Tim, I don't think you'll get all parties (pbx, phone, gateways) to encrypt traffic. There's also two different types of traffic that need to be considered for encrypting also... the signaling and the voice traffic.
At this point in SIP history if this is a "got to have", you might be better off with a proprietary solution that encrypts end to end. One thing you can do to limit impact of not encrypting is to VLan off the traffic and firewall the voice data from the PC data. If you want phones out-and-about across the internet you could look to Snom as their phones can nail up a vpn tunnel to a VPN concentrator. The other thing you really need to do is ask yourself, why do I need to encrypt voice on my local network? How much valuable information is being transmitted via voice through a point at which it might be captured on your local network? In general there is much less valuable information transmitted via voice than via data. My $0.02 anyway... Mike > -----Original Message----- > From: [email protected] [mailto:sipx-users- > [email protected]] On Behalf Of [email protected] > Sent: Tuesday, December 30, 2008 3:55 AM > To: [email protected] > Subject: [sipx-users] Talking about encryption > > Hi, > > we want to enhance our old Siemens Hicom 300 and replace it step by > step. Therefore we decided to try out opensource solutions ourselves. > One requirement is that the solution has to encrypt all data. So try > let´s look at Asterisk was our first thought. Well, there seem to be > unoffical patches for Asterisk 1.4.x with SRTP/SIPS support. So, > unofficial. With 1.6.x the support for it hasn´t been fully integrated, > yet. > > So, what´s next out there? => SIPxecs > Nice GUI!!! Inbuilt HA support, very well. But what about encryption > support? SRTP is end to end encryption as I understand, SIPS is used > for signaling, but is it also end to end? > > > Talking about encryption, it seems there are many different scenarios > to consider: > > Let´s look at our planed setup > > telefon network <--ISDN/S2M--> Patton 4960 <--ISDN/S2M--> Siemens > Hicom 300 > Patton 4960 <--IP--> SIPxecs <--IP--> Snom 320 > > 1. Incoming calls shoud be reached via landline: > > [e.g. telefon network --ISDN/S2M--> Patton 4960 --IP--> SIPxecs --IP--> > Snom 320 users] > > So, what about encryption between the Patton 4960, the SIPxecs and der > Snom 320? Is it possible to encrypt the whole path? Well, how? Is it > supported with SIPxecs? > > > 2. Outcoming calls should go to a SIP provider which supports sip > trunking and DDI, well SIPconnect: > > [e.g. SIP Provider <--SIP trunk-- Patton 4960 <--IP-- SIPxecs <--IP-- > Snom 320 users] > > Same question here: > [What about encryption between the Patton 4960, the SIPxecs and der > Snom 320? Is it possible to encrypt the whole path? Well, how? Is it > supported with SIPxecs?] > > > 2.1 Outcoming calls should be forwarded locally, if the SIP trunk > between the SIP provider and the SIPxecs server fails > > [e.g. telefon network <-- ISDN/S2M-- Patton 4960 <--IP-- SIPxecs <--IP- > - Snom 320 users] > > Same question here: > What about encryption between the Patton 4960, the SIPxecs and der Snom > 320? Is it possible to encrypt the whole IP path? Well, how? Is it > supported with SIPxecs? > > > 3. The next thing is the encryption of voice and signaling data in > general. Does the SIPxecs solution support this? I think it´s an end to > end encryption between the users? As SIPXecs seems to play a proxy > part, I guess yes? > > e.g. SIPxecs <--IP--> Snom 320 users <--SRTP/SIPS --> Snom 320 users > > > > 4. Another problem is the encryption of the voice and signaling data > between our LAN and the SIP provider. Is it possible to encrypt all > data between those with the SIPxecs solution? Do I need something > additionally? > > [e.g SIP Provider <--encrypted SIP trunk ??? --> SIPxecs] > > > > It would be great if you could help me. > > thanks in advance > Tim > -- > Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit > allen: http://www.gmx.net/de/go/multimessenger > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
