[Asterisk-Security] SRTP vs IPSEC
Bradley
bradley at rucus.net
Mon Sep 5 03:32:11 CDT 2005
Jeremy Jackson wrote:
> I've been playing with racooon/Linux IPSEC, and it seems quite simple
> to enable security on a per-socket basis:
>
> policy = "in ipsec esp/transport//require";
> buf = ipsec_set_policy(policy, strlen(policy));
> setsockopt(so, level, IP_IPSEC_POLICY, buf,ipsec_get_policylen(buf))
>
> I see there is also work being done on SRTP. It seems like SRTP would
> duplicate efforts, but maybe there are performance reasons that SRTP
> would be better?
>
> Comments?
>
You may be interested in a testbed I have created. So far I have used it
to draw some preliminary results using IPSec to secure VoIP Traffic.
Granted that I did the test while running Asterisk on some older
hardware, I found a significant increase in bandwidth and CPU usage when
I enabled IPSec. (I plotted the performance against the number of calls
being made through the box)
You can find a little write up about this at:
http://bradley.rucus.net/~bradley/masters/index.php?option=com_content&task=view&id=18&Itemid=2
If you would like the pdf (The graphs are a little clearer) just shout
and I will mail it to you privately.
My aim is to get an IAX2 and SRTP implementation going in Asterisk. Then
use my testbed to compare security and performance between the three.
Bradley
More information about the Asterisk-Security
mailing list