[VOIPSEC] TLS and Firewalls
Diana Cionoiu
diana-liste at voip.null.ro
Wed Feb 9 04:59:13 CST 2005
Hello Volker,
Securing SIP and RTP will stop them to pass the firewall, this is what we
consider to secure rather IAX2 inster of SIP and RTP. We either secure
only RTP either we use IAX to pass the firewall. The main problem is that
if you use SIP you use 3 ports, that don't have any connection between
them (you find the connection if you look into packets). IAX is using just
one port. The problem with IAX is that are no devices around. We hope that
producers will start taking Yate or whatever and use it in their embedded
system. We've spend some time trying to make things to work on ARM
arhitecture especialy for that.
Diana
> Greetings!
>
> On Tue, 08 Feb 2005 18:25:04 +0100
> "Thorsten Brinkmann" <mail at Thorsten-Brinkmann.de> wrote:
>
> > securing VoIP (e.g. SIP) with TLS is a nice idea. But how can
> > firewalls handle this? Look at the workarounds are needed to use HTTPS
> > thru firewalls.
>
> Not at all - the RTP part is the complicated one, opening two completely
> independen UDP streams in both directions, usually without any
> connection to the SIP session.
>
> The SIP session usually is done between client and gateway/server or the
> two gates/servers. After signaling RTP gues between the clients doing
> the audio transfer.
>
> And for handling that the firewall *MUST* be able to look into the SIP
> or H.323 protocol. Which then is not to be encrypted. So no TLS if you
> want the audio stream too and not just the"ringing/busy/okay"-messaging,
> sorry.
>
> Bye
>
> Volker
>
>
More information about the Voipsec
mailing list