Thursday, February 24, 2011

Tunneling IAX2 VoIP thru a SSH tunnel





Just for the kicks, i tried to connect 2 Asterisk servers thru a SSH tunnel to place encrypted calls via IAX2 from BOX1 to BOX2. It worked, but the sound quality is ugly and the FIFO-nature of converting UDP-traffic into TCP-traffic gave some strange results. But after all I learned a lot doing it….

What we need:
- 2 Asterisk Boxes
- root on BOX2
- ssh
- socat

What I did:
Connect both boxes with a SSH port-forwarding to get the calls thru the internet. Convert the IAX2 UDP-traffic coming from Box1s Asterisk into TCP with socat, because SSH doesn’t support UDP tunneling. Send the TCP data thru the tunnel. Pick it up at the other side with socat and convert it back to UDP. Feed the UDP data into the target asterisk.

How I did it:
BOX1:
context to feed an outbound call into our socat converter:
exten => 3,1,Dial(IAX2/user:pass@127.0.0.1:10000/1)
setting up socat:
socat udp4-listen:10000,reuseaddr,fork tcp:127.0.0.1:10001
setting up our ssh tunnel:
ssh -L 10001:127.0.0.1:10000 root@box2

Box2:
Setting up socat to pick up the TCP-stream from the tunnel and pass it to asterisk:
socat tcp4-listen:10000,reuseaddr,fork UDP:127.0.0.1:4569
iax.conf:
[general]
bindport = 4569
bindaddr = 0.0.0.0
disallow=all
allow=ulaw
allow=alaw
[box1]
type=peer
username=user
secret=pass
auth=plaintext
context=iax-tunnel
peercontext=iax-tunnel
qualify=yes
trunk=yes
The iax-tunnel context just playing a beep:
; IAX testing
[iax-tunnel]
exten => 1,1,Answer()
exten => 1,2,Playback(beep)
exten => 1,3,Hangup()
Enjoy…

1 comment:

  1. I m looking for this solution. have anybody who can provide me full solution with training.

    ReplyDelete