Take a pick - OpenVPN, Hamachi, DUNDi

D

devplan

New Member
Joined
Mar 3, 2008
Messages
6
Reaction score
0
I need to pick the best solution to interconnect 3 Asterisk servers at different locations with secured voice data and
read about various approaches and would like some advice based on the following criteria:


Two of the asterisk servers run Trixbox [FONT=Verdana,Arial,Helvetica,sans-serif]1.2.24 [/FONT]on CentOS 4.5 and
A2Billing 1.3.0 and the 3rd on the latest PiaF (on CentOS 5) with A2Billing 1.3.2.


All of them run Shorewall with eth0 on static public ip and eth1
with DHCP subnet where all the phones are connected to.


Basically, I would use IAX2 trunking to interconnect all the Asterisk boxes and
define in the numbering plan, where the calls would go.


I thought - the best would be to setup OpenVPN server and client on all of my boxes
- but as I haven't tested it yet - I am not sure, if I need a 2nd static external ip for that.


In regards to Hamachi - I would like to avoid having to register each phone to a new ip address range.


In regards to DUNDi - I wouldn't like to route calls out through remote server's trunks as
this would mix up the phone call accountings and bills.


A2Billing I am using only for internal "phone usage control" to avoid overshooting
a set weekly allocation by having each user to use a pin-code for each of the locations.


So - that's quite a setup-and-a-half!

Any wise suggestions?

rgds, devplan
 
Hi

You could use Dundi for this, you can restrict which calls go through Dundi and which do not via the outbound routes setup.

I would advise this over the other options which would add a level of complexity.

You could route all calls via A2Billing, and account for each call on an extension by extension basis.

Outside of this, with only 3 PBX's a simple IAX trunk to each of the other trunks would suffice. Dundi comes into it's own where there are lots of PBX's in the system. In yours, you only have 6 trunks to configure in total. Of course, if you add another PBX, then you would have 12 trunks to configure, which starts to be abit of nightmare.

Chose a sensible 4 digit numbering system so it is easy to route calls from PBX to PBX.

In terms of securing the voice traffic, I did find this little snippet on Voip-info - http://www.voip-info.org/wiki/view/IAX+encryption

I've never tried it myself.

Joe
 
Why not set up a Hamachi network between the three servers and then use your iax trunks as planned. It costs nothing and adds little overhead. The phones at site A will still continue exactly as before, same with B and C. The only place where the Hamachi IP's will come into play is when you define the IAX trunks for the locations of the other boxes. You will use the Hamachi IP address when you define the connection. Should be easy and secure.
 
I run OpenVPN on multiple boxes with Asterisk, both PiaF and TB. I've routed calls through the VPN (with softphones, mainly, haven't tried it with IAX2, but I expect it would work). The setup tutorial on the OpenVPN website should get you up and running from that end, but you'll probably not want to have dual vpn connections (one in each direction, as your post sort of suggested) but rather one between each pair (3 connections total). It won't matter which of each pair is client and server.

Allow me to suggest one thing for your consideration: IAX2 is rather sensitive to traffic jitter when routing significant numbers of calls. Consider using SIP or multiple IAX2 trunks if the traffic between servers is expected to be high ("high" is obviously dependent on your hardware).

Consider carefully your IP addressing scheme - the VPNs will use a private address for each machine in the VPN, and each of the 3 VPNs will need to have unique subnets. For example, between Box A and B, use 10.15.1.0/24, between B and C use 10.15.2.0/24, and between A and C use 10.15.3.0/24.

The VPN addresses are internal to the VPN, and you don't need additional "outside" IP addresses to set up the server. You'll simply have to open another UDP port in the iptables configuration on Eth0. When you configure a trunk, you'll use the VPN address (10.15.x.x) rather than the public address of the other server, which will route the traffic through the VPN automatically.

Note that the OpenVPN software will operate as either a client or server, depending on the configuration file settings, so all the installations will be identical, just the configuration files (and certificates) will be unique.
 
The IP addressing scheme is one of the reasons that I like the Hamachi approach. You don't have to change anything on any of the 3 lans as long as all communications are between the Asterisk boxes. The IAX trunk will travel over the secure VPN connection and no changes have to be made anywhere else.
 
You must log in or register to reply here.

Members online

Total: 72 (members: 2, guests: 70)

Latest Posts

Forum statistics

Threads
26,688
Messages
174,412
Members
20,259
Latest member
Fadeek86
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Back
Top