[Asterisk-Users] RE: Plugging Asterisk Security Holes....

Steve steve at szmidt.org
Wed Mar 24 13:46:51 MST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 24 March 2004 04:10 am, Asterisk DEV. Mailing List wrote:
> Asterisk works fine across cipe tunnels, quite happily got IAX links
> running to my home from work over a cipe link.
>
> You probably won't get ssh port forwarding running because IAX uses udp
> and I think ssh only forwards tcp by default.

Yes, SSH only does TCP port forwarding, not UDP port forwarding, so some 
things (like DNS) won't work directly over port forwarding, but you can 
also do things like running PPP over SSH to create a VPN.  This would be 
UDP over IP over PPP over SSH over TCP over IP.

I have IPsec VPNs running between a few OpenBSD border firewalls, but I've 
not yet tried to run IAX over it. Overhead is 28 bytes on 1400. So I drop 
the MTU to 1400 to keep under 1500.

> >Date: Tue, 23 Mar 2004 19:53:46 -0600 (CST)
> >From: <thisemailaddressisbogus at risehigh.com>
> >To: <asterisk-users at lists.digium.com>
> >Subject: [Asterisk-Users] Plugging Asterisk Security Holes....
> >Reply-To: asterisk-users at lists.digium.com
> >
> >Hello,
> >
> >I am interested in knowing if someone has done any work on
> >
> >IPSec
> >VPN
> >SSH port forwarding
> >
> >for Asterisk boxes. If so, it will be nice if we can all share our
> >experiences here. I am perticularly interested in finding out which
> >solution is the best for securing voice channels over the internet.
> >Assuming we use IAX protocol, does it make any difference?
> >
> >Another topic of interest is securing the box itself. Does a firewall
> >(hardware outside of the box or a linux based firewall) suffice the
>
> need?
>
> >Let's discuss some of the security issues around asterisk here.
> >
> >Thanks a lot for your feedbacks and comments.
> >
> >James
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

- -- 
Steve

"They that would give up essential liberty for temporary safety deserve
neither liberty nor safety."
                                Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAYfO/ljK16xgETzkRAiStAKCcofJ/0oj/IcqD8vtAr/iGGVBpqACeNsdR
5vBsagqq9XsdtTpXx60aLXA=
=JyJu
-----END PGP SIGNATURE-----



More information about the asterisk-users mailing list