[asterisk-biz] VoiceGuard Solution for VoIP Anti-Blockade

[Trixter aka Bret McDanel]

On Sat, 2008-01-19 at 02:48 -0800, Nitzan Kon wrote:
> From what it looks like, they probably encrypt the traffic between the
> customer and the softswitch. They might do some more things which can
> be confusing to anti-VoIP software, but when it comes down to it all
> you really need is encryption. You can set up a VPN tunnel between your
> customer's site and your softswitch and achieve the same net result.
> 
> The problems with this approach however are: A- it requires some
> technical knowledge from the customer (unless you install it for them
> which in itself is a problem), and B- encryption takes up a lot of CPU.
> If you have a couple of VPN tunnels you won't have a problem, but if
> you need to set up VPN tunnels for ALL your customers, then you have a
> problem. (or rather, you'll probably have to setup multiple dedicated
> servers just for traffic encryption, those could then pass on the
> traffic to your local network unencrypted)

or get hardware crypto boards.  They do exit and there are drivers for
them, although its my understanding that openbsd has the largest suite
of drivers for such boards, that is dated info so I dont know if that is
true anymore.

1 tunnel per customer is more efficient than 1 tunnel per call, and the
algorithms used would make it similar in cpu load to ssh/https.  Set up
and tear down is generally more costly than other parts, why SSL caches
session keys (at least in https).

-- 
Trixter http://www.0xdecafbad.com     Bret McDanel
Belfast +44 28 9099 6461        US +1 516 687 5200
http://www.trxtel.com the phone company that pays you!