[sipx-users] Remote Softphones and ALG

2012-01-12 Thread Gerald Drouillard
I was wondering if anybody has had any experience in getting around remote locations (home offices) that have routers with ALG on. We have a install that will have many home/remote offices and road warriors. The ALG stuff is everywhere. In some case there is no way to turn off the alg like

Re: [sipx-users] Remote Softphones and ALG

2012-01-12 Thread Tony Graziano
I would imagine there would be no real difference between port 5060 and 5061 on most alg's... On Thu, Jan 12, 2012 at 10:42 AM, Gerald Drouillard gerryl...@drouillard.ca wrote: On 1/12/2012 10:13 AM, Tony Graziano wrote: VPN is really the best way short of using an SBC that will handle the ALG

Re: [sipx-users] Remote Softphones and ALG

2012-01-12 Thread pscheepens
I thought with tls the sip messages would be encrypted and therefore an alg would not be able to mess it up. Paul Tony Graziano tgrazi...@myitdepartment.net wrote on 12-01-2012 16:46:56: I would imagine there would be no real difference between port 5060 and 5061 on most alg's... On Thu,

Re: [sipx-users] Remote Softphones and ALG

2012-01-12 Thread pscheepens
That is, when the certificates are exchanged, so if that part works... I thought with tls the sip messages would be encrypted and therefore an alg would not be able to mess it up. Paul Tony Graziano tgrazi...@myitdepartment.net wrote on 12-01-2012 16:46:56: I would imagine there

Re: [sipx-users] Remote Softphones and ALG

2012-01-12 Thread Michael Picher
Tls is currently broken afaik On Jan 12, 2012 10:44 AM, Gerald Drouillard gerryl...@drouillard.ca wrote: On 1/12/2012 10:13 AM, Tony Graziano wrote: VPN is really the best way short of using an SBC that will handle the ALG on the sipx side of things. A nice option would be to try the

Re: [sipx-users] Remote Softphones and ALG

2012-01-12 Thread Gerald Drouillard
On 1/12/2012 4:43 PM, Michael Picher wrote: Tls is currently broken afaik That is what I thought. Thanks. It would be nice to get it working if it allows the client to sneak around their ALG routers. -- Regards -- Gerald Drouillard Technology

Re: [sipx-users] Remote Softphones and ALG

2012-01-12 Thread Joegen Baclor
This is not entirely true. TLS works for phones that correctly send the sipX certificate. It doesn't work for Polycoms because recent firmwares seems to no longer support what the documentations says about enabling custom certs. If we continue to simply brush this away and not use it

Re: [sipx-users] Remote Softphones and ALG

2012-01-12 Thread Joegen Baclor
On 01/12/2012 11:42 PM, Gerald Drouillard wrote: On 1/12/2012 10:13 AM, Tony Graziano wrote: VPN is really the best way short of using an SBC that will handle the ALG on the sipx side of things. A nice option would be to try the snom openvpn client using one of the vpn compaitble phones too.

Re: [sipx-users] Remote Softphones and ALG

2012-01-12 Thread Michael Picher
I would strongly suggest an ingate with the far-end Nat traversal option... tends to work very well at far end Nat. On Jan 12, 2012 5:11 PM, Gerald Drouillard gerryl...@drouillard.ca wrote: On 1/12/2012 4:43 PM, Michael Picher wrote: Tls is currently broken afaik That is what I