Encryption shouldn't add more than 2ms. I have it on my Sipura SPA-94x phones.
Or, if your phones are being a router, the router can do the encryption for you. Encryption is a bounded delay, and it's very constant, so jitter (which is as important as delay, and the delay is negligible in this case) isn't a problem. I suspect that in your ADSL scenario, the real culprit was lack of QoS, not encryption latency. -Philip Martin Rogers wrote: > Darrick, > > interesting point about the VPN. I have to have three classes of port > opened up for my AstLinux to work on the internet. A VPN solution would > certainly simplify things in this respect. > > However, in reality, how ubiquitous is VPN support on VOIP phones. I use > three types of phone (two PolyCom models and a Snom model) and none of > them seem to offer any VPN client support. > > The other point is that steam encryption is going to slow down > transmission of the media stream (to some extent anyway). I have > experienced some bad degradation running a couple of phones with > Asterisk through a PIX hardware VPN over a residential ADSL line. > Stuttery MOH is not nice. > > How practical is the VPN suggestion, does anyone actually use this. > What steps are others taking to secure AstLinux/Asterisk on public > networks. It would be useful if we could get a list of ideas together. > > My very short and inadequate list so far is as follows: > > -Limit the number of ports available > -Use UnionFS and change the root password > -Use hashed secrets > -Disable allowguest if using SIP > > > Thoughts anyone? > Thanks, > Mart > > > > Darrick Hartman wrote: > >> David, >> >> You could use openvpn to secure the connection. MAC address >> restrictions are pretty weak and easy to spoof. >> >> Darrick >> >> David Kerr wrote: >> >>> I would like to permit a softphone on my laptop to connect to my >>> astlinux box from anywhere in the world. This would mean keeping port >>> 5060 open, which is a potential security risk? Is there a way to >>> restrict access by mac address? so that my softphone on *my* laptop can >>> connect, but no one else's can (even if they know the extension/password. >>> >>> Thanks. >>> David >>> >>> On Mon, Nov 10, 2008 at 2:40 PM, Daniel Aeberli <[EMAIL PROTECTED]> >>> wrote: >>> >>> Hi Darrick, >>> >>> You right, I had miss-configured my Firewall: I open the voip ports when >>> I initially was try to my Asterisk trunk working. As I now know, the >>> trunk goes through a tunnel so I closed them just after my last post and >>> everything still works (no duh). >>> >>> I still need to dig into my config (Firewall and Asterisk), I'm sure I >>> have other doors wide open why I tried to get things working. >>> >>> Many thanks for the reply though. >>> >>> Daniel >>> >>> >>> >>> Darrick Hartman a écrit : >>> > Daniel, >>> > >>> > Not necessarily. It sounds like you have the firewall misconfigured. >>> > What ports are you opening? You should really only have your ssh >>> port >>> > and vpn port open. All others should be closed. How are these >>> people >>> > getting in? >>> > >>> > Darrick >>> > >>> > Daniel Aeberli wrote: >>> > >>> >> Sorry, just realised this is more an Astersik general question >>> than a >>> >> ASTLinux one ... of to search other forums... >>> >> >>> >> Daniel Aeberli a écrit : >>> >> >>> >>> Well after the brute force attack ssh login attempts, last >>> month, I have >>> >>> an undesirable outsider that successfully made calls from my >>> ASTlinux >>> >>> box. I locked out the brute force, by disabling WAN requests, >>> turning of >>> >>> WAN ping response and turning off ssh access, but obviously my >>> box is >>> >>> not secure. >>> >>> >>> >>> I'm not savvy enough to know how to secure by AstLinux box from >>> outside >>> >>> callers (hackers). I only use AstLinux to call my parents >>> AstLinux box >>> >>> via a VPN trunk over our ADSL lines. All my local calls go via >>> ISDN line >>> >>> (since I have to have it for the ADSL link and local call are >>> free). >>> >>> >>> >>> Could someone tell me how to lock outside calls (internet / >>> ADSL) from >>> >>> using my ISDN lines? >>> >>> >>> >>> Thanks >>> >>> >>> >>> Daniel >>> >>> ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [EMAIL PROTECTED]
