This is OpenSource world, right?
Sip trough firewalls and at web cafees … dont know for sure how it works but, normally it works (but not allways.).
I have tested with my asterisk server behind a nat router and also the client on a web cafe, also behind a nat router, that means nat routers in both ends and forwarding only at the server end.
I used a xten client on a laptop and also as installed on the web cafees ordinary pc’s. As long as the web cafe does not block the outgoing ports for the udp packets it normally will work.
(How I believe it works … the xten client is sending regularly keep alive requests to the server, so that the firewall/nat router at the client end consider it to be a lan to wan trafic all the time.)
One thing I also have experienced is that sip telephony is a bit sensitive about loss of packets. Testing this using a wireless connection on my laptop I could experinece that ordinary web surfing using tcp worked all the time in all possitions of the building, while sip telephony only worked in a part of the building, that part that had the best transmission signal.
I have also tested with iax clients, mostly idefisk. This gives a more reliable nat traversal than the xten sip client, and it is less dependent on the qualitu of the signal. It allmost allways works as long as the outgouing firewall does not block for the outgoing udp packets of the iax protocoll. On the other hand I think the xten has a bether sound quality than the xten (when it works).
As a experiment for traversing any firewall I tried to set up the asterisk server with a openvpn server, then to tunnel the sip or the iax packets trough a tcp port 443 vpn tunnel.
This also worked, also at places like public liberaries and places like that only allowing trafic out at tcp 443 and port 80. Experimented with tunneling trough port 80 as well. This also worked.
Problem: When you are tynneling the iax or the sip udp packets trough a tcp based vpn channel you very easily get som distortion of the sound quality. Dont know why, but my theory is that there might be some scheduling problem while passing the udp packets in and out of the tcp tunnlel.
By the way, I do not use the openvpn solution any more. (It is not that difficult to find a web cafe that do not block outgoing udp trafic.)
I then also use a call back solution, I only call a number to my asterisk box and I got called back. I also have a web based solution, I click on a web link, and then I got the dial tone anywehere.