[VOIPSEC] Asterisk PBX - Security

Simon Horne s.horne at packetizer.com
Thu Jun 1 21:06:07 CDT 2006 

Daniel

I think there are 2 issues here.
1. NAT traversal for your remote/travelling users
2. Securing the signalling/media.

I think you are looking to use a VPN primarily for seemless VoIP 
conductivity regardless of location (NAT solution) more than for securing 
the media. VPN's are notoriously difficult to configure and use.

Another possible solution for NAT Traversal would be to use the H323 
channel in asterisk to connect to a GnuGK gatekeeper (www.gnugk.org) you 
install on your firewall. GnuGK supports sending and receiving calls 
to/from remote NATed H323 clients. You then can install PacPhone 
(www.pacphone.com) soft client on the travelling users laptops  The soft 
phone natively supports (no setup required) this NAT method.  If you 
configure Asterisk & GnuGK properly then your travelling users should be 
able to call each other and the office and your existing Asterisk users can 
call the travelling users. Asterisk should be able to handle all the 
protocol translation.

If you want to secure the media, you can use PacPhone with the H323 channel 
in your existing asterisk box and you should have end-to-end voice 
encryption..

Simon


At 07:09 PM 1/06/2006, Daniel Mossinato wrote:
>Dear friends,
>
>Good morning.
>This is my first post on this list, so I would like to introduce me.
>
>My name is Daniel Mossinato and I'm an IT Mananger in Brazil, São Paulo.
>I'm running an Asterisk for the company where I work to use as an 
>"internal communicator". I have some extensions and no external lines wich 
>means the partners use this solution to talk between each other, nobody else.
>I have a new scenario since two of the partners will travel and they want 
>to use the extension outside of the company. The only solution I've found 
>is a VPN. They would connect from hotels or other offices and they concern 
>is about somebody listening the conversation.
>
>Do you have any suggestion of a device which supports OpenVPN? It could be 
>an gateway (ATA) or a ip phone.
>I was trying with an Racoon VPN solution but I need some kind of roaming 
>vpn. When the device is plugged on the internet it automactly creates the 
>tunnel, doenst matter the ip where it is. Racoon seems to need to specify 
>the IP.
>
>
>Thank you very much
>Sorry about my english and long message
>
>_________________________________________________________________
>MSN Messenger: instale grátis e converse com seus amigos. 
>http://messenger.msn.com.br
>
>
>
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list