[App_rpt-users] app_rpt Proxy (was VPN to forward ports)

Bryan Fields Bryan at bryanfields.net
Wed Apr 8 18:13:57 UTC 2020 

Reading this what you really want is a app_rpt (IAX) proxy.  This is a server
publicly on the net with a static IP and no filtering on the IAX port.  This
server will forward all your IAX traffic to and from other nodes.  When a node
goes to connect to your node, it will connect to the proxy and the proxy will
forward the connection to you.

https://wiki.allstarlink.org/wiki/Proxy

Now say you don't have time to mess with setting up a proxy server?  Well
AllStarLink provides this service to you!  Remember the old reg server seal?
It's still going and provides the phone portal and this proxy service.

So few caveats:

If the proxy is down, you're dead too.
There is no fail over for this.
Your node will still register to the proxy and make it to the DB
stats posts from your node must come from the same IP as the IAX connection to
the proxy server.  If there's some kinda transparent proxy on your end, stats
posts will not work.
If you decide to stop proxying, you need to remove the config from the portal.
 Having a Proxy IP set in the portal will override any IAX based registration.

First, setup your registration statement in iax.conf to:
register=nodenumber:password at 67.215.233.178

* Add the following in iax.conf

[radio-proxy]
type=user
deny=0.0.0.0/0.0.0.0
permit=67.215.233.178/255.255.255.255
context=radio-secure-proxy
disallow=all
allow=g726aal2
transfer=no

[radio-proxy-out]
type=peer
host=67.215.233.178
username=nodenumber
secret=password
auth=md5
disallow=all
allow=g726aal2
transfer=no

* In rpt.conf add some mapping of the nodes to add a "0" to the node numbers
[nodes]
<stuff that's there, add this below it>
_20XX = radio-proxy-out/0%s
_20XXX = radio-proxy-out/0%s
_21XX = radio-proxy-out/0%s
_21XXX = radio-proxy-out/0%s
_22XX = radio-proxy-out/0%s
_22XXX = radio-proxy-out/0%s
_23XX = radio-proxy-out/0%s
_23XXX = radio-proxy-out/0%s
_24XX = radio-proxy-out/0%s
_24XXX = radio-proxy-out/0%s
_25XX = radio-proxy-out/0%s
_25XXX = radio-proxy-out/0%s
_26XX = radio-proxy-out/0%s
_26XXX = radio-proxy-out/0%s
_27XXX = radio-proxy-out/0%s
_27XXXX = radio-proxy-out/0%s
_28XXX = radio-proxy-out/0%s
_28XXXX = radio-proxy-out/0%s
_29XXX = radio-proxy-out/0%s
_29XXXX = radio-proxy-out/0%s
_4XXXX = radio-proxy-out/0%s
_4XXXXX = radio-proxy-out/0%s
_5XXXX = radio-proxy-out/0%s
_5XXXXX = radio-proxy-out/0%s
; note the . wildcard doesn't work here in rpt.conf
;_2. = radio-proxy-out/0%s  don't work like extensions

* Add this in extensions.conf
[radio-secure-proxy]
exten => _0X.,1,Goto(allstar-sys|${EXTEN:1}|1)
exten => <Node Number>,1,rpt,<Node Number>|X   ; for each node on the system

completely restart asterisk and give systems a few to update IP's.  You can
now make a connection to another node which will proxy via seal.

ProxiedClientRpt*CLI> rpt fun 50000 *32050
    -- Call accepted by 67.215.233.178 (format gsm)
    -- Format for call is gsm


On the connected node:
> -- Accepting UNAUTHENTICATED call from 67.215.233.178:
>        > requested format = slin,
>        > requested prefs = (),
>        > actual format = ulaw,
>        > host prefs = (ulaw|adpcm|gsm),
>        > priority = mine
>     -- Executing [2050 at radio-secure:1] Rpt("IAX2/67.215.233.178:4569-4197", "2050") in new stack
>   == Spawn extension (radio-secure, 2050, 1) exited KEEPALIVE on 'IAX2/67.215.233.178:4569-4197'

You can see the connections going via seal at 67.215.233.178.

Now check your node on stats and see that the stats are updating from it.

73's
-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

More information about the App_rpt-users mailing list