[plug] VOIP suggestions please

W.Kenworthy billk at iinet.net.au
Fri Apr 7 22:23:23 WST 2006 

I just NAT it at the server(s) - simple, easy and it works.

I have used zebedee to port forward very successfully for a few years
now - currently imap and snmp surfacing into my home LAN so I can email
easily from wherever my laptop wants to call home, but also vnc and
telent (in the days before ssh) very successfully over a modem.  Much
less fuss than a vpn when just a few ports are involved, and from
experience far more stable and trouble free.

BillK



On Fri, 2006-04-07 at 18:10 +0400, Brad Campbell wrote:
> Brad Campbell wrote:
> > W.Kenworthy wrote:
> >> yeah, openvpn should be *easier*.  I am also in the throws of
> >> reorganising my 'tunnels'.  Seems like they are starting to breed in the
> >> dark!
> 
> Ok its sorted.. the issue was I'm using openvpn in routing mode.. and it won't pass any traffic with 
> anything other than its local addresses..
> 
> So, my quick and ugly solution is to rewrite the envelopes..
> Packet comes in 192.168.0.5 and is redirected with a dnat to 10.8.0.10 (my laptop). as it passes the 
> openvpn interface it still has a source address of 192.168.0.5 so openvpn drops it. So we mangle 
> that also and rewrite the source address as 10.8.0.6 (the vpn box in perth) and we are all sweet..
> 
> Mangling 1720/tcp is enough to establish a h323 connection, and all udp ports from 2000:56000 seems 
> to cover the RTP streams.. so I can now SJPhone over the vpn.. w00t!
> I'm *sure* there is an easier way to do this.. and I'll lay $20 that someone will pop up in the next 
> week and say.. "well there is this simple little proxy you can use at ww.blah.rabbit".. but in a 
> pinch this works..
> 
> It's also a gross misuse of infrastructure.. but I like doing that..
> 
> #!/bin/sh
> 
> IPTABLES=/sbin/iptables
> $IPTABLES -t nat -F
> 
> $IPTABLES -t nat -A PREROUTING -i tun0 -p tcp --dport 5900:5905 -j DNAT --to 192.168.0.2
> 
> $IPTABLES -t nat -A PREROUTING -i eth0 -p udp --dport 2000:56000 -j DNAT --to 10.8.0.10
> $IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 1720 -j DNAT --to 10.8.0.10
> $IPTABLES -t nat -A POSTROUTING -o tun0 -p udp --dport 2000:56000 -j SNAT --to 10.8.0.6
> $IPTABLES -t nat -A POSTROUTING -o tun0 -p tcp --dport 1720 -j SNAT --to 10.8.0.6
> 
> echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> Brad

More information about the plug mailing list