[Asterisk-Users] IAX/IAX2 encryption?

[Brian J. Schrock]

On Mon, Nov 10, 2003 at 03:22:43PM -0600, PJ Welsh wrote:
> On Mon, Nov 10, 2003 at 03:26:06PM -0500, Brian J. Schrock wrote:
> > 
> > I second that, and I think I remember hearing Mark talking about it too. But.....
> > 
> > What type of encryption can you do that does not introduce latency? 
> > 
> > That said, I would like it to support hardware encryption cards.
> > 
> > I have done work with FreeS/WAN and it works, and yes it adds about 30-100ms of latency depending on what else is going on. I think it has something to do with keying.
> 
> I don't understand why the latency will be so high. I've run misc test (not with * since I don't have a PBX/voicemail needs with *) and find that I have less issues (more consisten responces and good throughput) with FreeS/WAN. The firewall machines maintain a persistant tunnel. They should be keeping "active" connecitons between servers humming right along. Do you have an overloaded FreeS/WAN server? I even get better results going through FreeS/WAN on one connection to my home (the cable provider seems to like to bandwith throttle the other services to some degree).

Not sure, here is a ping to a station on their LAN. Before I set it all up, we were fluctuating between 50~70ms, the link stays active I do see something that I think is rekeying every so often. We are currnetly looking at moving to OpenVPN, which is supposed to support udp.

64 bytes from 192.168.0.20: icmp_seq=1 ttl=126 time=111 ms
64 bytes from 192.168.0.20: icmp_seq=2 ttl=126 time=115 ms
64 bytes from 192.168.0.20: icmp_seq=3 ttl=126 time=109 ms
64 bytes from 192.168.0.20: icmp_seq=4 ttl=126 time=111 ms
64 bytes from 192.168.0.20: icmp_seq=5 ttl=126 time=110 ms
64 bytes from 192.168.0.20: icmp_seq=6 ttl=126 time=119 ms
64 bytes from 192.168.0.20: icmp_seq=7 ttl=126 time=107 ms