VOIP+VPNapplication.docx
《VOIP+VPNapplication.docx》由会员分享,可在线阅读,更多相关《VOIP+VPNapplication.docx(12页珍藏版)》请在冰豆网上搜索。
VOIP+VPNapplication
DeployYourOwnVoIP+VPNApplicationStepbyStep
----WithLinuxandGIP300IPphone
Simply,PPTPVPNservicemakesyourVoIPservicenon-blockingandsafe.
NormalVoIPUsage
Generalspeaking,allterminalsusetheirrealIPaddresstoregistertotheSIPproxy.AllyourinformationaretransferrednakedlyontheInternet,sosomeonecaneasilystealyourpersonalinformation.Forexamplesomeonecaneasilyinterceptyourpacketsanddecodetooriginalvoiceinformationandthereisanotherproblemaswell.InsomecountriesprovidingVoIPserviceisnotallowedsoyoucannotuseVoIPservicesasthenetworkprovidersblockedallyourVoIPpackets.
VoIPwithPPTP
IntheabovediagramthereisaPPTPorL2TPVPNserverontheInternet.AlldevicesconnecttotheVPNserverandreceiveavirtualIPaddresswithacertainusernameandpassword.AndtheVPNserverhasitsownvirtualIP..
InthediagramGIP300AusesvirtualIP10.10.0.11toregistertoSIPproxywithIP10.10.0.12.AllthepacketsaresenttotheVPNServerandthenforwardedtoitsdestination.AlldevicesexchangeinformationthroughtheVPNnetworkandallpacketsareencrypted.SoitissafetouseVPNprovidingVoIP.EveryonemustlogintotheVPNServerandthenuseyourVoIPservice.Itiseasytocontrolthenetworktorejectsomeonewhowantstodestroyyourservice.
FurthermorethereisanotheradvantagebyusingVPN.Asallthepacketsareencryptednooneknowswhatyoutransferonthecable.Soitisnoteasytoblockyourvoicepacketsandservice.
Howtomakegip300toworkwithPPTP
ItiseasytousePPTPwithgip300andyoujustneedtodotwosteps.
Firstly,pleaseuseyourwebbrowsertologintogip300.
SelectNetworkconfiguration,lookatthepictureasfollowing
GIP300supportsthreetypeofVPNandhereyoushouldselectPPTP.
SetthePPTPserveraddress(youmayaskyourserviceproviderforyourPPTPserveraddress)
SetthePPTPserverportas1723
Setyourusernameandpassword.(youmayaskyourserviceproviderfortheusernameandpassword)
SetyourSIPproxyaddressas10.10.0.1(youmayaskyourserviceproviderforyourSIPproxyaddress)
LookatthewebconfigurationpictureofGIP300forthesettings
Saveyoursettingsandrebootthedevice
WhenGIP300startsitwillconnecttothePPTPserverandlogintoreceiveavirtualIPaddresssuchas10.10.0.11.thenitwillusethisIPtoregistertoSIPproxy10.10.0.12throughaencryptedtunnel.Whenyoucallsomeoneallyourvoicepacketswillgothroughtheencryptedtunneltoo.ThatistosayallyourvoicepacketaresendtoVPNserver10.10.0.1throughtheencryptedtunnelandthenwillbeforwardedtothefinaldestination.
HowcanIsetupaPPTPVPNServer
ProbablyyouaretheserviceproviderandyouwanttouseVPNwithyourVoIPservice.PleaserefertoPPTPDonLinux/Unixplatformoryoujustneedawindowsserver.WindowsitselfcontainsPPTPsupport.
HereIwillprovideadetailedconfigurationinformationforyoutobuildatestenvironment.
Thenetworkdiagramisasfollows:
HeretheSIPproxyandthePPTPserverisinstalledinthesamemachine.
Softwareplatformisfree.
Debianetch(Debianversion4.0,codenameetch)
Openser(debianpackage),oryoumaywanttouseAsterisk
Pptpd(debianpackage)
Step1
installdebianGNUlinuxonyourserver
Step2
apt-getinstallopenserpptpd
Afterstep2allpackagesareinstalled.
Step3
Configyoursoftware
Foropenser
edit/etc/default/openser
RUN_OPENSER=no
changethislineto
RUN_OPENSER=yes
edit/etc/openser/openser.cfg
Ifyoudon'twanttousedefaultport5060,youmaychangetothis
#port=5060
port=53
ForPPTPD
edit/etc/pptpd.conf
atlastofthisfile
youmayseesomethinglikethis
#localip192.168.0.1
#remoteip192.168.0.234-238,192.168.0.245
#or
#localip192.168.0.234-238,192.168.0.245
#remoteip192.168.1.234-238,192.168.1.245
changetothis
localip10.10.0.1
remoteip10.10.0.2-238
AbovecommandlinesmeanthePPTPserver'svirtualIPwillbe10.10.0.254andtheterminalsconnecttothePPTPserverwillreceiveIP10.10.0.2-10.10.0.238
edit/etc/ppp/pptpd-options
ifyouwanttoencryptyourpackets,youneedthethingslikefollows
#{{{
refuse-pap
refuse-chap
refuse-mschap
#RequirethepeertoauthenticateitselfusingMS-CHAPv2[Microsoft
#ChallengeHandshakeAuthenticationProtocol,Version2]authentication.
require-mschap-v2
#RequireMPPE128-bitencryption
#(notethatMPPErequirestheuseofMSCHAP-V2duringauthentication)
require-mppe-128
#}}}
Abovecommandsmeanthetunnelwillusemppe-128algorithmtoencryptyourpackets
AndthenaddyourVPNusernameandpasswords
edit/etc/ppp/chap-secrets
addlineslikethese
"111"pptpd"111"10.10.0.23
"222"pptpd"222"10.10.0.24
"333"pptpd"333"10.10.0.25
"444"pptpd"444"10.10.0.26
"555"pptpd"555"10.10.0.27
"666"pptpd"666"10.10.0.28
"777"pptpd"777"10.10.0.29
"888"pptpd"888"10.10.0.30
AbovecommandsmeanVPNusername111,passwordis111andwillbeassignedIP10.10.0.23
username222,password222,willbeassignedIP10.10.0.24
Startyourservices
youmayusethiscommandtostartPPTPD
/etc/init.d/pptpdrestart
usethiscommandtostartopenser
/etc/init.d/openserrestart
youmaywaituntilthevirtualIPgetready(whenoneclientconnectedtoPPTPD),thenstartopenser,SoopenserwillbindtothevirtualIPaddress.
enablepacketforwarding
echo1>/proc/sys/net/ipv4/ip_forward
stopyourservices
/etc/init.d/pptpdstop
/etc/init.d/openserstop
Clientsconfiguration
setPPTPserveraddressto63.233.189.104(yourPPTPserverIPaddress)
setPPTPserverport1723
setusernameas111
setpasswordas111
GIP300No.1
setsipproxyIPas10.10.0.1
setsipproxyportas53(wesetitto53asintheconfigurationfileabove)
enableVPN
setphonenumber111(oranynumberyouwouldliketoset)
username111(oranyusernameyouwouldliketoset)
password111(oranypasswordyoulike)
GIP300No.2
setPPTPserveraddressto63.233.189.104
setPPTPserverport1723
setusernameas222
setpasswordas222
setsipproxyIPas10.10.0.1
setsipproxyportas53(wesetitto53asintheconfigurationfileabove)
enableVPN
phonenumber222(oranynumberyouwouldliketoset)
username222(oranyusernameyouwouldliketoset)
password222(oranypasswordyoulike)
thensaveandreboottwoIPphones.
Afterrebootingandregistrationyoucancalleachother.
Notice:
Thisisonlyatestenvironment.OpenserwillnotauthenticateanyusersoeveryonecanusetheVoIPservicewithyourVPNusernameandcertainpassword.WhilethatmeansanyoneintheVPNnetworkcanuseyourVoIPservice.YoumaywanttouseopenserwithmysqlorpostgresqltoauthenticateyourVoIPusers,ifyouwanttolearnmore,pleaserefertohttp:
//openser.org/
sipserverisnotinVPNnetwork
someserviceproviderdonotwanttoputsipserversinthenetwork,thenetworkmaylooklikethis.
howtosetupgip300toworkinthisnetwork
youjustneedtochangesomethinginVPNnetworksetup.
likethefolowimage.
howtosetuptheserverside
inthisway,thepptpservershouldforwardallpackets,tosipserver,ortomediagateway.
vax:
/proc/sys/net/ipv4#echo1>ip_forward
vax:
/proc/sys/net/ipv4#
vax:
/proc/sys/net/ipv4#iptables-tnat-APOSTROUTING-s10.10.0.0/24-oeth0-jMASQUERADE
thenallareok.youneedtochangenothingaboutthesipserverorthemediagateway.