I've looked around briefly for what options are available for encrypting the media stream using asterisk. I did not see any SRTP support, and it looks like there is some initial work on iax2 encryption, but whether it works is still open for question I guess. I'm also curious of other solutions that could be bolted onto the front end of asterisk to provide encryption, and are there providers that have pstn gateways with some type of encryption solution? Chris
>I'm also curious of other solutions that could be bolted onto the >front end of asterisk to provide encryptionFor LAN---internet---LAN you could just use a VPN tunnel. We use Monowall from site to site http://www.m0n0.ch/wall/ with IPSec and my Snom's don't know the difference.
>I'm looking for solutions that work when one end of the call is >connected to the pstn, and the entire media stream needs to be >encrypted.In my scenario, I have Snom's in a remote LAN and they get dialtone to the PSTN thru my Asterisk server here via the VPN. I also use soemthing that you might want to consider something like this: SIP phone ---SIP--->Asterisk server NIC # 1 | | Asterisk server NIC # 2<---IAX---VTUND---INTERNET---VTUND---IAX--->Asterisk server | | PSTN The Asterisk server NIC # 1 is on a non routable subnet so you don't have to worry about snooping for the SIP part, and the IAX data is encrypted by the time it hits the Internet. I have this running in several locations as well, with the remote Asterisk server running the Locustworld meshbox distribution: www.locustworld.com We use a single Meshbox with a second nic added to the Meshbox WiFi bridge using brctl. The single Meshbox acts as firewall, dhcp server, WiFi access point, and Asterisk server all in one. I use Compaq Deskpro En's P-II 400's with 64 meg of RAM and an SMC EliteConnect 2512W PCI card and everything runs nicely. The Meshbox assigns DHCP IP's to the Snoms and an instance of Asterisk is run on the meshbox to provide registration for the Snom. When the Snom dials out, iax.conf on the Meshbox is set to dial into the dialplan on our primary Asterisk server connected to the PSTN. Traffic is encrypted using VTUND. Works good, my salespeople are pleased with it because they can do fancy stuff like call forward, juggle multiple lines, MeetMe, IVR menus, and blind call transfer to the PSTN. Coming from a single POTS line with basic calling features to these remote locations, it's like a different world for them. Although, the encryption part I'm not too worried about, that's just a bonus. It's not as if we have state secrets or anything. If you want to use a bolt on in your own distro from server to server, without using the Meshbox distro, you can just run vtund by itself: http://vtun.sourceforge.net/ hth
Best to start a new thread BTW...rest inline. --On May 13, 2005 4:01:33 PM -0400 Oswaldo Arratia <oarratia@workersequity.net> wrote:> Hi, > A customer has a Avaya PBX and is looking to migrate to Asterisk, they > have a T1 from the telco going into a CSU and then from the CSU to the > Avaya PBX. > > They will buy a Digium T1 card for the Asterisk, can this T1 coming from > the Telco plug directly into the Digium card or do they still need a CSU?All the Digium T1 (single, and quad port) cards are have integrated CSU, most do.
It plugs directly into the back of the Digium card. You will not need that CSU. On 5/13/05, Oswaldo Arratia <oarratia@workersequity.net> wrote:> Hi, > A customer has a Avaya PBX and is looking to migrate to Asterisk, they have > a T1 from the telco going into a CSU and then from the CSU to the Avaya PBX. > > They will buy a Digium T1 card for the Asterisk, can this T1 coming from the > Telco plug directly into the Digium card or do they still need a CSU? > > Thanks for any advice! > > Oswaldo > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
Sure??? I think that most probably he still needs the CSU. LTenorio -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of BJ Weschke Sent: Friday, May 13, 2005 7:26 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] PBX replacement It plugs directly into the back of the Digium card. You will not need that CSU. On 5/13/05, Oswaldo Arratia <oarratia@workersequity.net> wrote:> Hi, > A customer has a Avaya PBX and is looking to migrate to Asterisk, they > have a T1 from the telco going into a CSU and then from the CSU to theAvaya PBX.> > They will buy a Digium T1 card for the Asterisk, can this T1 coming > from the Telco plug directly into the Digium card or do they still need aCSU?> > Thanks for any advice! > > Oswaldo > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >_______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Reasonably Related Threads
- Linking 3 Asterisk box, server in the middle type of thing? (IAX?)
- OT: Recommendation for Dynamic DNS on Meshbox?
- HELP!!!!!!!!
- ztcfg error : TE110p error with " CAS signalling on span 1 conflicts with HDLC with ...
- Avaya/Lucent Definity -> Asterisk interop question