[Freeswitch-users] Security vs compatibility / NAT etc

[Rick Jarvis]

I’d be interested to hear what different people use to provide some level of security for remote end-users such as homeworkers, and to get round NAT issues.

We currently use OpenVPN, as this is built into the firmware of Yealink handsets (it’s a great feature, I’m not sure why more handset manufacturers don’t do this?!). The pros are that not only is it secure, but it also removes any problems with NAT for the RTP streams.

The downsides are that it is complicated (and downright frustrating sometimes) to set up, and there are additional things to consider such as the server configuration and overheads.

TLS/SSL with SRTP is another option, but my understanding of this is that it can cause NAT problems, with FreeSWITCH trying to initiate control channels back to the phone for inbound calls. In fact, I’ve always had problems with getting phones to work when behind NAT anyway, even without SSL/TLS. STUN can be used to ascertain the IP, but how do you handle situations where multiple handsets are behind NAT - you can’t open all RTP ports to all handsets at once?!!

Would be very interested to hear thoughts and methods on these points.

Thanks
R