[Asterisk-Users] voip encryption options

Colin Anderson ColinA at landmarkmasterbuilder.com
Fri May 13 11:42:54 MST 2005


>I'm looking for solutions that work when one end of the call is
>connected to the pstn, and the entire media stream needs to be
>encrypted.


In my scenario, I have Snom's in a remote LAN and they get dialtone to the
PSTN thru my Asterisk server here via the VPN. I also use soemthing that you
might want to consider something like this:

SIP phone ---SIP--->Asterisk server NIC # 1
				|
				|
                    Asterisk server NIC #
2<---IAX---VTUND---INTERNET---VTUND---IAX--->Asterisk server
	
|
	
|
	
PSTN


The Asterisk server NIC # 1 is on a non routable subnet so you don't have to
worry about snooping for the SIP part, and the IAX data is encrypted by the
time it hits the Internet. I have this running in several locations as well,
with the remote Asterisk server running the Locustworld meshbox
distribution:

www.locustworld.com

We use a single Meshbox with a second nic added to the Meshbox WiFi bridge
using brctl. The single Meshbox acts as firewall, dhcp server, WiFi access
point, and Asterisk server all in one. I use Compaq Deskpro En's P-II 400's
with 64 meg of RAM and an SMC EliteConnect 2512W PCI card and everything
runs nicely. The Meshbox assigns DHCP IP's to the Snoms and an instance of
Asterisk is run on the meshbox to provide registration for the Snom. When
the Snom dials out, iax.conf on the Meshbox is set to dial into the dialplan
on our primary Asterisk server connected to the PSTN. Traffic is encrypted
using VTUND. Works good, my salespeople are pleased with it because they can
do fancy stuff like call forward, juggle multiple lines, MeetMe, IVR menus,
and blind call transfer to the PSTN. Coming from a single POTS line with
basic calling features to these remote locations, it's like a different
world for them. 

Although, the encryption part I'm not too worried about, that's just a
bonus. It's not as if we have state secrets or anything. 

If you want to use a bolt on in your own distro from server to server,
without using the Meshbox distro, you can just run vtund by itself:

http://vtun.sourceforge.net/

hth





More information about the asterisk-users mailing list