[asterisk-dev] VoIP Encryption
James Harper
james.harper at bendigoit.com.au
Sat Mar 11 16:03:32 MST 2006
> > - QoS - the QoS systems you put in place may not know which packets
are
> > the voice packets, as they are encrypted. You might just have to
assume
> > any packet under 100 bytes deserves QoS treatment.
>
> This may be fixed by using "hidetos=no" in the config file.
>
> By default Open/Freeswan hides the TOS bits. Using the above exposes
the
> TOS bits via the encrypted packets.
Correct. IPSEC is ultra paranoid by default and doesn't like exposing
anything about the contents of the packets. The TOS field gives a good
indication of the contents of the packet.
You probably want to strip the IPSEC's TOS field on packets leaving your
network (but after your router has made its queuing decision), as
leaving it in may make it too easy for the ISP to futz them.
Can I ask the original poster what the exact problem being solved here
is? Are you communicating with a fixed set of known peers, or do you
want to be able to communicate with anyone, anywhere on the internet?
James
More information about the asterisk-dev
mailing list