Evergreen
HomePrev Chapter 26. Patron privacy and the SIP protocol Next

SSH tunnels on SIP clients

SSH tunnels are a good fit for use cases like self-check machines, because it is relatively easy to automatically open the connection. Using a VPN is another option, but many VPN clients require manual steps to open the VPN connection.

  1. If the SIP client will be on a Windows machine, install cygwin on the SIP client.
  2. On the SIP client, use ssh-keygen to generate an SSH key.
  3. Add the public key to /home/my_sip_user/.ssh/authorized_keys on your SIP server to enable logins without using the UNIX password.

  4. Configure an SSH tunnel to open before every connection. You can do this in several ways:

    1. If the SIP client software allows you to run an arbitrary command before each SIP connection, use something like this: 

      ssh -f -L 6001:localhost:6001 my_sip_user@my_sip_server.com sleep 10

    2. If you feel confident that the connection won’t get interrupted, you can have something like this run at startup: 

      ssh -f -N -L 6001:localhost:6001 my_sip_user@my_sip_server.com
    3. If you want to constantly poll to make sure that the connection is still running, you can do something like this as a cron job or scheduled task on the SIP client machine: 
#!/bin/bash
instances=`/bin/ps -ef | /bin/grep ssh | /bin/grep -v grep | /bin/wc -l`
if [ $instances -eq 0 ]; then
  echo "Restarting ssh tunnel"
  /usr/bin/ssh -L 6001:localhost:6001 my_sip_user@my_sip_server.com -f -N
fi
Prev Up Next
Chapter 26. Patron privacy and the SIP protocol Home Appendix A. Attributions