asterisk users - Dec 2007 - Replacing Skype with Asterisk Peering Servers - and Security

Hi,

I have successfully configured two OpenBSD ( 4.2 & 4.0 ) Servers to do
IXA2 peering on two remote Sites.
Now asterisk users on Site1 can talk to users on Site2.

I just would like to know the following details.

1)

Currently I have allowed all in coming traffic from "Site1 Public IP
Address" on Site2 Server and vice versa.
Is that really required? Is it possible to narrow down the access to
port 4569 or a fewer no. of ports? What about udp traffic?

2)

Is there a Soft Phone available ( Free or otherwise ) that will allow
users to chat with each other too after calling them just like in
Skype. Also the phone should support call conferencing between
multiple users. Linux support is desirable but not a mandatory
requirement. It will help me run the same phone with Linux Emulation
on my OpenBSD Desktop.

3)

Is it possible to do video conferencing with Asterisk?

4)

This is a very important one.
What are the security ramifications of peering two Asterisk servers on
remote locations and sending the VOIP traffice through the internet
using IAX2 ? Can this traffic be sniffed and the Voice be captured and
heard by any third party?
If so is ther a way to prevent it? Is there a way in asterisk to do
that or should i be using some VPN technique like IPSEC between the
two end points to encrypt VOIP traffic?

Thank you so much :-)

Kind Regards

Siju

Siju George wrote:
> What are the security ramifications of peering two Asterisk servers on
> remote locations and sending the VOIP traffice through the internet
> using IAX2 ? Can this traffic be sniffed and the Voice be captured and
> heard by any third party?
Yes.
> If so is ther a way to prevent it?
IPSec.
> Is there a way in asterisk to do
> that
No.
> or should i be using some VPN technique like IPSEC between the
> two end points to encrypt VOIP traffic?
Yes.

Regards,
  Philipp Kempgen

-- 
amooma GmbH - Bachstr. 126 - 56566 Neuwied - http://www.amooma.de
    Let's use IT to solve problems and not to create new ones.
          Asterisk? -> http://www.das-asterisk-buch.de
             http://www.kempgen.net/asterisk/current/
Gesch?ftsf?hrer: Stefan Wintermeyer
Handelsregister: Neuwied B 14998

Philipp Kempgen wrote:
> Siju George wrote:
>
>   
>> What are the security ramifications of peering two Asterisk servers on
>> remote locations and sending the VOIP traffice through the internet
>> using IAX2 ? Can this traffic be sniffed and the Voice be captured and
>> heard by any third party?
>>     
>
> Yes.
>
>   
>> If so is ther a way to prevent it?
>>     
>
> IPSec.
>
>   
Or the built in encryption in iax2
>> Is there a way in asterisk to do
>> that
>>     
>
> No.
>
>   
Yes :)
>> or should i be using some VPN technique like IPSEC between the
>> two end points to encrypt VOIP traffic?
>>     
>
> Yes.
>
> Regards,
>   Philipp Kempgen
>
>

Siju George wrote:
> Hi,
> 
> I have successfully configured two OpenBSD ( 4.2 & 4.0 ) Servers to do
> IXA2 peering on two remote Sites.
> Now asterisk users on Site1 can talk to users on Site2.
> 
> I just would like to know the following details.
> 
> 1)
> 
> Currently I have allowed all in coming traffic from "Site1 Public IP
> Address" on Site2 Server and vice versa.
> Is that really required? Is it possible to narrow down the access to
> port 4569 or a fewer no. of ports? What about udp traffic?
On my firewall/router that connects my * to our other asterisk, I only 
have set port forwarding up for 4569. Nothing else.

> 2)
> 
> Is there a Soft Phone available ( Free or otherwise ) that will allow
> users to chat with each other too after calling them just like in
> Skype. Also the phone should support call conferencing between
> multiple users. Linux support is desirable but not a mandatory
> requirement. It will help me run the same phone with Linux Emulation
> on my OpenBSD Desktop.
There are several. I'm not sure about conferencing but look at Ekiga, 
Twinkle, and OpenWengo to start with.

On my setup, these talk to the "local" asterisk server using SIP but 
inter-asterisk calls are still pure IAX2.

Alan

-- 
The way out is open!
http://www.theopensourcerer.com