« iLBC vs g729 — The quick guide to using compressed codecs in Elastix
SSH Tunnelling Part 2 »

SSH Tunnelling

Introduction

Sometimes the best tools we can use are the simple ones. I have been an asterisk tech for over 4 years now and this is one of the tools I couldn’t have been able to live without. On most IP networks customers are splitting their voice and data networks. The phones are on a completely different network to the computers and the Elastix box will be the only device which connects to both networks. SSH tunnelling allows you to connect to the phones when you are on the data network. Another situation where tunnelling is great is when you have remote access to your Elastix machine but you only have access to port 22. SSH tunnelling allows you to connect to the Elastix machine then tunnel to any device on the Elastix network. SSH tunnelling is done through putty. Putty is a program that allows you to load the linux shell through your windows machine. You can grab putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/.

Configuration

In this example I will connect to an Elastix box then I will tunnel to an IP phone on the network. Open putty and put in the ip address of the Elastix machine you want to connect to.

1

Now we need to add in our tunnel locations

2

First add in your source port. This will be the port that you use on your local machine to connect to the remote device. I am connecting to a linksys 942 which uses http. Http uses port 80. Next we will add in our destination. The ip of the phone is 192.168.1.101 and it is http so go to port 80. Once this is in add the tunnel to your list.

3

Once you have added it should show the tunnel in the list and now hit open to connect to the box. Plug in your credentials to authenticate yourself to the machine.

4

Now we are ready to open up the web interface on the linksys phone. Open up internet explorer and plug in the address http://localhost:80. This means connecting to your tunnel on local source port 80. This will push through to destination of 192.168.1.101:80.

5

Above you will see the interface for the Linksys 941 which I have SSH tunnelled through to. Here is an example where you have SSHed into your Elastix machine and you want to tunnel through to 10 of the phones on the network.

Example

Phones sit on ip addresses 192.168.1.101-110. They are all configurable by http which is port 80. The Elastix machine is on 110.110.110.110. Bring up putty and plug in the server address of 110.110.110.110. Then go to the tunnels section and add the following entries

Source 81 Destination 192.168.1.101:80         -    You can connect to this through internet explorer on http://localhost:81

Source 82 Destination 192.168.1.102:80         -    You can connect to this through internet explorer on http://localhost:82

Source 83 Destination 192.168.1.103:80         -    You can connect to this through internet explorer on http://localhost:83

Source 84 Destination 192.168.1.104:80         -    You can connect to this through internet explorer on http://localhost:84

Source 85 Destination 192.168.1.105:80         -    You can connect to this through internet explorer on http://localhost:85

Source 86 Destination 192.168.1.106:80         -    You can connect to this through internet explorer on http://localhost:86

Source 87 Destination 192.168.1.107:80         -    You can connect to this through internet explorer on http://localhost:87

Source 88 Destination 192.168.1.108:80         -    You can connect to this through internet explorer on http://localhost:88

Source 89 Destination 192.168.1.109:80         -    You can connect to this through internet explorer on http://localhost:89

Source 90 Destination 192.168.1.110:80         -    You can connect to this through internet explorer on http://localhost:90

Conclusion

SSH tunnelling is a great way to easily access your phones from outside the network. You only need one port forwarded on your router to get access to everything you need. Another way to access everything you need is through VPN. In my next article I will show you a very simple way of turning your Elastix box into a PPTP VPN server.

  • Share/Bookmark

Tags: , ,

This entry was posted on Friday, November 20th, 2009 at 5:07 am and is filed under Elastix. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “SSH Tunnelling”

  1. Josiah Spackman Says:
    November 20th, 2009 at 12:30 pm

    Great post! What’s also useful is if you run: asterisk -r
    Then when in the asterisk console type: sip show peers
    It shows you the IP Address of each phone. If they’re on DHCP etc it can be a lifesaver.

  2. Mfawa Alfred Onen Says:
    November 20th, 2009 at 3:33 pm

    You are right Josiah…Very handy neat display. Great Tutorial and keep up the good work.

  3. Mark Brooker Says:
    November 20th, 2009 at 4:52 pm

    Thanks Josiah. I have added a second part and put in the sip show peers command.

  4. Johnny Says:
    November 23rd, 2009 at 7:55 am

    With putty you can forwarding in dynamic mode all interface in the lan without insert an ip address in putty.

    Regads

  5. Rafael Bonifaz Says:
    December 2nd, 2009 at 3:52 pm

    For those of us who don’t use Windows and use GNU/Linux. You can run the following command in a linux shell:

    ssh -L 8080:192.168.1.101:80 user@192.168.1.11

    Open your favorite web browser to:
    http://localhost:8080

    192.168.1.11 is your Elastix ip, user is the user you are using to enter that ip (could be root). 8080 is the localport we are going to use. I use that port because is higher than 1024 so I won’t need root priviligies.

    Thanks a lot for this tutorial Mark

Leave a Reply