Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsVoIP2talk in EC2
bigal_nz

635 posts

Ultimate Geek
+1 received by user: 32
Inactive user


#147267 14-Jun-2014 07:01
Send private message

So for fun (ok it wasnt really fun) I put my PIAF Asterisk service in Amazons EC2. Very cool.

I followed the guide here:

http://nerdvittles.com/?p=5060

And I had to open up various ports. 

I want to be able to access my EC2 server from home (ADSL) but also from my mobile over 3G.

Is there a better way to secure the service other than:

1. Strong password
2. Failtoban running

Cheers


-Al

Create new topic
chevrolux
4962 posts

Uber Geek
+1 received by user: 2638
Inactive user


  #1065334 14-Jun-2014 08:47
Send private message

Hmm a bit dodgy I suppose. I guess you could just set your security group rule to only allow traffic on 5060 from 2talk (27.111.14.65 & 27.111.14.66).
And then install a VPN server on it and connect to it that way. Probably the most secure. Otherwise you just have to rely on iptables and failtoban.



Dynamic
4015 posts

Uber Geek
+1 received by user: 1852

ID Verified
Trusted
Lifetime subscriber

  #1065419 14-Jun-2014 11:37
Send private message

I would be really interested to hear your experience.  My first guess would be that you may have audio quality issues because of the distance to the PBX (unless your host is in Sydney).

Definitely test your fail2ban setup - perhaps using a softphone from a mobile over 3G and bad authentication details so you don;t lock yourself out accidentally from your terrestrial broadband.

What are your monthly costs going to be with this solution?

Here are the allowed IP's from 2Talk in my PBX.  Some of them may be unnecessary for your purposes.
202.180.76.164/32 Allow [2talk trunk.2talk.co.nz]
202.180.76.182/32 Allow [2talk 2talk.co.nz]
27.111.14.65/32 Allow [2talk sip.2talk.co.nz]
27.111.14.66/32 Allow [2talk peering.2talk.co.nz]




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

chevrolux
4962 posts

Uber Geek
+1 received by user: 2638
Inactive user


  #1065696 14-Jun-2014 19:59
Send private message

Shouldn't need those 202.x.x.x addresses as that is the old platform.

EC2 in Sydney is only around 40ms so I don't think latency should be much of an issue. I would be more concerned with the amount of cpu and ram the micro instances have. Also things like queueing and conference bridge can have varied results in virtual environments.

Just make sure fail2ban only allows a couple of attempts and bans for a looooooong time.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright