[stunnel-users] Is anyone using Stunnel for tunnelling Voip?

Peter Pentchev roam at ringlet.net
Tue Jun 3 13:09:20 CEST 2008


On Tue, Jun 03, 2008 at 11:13:45AM +0100, Errol Samuels wrote:
> Hello All,
> 
> I am currently researching a solution for tunnelling VoIP traffic since VoIP
> is blocked in the country concerned.  It appears that the ISP is targeting
> OpenVPN and OpenSwan and blocking them so I want to try something different.
> 
> My solution based on OpenVPN worked great until it got blocked by the ISP
> about a week ago. It was using an OpenVPN server hosted in a US Datacenter
> and the VPN clients were simply routers with third party Linux firmware with
> the OpenVPN client embedded in the firmware.
> 
> I am also investigating the possibility of tunnelling OpenVPN through SSH
> but I have to watch my IP overheads here because the ISP watches the upload
> bandwidth as well!
> 
> Has anyone attempted or had any success using stunnel for a similar scenario
> as I have mentioned?

The SSH and SSL protocols ought to have roughly the same amount of
overhead, so whether you choose tunnelling over SSH or over stunnel
should have pretty much no bearing on the traffic.

Now... stunnel should work just as well as SSH, but it also has just
the same basic "limitation" - or, rather, design goal - stunnel is
used only for forwarding TCP connections.  I'm not sure what your
VoIP model is, but if it is in any way based on UDP packets flying
around, then neither stunnel nor SSH would be of any use to you.

With that in mind, if it's a TCP connection that you want to encrypt,
either stunnel or SSH port forwarding should do the job just fine,
although for "permanent" setups I would rather use stunnel, since SSH
may have some issues with timeouts and dropped control connections
and such.

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net    roam at cnsys.bg    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This would easier understand fewer had omitted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080603/f8f386df/attachment.sig>


More information about the stunnel-users mailing list