Re: [asterisk-users] client-server encryption
On Tue, May 04, 2010 at 06:46:59PM +0200, isca...@free.fr wrote: - Create a SSH tunnel from the Windows client to the Asterisk server using putty (redirecting ports used for VoIP) = it doesn't work because either SIP/RTP or IAX2 protocol are based on UDP so that SSH tunneling isn't working Actually ssh clients (at least openssh, not sure about putty) can function as a SOCKS proxy. In openssh, this is the option -D) That said, I suppose an ssh tunnel is not ideal for voip. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] client-server encryption
On Sun, 2010-05-09 at 13:34 +0300, Tzafrir Cohen wrote: On Tue, May 04, 2010 at 06:46:59PM +0200, isca...@free.fr wrote: - Create a SSH tunnel from the Windows client to the Asterisk server using putty (redirecting ports used for VoIP) = it doesn't work because either SIP/RTP or IAX2 protocol are based on UDP so that SSH tunneling isn't working If the ssh-tunnel is up-and-running, you can reach for both udp and tcp-ports. The tunnel itself is using TCP. Actually ssh clients (at least openssh, not sure about putty) can function as a SOCKS proxy. In openssh, this is the option -D) That said, I suppose an ssh tunnel is not ideal for voip. This is mostly because a ssh-tunnel (very nice feature of ssh btw) is doing an protocol within tcp. Somewhere down the list it is explained why tcp (with its retansmissions) is not so good for rtp As long as this security aspect is not finally dealt with (It seems there is some progress for srtp...) you have two options: either use openvpn or ipsec (in udp mode, ofcourse '-) If needed, both are available for windows-clients... hw -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] client-server encryption
Hi, On 05-04-2010 18:46, isca...@free.fr wrote: - Create a VPN using OpenVPN = impossible for me , i'm not admin of the Windows system. this is a bad thing, but the vpn concept might work after all. have you considered a pptp/l2tp/ipsec vpn? AFAIK on the client side, you may succeed without admin privileges and it's only a matter of pppd/pptpd/l2tpd/*swan on the server side. if the local LAN is trusted, you may deploy a vpn capable device with the purpose of establishing a vpn to the server. it's only a routing issue from there. regards adam -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] client-server encryption
Iscario- I'm trying to set up a secure VoIP channel between a Windows softphone client and an Asterisk 1.6... server running with OpenBSD. By secure I mean to prevent any man in the middle to reconstitute any vocal exchange nor sender/addressee/any header data/ of the VoIP call (in first step, I would be glad to secure vocal data ans see later for the header...) I had a look to several way to do that: - Create a VPN using OpenVPN = impossible for me , i'm not admin of the Windows system. - Create a SSH tunnel from the Windows client to the Asterisk server using putty (redirecting ports used for VoIP) = it doesn't work because either SIP/RTP or IAX2 protocol are based on UDP so that SSH tunneling isn't working - Use IAX2 protocol to communicate (because I was told it was able to encrypt data) = it doesn't work because none of the client I had support encryption (many deal with authentication encryption but not stream data)... Do you know a client which could do that ? Now I tried all of this, I do not have other idea... Do you have any ? Each clue is very welcome! Run through Kamailio server + rtpproxy, use SRTP (or other) encryption extension to rtpproxy. -Jeff -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users