Re: [asterisk-users] IAX2 encryption - LAN. no, INET: yes???
Russell Bryant schrieb: > Interesting. Here are a couple more sanity checks you can do. First, > double check to ensure that your entry in iax.conf has encryption=yes > set. Also, when you make the call into Asterisk, set the verbose > setting up a bit. You should see output from chan_iax2 which indicates > what peer you are authenticating as. Make sure that the call is > matching the entry that you think it is. I will do some more testing as you suggested. > Also, is there any encryption option in Zoiper that you have to enable? Not to my knowledge. I will send an issue report to asteriskguru also. >> Would it make sense to introduce a parameter forceencryption=yes per >> peer in iax.conf? In sensitive environments, people want to be certain >> that a call is encrypted. They probably rather want a call to fail than >> have a call that might be unencrypted without knowing it. > > That is a good suggestion. Opened a bug for that (0013285) :). Terve, Stefan -- Last words of a stormchaser: "Where is that rotation on the radar?!" ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX2 encryption - LAN. no, INET: yes???
Stefan Gofferje wrote: > Hm, not sure if I get your point. > > This is the infrastructure (exempt): > > Zoiper --LAN-- Asterisk --INET-- Zoiper > (my) | (friend) >| > Cisco > phone > > When I dial the Cisco phone from my Zoiper, wireshark shows unencrypted > packets. When my friend calls the Cisco phone from her Zoiper, wireshark > shows "unknown" = encrypted(?) packets. We are both using the same > Zoiper release, just she on MAC and I on Windows PC. > > I also now tested to make a call from the Cisco phone to my Zoiper - > also no encryption. Interesting. Here are a couple more sanity checks you can do. First, double check to ensure that your entry in iax.conf has encryption=yes set. Also, when you make the call into Asterisk, set the verbose setting up a bit. You should see output from chan_iax2 which indicates what peer you are authenticating as. Make sure that the call is matching the entry that you think it is. Also, is there any encryption option in Zoiper that you have to enable? > Would it make sense to introduce a parameter forceencryption=yes per > peer in iax.conf? In sensitive environments, people want to be certain > that a call is encrypted. They probably rather want a call to fail than > have a call that might be unencrypted without knowing it. That is a good suggestion. -- Russell Bryant Senior Software Engineer Open Source Team Lead Digium, Inc. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX2 encryption - LAN. no, INET: yes???
Russell Bryant schrieb: > You'd have to provide a packet capture to see exactly what is happening. > It sounds like on the call leg between your client and Asterisk, it > isn't offering encryption as a capability, so it doesn't get used. > However, when your friend calls you, and Asterisk makes a call out to > your client, it offers encryption, and your client accepts it. Hm, not sure if I get your point. This is the infrastructure (exempt): Zoiper --LAN-- Asterisk --INET-- Zoiper (my) | (friend) | Cisco phone When I dial the Cisco phone from my Zoiper, wireshark shows unencrypted packets. When my friend calls the Cisco phone from her Zoiper, wireshark shows "unknown" = encrypted(?) packets. We are both using the same Zoiper release, just she on MAC and I on Windows PC. I also now tested to make a call from the Cisco phone to my Zoiper - also no encryption. Would it make sense to introduce a parameter forceencryption=yes per peer in iax.conf? In sensitive environments, people want to be certain that a call is encrypted. They probably rather want a call to fail than have a call that might be unencrypted without knowing it. Terve, Stefan -- Last words of a stormchaser: "Where is that rotation on the radar?!" ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX2 encryption - LAN. no, INET: yes???
Stefan Gofferje wrote: > I have configured all IAX clients with encryption. I use Zoiper as a > softphone. When I make a call in the LAN from desktop-PC to *, the call > is - according to wireshark not encrypted. Wireshark identifies the > packets as normal G.711 mu-law packets. However, * reports the client as > encrypted: > > k-tanco*CLI> iax2 show peers > Name/UsernameHost Mask Port Status > sgofferj RFC-1918 IP(D) 255.255.255.255 4570 (E) OK > (2 ms) > > Funnily, if my friend calls me from internet - also with Zoiper - > Wireshark cannot identify the packets so I conclude, the call is encrypted. > Does this make any sense? You'd have to provide a packet capture to see exactly what is happening. It sounds like on the call leg between your client and Asterisk, it isn't offering encryption as a capability, so it doesn't get used. However, when your friend calls you, and Asterisk makes a call out to your client, it offers encryption, and your client accepts it. -- Russell Bryant Senior Software Engineer Open Source Team Lead Digium, Inc. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] IAX2 encryption - LAN. no, INET: yes???
Hi, I have configured all IAX clients with encryption. I use Zoiper as a softphone. When I make a call in the LAN from desktop-PC to *, the call is - according to wireshark not encrypted. Wireshark identifies the packets as normal G.711 mu-law packets. However, * reports the client as encrypted: k-tanco*CLI> iax2 show peers Name/UsernameHost Mask Port Status sgofferj RFC-1918 IP(D) 255.255.255.255 4570 (E) OK (2 ms) Funnily, if my friend calls me from internet - also with Zoiper - Wireshark cannot identify the packets so I conclude, the call is encrypted. Does this make any sense? Terve, Stefan -- Last words of a stormchaser: "Where is that rotation on the radar?!" ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
