[Asterisk-Users] voip encryption options

Michael Graves mgraves at mstvp.com
Fri May 13 12:01:07 MST 2005


On Fri, 13 May 2005 11:37:41 -0700, snacktime wrote:

>On 5/13/05, trixter http://www.0xdecafbad.com <trixter at 0xdecafbad.com> wrote:
>> On Fri, 2005-05-13 at 11:10 -0700, snacktime wrote:
>> > On 5/13/05, Colin Anderson <ColinA at landmarkmasterbuilder.com> wrote:
>> > > >I'm also curious of other solutions that could be bolted onto the
>> > > >front end of asterisk to provide encryption
>> > >
>> > > For LAN---internet---LAN you could just use a VPN tunnel. We use Monowall
>> > > from site to site http://www.m0n0.ch/wall/ with IPSec and my Snom's don't
>> > > know the difference.
>> > >
>> > I'm looking for solutions that work when one end of the call is
>> > connected to the pstn, and the entire media stream needs to be
>> > encrypted.
>> 
>> Do you mean the voip stream is encrypted to be decrypted from a phone on
>> the PSTN?  That will be rough due to the nature of the codecs.  You
>> would have to not use any compression, and hope that syncing doesnt blow
>> this up when it hits the PSTN.  In short if you do manage to get
>> something to work I would question its reliability.
>
>A call originating from the pstn would need to be encrypted before
>being sent over the internet to our location.  The primary thing being
>that if it goes over the internet, it has to be encrypted in transit.

This sounds like an interesting thing that could combine Asterisk and
m0n0wall. I use both. I run Astlinux on a VIA system pretty much like
an appliance. My IP traffic goes through m0n0wall on a Soekris 4501,
which in my case is also a PPTP server.

Astlinux can act as a router and traffic shaper itself, but I don't do
this as m0n0wall is more managable. If the two were combined then you'd
be able to provide end-end encryption via IAX. You'd have to provide a
small system at each site, but it would be very flexible.

My Zultys phones (which I'm coming to despise) provide AES encrytion
themselves. I wonder if a call made through the FXO port on a Zultys
4x5 could be forwarded to the server via an AES encrypted stream. The
very latest firmware for the 4x5 is supposed to pass the analog calls
to the server for VM, but I've not got it working and Zultys support
structure is not helping.

Michael
--
Michael Graves                           mgraves at pixelpower.com
Sr. Product Specialist                          www.pixelpower.com
Pixel Power Inc.                                 mgraves at mstvp.com

o713-861-4005
o800-905-6412
c713-201-1262






More information about the asterisk-users mailing list