I think that you're on the right track.  For Asterisk, I'd do this
utilizing IAX, as it's -much- easier to classify the traffic.  IAX
uses a single nailed up session on the same port, every time (unless a
custom port is used).  This is opposed to SIP, which uses an expected
port for call establishment, but the actual call happens on a random
UDP port that is exchanged across the control channel.

As for IPSEC, yes, do it.  You don't need to do anything special to
accomodate SIP or IAX with IPSEC - it's just regular TCP and UDP
traffic in IPSEC's eyes.




On 12/18/06, Aaron <lists at mycommunitynet dot net> wrote:
> Hello all.
>
> I have used m0n0wall in basic setupsfor a few years. Currently I am
> trying to help a non-profit with their move into an office. VoIP is
> an important thing. They will have static IP's at both locations and
> my hope is that I can have an asterisk server at both locations and
> send calls between the "offices".
>
> At their home office, I setup m0n0 and it's been working fine for a
> year or two. I'd like to setup the same in their new office and have
> an IPsec VPN between the 2 networks so that they could continue to
> use network services at both locations - this includes VoIP. I'm not
> sure how stable and how well this would work for this. I'd assume it
> would work great, but real experiences would be appreciated. I've not
> ever setup an ipsec vpn yet.
>
> So, if someone would be willing to tell me if I am on the right
> track, Id love to know.
>
> Thanks!
> Aaron
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>