Asterisk DEV. Mailing List
2004-Mar-24 02:10 UTC
[Asterisk-Users] RE: Plugging Asterisk Security Holes....
Asterisk works fine across cipe tunnels, quite happily got IAX links running to my home from work over a cipe link. You probably won't get ssh port forwarding running because IAX uses udp and I think ssh only forwards tcp by default.>Date: Tue, 23 Mar 2004 19:53:46 -0600 (CST) >From: <thisemailaddressisbogus@risehigh.com> >To: <asterisk-users@lists.digium.com> >Subject: [Asterisk-Users] Plugging Asterisk Security Holes.... >Reply-To: asterisk-users@lists.digium.com>Hello,>I am interested in knowing if someone has done any work on>IPSec >VPN >SSH port forwarding>for Asterisk boxes. If so, it will be nice if we can all share our >experiences here. I am perticularly interested in finding out which >solution is the best for securing voice channels over the internet. >Assuming we use IAX protocol, does it make any difference?>Another topic of interest is securing the box itself. Does a firewall >(hardware outside of the box or a linux based firewall) suffice theneed?>Let's discuss some of the security issues around asterisk here.>Thanks a lot for your feedbacks and comments.>James
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 24 March 2004 04:10 am, Asterisk DEV. Mailing List wrote:> Asterisk works fine across cipe tunnels, quite happily got IAX links > running to my home from work over a cipe link. > > You probably won't get ssh port forwarding running because IAX uses udp > and I think ssh only forwards tcp by default.Yes, SSH only does TCP port forwarding, not UDP port forwarding, so some things (like DNS) won't work directly over port forwarding, but you can also do things like running PPP over SSH to create a VPN. This would be UDP over IP over PPP over SSH over TCP over IP. I have IPsec VPNs running between a few OpenBSD border firewalls, but I've not yet tried to run IAX over it. Overhead is 28 bytes on 1400. So I drop the MTU to 1400 to keep under 1500.> >Date: Tue, 23 Mar 2004 19:53:46 -0600 (CST) > >From: <thisemailaddressisbogus@risehigh.com> > >To: <asterisk-users@lists.digium.com> > >Subject: [Asterisk-Users] Plugging Asterisk Security Holes.... > >Reply-To: asterisk-users@lists.digium.com > > > >Hello, > > > >I am interested in knowing if someone has done any work on > > > >IPSec > >VPN > >SSH port forwarding > > > >for Asterisk boxes. If so, it will be nice if we can all share our > >experiences here. I am perticularly interested in finding out which > >solution is the best for securing voice channels over the internet. > >Assuming we use IAX protocol, does it make any difference? > > > >Another topic of interest is securing the box itself. Does a firewall > >(hardware outside of the box or a linux based firewall) suffice the > > need? > > >Let's discuss some of the security issues around asterisk here. > > > >Thanks a lot for your feedbacks and comments. > > > >James > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users- -- Steve "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAYfO/ljK16xgETzkRAiStAKCcofJ/0oj/IcqD8vtAr/iGGVBpqACeNsdR 5vBsagqq9XsdtTpXx60aLXA=JyJu -----END PGP SIGNATURE-----