Michael,
I use TLS and SRTP. Following instructions I found at
http://www.voip-info.org/wiki/view/SIP+TLS I was quickly able to create the
necessary certificate on Astlinux and enable TLS in sip.conf. Then it was
a simple case of setting transport=tls and encryption=yes in the settings
for one of my extensions to turn on both TLS and SRTP.
Lonnie and I exchanged emails on this subject a few weeks ago because the
process of creating the certificates is very similar to that for IPSec and
I suggested that the WebInterface could be updated to support it.
For client, I am using a SIP Softphone from Acrobits...
http://www.acrobits.cz/27/acrobits-mobile-voip-solutions
I have found it to be the best of all the softphones that I have tried...
and it supports TLS/SRTP. It also supports various ways of going into the
background, including use of Push Notifications to iOS devices which
eliminates battery drain. However use of TLS/SRTP is not compatible with
some background methods (incl. push). Definitely worth your while trying
this app. Their tech support is also very responsive.
As for VPN, it is not a reliable solution and it is a battery drain. My
employer, a large IT company, piloted various remote access methods for iOS
devices and abandoned VPN for a number of reasons... we now enable
security/authentication application by application.
If you don't need to accept direct inbound SIP calls on 5060, then
certainly change that to a custom, random, high port number. Its just
safer.
David
On Thu, Nov 1, 2012 at 2:38 AM, Michael Knill <
[email protected]> wrote:
> Hi group
>
> I am just wondering what people are using for remote extension
> registration onto the Astlinux box? Currently using an iPhone with the Bria
> client by Counterpath.
> I am targeting this feature in my marketing which is being driven by an
> every increasing mobile workforce.
>
> Here are some of the options I have considered:
>
> 1) I can open up port 5060 to everything - Or I could just say hack me
> 2) I have a customer that we have created named sip devices and custom
> firewall rules to prevent scanning on 5060. Pretty good but I still dont
> like it.
> 3) Use a VPN on the phone and connect via the tunnel. Unfortunately the
> iPhone seems to drop VPN connections when going to standby. It cant see why
> it needs to do this. It could at least reestablish when you come back!
> 4) Use SIP/TLS and also SRTP if you want to encrypt RTP. I think this is
> the best option so far. If you dont care about voice encryption then you
> only need TLS.
> 5) This looks interesting. Not sure if it can be used in Astlinux:
> http://www.venturevoip.com/How-to-asterisk.1.8_SRTPTLS_snom300_pgsm.pdf
>
> Does anyone do anything else?
>
> Another problem is the battery drain of a client in the background all the
> time. Not sure if there are any options here as well.
>
> Looking forward to hearing from you.
>
> Regards
> Michael Knill
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> Astlinux-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> [email protected].
>
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
