On Tue, Jun 03, 2008 at 11:13:45AM +0100, Errol Samuels wrote:
Hello All,
I am currently researching a solution for tunnelling VoIP traffic since VoIP is blocked in the country concerned. It appears that the ISP is targeting OpenVPN and OpenSwan and blocking them so I want to try something different.
My solution based on OpenVPN worked great until it got blocked by the ISP about a week ago. It was using an OpenVPN server hosted in a US Datacenter and the VPN clients were simply routers with third party Linux firmware with the OpenVPN client embedded in the firmware.
I am also investigating the possibility of tunnelling OpenVPN through SSH but I have to watch my IP overheads here because the ISP watches the upload bandwidth as well!
Has anyone attempted or had any success using stunnel for a similar scenario as I have mentioned?
The SSH and SSL protocols ought to have roughly the same amount of overhead, so whether you choose tunnelling over SSH or over stunnel should have pretty much no bearing on the traffic.
Now... stunnel should work just as well as SSH, but it also has just the same basic "limitation" - or, rather, design goal - stunnel is used only for forwarding TCP connections. I'm not sure what your VoIP model is, but if it is in any way based on UDP packets flying around, then neither stunnel nor SSH would be of any use to you.
With that in mind, if it's a TCP connection that you want to encrypt, either stunnel or SSH port forwarding should do the job just fine, although for "permanent" setups I would rather use stunnel, since SSH may have some issues with timeouts and dropped control connections and such.
G'luck, Peter