As reported earlier we now have Jitsi working with Asterisk-11 via
TSL/SRTP through our gateway firewall. In consequence I have spent
the last week or so investigating the security issues relating to
actually deploying that capability. And they are legion.
Consequently, I am investigating the possibility of having the initial
SIP requests tunneled into our internal LAN via SSH using SOCKSV. We
use this extensively for things like http and imap.
I have discovered that, on OSX-10.9 at least, if I set up a SOCKSV
proxy over SSH for my internal http connection then I cannot use
Jitsi. This seems to be because Jitsi is requesting registrations from
the IP of the LAN end of my tunnel. Since is not the IP address of my
external node the call obviously fails.
If I simply take down the tunnel then Jitsi works. I did not
configure Jitsi to do this. Nonetheless it is empirically determined
that this indeed happens. Therefore it seems likely that this is the
Since this is part of what I want to accomplish anyway can someone
explain to me what is happening? Also, in the case of SOCKSV proxy
over an SSH tunnel how does one get Jitsi to register the actual
external node IP address with the SIP proxy?
If we can get this to work then it will greatly simplify our deployment.