Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cheap Point-To-Point VoIP Through NAT?

Posted by Cliff on from the conversations-over-the-link dept.

An anonymous reader asks: "70% of my phone bill comes from calls to a few colleagues. We all have 'broadband' internet access (at least 100 kbit/s upstream) and are behind NATs, so we can share our access with the rest of our house-mates. The OS most used is Linux. In order to lower our phone bills I'm looking for a Point-to-Point audio tool which enables you to pass relatively easily through the NATs. I've had a look at Speak-Freely, which is quite nice as it sports things like GPG-encryption. But it uses two UDP and one TCP ports which is a bit much and not very NAT friendly. I wouldn't like to use commercial tools with central servers like Skype. What would be ok is to use a webserver to serve as a kind of starting point where you would update your IP address and ports. But it should be possible to give your mom and pop webhoster to set up or even better just a cgi-script which interacts with the clients via http or https. The audio data itself shouldn't be routed over a server (what a waste of bandwidth). Thanks for all ideas."

35 comments

  1. openvpn by kayen_telva · · Score: 1

    uses one port

    open source, cross platform

    here

    1. Re:openvpn by kayen_telva · · Score: 1

      sorry. not just wrong thread, wrong planet

    2. Re:openvpn by kzanol · · Score: 1

      sorry. not just wrong thread, wrong planet No, That's actually a viable solution for the question asked: If the op sets up a vpn connecting their network(s), he'll be able to use any voip solution he likes, without having to worry about nat. May fail the "ease of use" requirements though.

      --
      you have moved your mouse, please reboot to make this change take effect
  2. IPv6 and Teredo by Isomer · · Score: 2, Informative

    Use Teredo and whatever protocol you like.

    Teredo is a way to give yourself a realworld IPv6 address, even though you are stuck behind NAT (and without cooperation from the NAT device, like uPnP requires).

    Basically Teredo tunnels IPv6 packets over UDP, and relies on the fact that most NAT's reuse the same source port for all udp packets that you send that have the same source address internally.

    All your application only need to support IPv6. There are Teredo implementations for Linux and FreeBSD and Teredo is built into Windows SP2. Teredo also supports two people both behind NAT to talk to each other directly in almost all common circumstances.

    So go add IPv6 support to your applications, and recommend your users use Teredo to defeat NAT!

    1. Re:IPv6 and Teredo by hab136 · · Score: 2, Informative
      Teredo is built into Windows SP2

      Um, no, it's built into the Advanced Networking Pack for Windows XP - which is not installed by default.

    2. Re:IPv6 and Teredo by Hidyman · · Score: 1

      Actually That won't work under SP2.

      --
      You can't take the sky from me ...
    3. Re:IPv6 and Teredo by Isomer · · Score: 1
      From my reading of the page I linked to, it is in the Advanced Networking Packet for Windows XP, however it was added into SP2, so you don't need the extra networking pack if you have installed SP2. I could be wrong here.
      Quotes:

      Windows XP SP2 includes the Internet Protocol version 6 (IPv6) that was included in the Advanced Networking Pack for Windows XP.

      and

      Windows XP SP2 includes the following updates to IPv6 that are included in the Advanced Networking Pack for Windows XP

      -- IPv6
    4. Re:IPv6 and Teredo by Isomer · · Score: 1

      Why not?

    5. Re:IPv6 and Teredo by Phil+Karn · · Score: 1
      If you do control your NAT box, a much better alternative to running Teredo through it is to install a 6to4 gateway on the same box as the NAT. This is trivial if the NAT box is running Linux. IPv4 users on your home LAN still see a NAT, but anything that supports IPv6 can get transparent, end-to-end connectivity.

      I would really like to see a 6to4 gateway function become a standard vendor feature on popular mass-market routers like the Linksys WRT54G. Since most DSL and cable modem ISPs still give their customers a (single) globally routable IPv4 address, this could go a long way toward eliminating UPnP, manual port-forwarding hacks and other brain-dead NAT workarounds.

    6. Re:IPv6 and Teredo by Isomer · · Score: 1

      I completely agree, and run 6to4 here at home (as I do control my gateway). 6to4 works well, and I've wiki'd my experiences at http://wlug.org.nz/6to4

      My biggest problem at the moment is that Linux doesn't do particularly good source address selection for IPv6 addresses, in fact it uses the most recently added address to an interface, which if you have 6to4 *and* a slow, laggy tunnel which takes ages to initialise, then all the source addresses on your packets will be via the slow, laggy tunnel. Gnrrg.

      I have a patch for this, however the LK people want a different solution (they want source address selection to be customisable via /sbin/ip route command), and I've not spent time getting my patch to work how they want yet.

    7. Re:IPv6 and Teredo by Phil+Karn · · Score: 1
      Yeah, I can see how this could be a problem. I run into it sometimes at work when I have both 6to4 and a 6bone address. It seems that if both ends have a 6to4 address starting with 2002::/16, that should probably be preferred, but I wouldn't want to hard-wire a rule like that.

      IPv6 has the advantage that it pushes some of the route selection back to the application where the user can control it. IPv6 also has the disadvantage that it pushes some of the route selection back to the application where the user must control it. :-)

    8. Re:IPv6 and Teredo by Isomer · · Score: 1

      RFC3484 describes what it /should/ be doing. It has all sorts of criteria to select addresses, although I think most of them could be replaced with just "used the longest matching prefix, and make sure it's in the same scope, and try not to use deprecated addresses". They have an idea of a table that provides preferences for prefixes to determine that lets you override whats happening. The Kernel people want to use the routing table for this (which I can understand, it's a nicer solution imho), but someone needs to write a patch to do it :)

      Anyway, with proper RFC3484 support, the kernel should choose 6to4 addresses to talk to 6to4 hosts, and 6bone addresses to talk to everyone else.

  3. what's wrong with skype? by alonsoac · · Score: 1

    Why not? I use it on Linux, I had some trouble with the sound but it works ok now. You can use it for free. I even payed for the skype out service to call regular phones and have saved a ton of money this month. I'm quite happy.

    1. Re:what's wrong with skype? by GeorgeH · · Score: 1

      Skype is peer-to-peer, not point-to-point, meaning your VoiP data can bounce around a couple other hosts. Of course, it's all encrypted (the only encrypted IM client in wide use) so that shouldn't be too much of a concern.

      The nice thing about it is that it busts NAT like it wasn't even there, and it "just works."

      --
      Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?
    2. Re:what's wrong with skype? by Anonymous Coward · · Score: 0

      Ehm, as you say "it busts NAT like it wasn't even there" and that means that it *is* point-to-point (if at all possible). So why the self-contradiction?

    3. Re:what's wrong with skype? by hab136 · · Score: 1
      Ehm, as you say "it busts NAT like it wasn't even there" and that means that it *is* point-to-point (if at all possible). So why the self-contradiction?

      The voice is point-to-point; the signalling and control channels are P2P (bouncing off other hosts) to get around NAT.

  4. Asterisk..... by Muiz · · Score: 1

    Take a look at Asterisk http://www.asterisk.org/. The wiki http://www.voip-info.org/wiki-Asterisk has more useful information. It is a full VoIP softswitch solution. In addition to SIP, H323 and MGCP it also supports the IAX protocol, which was designed to be NAT friendly. You won't be able to run it point-to-point. You will have to run an Asterisk server somewhere in your network, but since you are already running Linux on the desktop, it should be fairly easy to run it on one of them for a small network. Combine that with a dynamic dns service like dyndns.org and voila!

  5. VoIP over NAT by Gadzinka · · Score: 4, Informative

    There's no easy way to communicate between two agents, both behind NAT. Period.

    Having said that, where've you been for the last couple of years? There are free registrars that let you use rfc compliant VoIP like SIP: FWD, IPTel. You register there, but you communicate directly between your internet connections. This is really something like web page with your IPs, but automated. Kphone or Linphone are good for it on Linux.

    You have to set up some kind of NAT traversal. You can set up port forwarding on the NAT and/or use STUN server.

    Also, Skype isn't communicating via server. Skype only authenticates with server, but communication more or less is point to point. When the Skype client is unreachable directly, you communicate with it via third party (i.e. any Skype client with externally open ports). And the communication is encrypted with AES in order to avoid snooping by your ,,proxy''.

    There's also teamspeak which requires extrenally running server (there are some servers publically available) but works like a charm with every kind of NAT, because all the communication goes thru server.

    Robert

    --
    Bastard Operator From 193.219.28.162
    1. Re:VoIP over NAT by undef24 · · Score: 2, Interesting
      There's no easy way to communicate between two agents, both behind NAT. Period.

      Maybe something like http://chownat.lucidx.com/ could be integrated into other software.

    2. Re:VoIP over NAT by dpoulson · · Score: 2, Informative

      Freeworlddialup can use IAX too. Register for a free account, then either get a soft client (tho' I've had trouble finding a decent stable one) or get a little box of tricks from http://www.digium.com/ called the IAXy which will convert a POTS phone to a IAX VoIP phone.

      Of course, running an asterisk server gives you a lot more options and is definately the geek thing to do!

      --
      http://www.22balmoralroad.net/ http://www.tinynetworks.co.uk/
    3. Re:VoIP over NAT by Gadzinka · · Score: 2, Informative
      I know about this, used it myself.

      Unfortunatelly, there's no way for the clients alone to initiate this transfer. They have to know:
      1. Their external IP address
      2. Who they want to communicate to
      3. The ports on which to communicate

      Now, there are some "middleman" servers like STUN that will take care of some of this, but requirement 3 may be impossible to to fulfill.

      You see, normally when you send packets through NAT, it rewrites source port and address. In case of Linux, if the port is free on firewall/nat box, it leaves it unchanged. If it is taken, it assigns new, free port. Similarly, if you send UDP to address A and then send UDP to address B with the same source port, they may end up with different ports after natting. And the next problem is when several machines behind the same NAT send packets with the same source port: they have to have different ports after natting, in order to distinguish the returning packets.

      Basically, you have no way of knowing what you source port will be behind a "hostile" NAT, since it can even change between your packets beeing sent to "middleman" server and packets beeing sent to proper recipient's NAT.

      There's just no way to reliably communicate between natted machines, because this communication was never a goal. Rather, from day one, inability to communicate with machine behind NAT was the "security feature" and big selling point.

      Robert
      --
      Bastard Operator From 193.219.28.162
  6. skype by alatesystems · · Score: 3, Interesting

    Skype is not centralized. The authentication server is, but the voice traffic is all peer-to-peer.

    Skype is nat friendly. All you need to do is forward one port. If you don't, the traffic will still get through by routing through people who are NOT on a nat, encrypted end to end.

    I would say that Skype is the most NAT friendly of any of the consumer voice over ip programs, and the voice quality is superior.

    Go with Skype; you won't regret it.

    1. Re:skype by Guspaz · · Score: 1

      Another vote for Skype. Your dismissal of it because you think it is "commercial" is illogical. It's the best free serverless NAT-friendly solution out there at the moment.

  7. Use Freeworld Dialup! by the_maddman · · Score: 2, Interesting
    Freeworld Dialup will do everything you want.

    SIP based VoIP, Asterisk compatible if you want to get fancy, uses STUN to traverse nat'ing firewalls. They even sponsor a few SIP clients so it's all free, and you can buy a cheap hardware SIP phone or interface and make the calls from a real phone instead of a PC.

  8. SipPhone by digitallife · · Score: 1

    Get away from the computers and look to sipphone.com - just buy a small device and plug your phone into it. Except for the initial hardware purchase (which is minimal), it costs nothing. If you want to, you can also pay per minute and get to call regular phones, or even get yourself a normal phone number. I've been using it for about a year now and it works great.

  9. linphone by noselasd · · Score: 1

    linphone seems to work ok for this. Just forward the correct ports.

  10. VPN by spiralscratch · · Score: 1

    Connect the sites via IPSec VPN tunnels. Most NAT firewall/routers that support IPSec will allow the private IPs used at each site to be addressed directly, without any NAT. You'll be able to use whichever VoIP product suits your needs best without having to worry about NAT compatibility.

    As a bonus, all calls and any other data between the sites will be encrypted.

  11. Teamspeak. by terrox · · Score: 2, Informative

    Just use teamspeak, gamers have used voice comms for ages and teamspeak is just one of many. http://www.goteamspeak.com/products.php?t=screensh ots

  12. Why not by TheCabal · · Score: 2, Insightful

    Unless I'm totally missing something, why not just use port forwarding on your NAT?

  13. FWD by malachid69 · · Score: 1

    Personally, I like FWD (Free World Dialup). While it can be used with various SIPS phones (hardware and software), they also put out pulver.Communicator which is like Trillian with VoIP.

    --
    http://www.google.com/profiles/malachid
  14. Run your VOIP through... by OneDeeTenTee · · Score: 1

    ...a Brita filter to make it smoother.

    --
    Stop the world; I need to get off.
  15. rat (robust audio tool) by #undefined · · Score: 1

    rat

    you specify the other end's ip address and single udp port. easy to port-forward.

    it doesn't encode end-point data in stream, so rat won't get all confused when the other end identifies itself as a non-routable ip address, as with some protocols.

    and with multicast, you can do teleconferencing with multiple people.

  16. VPN: A different, and useful, approach by maggard · · Score: 1
    Gotta agree, OpenVPN is a clever solution.

    Don't try and fight with NAT's, wonky clients, etc., just VPN the lot together and make it all look like a simple little network. Takes the whole question and approaches it from an entirely different, and sound, angle. That's not flaky; that's inspired.

    Heck, not just chat but file sharing, white boarding, remote printing, and everything else between these folks will then be trivial too, probably their next request anyway.

    OpenVPN is pretty easy to set up, even for non-geeks. It's certainly no harder getting a bunch of folks to open ports on their diverse router models and then configure whatever chat clients to use 'em appropriately.

    Again, clever solution. Mebbe not the best one but definitely an interesting one.

    --
    I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
  17. SipPhone is the BEST option at the moment by Linuxathome · · Score: 1

    I have to second this advice to SIPphone.com. There are number of benefits to going with SIPphone that the beginner may not realize. But first the cons:

    1. There are upfront costs for hardware, unless you just go with the free softphone (X-ten lite). The hardware runs around $50.
    2. Quality is not so good if you have shoddy upload rates (but this is general downside to VoIP in the real world and not unique to SIPphone).

    But the pros are definitely worth the cost:

    1. The ability to call other VoIP users in other networks (such as to FWD, IPtel, and IAXtel users). However, FWD has better peer access, allowing you to call Vonage users and other paid networks.
    2. Nationwide access numbers are available. So, for example, you could call the access number on a regular landline (PSTN line, in VoIP lingo), and then be able to connect to a SIPphone.
    3. Virtual numbers are available for purchase pretty cheap (about $6 a month) and all incoming calls to a SIPphone is always FREE! A virtual number means that you can have, say a phone number that's specific for a geographical region--for example, you can have a 610 area code number for the Philly area and have people call that number whenever they want to connect to your SIPphone. The benefit of this is: if you wanted to setup a dedicated fax line to just receive faxes, this is the way to go. As a price comparison, getting an eFax line is $12.95 a month (twice the virtual number price) and you don't get unlimited faxes.
    4. The hardware you buy from SIPphone is NOT locked, which means that if you don't like the service, you can take it elsewhere. But from my own experience, it's about on par or better than other services such as Broadvoice.
    5. Best of all, it's FREE! No monthly payments forever, nada, zip, zilcho. You just pay the upfront costs of the hardware and even then the prices are very competitive compared to outside (i.e. eBay). In fact, if you're just looking to buy fair priced VoIP hardware, I'd buy from SIPphone.

    I realize that this post sounds like an advertisement for SIPphone, but in actuality, I'm a SIPphone user who's just real happy with my service. I wanted to let you know also that if one of your buddies go to school at UCSD, they can dial any SIPphone from their phone line anytime, free of charge to use. I've recently posted some thoughts about the whole VoIP service for the consumer on my blog http://linuxathome.com, perhaps you could check it out.

    --
    Linux at home