vicidial.org

[olovka]

Hi all,

I have set up my vicidialnow installation: Linux vici.vicidialnow.org 2.6.18-164.el5.vnow | Asterisk 1.2.30.2 | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation

I want to enable secure remote agent log in and work from remote winXP machines. I have set up SSH port forwarding via putty and work well for all TCP trafic (like access to vicidial agent login page) but I have a problem with tunneling UDP trafic like SIP. Tunneling of UDP traffic is simple not supported by SSH. I can not make my eyebeam phone to work via putty tunnel.

Can you recommend me a solution for this? Should I set up OpenVPN connection or is there a way to set up agent phones in other way? Or using another soft phone?

[williamconley]

Have you tried IPtables? Very handy.

[olovka]

Have you tried IPtables? Very handy.

Yes. I am just using IPtables to add one off my static IP address and enable SIP for this static IP. But, what to do if agent connect from dynamic IP address?

My vici server (my router) use dyndns to resolve adress.dyndns.org into IP address. I think it is not practical to have remote agent on dyndns.

This server is in testing phase. So, I am open to all suggestion to make it more efficient and easier to use latter in production.

[williamconley]

have you considered trying an actual vpn solution? (on another box, not the vicidial server?)

linux has a whole lot of software available for those willing to "install"

[olovka]

have you considered trying an actual vpn solution? (on another box, not the vicidial server?)

linux has a whole lot of software available for those willing to "install"

Yes. My first choice was OpenVPN at vici server. I did not install OpenVPN yet because IPtables work fine for now. Since I am single user I can add new rules for every new IP address...

For production, I will have to install some kind of VPN. Can you recommend some VPN solutions from you own experience with vicidial? Why on separate box? Compatibility or server load?

[williamconley]

both

compatibility and server load. experimentation with unnecessary software on a vicidial server means that if you have a problem, you have to decide whether that non-standard software is to blame. not necessary if you have a STOCK machine.

server load is always an issue with any software, of course, and the capacity to use a completely separate internet connection without touching the vicidial server is excellent, especially if you later decide to add other solutions (CRM, etc) which do not involve the vicidial system. then you'd stay off the CPU/bandwidth of the vicidial server completely.

also, if your vicidial machine dies you have two issues: was the vpn complicit in the death of the machine? (not a question you have to ask if the vpn wasn't ON the vicidial machine) and now how much fun is it going to be to reinstall vicidial and then the vpn software? (also not an issue if it's on a sep server, since it wouldn't even need to be reinstalled!)

But then creeps in the almighty "Budget" (often this makes the final decision for us, right?)

[olovka]

both
But then creeps in the almighty "Budget" (often this makes the final decision for us, right?)

That is true! So many time repeated situation...
For production, I will go on separate box for VPN. This is my own project so I can make decision on budget.

Can you recommend VPN? My first choice is OpenVPN. I did not work with linux VPN solutions before...

[williamconley]

Most of our clients use it straight from their routers. From what I understand, though, OpenSUSE has a VPN solution in yast. I'm not sure if Webmin has a module for a VPN solution, but I would expect so. If you are familiar with any of the control panel solutions out there (webmin, yast2), go with what you know.

[olovka]

Thank you for sharing your experience, William.

I am familiar with Cisco VPNs, but this time I go only on open source. Linux and OpenVPN are my choice for now. As soon as I purchase and set up separate box I will post my findings on this topic.

In the meantime, anybody who what to share Vici-VPN experience are welcome to post.

[AlSam]

olovka, I currently have an Untangle (untangle(dot)com) setup for OpenVPN access to a VD server. I haven't had any trouble with it.

[idi]

Just was wandering if anyone knows how to config Shoretel VOIP phone/softphone to work trough it.

[williamconley]

shoretel phones are locked. is your phone UNlocked? (that's how they get the big bucks ...)