[Asterisk-Users] How to encript SIP comunications?

Gregory Junker gregory.junker at dayark.com
Fri Nov 19 22:39:28 MST 2004


Linux 2.6 kernel includes IPSec directly, and ipsec-tools can be used to 
create a secure point-to-point link. OpenSWAN makes use of the kernel 
IPSec in 2.6, and makes it available in 2.2 and 2.4 kernels. IPSec can 
use shared keys or x509 certificates within or without a PKI for 
authentication. OpenVPN has been mentioned as another option, and it 
uses SSL/TLS for the encryption, and also supports PKI and PSK for auth. 
Both provide perfect-forward secrecy (PFS) which is important if your 
client wants past and future communications to remain impossible to 
decrypt, even with a compromised or subpoenaed private key.

Any of the above can be used to encrypt a point-to-point link such as 
the one you describe.

http://www.openswan.org
http://www.openvpn.org

Greg

Linux Dominicana wrote:
> Hello everybody
> 
>  A given scenario:
> 
> A client does want to have his own VoIP PBX with Asterisk running, but
> he ask me. How secure can be the communication among all subscribers?
> If there're sniffers on the middle or any other listening device on a
> given netowork.
> 
> The client is not fictitial, but it main requirement is encription of
> all point to point comunications for given reasons.
> 
> Any guidance, products, solutions implementation available and if
> works is much better.
> 
> Suggestions are welcome
> 
> Regards
> 
> John Fach
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
> 



More information about the asterisk-users mailing list