Hi,
I'm trying to set up a "secure" VoIP channel between a Windows
softphone client
and an Asterisk 1.6... server running with OpenBSD. By "secure" I
mean to
prevent any man in the middle to reconstitute any vocal exchange nor
sender/addressee/any header data/ of the VoIP call (in first step, I would be
glad to secure vocal data ans see later for the header...)
I had a look to several way to do that:
- Create a VPN using OpenVPN
=> impossible for me , i'm not admin of the Windows system.
- Create a SSH tunnel from the Windows client to the Asterisk server using putty
(redirecting ports used for VoIP)
=> it doesn't work because either SIP/RTP or IAX2 protocol are based
on UDP
so that SSH tunneling isn't working....
- Use IAX2 protocol to communicate (because I was told it was able to encrypt
data)
=> it doesn't work because none of the client I had support
encryption (many
deal with authentication encryption but not stream data)... Do you know a client
which could do that ?
Now I tried all of this, I do not have other idea... Do you have any ? Each clue
is very welcome!
Thanks.
Hi, On 05-04-2010 18:46, iscario at free.fr wrote:> - Create a VPN using OpenVPN > => impossible for me , i'm not admin of the Windows system. >this is a bad thing, but the vpn concept might work after all. have you considered a pptp/l2tp/ipsec vpn? AFAIK on the client side, you may succeed without admin privileges and it's only a matter of pppd/pptpd/l2tpd/*swan on the server side. if the local LAN is trusted, you may deploy a vpn capable device with the purpose of establishing a vpn to the server. it's only a routing issue from there. regards adam
Iscario-> I'm trying to set up a "secure" VoIP channel between a Windows softphone client > and an Asterisk 1.6... server running with OpenBSD. By "secure" I mean to > prevent any man in the middle to reconstitute any vocal exchange nor > sender/addressee/any header data/ of the VoIP call (in first step, I would be > glad to secure vocal data ans see later for the header...) > > I had a look to several way to do that: > > - Create a VPN using OpenVPN > => impossible for me , i'm not admin of the Windows system. > > - Create a SSH tunnel from the Windows client to the Asterisk server using putty > (redirecting ports used for VoIP) > => it doesn't work because either SIP/RTP or IAX2 protocol are based on UDP > so that SSH tunneling isn't working.... > > - Use IAX2 protocol to communicate (because I was told it was able to encrypt > data) > => it doesn't work because none of the client I had support encryption (many > deal with authentication encryption but not stream data)... Do you know a client > which could do that ? > > > Now I tried all of this, I do not have other idea... Do you have any ? Each clue > is very welcome!Run through Kamailio server + rtpproxy, use SRTP (or other) encryption extension to rtpproxy. -Jeff
On Tue, May 04, 2010 at 06:46:59PM +0200, iscario at free.fr wrote:> - Create a SSH tunnel from the Windows client to the Asterisk server using putty > (redirecting ports used for VoIP) > => it doesn't work because either SIP/RTP or IAX2 protocol are based on UDP > so that SSH tunneling isn't working....Actually ssh clients (at least openssh, not sure about putty) can function as a SOCKS proxy. In openssh, this is the option -D) That said, I suppose an ssh tunnel is not ideal for voip. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.cohen at xorcom.com +972-50-7952406 mailto:tzafrir.cohen at xorcom.com http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir