Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Michael Graves]

On Fri, 15 Oct 2004 11:12:30 +0900, Benjamin on Asterisk Mailing Lists
wrote:

>On Thu, 14 Oct 2004 16:50:39 -0400, steve szmidt <[EMAIL PROTECTED]> wrote:
>> Please don't use PPTP as a security solution, because it really isn't. It's so
>> flawed you can even connect to it without having ANY encryption. Microsoft
>> with their never ending wisdom have incorporated design flaws that make
>> cryptographers and security professionals distrust it, and recommend against
>> its use.
>
>Er, what's the news? Doesn't this apply to ANY product they make?

Nonetheless, PPTP is widely deployed in corporate VPNs. You can allow
unencrypted connections, but there is a setting to force encryption and
even force encryption strength to 128 bits.

I accept that it's not supremely secure. More advanced solutions are
preferable. Buit it's included in every Windoze system and dead simple
to setup. I think of it as about a secure as the WEP in my wirless lan.
It discourages casual hacks of convenience, but that's about it.

Michael

--
Michael Graves   [EMAIL PROTECTED]
Sr. Product Specialist  www.pixelpower.com
Pixel Power Inc. [EMAIL PROTECTED]

o713-861-4005
o800-905-6412
c713-201-1262

"We're here for a good time, not a long time. So have a good time,
the sun can't shine every day." - Trooper
 
** Tag(s) inserted by Bandit Tagger98 - http://www.gbar.dtu.dk/~c918704


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Tom Ivar Helbekkmo]

Benjamin on Asterisk Mailing Lists <[EMAIL PROTECTED]> writes:

> And how many routers and firewalls out there do support OpenVPN? Do
> Cisco routers support it?

Neither I, nor anyone else here, seems to be saying that OpenVPN is a
replacement for IPsec.  There's overlap, but there are applications
that are more suited to one than to the other.  As implementations of
IPsec mature, its share should increase.  (Today, you can still not
take for granted that two IPsec VPN products will work seamlessly
together.)

I believe (but am more than ready to be proven wrong) that
implementing the type of VPN that I'm using would be a real bitch with
IPsec.  I've got a portable computer that sends and receives quite a
bit of sensitive data over insecure protocols, such as remote file
system access -- and SIP, of course.  :-)  I carry this computer with
me, and want to be able to use it wherever I can get hold of some sort
of Internet connection.  This might be by borrowing a real IP address
somewhere, getting a DHCP-allocated RFC-1918 address behind some NAT
gateway, or whatever.  I have to expect there to be a firewall as well.

An important requirement is that all sessions should survive when I
suspend the computer, and then resume it somewhere else, where it gets
a completely new access method to the Internet.  For instance, while
I'm directly connected by UTP cable at work, I open ssh sessions to
various computers, I start a SIP-based soft phone, and, of course, I
am connected to my remote file system server.  I suspend the computer
without logging out of anything, and later resume it in a place where
there's a wireless hot spot that I'm allowed to access.  I expect to
be able to continue typing commands in those ssh sessions, receive
telephone calls, and use the file system, immediately upon resuming.
I need this to work completely NAT proof, and with no requirements for
holes in firewalls other than being able to send a UDP packet out, and
getting a responding packet back to the same port.  It must also work
without the suspend/resume: I need to be able to unplug my laptop's
UTP cable to carry it into a meeting, and expect everything to keep
working through a completely seamless transition to wireless mode.  Of
course, my laptop needs to have a fixed DNS name and IP address that
never change, so it can be reached from the outside when needed.

With OpenVPN running on my laptop, and on a VPN gateway system back
home, this Just Works.  OpenVPN handles the whole thing, it's well
secured, all traffic is encrypted, and it automatically ensures that
no traffic is sent or received by my laptop outside the VPN tunnel.

I actually started looking into how to get comparable functionality
based on IPsec, but my mind boggled, and now I do it the easy way.

-tih
-- 
Tom Ivar Helbekkmo, Senior System Administrator, EUnet Norway Hosting
www.eunet.no  T +47-22092958 M +47-93013940 F +47-22092901 FWD 484145
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Benjamin on Asterisk Mailing Lists]

On Thu, 14 Oct 2004 16:50:39 -0400, steve szmidt <[EMAIL PROTECTED]> wrote:
> Please don't use PPTP as a security solution, because it really isn't. It's so
> flawed you can even connect to it without having ANY encryption. Microsoft
> with their never ending wisdom have incorporated design flaws that make
> cryptographers and security professionals distrust it, and recommend against
> its use.

Er, what's the news? Doesn't this apply to ANY product they make?

Please don't use ${ANY_MSFT_PRODUCT} as a solution because it really
isn't. It's so flawed you can even use it without having ANY
${MAIN_PURPOSE_OF_PRODUCT}. MSFT with their never ending wisdom have
incorporated Design Flaws (tm) that make {$PRODUCT_CATEGORY}
professionals distrust it and recommend against its use.

Legal Notice: Design Flaws is a trademark of MSFT Corporation. The
technology used in Design Flaws (tm) products has been illegally
copied, stolen or obtained by other unlawful or unethical means and it
has been protected by bogus patents or other abuses of intellectual
properly laws. Its use in any form other than through the purchase and
use of MSFT products as outlined in MSFT's EULA is strictly
discouraged. Any non compliance will be followed by abusive
prosecution, bad mouthing, spreading of FUD, intimidation and
racketeering.

rgds
benjk

-- 
Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya,
Tokyo, Japan.

NB: Spam filters in place. Messages unrelated to the * mailing lists
may get trashed.
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[steve szmidt]

On Thursday 14 October 2004 03:04 pm, Geoff Nordli wrote:
> [EMAIL PROTECTED] wrote:
> > On Thu, 14 Oct 2004 07:13:04 -0700, Geoff Nordli
> >
> > <[EMAIL PROTECTED]> wrote:
> >> OpenVPN runs on:  Linux, Windows 2000/XP and higher, OpenBSD,
> >> FreeBSD, NetBSD, Mac OS X, and Solaris.
> >
> > And how many routers and firewalls out there do support OpenVPN? Do
> > Cisco routers support it?
> >
> > On the other hand, IPsec works on all the platforms you mentioned
> > *plus* most routers/firewalls from Linksys toyz up to Cisco and
> > Checkpoint etc etc etc.
> >
> > rgds
> > benjk
>
> No argument here.  If you want to do gateway to gateway then IPSEC is a
> solid choice.  They pretty much run flawlessly.  The only thing I don't
> like is the kernel modification required on the 2.4 kernel series to embed
> Openswan/Freeswan into the kernel.  Just one more thing to worry about if
> you need to upgrade the kernel.
>
> Since the guy was talking about using an SSH session I assumed he was
> looking at client to gateway options.  IPSEC is not a great option there.
> An easier solution is to use something like PPTP, but sometimes GRE is not

Please don't use PPTP as a security solution, because it really isn't. It's so 
flawed you can even connect to it without having ANY encryption. Microsoft 
with their never ending wisdom have incorporated design flaws that make 
cryptographers and security professionals distrust it, and recommend against 
its use. 

Or as the writers of Building Linux Virtual Private Networks says: "We 
recognize that there are times when you must support PPTP ... In either of 
these cases, we offer our deepest sympathies."

> supported on every firewall.  Plus PPTP requires modification to the ppp
> kernel modules to support mschap-v2 -- this is also a pain.  So something
> like OpenVPN is a good solution.
>
> Geoff
>
> ___
> Asterisk-Users mailing list
> [EMAIL PROTECTED]
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users

-- 

Steve Szmidt

"They that would give up essential liberty for temporary safety 
deserve neither liberty nor safety."
Benjamin Franklin
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Chris Travers]

This is not an endorsement of any methodology, just a few points:
1) CIPE  though non-standard, uses a UDP-based transport.  Therefore it 
can be used to tunnel just about anything, and can be used for VPN 
servers, though probably not routers.

2) CIPE is lighter-weight than IPSec.  However, the fact that it is 
non-standard means that your end-point needs to support it.

3)  CIPE is capable of being forwarded through a SOCKS proxy.  Ipsec 
cannot do this.

Personally I would use IPSec, but there are circumstances where it is 
not the optimal solution.

Best Wishes,
Chris Travers
Metatron Technology Consulting
begin:vcard
fn:Chris Travers
n:Travers;Chris
email;internet:[EMAIL PROTECTED]
x-mozilla-html:FALSE
version:2.1
end:vcard

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

RE: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Geoff Nordli]

[EMAIL PROTECTED] wrote:
> On Thu, 14 Oct 2004 07:13:04 -0700, Geoff Nordli
> <[EMAIL PROTECTED]> wrote:
>> OpenVPN runs on:  Linux, Windows 2000/XP and higher, OpenBSD,
>> FreeBSD, NetBSD, Mac OS X, and Solaris.
> 
> And how many routers and firewalls out there do support OpenVPN? Do
> Cisco routers support it? 
> 
> On the other hand, IPsec works on all the platforms you mentioned
> *plus* most routers/firewalls from Linksys toyz up to Cisco and
> Checkpoint etc etc etc. 
> 
> rgds
> benjk

No argument here.  If you want to do gateway to gateway then IPSEC is a
solid choice.  They pretty much run flawlessly.  The only thing I don't like
is the kernel modification required on the 2.4 kernel series to embed
Openswan/Freeswan into the kernel.  Just one more thing to worry about if
you need to upgrade the kernel.

Since the guy was talking about using an SSH session I assumed he was
looking at client to gateway options.  IPSEC is not a great option there.
An easier solution is to use something like PPTP, but sometimes GRE is not
supported on every firewall.  Plus PPTP requires modification to the ppp
kernel modules to support mschap-v2 -- this is also a pain.  So something
like OpenVPN is a good solution.

Geoff

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Benjamin on Asterisk Mailing Lists]

On Thu, 14 Oct 2004 07:13:04 -0700, Geoff Nordli <[EMAIL PROTECTED]> wrote:
> OpenVPN runs on:  Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD,
> NetBSD, Mac OS X, and Solaris.

And how many routers and firewalls out there do support OpenVPN? Do
Cisco routers support it?

On the other hand, IPsec works on all the platforms you mentioned
*plus* most routers/firewalls from Linksys toyz up to Cisco and
Checkpoint etc etc etc.

rgds
benjk

-- 
Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya,
Tokyo, Japan.

NB: Spam filters in place. Messages unrelated to the * mailing lists
may get trashed.
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

RE: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Whisker, Peter]

You would need a TCP version of IAX to use SSH as I don't think it supports
UDP.

Asterisk does work (tunelling IAX) through Zebedee (an SSH-like TCP & UDP
tunnel).

Peter

-Original Message-
From: Tom Neville [mailto:[EMAIL PROTECTED]
Sent: 13 October 2004 16:55
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels


I've been running ssh tunnels for a couple of years now.  For years, 
they've worked well.  However, now that I've got asterisk up I do 
notice problems.  Biggest indication of this is if I'm on a call and 
run a program in another window that scrolls and scrolls call quality 
drops off significantly.  (I'm using FreeBSD on all the tunnel machines 
going back to the office.  I work at an ISP, so I have a machine here 
at the office and use the tunnels across my DSL lines.)

Based on advice from David McNett, I'm looking at moving to OpenBSD for 
the tunnel machines.  With that, I'll be able to use pf+altq 
(http://slacker.com/~nugget/asterisk4.php) on the tunnel interfaces.  
Hopefully, that will take care of the only issue I've had with the 
tunnels since installing them.



On Oct 12, 2004, at 9:42 PM, Christopher Jacob wrote:

> Anyone ever set up Asterisk to use SSH Tunneling? Anyone know the pros 
> &
> cons?
>
> Thanks,
>
> Chris
>
> ___
> Asterisk-Users mailing list
> [EMAIL PROTECTED]
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

This e-mail and any attachment is for authorised use by the intended recipient(s) 
only. It may contain proprietary material, confidential information and/or be subject 
to legal privilege. It should not be copied, disclosed to, retained or used by, any 
other party. If you are not an intended recipient then please promptly delete this 
e-mail and any attachment and all copies and inform the sender. Thank you.
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

RE: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Geoff Nordli]

>>> As far as I know OpenVPN is not IPsec and thereby non-standard.
>> 
>> Oh, absolutely.  I never claimed it adhered to any standard.
> 
> But you made it sound as if it had cross-platform advantages over
> OpenSwan which I believe to have been misleading -- not intentionally
> of course -- because cross-platform compatibility of OpenSwan comes
> through adhering to the IPsec standard.
> 
>> does one heck of a great job implementing a VPN solution with lots of
>> useful features, and incredible flexibility.
> 
> So do the various implementations of IPsec, including OpenSwan.
> 
> rgds
> benjk

OpenVPN runs on:  Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD,
NetBSD, Mac OS X, and Solaris.

It can easily tunnel networks over NAT, and everything runs in user space
which means you don't have to hack the kernel.

Geoff


___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Lubomir Christov]

I'm using vtun - I think it's just the best choice for secure tunnels :)
http://vtun.sourceforge.net/
It supports both TCP and UDP connection - you decide what to use
Lubo
-
Appradius Project: RADIUS authentication and accounting support for 
Asterisk PBX
http://appradius.minitelecom.org/
-


Tom Ivar Helbekkmo wrote:
Benjamin on Asterisk Mailing Lists <[EMAIL PROTECTED]> writes:

Use OpenSwan http://www.openswan.org

I use OpenVPN , and am very happy
with it.  It's easy to set up, but extremely powerful and flexible.
Unlike Swan, which is Linux only, OpenVPN runs on Linux, the BSDs, and
Windows.  I routinely tunnel RTP streams through not one, but two
OpenVPN links, both over DSL lines, and sound quality is still great.
-tih
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Benjamin on Asterisk Mailing Lists]

On Thu, 14 Oct 2004 14:10:23 +0200, Tom Ivar Helbekkmo
<[EMAIL PROTECTED]> wrote:
> Benjamin on Asterisk Mailing Lists <[EMAIL PROTECTED]> writes:
> 
> > As far as I know OpenVPN is not IPsec and thereby non-standard.
> 
> Oh, absolutely.  I never claimed it adhered to any standard.

But you made it sound as if it had cross-platform advantages over
OpenSwan which I believe to have been misleading -- not intentionally
of course -- because cross-platform compatibility of OpenSwan comes
through adhering to the IPsec standard.

> does one heck of a great job implementing a VPN solution with lots of
> useful features, and incredible flexibility.

So do the various implementations of IPsec, including OpenSwan.

rgds
benjk
-- 
Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya,
Tokyo, Japan.

NB: Spam filters in place. Messages unrelated to the * mailing lists
may get trashed.
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Tom Ivar Helbekkmo]

Benjamin on Asterisk Mailing Lists <[EMAIL PROTECTED]> writes:

> As far as I know OpenVPN is not IPsec and thereby non-standard.

Oh, absolutely.  I never claimed it adhered to any standard.  It just
does one heck of a great job implementing a VPN solution with lots of
useful features, and incredible flexibility.

-tih
-- 
Tom Ivar Helbekkmo, Senior System Administrator, EUnet Norway Hosting
www.eunet.no  T +47-22092958 M +47-93013940 F +47-22092901 FWD 484145
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Benjamin on Asterisk Mailing Lists]

On Thu, 14 Oct 2004 09:30:51 +0200, Tom Ivar Helbekkmo
<[EMAIL PROTECTED]> wrote:
> Benjamin on Asterisk Mailing Lists <[EMAIL PROTECTED]> writes:
> 
> > Use OpenSwan http://www.openswan.org
> 
> I use OpenVPN 

As far as I know OpenVPN is not IPsec and thereby non-standard.

> Unlike Swan, which is Linux only, OpenVPN runs on Linux, the BSDs, and
> Windows.

OpenSwan is just one implementation of IPsec, so whether or not this
particular implementation is available for other platforms is totally
irrelevant. On BSD you've got KAME and there is IPsec available for
Windoze, too. Plus, there are tons of commercial firewalls/VPN servers
which support IPsec.

rgds
benjk

-- 
Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya,
Tokyo, Japan.

NB: Spam filters in place. Messages unrelated to the * mailing lists
may get trashed.
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Tom Ivar Helbekkmo]

Benjamin on Asterisk Mailing Lists <[EMAIL PROTECTED]> writes:

> Use OpenSwan http://www.openswan.org

I use OpenVPN , and am very happy
with it.  It's easy to set up, but extremely powerful and flexible.
Unlike Swan, which is Linux only, OpenVPN runs on Linux, the BSDs, and
Windows.  I routinely tunnel RTP streams through not one, but two
OpenVPN links, both over DSL lines, and sound quality is still great.

-tih
-- 
Tom Ivar Helbekkmo, Senior System Administrator, EUnet Norway Hosting
www.eunet.no  T +47-22092958 M +47-93013940 F +47-22092901 FWD 484145
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Benjamin on Asterisk Mailing Lists]

On Wed, 13 Oct 2004 19:53:14 +0200, Marcello Lupo <[EMAIL PROTECTED]> wrote:
> Try to take a look to http://www.freeswan.org IPSEC tunnels

Don't use FreeSwan. It has been abandoned and dead for almost a year.

Use OpenSwan http://www.openswan.org

-- 
Sunrise Telephone Systems, 9F Shibuya Daikyo Bldg., 1-13-5 Shibuya,
Tokyo, Japan.

NB: Spam filters in place. Messages unrelated to the * mailing lists
may get trashed.
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Marcello Lupo]

Try to take a look to http://www.freeswan.org IPSEC tunnels. Them are streamed 
on UDP port 500. May be it help?
Bye,
Marcello

On Wednesday 13 October 2004 18:01, Steve Underwood wrote:
>
> Your tunnels worked well because yoou used TCP across them. Now you are
> trying to stream UDP, and that works very badly. Changing platforms
> won't help at all. You need to change the type of tunnel you use. Any
> connection oriented tunnel is bad news for streaming.

___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Steve Underwood]

Tom Neville wrote:
I've been running ssh tunnels for a couple of years now.  For years, 
they've worked well.  However, now that I've got asterisk up I do 
notice problems.  Biggest indication of this is if I'm on a call and 
run a program in another window that scrolls and scrolls call quality 
drops off significantly.  (I'm using FreeBSD on all the tunnel 
machines going back to the office.  I work at an ISP, so I have a 
machine here at the office and use the tunnels across my DSL lines.)

Based on advice from David McNett, I'm looking at moving to OpenBSD 
for the tunnel machines.  With that, I'll be able to use pf+altq 
(http://slacker.com/~nugget/asterisk4.php) on the tunnel interfaces.  
Hopefully, that will take care of the only issue I've had with the 
tunnels since installing them.
Your tunnels worked well because yoou used TCP across them. Now you are 
trying to stream UDP, and that works very badly. Changing platforms 
won't help at all. You need to change the type of tunnel you use. Any 
connection oriented tunnel is bad news for streaming.

Regards,
Steve
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: {SPAM?} [Asterisk-Users] Asterisk VIA SSH Tunnels

[Tom Neville]

I've been running ssh tunnels for a couple of years now.  For years, 
they've worked well.  However, now that I've got asterisk up I do 
notice problems.  Biggest indication of this is if I'm on a call and 
run a program in another window that scrolls and scrolls call quality 
drops off significantly.  (I'm using FreeBSD on all the tunnel machines 
going back to the office.  I work at an ISP, so I have a machine here 
at the office and use the tunnels across my DSL lines.)

Based on advice from David McNett, I'm looking at moving to OpenBSD for 
the tunnel machines.  With that, I'll be able to use pf+altq 
(http://slacker.com/~nugget/asterisk4.php) on the tunnel interfaces.  
Hopefully, that will take care of the only issue I've had with the 
tunnels since installing them.


On Oct 12, 2004, at 9:42 PM, Christopher Jacob wrote:
Anyone ever set up Asterisk to use SSH Tunneling? Anyone know the pros 
&
cons?

Thanks,
Chris
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users
___
Asterisk-Users mailing list
[EMAIL PROTECTED]
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users