[asterisk-users] client-server encryption
Hans Witvliet
hwit at a-domani.nl
Sun May 9 10:12:51 CDT 2010
On Sun, 2010-05-09 at 13:34 +0300, Tzafrir Cohen wrote:
> On Tue, May 04, 2010 at 06:46:59PM +0200, iscario at free.fr wrote:
>
> > - Create a SSH tunnel from the Windows client to the Asterisk server using putty
> > (redirecting ports used for VoIP)
> > => it doesn't work because either SIP/RTP or IAX2 protocol are based on UDP
> > so that SSH tunneling isn't working....
>
If the ssh-tunnel is up-and-running, you can reach for both udp and
tcp-ports. The tunnel itself is using TCP.
> Actually ssh clients (at least openssh, not sure about putty) can
> function as a SOCKS proxy. In openssh, this is the option -D)
>
> That said, I suppose an ssh tunnel is not ideal for voip.
>
This is mostly because a ssh-tunnel (very nice feature of ssh btw) is
doing an protocol within tcp. Somewhere down the list it is explained
why tcp (with its retansmissions) is not so good for rtp
As long as this security aspect is not finally dealt with (It seems
there is some progress for srtp...) you have two options:
either use openvpn or ipsec (in udp mode, ofcourse '-)
If needed, both are available for windows-clients...
hw
More information about the asterisk-users
mailing list