[Asterisk-Dev] AES voice encryption for IAX2
Muiz Motani
muiz at i-dist.com
Fri Apr 16 14:22:57 MST 2004
Aside from the issues already pointed out with tunneling IAX2 over IPSec,
another reason not to do it is that one would lose the ability to do traffic
shaping based on port-number as well as the ability to provide QoS properly.
In some implementations of QoS, the QoS bits are not copied over properly
before encryption and all IPSec traffic essentially ends up getting the same
QoS flags. What's more, one often wants to do traffic shaping (such as
guaranteeing minimum and burst bandwidth requirements) based on port
numbers (i.e. protocols) in the packets. Encapsulating VoIP packets in IPSec
would make this very difficult since for outbound packets the traffic shaping
would have to be done before encryption and encapsulation and it just could
not be done for incoming packets.
On 16 Apr 2004 at 9:28, you wrote:
> It would seem to me that tunneling over ipsec or ipv6 or stunnel or any
> number of other standard means would work just fine rather than
> reinventing the wheel by integrating encryption with IAX.
--
____________________________________________________________
Muiz Motani
Intelligent Distribution
72-6800 Lynas Lane, Richmond, B.C. V7C 5E2
email: muiz at i-dist.com
phone: +1 604 448 9293 fax: +1 604 448 9296
More information about the asterisk-dev
mailing list