Patrick Campbell
2004-Dec-28 17:45 UTC
[Asterisk-Users] How to connect two Asterisks as secure as po ssiblewithout too much additional bandwidth ?
SSH tunnel is the way to go. Here is a little tid bit about setting up SSH keys, a simple keep alive script, and creating the SSH tunnel I use to tunnel my SMTP traffic to a reliable SMTP server since my ISP blocks all traffic incoming/outgoing on port 25. http://xj.cdevco.net/comp/smtptunnel/ You could use the same exact thing with an SSH tunnel. In fact, we've done VoIP over SSH using a Linux NAT box. The SIP adapter connects locally to a box which SSHes to the SIP server where the unencrypted connection is made locally. So from the EU to the server is all encrypted. -- Patrick Campbell OurVacationStore.com Website Administrator Tel. 602.896.4729 -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Rustin Bergren Sent: Tuesday, December 28, 2004 4:54 PM To: 'Asterisk Users Mailing List - Non-Commercial Discussion' Subject: RE: [Asterisk-Users] How to connect two Asterisks as secure as possiblewithout too much additional bandwidth ? Couldn't you just tunnel the involved ports over SSH? As far as bandwidth is concerned you could enable compression and may even end up with a smaller data stream. You could generate both keys before hand and very simply do this on a *nix box. This would probably require both peers to have an adequate speed cpu, enough to avoid any delay added by the encrypting subsequently causing jitter. Is this flawed because RTP streams are on unpredictable ports? I think only signaling (SIP/IAX) uses 5060 and RTP streams take place on random ports. Rustin Bergren -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Robert Rozman Sent: Saturday, December 25, 2004 9:07 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [Asterisk-Users] How to connect two Asterisks as secure as possiblewithout too much additional bandwidth ? Hi, I plan to connect to remote Asterisk that will terminate calls to ISDN primary channel. I'd certainly like to secure this type of service, so would kindly ask for any advice on how to secure this authentication as much as reasonably possible. Since there is long IP route I guess VPN will take too much additional bandwidth... Regards, Robert. _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users