[AuckLUG] Re: UDP Tunnelling over SSH or other ideas

[Fuad Tabba]

Replying to my own post cause I figured out the solution (with some help
from a friend), easier than I though. OpenVPN :)

Cheers,
/Fuad

On 6/11/07, Fuad Tabba <fuad at cs.auckland.ac.nz> wrote:
>
> Hi,
>
> I've been working on this problem for a couple of weeks now, and was
> wondering if anyone here has any ideas that might help me...
>
> I have a friend who lives in a country where all telecommunication (phone,
> internet, cellphone) are controlled by a government monopoly and heavily
> restricted. It's not China, but I won't mention the exact country here since
> these messages are archived :)
>
> Anyway, we used to communicate using SIP through freeworlddialup (a free
> SIP service provider) and two sipura boxes. About a year ago, they blocked
> that service, along with Skype and almost all VoIP service providers you can
> think of. Anyway, I recently decided that it's time to take things into my
> own hands and installed Asterisk on my machine at home. Configuring it was a
> breeze (since I needed only basic functionality), and tested it by
> connecting to it from other machines outside my home network.
>
> Note: my friend has a Windows XP machine, and last time I was there I
> installed a VNC server and a dynamic dns update program. I cannot install
> linux on that machine since my friend doesn't really have the knowhow, so
> I'm stuck to using windows on that end. Moreover, his dsl modem is a usb
> modem with proprietary drivers provided by that telecom monopoly.
>
> I installed a free SIP client on that machine, and tried to connect to my
> Asterisk server but it wouldn't register at all! I enabled debug mode on my
> Asterisk, and I'm not receiving any single packet from that end. I made sure
> that port 5060 is open at my friend's end, and I tested it by just pinging
> port 5060 UDP and that works fine. However it just doesn't register. I asked
> my friend to install it on another machine and try it - and that also didn't
> work. I replicated that environment on an XP machine here, outside my home
> network, and it's working fine.
>
> This leads me to conclude that either I'm making some stupid mistake
> somewhere, or that telecom at that country does some sort of selective
> filtering - where they only drop SIP packets or something. I have also tried
> using ports other than 5060 and that didn't work either.
>
> The idea I have now which I'm trying to implement is to use SSH port
> forwarding - by creating a tunnel from there to here and having SIP data go
> through that tunnel. The thing is, I know how to tunnel TCP through SSH, but
> not UDP. A google search led me to an article which would require having
> Linux at both ends, not an option here. Moreover, setting up SSH to do a
> socks proxy is not sufficient since the sipura adapters don't use socks
> proxies - unless I can somehow setup that machine to automatically forward
> certain ports or something...
>
> So, I basically have two questions for you:-
> - Any idea how I can tunnel UDP?
> - Any other suggestions on how I can go about solving this problem, other
> than using SSH tunnelling?
>
> If you've read this far, thanks for bearing with me and reading this long
> email :)
>
> Cheers,
> /Fuad
>