[Asterisk-Users] How to encript SIP comunications?
Gregory Junker
gregory.junker at dayark.com
Fri Nov 19 22:39:28 MST 2004
Linux 2.6 kernel includes IPSec directly, and ipsec-tools can be used to
create a secure point-to-point link. OpenSWAN makes use of the kernel
IPSec in 2.6, and makes it available in 2.2 and 2.4 kernels. IPSec can
use shared keys or x509 certificates within or without a PKI for
authentication. OpenVPN has been mentioned as another option, and it
uses SSL/TLS for the encryption, and also supports PKI and PSK for auth.
Both provide perfect-forward secrecy (PFS) which is important if your
client wants past and future communications to remain impossible to
decrypt, even with a compromised or subpoenaed private key.
Any of the above can be used to encrypt a point-to-point link such as
the one you describe.
http://www.openswan.org
http://www.openvpn.org
Greg
Linux Dominicana wrote:
> Hello everybody
>
> A given scenario:
>
> A client does want to have his own VoIP PBX with Asterisk running, but
> he ask me. How secure can be the communication among all subscribers?
> If there're sniffers on the middle or any other listening device on a
> given netowork.
>
> The client is not fictitial, but it main requirement is encription of
> all point to point comunications for given reasons.
>
> Any guidance, products, solutions implementation available and if
> works is much better.
>
> Suggestions are welcome
>
> Regards
>
> John Fach
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list