On Sun, Jul 18, 2004 at 07:31:59PM +0100, Dave Howe wrote: > OpenVPN is of course built on SSL, and can use either X509 certificates > or a preshared key for authentication. Sadly, there is no convenient way > to use DNS-SEC key records for OpenVPN.
How well is VoIP going to work over SSL/TLS (ie, TCP) though? I've never used any VoIP-over-TCP software before, but some people I know who have say it sucks (terrible latency, sometimes as bad as 5-10 seconds). That may have just been an artifact of a bad implementation, though. DTLS might be a better pick for securing VoIP. There's also SRTP.