On Sat, 2008-01-19 at 02:48 -0800, Nitzan Kon wrote: > From what it looks like, they probably encrypt the traffic between the > customer and the softswitch. They might do some more things which can > be confusing to anti-VoIP software, but when it comes down to it all > you really need is encryption. You can set up a VPN tunnel between your > customer's site and your softswitch and achieve the same net result. > > The problems with this approach however are: A- it requires some > technical knowledge from the customer (unless you install it for them > which in itself is a problem), and B- encryption takes up a lot of CPU. > If you have a couple of VPN tunnels you won't have a problem, but if > you need to set up VPN tunnels for ALL your customers, then you have a > problem. (or rather, you'll probably have to setup multiple dedicated > servers just for traffic encryption, those could then pass on the > traffic to your local network unencrypted)
or get hardware crypto boards. They do exit and there are drivers for them, although its my understanding that openbsd has the largest suite of drivers for such boards, that is dated info so I dont know if that is true anymore. 1 tunnel per customer is more efficient than 1 tunnel per call, and the algorithms used would make it similar in cpu load to ssh/https. Set up and tear down is generally more costly than other parts, why SSL caches session keys (at least in https). -- Trixter http://www.0xdecafbad.com Bret McDanel Belfast +44 28 9099 6461 US +1 516 687 5200 http://www.trxtel.com the phone company that pays you! _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz