[Asterisk-Users] How to encript SIP comunications?

Linux Dominicana linuxdominicana at gmail.com
Sat Nov 20 10:48:39 MST 2004


Hello Gregory

Thanks for your tip, but this looks like a point to point encription,
but how about between extensions registered in a Asterisk server.

Let's say I got a building 200 users registered and a given set of
extensions, any of the users can be out of town or in another building
in another city but for the matter of their job their communications
have to be encripted. I can do your suggestion, but is group of users
move from place to place then how would I do?

I would appreciate to have a clear solutions for a more flexible
scenario of encription

All suggestions are highly appreciated

Bye

Fach



On Sat, 20 Nov 2004 00:39:28 -0500, Gregory Junker
<gregory.junker at dayark.com> wrote:
> Linux 2.6 kernel includes IPSec directly, and ipsec-tools can be used to
> create a secure point-to-point link. OpenSWAN makes use of the kernel
> IPSec in 2.6, and makes it available in 2.2 and 2.4 kernels. IPSec can
> use shared keys or x509 certificates within or without a PKI for
> authentication. OpenVPN has been mentioned as another option, and it
> uses SSL/TLS for the encryption, and also supports PKI and PSK for auth.
> Both provide perfect-forward secrecy (PFS) which is important if your
> client wants past and future communications to remain impossible to
> decrypt, even with a compromised or subpoenaed private key.
> 
> Any of the above can be used to encrypt a point-to-point link such as
> the one you describe.
> 
> http://www.openswan.org
> http://www.openvpn.org
> 
> Greg
> 
> 
> 
> Linux Dominicana wrote:
> > Hello everybody
> >
> >  A given scenario:
> >
> > A client does want to have his own VoIP PBX with Asterisk running, but
> > he ask me. How secure can be the communication among all subscribers?
> > If there're sniffers on the middle or any other listening device on a
> > given netowork.
> >
> > The client is not fictitial, but it main requirement is encription of
> > all point to point comunications for given reasons.
> >
> > Any guidance, products, solutions implementation available and if
> > works is much better.
> >
> > Suggestions are welcome
> >
> > Regards
> >
> > John Fach
> > _______________________________________________
> > Asterisk-Users mailing list
> > Asterisk-Users at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> 


-- 
John Fach
Linux Dominicana
Linux/LAMP Technology Consulting & Solutions
p: 1-786-380-4685
    1-347-952-3288 
w: http://www.linuxdominicana.com
e:  info at linuxdominicana.com



More information about the asterisk-users mailing list