyad wrote: > Hi; > > Via OpenVPN or port forwarding is known for me, but > via SSH is new for me, how I can do it and what is the > difference by SSH and OpenVPN? SSH uses tcp. Openvpn, by default uses udp. -- Darrick Hartman DJH Solutions, LLC http://www.djhsolutions.com Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
Am Freitag, den 18.01.2008, 04:21 -0800 schrieb bilal ghayyad: > Hi; > > Via OpenVPN or port forwarding is known for me, but > via SSH is new for me, how I can do it and what is the > difference by SSH and OpenVPN? In principle both use a packet stream (SSH is TCP, OpenVPN is TCP or UDP) for encapsulating IP packets. The main difference is that SSH port forwarding forwards the packet data, but not the header: The packet is stripped at side A and a seemingly different TCP connection is established on side B. This also implies the main limitation of SSH, that it is restricted to tunneling TCP (afaik). OpenVPN in contrast takes entire IP packets, applies routing and tunnels the entire packet through. You can tunnel any IP traffic through OpenVPN, and the remote side IP address will persist. (You can even tunnel IPX or Appletalk, if using the BRIDGE mode with virtual TAP interfaces). Basically OpenVPN appears to the tunnel endpoint as a virtual wire that behaves like an ethernet port. OpenVPN is far more flexible when it comes to network restrictions. On the other hand the SSH main idea is not VPN but secure shell access :) For VoIP I'd imagine SSH is quite impractical, if usable at all. Most likely the TCP-only restriction will make life difficult. SIP over OpenVPN works - I used it to tunnel from a trip to California to my Asterisk back home in Germany. The voice quality was a bit poor, but this might also relate to the WLAN and the multi-hop-internet route in between. Speaking generally, of course an aditional layer (which both OpenVPN and SSH introduce) does not improve the signal path quality, or latency, or everything. I have read recommendations to use OpenVPN in UDP mode to reduce packetizing problems which would result in choppy sound as well. No comparison numbers available here though. BR Anselm ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
On Thu, Jan 17, 2008 at 11:06:22PM -0500, Steve Totaro wrote: > Good question. I have never tried tunneling IAX over SSH but it seems like > it should work just like anything else. SSH tunnels TCP alone. IAX is UDP. You can use it to create some sort of full-fledged VPN connection, but it is not trivial. Instead, you should probably go for openvpn. SSH is on top of TCP, so there is an inherent potential delay. -- Tzafrir Cohen icq#16849755 jabber:[EMAIL PROTECTED] +972-50-7952406 mailto:[EMAIL PROTECTED] http://www.xorcom.com iax:[EMAIL PROTECTED]/tzafrir ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
bilal ghayyad wrote: > Hi; > > Via OpenVPN or port forwarding is known for me, but > via SSH is new for me, how I can do it and what is the > difference by SSH and OpenVPN? SSH uses tcp. Openvpn, by default uses udp. -- Darrick Hartman DJH Solutions, LLC http://www.djhsolutions.com ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
Hi; Via OpenVPN or port forwarding is known for me, but via SSH is new for me, how I can do it and what is the difference by SSH and OpenVPN? Regards Bilal - Good question. I have never tried tunneling IAX over SSH but it seems like it should work just like anything else. How about a port opened up for OpenVPN. You know you can run IAX on any port you wish, port 80 may work for you if you have some extra external IPs not being used for HTTP. The same is true for OpenVPN. Thanks, Steve Totaro On Jan 17, 2008 8:09 PM, John Constalgie <[EMAIL PROTECTED]> wrote: > > Hi there > > this is an interesting topic that I see here and a problem that I am > trying to solve too. > > But I was wondering if the forwarding solution will work for my case. > > So I have two Asterisk boxes A and B. > > A is behind a corporate NAT such that A can SSH to B, but not vice versa( > "One-way SSH" ) . The UDP port 5060 of the corporate NAT is blocked off and > I will not be able to have it unblocked for security reasons. > > Hence, is my only choice using an SSH tunnel between A and B for the IAX > connection to work? Will it work though with that "One-way SSH" factor > mentioned before? > > Thanks > John Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
Good question. I have never tried tunneling IAX over SSH but it seems like it should work just like anything else. How about a port opened up for OpenVPN. You know you can run IAX on any port you wish, port 80 may work for you if you have some extra external IPs not being used for HTTP. The same is true for OpenVPN. Thanks, Steve Totaro On Jan 17, 2008 8:09 PM, John Constalgie <[EMAIL PROTECTED]> wrote: > > Hi there > > this is an interesting topic that I see here and a problem that I am > trying to solve too. > > But I was wondering if the forwarding solution will work for my case. > > So I have two Asterisk boxes A and B. > > A is behind a corporate NAT such that A can SSH to B, but not vice versa( > "One-way SSH" ) . The UDP port 5060 of the corporate NAT is blocked off and > I will not be able to have it unblocked for security reasons. > > Hence, is my only choice using an SSH tunnel between A and B for the IAX > connection to work? Will it work though with that "One-way SSH" factor > mentioned before? > > Thanks > John > > > > -- > > > From: [EMAIL PROTECTED] > > To: asterisk-users@lists.digium.com > > Date: Wed, 2 Jan 2008 16:29:45 + > > Subject: Re: [asterisk-users] Two Asterisks behind NAT and need to link > them using IAX trunk > > > > Sure, but if (as is often the case) you only have control over the > > firewall at one end of the > > link, you set the forwarding at the end you control and have the far > > end to register to you every > > 30 seconds. > > > > Tim. > > On 2 Jan 2008, at 15:13, Rob Hillis wrote: > > > > > Perhaps. I've never been one to trust that firewalls operate as > > > they should - I've been bitten far too many times by a firewall that > > > doesn't quite behave as you expect. Also, when diagnosing network > > > connectivity problems, I find that it helps to have the rules in > > > place rather than having to infer the rule. > > > > > > Tim Panton wrote: > > >> > > >> If you are careful, you only need to setup a port forward at one end > > >> of the IAX trunk. > > >> > > >> Have one Asterisk register (regularly) with the other. > > >> The second asterisk (server) will need to have port 4569 forwarded > > >> through it's router. > > >> The first asterisk (client) wont need any port forwarding. > > >> > > >> Tim. > > >> On 2 Jan 2008, at 10:18, Rob Hillis wrote: > > >> > > >> > > >>> The reason that IAX2 is considered good for NAT issues is that it > > >>> uses only one port for both control messages and voice traffic as > > >>> opposed to SIP that uses a predictable port for control messages and > > >>> an unpredictable one for voice/video traffic. > > >>> > > >>> If both servers are behind NAT servers, you will need to ensure that > > >>> the appropriate UDP port (by default 4569) are forwarded to your > > >>> Asterisk servers. Only this port is required - RTP isn't used by > > >>> IAX2. > > >>> > > >>> bilal ghayyad wrote: > > >>> > > >>>> Hi List; > > >>>> > > >>>> I heared that IAX is good for NATing issues, but I do > > >>>> not know if it can help me in that senario: > > >>>> > > >>>> I have two Asterisks machines in different sites and > > >>>> both are behind NAT (both have private IP address), I > > >>>> need to link these two asterisks with IAX trunk (if it > > >>>> help really in such senario), but I do not know if it > > >>>> will work without doing special routing settings on > > >>>> the router (like TCP/UDP port mapping or IP > > >>>> forwarding)? How that will be it if possible? Or I > > >>>> have to do a kind of port mapping? > > >>>> > > >>>> If I will need to use port mapping, then I have to map > > >>>> the TCP and UDP ports that are determined in iax.conf > > >>>> and rtp.conf files at site A for asterisk ip address > > >>>> at site A? Or I have to map the TCP and UDP ports that > > >>>> are in iax.conf and rtp.conf at site B for asterisk ip > > >>>> address at site A? In other words, if I am at site B > > >>>> then I have to go for router B
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
Jared Smith wrote: > On Thu, 2008-01-17 at 17:09 -0800, John Constalgie wrote: >> Hence, is my only choice using an SSH tunnel between A and B for the >> IAX connection to work? Will it work though with that "One-way SSH" >> factor mentioned before? > > It's my understanding that SSH tunneling will only work with TCP > traffic. IAX2 uses UDP packets, so I don't think that'll work. You > might try setting up a VPN or something along those lines. (Also, IAX2 > defaults to port 4569, not port 5060.) > OpenVPN works great for this. -- Darrick Hartman DJH Solutions, LLC http://www.djhsolutions.com ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
On Thu, 2008-01-17 at 17:09 -0800, John Constalgie wrote: > Hence, is my only choice using an SSH tunnel between A and B for the > IAX connection to work? Will it work though with that "One-way SSH" > factor mentioned before? It's my understanding that SSH tunneling will only work with TCP traffic. IAX2 uses UDP packets, so I don't think that'll work. You might try setting up a VPN or something along those lines. (Also, IAX2 defaults to port 4569, not port 5060.) -- Jared Smith Community Relations Manager Digium, Inc. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
Hi there this is an interesting topic that I see here and a problem that I am trying to solve too. But I was wondering if the forwarding solution will work for my case. So I have two Asterisk boxes A and B. A is behind a corporate NAT such that A can SSH to B, but not vice versa( "One-way SSH" ) . The UDP port 5060 of the corporate NAT is blocked off and I will not be able to have it unblocked for security reasons. Hence, is my only choice using an SSH tunnel between A and B for the IAX connection to work? Will it work though with that "One-way SSH" factor mentioned before? Thanks John > From: [EMAIL PROTECTED]> To: asterisk-users@lists.digium.com> Date: Wed, 2 > Jan 2008 16:29:45 +0000> Subject: Re: [asterisk-users] Two Asterisks behind > NAT and need to link them using IAX trunk> > Sure, but if (as is often the > case) you only have control over the > firewall at one end of the> link, you > set the forwarding at the end you control and have the far > end to register > to you every> 30 seconds.> > Tim.> On 2 Jan 2008, at 15:13, Rob Hillis > wrote:> > > Perhaps. I've never been one to trust that firewalls operate as > > > they should - I've been bitten far too many times by a firewall that > > > doesn't quite behave as you expect. Also, when diagnosing network > > > connectivity problems, I find that it helps to have the rules in > > place > rather than having to infer the rule.> >> > Tim Panton wrote:> >>> >> If you > are careful, you only need to setup a port forward at one end> >> of the IAX > trunk.> >>> >> Have one Asterisk register (regularly) with the other.> >> The > second asterisk (server) will need to have port 4569 forwarded> >> through > it's router.> >> The first asterisk (client) wont need any port forwarding.> > >>> >> Tim.> >> On 2 Jan 2008, at 10:18, Rob Hillis wrote:> >>> >>> >>> The > reason that IAX2 is considered good for NAT issues is that it> >>> uses only > one port for both control messages and voice traffic as> >>> opposed to SIP > that uses a predictable port for control messages and> >>> an unpredictable > one for voice/video traffic.> >>>> >>> If both servers are behind NAT > servers, you will need to ensure that> >>> the appropriate UDP port (by > default 4569) are forwarded to your> >>> Asterisk servers. Only this port is > required - RTP isn't used by> >>> IAX2.> >>>> >>> bilal ghayyad wrote:> >>>> > >>>> Hi List;> >>>>> >>>> I heared that IAX is good for NATing issues, but I > do> >>>> not know if it can help me in that senario:> >>>>> >>>> I have two > Asterisks machines in different sites and> >>>> both are behind NAT (both > have private IP address), I> >>>> need to link these two asterisks with IAX > trunk (if it> >>>> help really in such senario), but I do not know if it> > >>>> will work without doing special routing settings on> >>>> the router > (like TCP/UDP port mapping or IP> >>>> forwarding)? How that will be it if > possible? Or I> >>>> have to do a kind of port mapping?> >>>>> >>>> If I will > need to use port mapping, then I have to map> >>>> the TCP and UDP ports that > are determined in iax.conf> >>>> and rtp.conf files at site A for asterisk ip > address> >>>> at site A? Or I have to map the TCP and UDP ports that> >>>> > are in iax.conf and rtp.conf at site B for asterisk ip> >>>> address at site > A? In other words, if I am at site B> >>>> then I have to go for router B and > do mapping for> >>>> TCP/UDP ports of the asterisk at site B or the> >>>> > asterisk at site A?> >>>>> >>>> Any help.> >>>> Regards> >>>> Bilal> >>>>> > >>>>> >>>>> >>>> > > > >>>> Looking for last minute shopping deals?> >>>> Find them fast with > Yahoo! Search. > http://tools.search.yahoo.com/newsearch/category.php?category=shopping> >>>>> > >>>> ___> >
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
On Jan 2, 2008, at 12:33 AM, bilal ghayyad wrote: > Hi List; > > I heared that IAX is good for NATing issues, but I do > not know if it can help me in that senario: > > I have two Asterisks machines in different sites and > both are behind NAT (both have private IP address), I > need to link these two asterisks with IAX trunk (if it > help really in such senario), but I do not know if it > will work without doing special routing settings on > the router (like TCP/UDP port mapping or IP > forwarding)? How that will be it if possible? Or I > have to do a kind of port mapping? > > If I will need to use port mapping, then I have to map > the TCP and UDP ports that are determined in iax.conf > and rtp.conf files at site A for asterisk ip address > at site A? Or I have to map the TCP and UDP ports that > are in iax.conf and rtp.conf at site B for asterisk ip > address at site A? In other words, if I am at site B > then I have to go for router B and do mapping for > TCP/UDP ports of the asterisk at site B or the > asterisk at site A? I believe it is mostly a routing thing between your two points, you are not providing info about your routers, and the options are quite endless, if this were my setup what I'd do budget wise is: 1./ setup two IPCops firewall/routers, one at each location, 2./ bridge the two IPCops as if they were in one network using UDP, 3./ shape traffic so VoIP takes priority With this you can either use SIP or IAX as the natting issues are likely to go away, you also get some networking bonus between the two places, > > Any help. > Regards > Bilal > > > > __ > __ > Looking for last minute shopping deals? > Find them fast with Yahoo! Search. http://tools.search.yahoo.com/ > newsearch/category.php?category=shopping > > ___ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
Sure, but if (as is often the case) you only have control over the firewall at one end of the link, you set the forwarding at the end you control and have the far end to register to you every 30 seconds. Tim. On 2 Jan 2008, at 15:13, Rob Hillis wrote: > Perhaps. I've never been one to trust that firewalls operate as > they should - I've been bitten far too many times by a firewall that > doesn't quite behave as you expect. Also, when diagnosing network > connectivity problems, I find that it helps to have the rules in > place rather than having to infer the rule. > > Tim Panton wrote: >> >> If you are careful, you only need to setup a port forward at one end >> of the IAX trunk. >> >> Have one Asterisk register (regularly) with the other. >> The second asterisk (server) will need to have port 4569 forwarded >> through it's router. >> The first asterisk (client) wont need any port forwarding. >> >> Tim. >> On 2 Jan 2008, at 10:18, Rob Hillis wrote: >> >> >>> The reason that IAX2 is considered good for NAT issues is that it >>> uses only one port for both control messages and voice traffic as >>> opposed to SIP that uses a predictable port for control messages and >>> an unpredictable one for voice/video traffic. >>> >>> If both servers are behind NAT servers, you will need to ensure that >>> the appropriate UDP port (by default 4569) are forwarded to your >>> Asterisk servers. Only this port is required - RTP isn't used by >>> IAX2. >>> >>> bilal ghayyad wrote: >>> Hi List; I heared that IAX is good for NATing issues, but I do not know if it can help me in that senario: I have two Asterisks machines in different sites and both are behind NAT (both have private IP address), I need to link these two asterisks with IAX trunk (if it help really in such senario), but I do not know if it will work without doing special routing settings on the router (like TCP/UDP port mapping or IP forwarding)? How that will be it if possible? Or I have to do a kind of port mapping? If I will need to use port mapping, then I have to map the TCP and UDP ports that are determined in iax.conf and rtp.conf files at site A for asterisk ip address at site A? Or I have to map the TCP and UDP ports that are in iax.conf and rtp.conf at site B for asterisk ip address at site A? In other words, if I am at site B then I have to go for router B and do mapping for TCP/UDP ports of the asterisk at site B or the asterisk at site A? Any help. Regards Bilal Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users >>> ___ >>> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >>> >>> asterisk-users mailing list >>> To UNSUBSCRIBE or update options visit: >>> http://lists.digium.com/mailman/listinfo/asterisk-users >>> >> >> ___ >> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >>http://lists.digium.com/mailman/listinfo/asterisk-users >> > ___ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
30 calls in a trunk will be fine for IAX. In fact IAX has a 'trunked' mode that could enable that allows you to save quite a lot of bandwidth by shrinking the packet headers between a pair of asterisk systems. Tim. On 2 Jan 2008, at 15:26, bilal ghayyad wrote: > Hi Rob; > > Big thanks for your kindly help and answer, so > rtp.conf file is used by sip and h323 only, correct? > In that case if I am going to use the sip trunk then I > need to route the UDP ports used by the rtp.conf file > and that existed in sip.conf, but really i do not know > if any use TCP. Correct? > > But I would like to ask how all the calls of the trunk > (sometimes it could be 30 calls for example) will > handled by one port only (in iax protocol)? Does not > mean that in huge calls, sip might work better? > > Your kindly help is high appreciated. > Regards > Bilal > > --- > The reason that IAX2 is considered good for NAT issues > is that it uses > only one port for both control messages and voice > traffic as opposed to > SIP that uses a predictable port for control messages > and an > unpredictable one for voice/video traffic. > > If both servers are behind NAT servers, you /will/ > need to ensure that > the appropriate UDP port (by default 4569) are > forwarded to your > Asterisk servers. Only this port is required - RTP > isn't used by IAX2. > > bilal ghayyad wrote: >> Hi List; >> >> I heared that IAX is good for NATing issues, but I > do >> not know if it can help me in that senario: >> >> I have two Asterisks machines in different sites and >> both are behind NAT (both have private IP address), > I >> need to link these two asterisks with IAX trunk (if > it >> help really in such senario), but I do not know if > it >> will work without doing special routing settings on >> the router (like TCP/UDP port mapping or IP >> forwarding)? How that will be it if possible? Or I >> have to do a kind of port mapping? >> >> If I will need to use port mapping, then I have to > map >> the TCP and UDP ports that are determined in > iax.conf >> and rtp.conf files at site A for asterisk ip address >> at site A? Or I have to map the TCP and UDP ports > that >> are in iax.conf and rtp.conf at site B for asterisk > ip >> address at site A? In other words, if I am at site B >> then I have to go for router B and do mapping for >> TCP/UDP ports of the asterisk at site B or the >> asterisk at site A? >> >> Any help. >> Regards >> Bilal > > > > > > Looking for last minute shopping deals? > Find them fast with Yahoo! Search. > http://tools.search.yahoo.com/newsearch/category.php?category=shopping > > ___ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
Hi Rob; Big thanks for your kindly help and answer, so rtp.conf file is used by sip and h323 only, correct? In that case if I am going to use the sip trunk then I need to route the UDP ports used by the rtp.conf file and that existed in sip.conf, but really i do not know if any use TCP. Correct? But I would like to ask how all the calls of the trunk (sometimes it could be 30 calls for example) will handled by one port only (in iax protocol)? Does not mean that in huge calls, sip might work better? Your kindly help is high appreciated. Regards Bilal --- The reason that IAX2 is considered good for NAT issues is that it uses only one port for both control messages and voice traffic as opposed to SIP that uses a predictable port for control messages and an unpredictable one for voice/video traffic. If both servers are behind NAT servers, you /will/ need to ensure that the appropriate UDP port (by default 4569) are forwarded to your Asterisk servers. Only this port is required - RTP isn't used by IAX2. bilal ghayyad wrote: > Hi List; > > I heared that IAX is good for NATing issues, but I do > not know if it can help me in that senario: > > I have two Asterisks machines in different sites and > both are behind NAT (both have private IP address), I > need to link these two asterisks with IAX trunk (if it > help really in such senario), but I do not know if it > will work without doing special routing settings on > the router (like TCP/UDP port mapping or IP > forwarding)? How that will be it if possible? Or I > have to do a kind of port mapping? > > If I will need to use port mapping, then I have to map > the TCP and UDP ports that are determined in iax.conf > and rtp.conf files at site A for asterisk ip address > at site A? Or I have to map the TCP and UDP ports that > are in iax.conf and rtp.conf at site B for asterisk ip > address at site A? In other words, if I am at site B > then I have to go for router B and do mapping for > TCP/UDP ports of the asterisk at site B or the > asterisk at site A? > > Any help. > Regards > Bilal Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
Perhaps. I've never been one to trust that firewalls operate as they should - I've been bitten far too many times by a firewall that doesn't quite behave as you expect. Also, when diagnosing network connectivity problems, I find that it helps to have the rules in place rather than having to infer the rule. Tim Panton wrote: > If you are careful, you only need to setup a port forward at one end > of the IAX trunk. > > Have one Asterisk register (regularly) with the other. > The second asterisk (server) will need to have port 4569 forwarded > through it's router. > The first asterisk (client) wont need any port forwarding. > > Tim. > On 2 Jan 2008, at 10:18, Rob Hillis wrote: > > >> The reason that IAX2 is considered good for NAT issues is that it >> uses only one port for both control messages and voice traffic as >> opposed to SIP that uses a predictable port for control messages and >> an unpredictable one for voice/video traffic. >> >> If both servers are behind NAT servers, you will need to ensure that >> the appropriate UDP port (by default 4569) are forwarded to your >> Asterisk servers. Only this port is required - RTP isn't used by >> IAX2. >> >> bilal ghayyad wrote: >> >>> Hi List; >>> >>> I heared that IAX is good for NATing issues, but I do >>> not know if it can help me in that senario: >>> >>> I have two Asterisks machines in different sites and >>> both are behind NAT (both have private IP address), I >>> need to link these two asterisks with IAX trunk (if it >>> help really in such senario), but I do not know if it >>> will work without doing special routing settings on >>> the router (like TCP/UDP port mapping or IP >>> forwarding)? How that will be it if possible? Or I >>> have to do a kind of port mapping? >>> >>> If I will need to use port mapping, then I have to map >>> the TCP and UDP ports that are determined in iax.conf >>> and rtp.conf files at site A for asterisk ip address >>> at site A? Or I have to map the TCP and UDP ports that >>> are in iax.conf and rtp.conf at site B for asterisk ip >>> address at site A? In other words, if I am at site B >>> then I have to go for router B and do mapping for >>> TCP/UDP ports of the asterisk at site B or the >>> asterisk at site A? >>> >>> Any help. >>> Regards >>> Bilal >>> >>> >>> >>> >>> Looking for last minute shopping deals? >>> Find them fast with Yahoo! Search. >>> http://tools.search.yahoo.com/newsearch/category.php?category=shopping >>> >>> ___ >>> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >>> >>> asterisk-users mailing list >>> To UNSUBSCRIBE or update options visit: >>>http://lists.digium.com/mailman/listinfo/asterisk-users >>> >>> >> ___ >> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > > > ___ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
bilal, you are right. you need to add port forwarding (UDP) to your router... should work nicely then for iax. also, don't forget you iptables or firewall port config to accept iax on your * box. daveC bilal ghayyad wrote: Hi List; I heared that IAX is good for NATing issues, but I do not know if it can help me in that senario: I have two Asterisks machines in different sites and both are behind NAT (both have private IP address), I need to link these two asterisks with IAX trunk (if it help really in such senario), but I do not know if it will work without doing special routing settings on the router (like TCP/UDP port mapping or IP forwarding)? How that will be it if possible? Or I have to do a kind of port mapping? If I will need to use port mapping, then I have to map the TCP and UDP ports that are determined in iax.conf and rtp.conf files at site A for asterisk ip address at site A? Or I have to map the TCP and UDP ports that are in iax.conf and rtp.conf at site B for asterisk ip address at site A? In other words, if I am at site B then I have to go for router B and do mapping for TCP/UDP ports of the asterisk at site B or the asterisk at site A? Any help. Regards Bilal Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- My wife's sister is in California. I should buy her a Videophone2008! Truly, The Next Best Thing to Being There! -- WorldWideVideoPhones.com 856.380.0894 ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
If you are careful, you only need to setup a port forward at one end of the IAX trunk. Have one Asterisk register (regularly) with the other. The second asterisk (server) will need to have port 4569 forwarded through it's router. The first asterisk (client) wont need any port forwarding. Tim. On 2 Jan 2008, at 10:18, Rob Hillis wrote: > The reason that IAX2 is considered good for NAT issues is that it > uses only one port for both control messages and voice traffic as > opposed to SIP that uses a predictable port for control messages and > an unpredictable one for voice/video traffic. > > If both servers are behind NAT servers, you will need to ensure that > the appropriate UDP port (by default 4569) are forwarded to your > Asterisk servers. Only this port is required - RTP isn't used by > IAX2. > > bilal ghayyad wrote: >> >> Hi List; >> >> I heared that IAX is good for NATing issues, but I do >> not know if it can help me in that senario: >> >> I have two Asterisks machines in different sites and >> both are behind NAT (both have private IP address), I >> need to link these two asterisks with IAX trunk (if it >> help really in such senario), but I do not know if it >> will work without doing special routing settings on >> the router (like TCP/UDP port mapping or IP >> forwarding)? How that will be it if possible? Or I >> have to do a kind of port mapping? >> >> If I will need to use port mapping, then I have to map >> the TCP and UDP ports that are determined in iax.conf >> and rtp.conf files at site A for asterisk ip address >> at site A? Or I have to map the TCP and UDP ports that >> are in iax.conf and rtp.conf at site B for asterisk ip >> address at site A? In other words, if I am at site B >> then I have to go for router B and do mapping for >> TCP/UDP ports of the asterisk at site B or the >> asterisk at site A? >> >> Any help. >> Regards >> Bilal >> >> >> >> >> Looking for last minute shopping deals? >> Find them fast with Yahoo! Search. >> http://tools.search.yahoo.com/newsearch/category.php?category=shopping >> >> ___ >> --Bandwidth and Colocation Provided by http://www.api-digital.com-- >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >>http://lists.digium.com/mailman/listinfo/asterisk-users >> > ___ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
The reason that IAX2 is considered good for NAT issues is that it uses only one port for both control messages and voice traffic as opposed to SIP that uses a predictable port for control messages and an unpredictable one for voice/video traffic. If both servers are behind NAT servers, you /will/ need to ensure that the appropriate UDP port (by default 4569) are forwarded to your Asterisk servers. Only this port is required - RTP isn't used by IAX2. bilal ghayyad wrote: > Hi List; > > I heared that IAX is good for NATing issues, but I do > not know if it can help me in that senario: > > I have two Asterisks machines in different sites and > both are behind NAT (both have private IP address), I > need to link these two asterisks with IAX trunk (if it > help really in such senario), but I do not know if it > will work without doing special routing settings on > the router (like TCP/UDP port mapping or IP > forwarding)? How that will be it if possible? Or I > have to do a kind of port mapping? > > If I will need to use port mapping, then I have to map > the TCP and UDP ports that are determined in iax.conf > and rtp.conf files at site A for asterisk ip address > at site A? Or I have to map the TCP and UDP ports that > are in iax.conf and rtp.conf at site B for asterisk ip > address at site A? In other words, if I am at site B > then I have to go for router B and do mapping for > TCP/UDP ports of the asterisk at site B or the > asterisk at site A? > > Any help. > Regards > Bilal > > > > > Looking for last minute shopping deals? > Find them fast with Yahoo! Search. > http://tools.search.yahoo.com/newsearch/category.php?category=shopping > > ___ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Two Asterisks behind NAT and need to link them using IAX trunk
Hi List; I heared that IAX is good for NATing issues, but I do not know if it can help me in that senario: I have two Asterisks machines in different sites and both are behind NAT (both have private IP address), I need to link these two asterisks with IAX trunk (if it help really in such senario), but I do not know if it will work without doing special routing settings on the router (like TCP/UDP port mapping or IP forwarding)? How that will be it if possible? Or I have to do a kind of port mapping? If I will need to use port mapping, then I have to map the TCP and UDP ports that are determined in iax.conf and rtp.conf files at site A for asterisk ip address at site A? Or I have to map the TCP and UDP ports that are in iax.conf and rtp.conf at site B for asterisk ip address at site A? In other words, if I am at site B then I have to go for router B and do mapping for TCP/UDP ports of the asterisk at site B or the asterisk at site A? Any help. Regards Bilal Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
