Cheap Point-To-Point VoIP Through NAT?

An anonymous reader asks: "70% of my phone bill comes from calls to a few colleagues. We all have 'broadband' internet access (at least 100 kbit/s upstream) and are behind NATs, so we can share our access with the rest of our house-mates. The OS most used is Linux. In order to lower our phone bills I'm looking for a Point-to-Point audio tool which enables you to pass relatively easily through the NATs. I've had a look at Speak-Freely, which is quite nice as it sports things like GPG-encryption. But it uses two UDP and one TCP ports which is a bit much and not very NAT friendly. I wouldn't like to use commercial tools with central servers like Skype. What would be ok is to use a webserver to serve as a kind of starting point where you would update your IP address and ports. But it should be possible to give your mom and pop webhoster to set up or even better just a cgi-script which interacts with the clients via http or https. The audio data itself shouldn't be routed over a server (what a waste of bandwidth). Thanks for all ideas."

openvpn

[kayen_telva]

uses one port

open source, cross platform

here [sourceforge.net]

Re:openvpn

[kayen_telva]

sorry. not just wrong thread, wrong planet

Re:openvpn

[kzanol]

sorry. not just wrong thread, wrong planet No, That's actually a viable solution for the question asked: If the op sets up a vpn connecting their network(s), he'll be able to use any voip solution he likes, without having to worry about nat. May fail the "ease of use" requirements though.

VPN: A different, and useful, approach

[maggard]

Gotta agree, OpenVPN is a clever solution.

Don't try and fight with NAT's, wonky clients, etc., just VPN the lot together and make it all look like a simple little network. Takes the whole question and approaches it from an entirely different, and sound, angle. That's not flaky; that's inspired.

Heck, not just chat but file sharing, white boarding, remote printing, and everything else between these folks will then be trivial too, probably their next request anyway.

OpenVPN is pretty easy to set up, even

IPv6 and Teredo

[Isomer]

Use Teredo and whatever protocol you like.

Teredo is a way to give yourself a realworld IPv6 address, even though you are stuck behind NAT (and without cooperation from the NAT device, like uPnP requires).

Basically Teredo tunnels IPv6 packets over UDP, and relies on the fact that most NAT's reuse the same source port for all udp packets that you send that have the same source address internally.

All your application only need to support IPv6. There are Teredo implementations for Linux and FreeBSD [simphalempin.com] and Teredo is built into Windows SP2 [microsoft.com]. Teredo also supports two people both behind NAT to talk to each other directly in almost all common circumstances.

So go add IPv6 support to your applications, and recommend your users use Teredo to defeat NAT!

Re:IPv6 and Teredo

[hab136]

Teredo is built into Windows SP2

Um, no, it's built into the Advanced Networking Pack for Windows XP [microsoft.com] - which is not installed by default.

Re:IPv6 and Teredo

[Hidyman]

Actually That won't work under SP2.

Re:IPv6 and Teredo

[Isomer]

Why not?

Re:IPv6 and Teredo

[Isomer]

From my reading of the page I linked to, it is in the Advanced Networking Packet for Windows XP, however it was added into SP2, so you don't need the extra networking pack if you have installed SP2. I could be wrong here.
Quotes:

Windows XP SP2 includes the Internet Protocol version 6 (IPv6) that was included in the Advanced Networking Pack for Windows XP.

and

Windows XP SP2 includes the following updates to IPv6 that are included in the Advanced Networking Pack for Windows XP

-- IPv6 [microsoft.com]

Re:IPv6 and Teredo

[Phil Karn]

If you do control your NAT box, a much better alternative to running Teredo through it is to install a 6to4 gateway on the same box as the NAT. This is trivial if the NAT box is running Linux. IPv4 users on your home LAN still see a NAT, but anything that supports IPv6 can get transparent, end-to-end connectivity.

I would really like to see a 6to4 gateway function become a standard vendor feature on popular mass-market routers like the Linksys WRT54G. Since most DSL and cable modem ISPs still give their cu

Re:IPv6 and Teredo

[Isomer]

I completely agree, and run 6to4 here at home (as I do control my gateway). 6to4 works well, and I've wiki'd my experiences at http://wlug.org.nz/6to4

My biggest problem at the moment is that Linux doesn't do particularly good source address selection for IPv6 addresses, in fact it uses the most recently added address to an interface, which if you have 6to4 *and* a slow, laggy tunnel which takes ages to initialise, then all the source addresses on your packets will be via the slow, laggy tunnel. Gnrrg.

I

Re:IPv6 and Teredo

[Phil Karn]

Yeah, I can see how this could be a problem. I run into it sometimes at work when I have both 6to4 and a 6bone address. It seems that if both ends have a 6to4 address starting with 2002::/16, that should probably be preferred, but I wouldn't want to hard-wire a rule like that.

IPv6 has the advantage that it pushes some of the route selection back to the application where the user can control it. IPv6 also has the disadvantage that it pushes some of the route selection back to the application where the user

Re:IPv6 and Teredo

[Isomer]

RFC3484 describes what it /should/ be doing. It has all sorts of criteria to select addresses, although I think most of them could be replaced with just "used the longest matching prefix, and make sure it's in the same scope, and try not to use deprecated addresses". They have an idea of a table that provides preferences for prefixes to determine that lets you override whats happening. The Kernel people want to use the routing table for this (which I can understand, it's a nicer solution imho), but someo

what's wrong with skype?

[alonsoac]

Why not? I use it on Linux, I had some trouble with the sound but it works ok now. You can use it for free. I even payed for the skype out service to call regular phones and have saved a ton of money this month. I'm quite happy.

Re:what's wrong with skype?

[GeorgeH]

Skype is peer-to-peer, not point-to-point, meaning your VoiP data can bounce around a couple other hosts. Of course, it's all encrypted (the only encrypted IM client in wide use) so that shouldn't be too much of a concern.

The nice thing about it is that it busts NAT like it wasn't even there, and it "just works."

Re:what's wrong with skype?

[hab136]

Ehm, as you say "it busts NAT like it wasn't even there" and that means that it *is* point-to-point (if at all possible). So why the self-contradiction?

The voice is point-to-point; the signalling and control channels are P2P (bouncing off other hosts) to get around NAT.

Asterisk.....

[Muiz]

Take a look at Asterisk http://www.asterisk.org/ [asterisk.org]. The wiki http://www.voip-info.org/wiki-Asterisk [voip-info.org] has more useful information. It is a full VoIP softswitch solution. In addition to SIP, H323 and MGCP it also supports the IAX protocol, which was designed to be NAT friendly. You won't be able to run it point-to-point. You will have to run an Asterisk server somewhere in your network, but since you are already running Linux on the desktop, it should be fairly easy to run it on one of them for a small network.

VoIP over NAT

[Gadzinka]

There's no easy way to communicate between two agents, both behind NAT. Period.

Having said that, where've you been for the last couple of years? There are free registrars that let you use rfc compliant VoIP like SIP: FWD [freeworlddialup.org], IPTel [slashdot.org]. You register there, but you communicate directly between your internet connections. This is really something like web page with your IPs, but automated. Kphone or Linphone are good for it on Linux.

You have to set up some kind of NAT traversal. You can set up port forwarding on the NAT and/or use STUN server.

Also, Skype isn't communicating via server. Skype only authenticates with server, but communication more or less is point to point. When the Skype client is unreachable directly, you communicate with it via third party (i.e. any Skype client with externally open ports). And the communication is encrypted with AES in order to avoid snooping by your ,,proxy''.

There's also teamspeak which requires extrenally running server (there are some servers publically available) but works like a charm with every kind of NAT, because all the communication goes thru server.

Robert

Re:VoIP over NAT

[undef24]

There's no easy way to communicate between two agents, both behind NAT. Period.

Maybe something like http://chownat.lucidx.com/ could be integrated into other software.

Re:VoIP over NAT

[Gadzinka]

I know about this, used it myself.

Unfortunatelly, there's no way for the clients alone to initiate this transfer. They have to know:

1. Their external IP address
2. Who they want to communicate to
3. The ports on which to communicate

Now, there are some "middleman" servers like STUN that will take care of some of this, but requirement 3 may be impossible to to fulfill.

You see, normally when you send packets through NAT, it rewrites source port and address. In case of Linux, if the port is free on firewall/nat box

Re:VoIP over NAT

[dpoulson]

Freeworlddialup can use IAX too. Register for a free account, then either get a soft client (tho' I've had trouble finding a decent stable one) or get a little box of tricks from http://www.digium.com/ [digium.com] called the IAXy which will convert a POTS phone to a IAX VoIP phone.

Of course, running an asterisk server gives you a lot more options and is definately the geek thing to do!

skype

[alatesystems]

Skype is not centralized. The authentication server is, but the voice traffic is all peer-to-peer.

Skype is nat friendly. All you need to do is forward one port. If you don't, the traffic will still get through by routing through people who are NOT on a nat, encrypted end to end.

I would say that Skype is the most NAT friendly of any of the consumer voice over ip programs, and the voice quality is superior.

Go with Skype; you won't regret it.

Re:skype

[Guspaz]

Another vote for Skype. Your dismissal of it because you think it is "commercial" is illogical. It's the best free serverless NAT-friendly solution out there at the moment.

Use Freeworld Dialup!

[the_maddman]

Freeworld Dialup [pulver.com] will do everything you want.

SIP based VoIP, Asterisk [asterisk.org] compatible if you want to get fancy, uses STUN to traverse nat'ing firewalls. They even sponsor a few SIP clients so it's all free, and you can buy a cheap hardware SIP phone or interface and make the calls from a real phone instead of a PC.

SipPhone

[digitallife]

Get away from the computers and look to sipphone.com - just buy a small device and plug your phone into it. Except for the initial hardware purchase (which is minimal), it costs nothing. If you want to, you can also pay per minute and get to call regular phones, or even get yourself a normal phone number. I've been using it for about a year now and it works great.

SipPhone is the BEST option at the moment

[Linuxathome]

I have to second this advice to SIPphone.com. There are number of benefits to going with SIPphone that the beginner may not realize. But first the cons:

1. There are upfront costs for hardware, unless you just go with the free softphone (X-ten lite). The hardware runs around $50.
2. Quality is not so good if you have shoddy upload rates (but this is general downside to VoIP in the real world and not unique to SIPphone).

But the pros are definitely worth the cost:

1. The ability to call other VoIP users in ot [sipphone.com]

linphone

[noselasd]

linphone [linphone.org] seems to work ok for this. Just forward the correct ports.

VPN

[spiralscratch]

Connect the sites via IPSec VPN tunnels. Most NAT firewall/routers that support IPSec will allow the private IPs used at each site to be addressed directly, without any NAT. You'll be able to use whichever VoIP product suits your needs best without having to worry about NAT compatibility.

As a bonus, all calls and any other data between the sites will be encrypted.

Teamspeak.

[terrox]

Just use teamspeak, gamers have used voice comms for ages and teamspeak is just one of many. http://www.goteamspeak.com/products.php?t=screensh ots [goteamspeak.com]

Why not

[TheCabal]

Unless I'm totally missing something, why not just use port forwarding on your NAT?

FWD

[malachid69]

Personally, I like FWD (Free World Dialup). While it can be used with various SIPS phones (hardware and software), they also put out pulver.Communicator which is like Trillian with VoIP.

Run your VOIP through...

[OneDeeTenTee]

...a Brita filter to make it smoother.

rat (robust audio tool)

[#undefined]

rat [ucl.ac.uk]

you specify the other end's ip address and single udp port. easy to port-forward.

it doesn't encode end-point data in stream, so rat won't get all confused when the other end identifies itself as a non-routable ip address, as with some protocols.

and with multicast, you can do teleconferencing with multiple people.