Michael,
I also use the Bria client (for Android). Up until a couple months ago,
I was running Asterisk 1.4, so I wasn't able to use TCP/TLS or SRTP.
Since I ran into many issues with my phone being NAT'd remotely (either
over WiFi or 3G/4G), I ran an OpenVPN client on the device which worked
well. However, I never actually left the client/vpn up and running all
the time. I only used them when I needed to make a call over SIP.
Primarily due to the fact that it was a huge battery drain. When I went
on a cruise last year, I was able to make calls using this setup over 3G
in various Caribbean countries successfully.
However, since switching to Asterisk 1.8, I've enabled TLS/SRTP and have
used that on the Bria client. TCP worked for me too, but I figured I
might as well use TLS for added security. And as you mentioned, SRTP
isn't required, but again I thought it would be nice to play with and
use. I've only used this occasionally, but so far have not run into any
issues with it.
Both scenarios above were done on an Android phone (and tablet), so I
can't speak for iPhone functionality. My wife has an iPad, and I was
able to get Acrobits working using the TLS/SRTP method as well, but I
believe that IOS is a lot more finicky when it comes to leaving things
running in the background.
Regarding your first comment, I leave 5060 open on my box. Obviously if
you don't need to receive remote connections there is no reason to have
it open, but I do use this occasionally. While it is a security risk,
I've taken precautions to limit this and mitigate any possible issues.
And so far, knock on wood, have not run into any problems. About once a
day I see an attempted scan to make a phone call through my box, but my
system automatically blacklists the IP. While a concerted attack might
be able to exploit some Asterisk vulnerability, I've found that 99.999%
of attacks are simply automated drive-bys looking to find unsecured
PBXs. There are enough of those sitting around on the Internet to keep
the scammers happy.
-James
On 11/01/2012 02:38 AM, Michael Knill wrote:
Hi group
I am just wondering what people are using for remote extension
registration onto the Astlinux box? Currently using an iPhone with the
Bria client by Counterpath.
I am targeting this feature in my marketing which is being driven by
an every increasing mobile workforce.
Here are some of the options I have considered:
1) I can open up port 5060 to everything - Or I could just say hack me
2) I have a customer that we have created named sip devices and custom
firewall rules to prevent scanning on 5060. Pretty good but I still
dont like it.
3) Use a VPN on the phone and connect via the tunnel. Unfortunately
the iPhone seems to drop VPN connections when going to standby. It
cant see why it needs to do this. It could at least reestablish when
you come back!
4) Use SIP/TLS and also SRTP if you want to encrypt RTP. I think this
is the best option so far. If you dont care about voice encryption
then you only need TLS.
5) This looks interesting. Not sure if it can be used in Astlinux:
http://www.venturevoip.com/How-to-asterisk.1.8_SRTPTLS_snom300_pgsm.pdf
Does anyone do anything else?
Another problem is the battery drain of a client in the background all
the time. Not sure if there are any options here as well.
Looking forward to hearing from you.
Regards
Michael Knill
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
[email protected].
