[AuckLUG] UDP Tunnelling over SSH or other ideas

Mon Jun 11 12:35:55 NZST 2007

Hi,

I've been working on this problem for a couple of weeks now, and was
wondering if anyone here has any ideas that might help me...

I have a friend who lives in a country where all telecommunication (phone,
internet, cellphone) are controlled by a government monopoly and heavily
restricted. It's not China, but I won't mention the exact country here since
these messages are archived :)

Anyway, we used to communicate using SIP through freeworlddialup (a free SIP
service provider) and two sipura boxes. About a year ago, they blocked that
service, along with Skype and almost all VoIP service providers you can
think of. Anyway, I recently decided that it's time to take things into my
own hands and installed Asterisk on my machine at home. Configuring it was a
breeze (since I needed only basic functionality), and tested it by
connecting to it from other machines outside my home network.

Note: my friend has a Windows XP machine, and last time I was there I
installed a VNC server and a dynamic dns update program. I cannot install
linux on that machine since my friend doesn't really have the knowhow, so
I'm stuck to using windows on that end. Moreover, his dsl modem is a usb
modem with proprietary drivers provided by that telecom monopoly.

I installed a free SIP client on that machine, and tried to connect to my
Asterisk server but it wouldn't register at all! I enabled debug mode on my
Asterisk, and I'm not receiving any single packet from that end. I made sure
that port 5060 is open at my friend's end, and I tested it by just pinging
port 5060 UDP and that works fine. However it just doesn't register. I asked
my friend to install it on another machine and try it - and that also didn't
work. I replicated that environment on an XP machine here, outside my home
network, and it's working fine.

This leads me to conclude that either I'm making some stupid mistake
somewhere, or that telecom at that country does some sort of selective
filtering - where they only drop SIP packets or something. I have also tried
using ports other than 5060 and that didn't work either.

The idea I have now which I'm trying to implement is to use SSH port
forwarding - by creating a tunnel from there to here and having SIP data go
through that tunnel. The thing is, I know how to tunnel TCP through SSH, but
not UDP. A google search led me to an article which would require having
Linux at both ends, not an option here. Moreover, setting up SSH to do a
socks proxy is not sufficient since the sipura adapters don't use socks
proxies - unless I can somehow setup that machine to automatically forward
certain ports or something...

So, I basically have two questions for you:-
- Any idea how I can tunnel UDP?
- Any other suggestions on how I can go about solving this problem, other
than using SSH tunnelling?

If you've read this far, thanks for bearing with me and reading this long
email :)

Cheers,
/Fuad