<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">I've heard too many horror stories
about certain open source SIP servers being compromised and bills
into the 10's of thousands for having relaxed security. Ideally we
want to keep these boxes locked down as much as possible.<br>
<br>
We did look to GeoBlock the rest of the world and only accept
known prefixes from the ISP's that were being used by the CGNAT
boxes, but the audio never makes it back to the DSL tail in the
remote location so a tunnel was the only option.<br>
<br>
I'm thinking PLDT will be the only choice we will accept from now
on. That seems to be a general consensus.<br>
<br>
PLDT has a fibre option as well we could insist on, but it narrows
the scope of workers.<br>
<br>
<br>
<br>
On 13/11/2015 10:32 am, Matt Richards wrote:<br>
</div>
<blockquote cite="mid:56452183.1080101@shakesbeare.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div class="moz-cite-prefix"><br>
<br>
We too have staff in Manila. The phones in our Manila office
(Eastern Telecom) and also staff homes (PLDT) talk just fine to
our Sydney PBX.<br>
<br>
Our SIP server is open to the world, but there's nothing wrong
with that as long as you have appropriate security in place
(strong passwords, fail2ban, etc).<br>
<br>
Matt.<br>
<br>
On 13/11/2015 12:12 p.m., Nick Stallman wrote:<br>
</div>
<blockquote cite="mid:56451CDD.5090100@agentpoint.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
We have two staff in the Philippines
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
to extend our phone support hours.<br>
<br>
We haven't really had any issues except them using the same
residential connection at the same time.<br>
We solved that one by one of them using SIP and the other using
IAX. IAX might solve some of your issues if you can use it.<br>
<br>
Our VoIP server is internet accessible however so we don't have
dynamic IP / VPN issues.<br>
<br>
<div class="moz-cite-prefix">On 13/11/15 09:59, Luke Iggleden
wrote:<br>
</div>
<blockquote cite="mid:564519EF.80309@iggleden.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
Hi Noggers,<br>
<br>
We've recently been tasked with assisting getting SIP running
from Australia to the
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
Philippines for remote staff workers on DSL tails. SIP server
is in Sydney, behind Vocus transit.<br>
<br>
It appears that CGNAT is a hurdle, plus 350-450ms of latency,
and the inability to obtain a static IP on a 'residential'
grade tail.<br>
<br>
We're now using Fortigate SSL VPN tunnel as a solution, and
just routing the SIP server down the split tunnel, but not
sure if this really makes the situation worse or not, and I'm
looking to hear other ideas and battle stories!<br>
<br>
What are people using out there to deliver a reliable service
that sounds good? -plus:<br>
<br>
- Get around CGNat RTP Audio/SIP transport issues<br>
- Ensure SIP server is not open to the world due to dynamic
IP's connecting<br>
- Keep the bandwidth requirements to a minimum - Assume low
speed DSL (2M/512k)<br>
<br>
Direct carrier links are not a possibility unfortunately as
the staff all work from home offices.<br>
<br>
<br>
<br>
Cheers,<br>
<br>
Luke<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
Nick Stallman<br>
Technical Director<br>
Agentpoint Pty Ltd <br>
The Real Estate Web Developers<br>
Melbourne | Sydney | Miami<br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:nick@agentpoint.com">nick@agentpoint.com</a><br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.agentpoint.com.au">www.agentpoint.com.au</a>
| <a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.zooproperty.com">www.zooproperty.com</a> |
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.ginga.com.au">www.ginga.com.au</a> | <a
moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.business2.com.au"><a class="moz-txt-link-abbreviated" href="http://www.business2.com.au">www.business2.com.au</a></a><br>
<br>
Business2.com.au is a real estate agent information website
that helps you understand Portals, Technology and comes with
FREE tools to help your Agency become an online success!</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
</body>
</html>