Gah. Meant to say "behind a router"...
Philip Prindeville wrote: > Encryption shouldn't add more than 2ms. I have it on my Sipura SPA-94x > phones. > > Or, if your phones are being a router, the router can do the encryption > for you. > > Encryption is a bounded delay, and it's very constant, so jitter (which > is as important as delay, and the delay is negligible in this case) > isn't a problem. > > I suspect that in your ADSL scenario, the real culprit was lack of QoS, > not encryption latency. > > -Philip > > > Martin Rogers wrote: > >> Darrick, >> >> interesting point about the VPN. I have to have three classes of port >> opened up for my AstLinux to work on the internet. A VPN solution would >> certainly simplify things in this respect. >> >> However, in reality, how ubiquitous is VPN support on VOIP phones. I use >> three types of phone (two PolyCom models and a Snom model) and none of >> them seem to offer any VPN client support. >> >> The other point is that steam encryption is going to slow down >> transmission of the media stream (to some extent anyway). I have >> experienced some bad degradation running a couple of phones with >> Asterisk through a PIX hardware VPN over a residential ADSL line. >> Stuttery MOH is not nice. >> >> How practical is the VPN suggestion, does anyone actually use this. >> What steps are others taking to secure AstLinux/Asterisk on public >> networks. It would be useful if we could get a list of ideas together. >> >> My very short and inadequate list so far is as follows: >> >> -Limit the number of ports available >> -Use UnionFS and change the root password >> -Use hashed secrets >> -Disable allowguest if using SIP >> >> >> Thoughts anyone? >> Thanks, >> Mart >> >> >> >> Darrick Hartman wrote: >> >> >>> David, >>> >>> You could use openvpn to secure the connection. MAC address >>> restrictions are pretty weak and easy to spoof. >>> >>> Darrick >>> >>> David Kerr wrote: >>> >>> >>>> I would like to permit a softphone on my laptop to connect to my >>>> astlinux box from anywhere in the world. This would mean keeping port >>>> 5060 open, which is a potential security risk? Is there a way to >>>> restrict access by mac address? so that my softphone on *my* laptop can >>>> connect, but no one else's can (even if they know the extension/password. >>>> >>>> Thanks. >>>> David >>>> >>>> On Mon, Nov 10, 2008 at 2:40 PM, Daniel Aeberli <[EMAIL PROTECTED]> >>>> wrote: >>>> >>>> Hi Darrick, >>>> >>>> You right, I had miss-configured my Firewall: I open the voip ports >>>> when >>>> I initially was try to my Asterisk trunk working. As I now know, the >>>> trunk goes through a tunnel so I closed them just after my last post >>>> and >>>> everything still works (no duh). >>>> >>>> I still need to dig into my config (Firewall and Asterisk), I'm sure I >>>> have other doors wide open why I tried to get things working. >>>> >>>> Many thanks for the reply though. >>>> >>>> Daniel >>>> >>>> >>>> >>>> Darrick Hartman a écrit : >>>> > Daniel, >>>> > >>>> > Not necessarily. It sounds like you have the firewall >>>> misconfigured. >>>> > What ports are you opening? You should really only have your ssh >>>> port >>>> > and vpn port open. All others should be closed. How are these >>>> people >>>> > getting in? >>>> > >>>> > Darrick >>>> > >>>> > Daniel Aeberli wrote: >>>> > >>>> >> Sorry, just realised this is more an Astersik general question >>>> than a >>>> >> ASTLinux one ... of to search other forums... >>>> >> >>>> >> Daniel Aeberli a écrit : >>>> >> >>>> >>> Well after the brute force attack ssh login attempts, last >>>> month, I have >>>> >>> an undesirable outsider that successfully made calls from my >>>> ASTlinux >>>> >>> box. I locked out the brute force, by disabling WAN requests, >>>> turning of >>>> >>> WAN ping response and turning off ssh access, but obviously my >>>> box is >>>> >>> not secure. >>>> >>> >>>> >>> I'm not savvy enough to know how to secure by AstLinux box from >>>> outside >>>> >>> callers (hackers). I only use AstLinux to call my parents >>>> AstLinux box >>>> >>> via a VPN trunk over our ADSL lines. All my local calls go via >>>> ISDN line >>>> >>> (since I have to have it for the ADSL link and local call are >>>> free). >>>> >>> >>>> >>> Could someone tell me how to lock outside calls (internet / >>>> ADSL) from >>>> >>> using my ISDN lines? >>>> >>> >>>> >>> Thanks >>>> >>> >>>> >>> Daniel >>>> >>> >>>> ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
