[asterisk-dev] VoIP Encryption
Richard Scobie
r.scobie at clear.net.nz
Sat Mar 11 13:25:48 MST 2006
Daniel Pocock wrote:
>
> Openswan works well as a VPN, the ISP won't even know you are doing voice.
>
> http://www.openswan.org
>
> It interoperates with Windows and Cisco, and also supports NAT.
>
> I've been using Openswan and previously Freeswan for quite a few years,
> they are well worth a look at. With any full VPN solution, you will
> have to consider:
>
> - QoS - the QoS systems you put in place may not know which packets are
> the voice packets, as they are encrypted. You might just have to assume
> any packet under 100 bytes deserves QoS treatment.
This may be fixed by using "hidetos=no" in the config file.
By default Open/Freeswan hides the TOS bits. Using the above exposes the
TOS bits via the encrypted packets.
See
http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/faq.html#QoS
Regards,
Richard
More information about the asterisk-dev
mailing list