Re: [Devel] best solution to masquerade sip message

Tue, 11 Apr 2006 07:31:41 -0700

Hi Klaus, 

tested TLS transport with client.  But that didn't hide the protocol as the way we want.  from the tcp header, we still see SIP/2.0 as SIP protocol.   TLS only encrypts the URI and port of from header.  Is there any other solution to completely hide the SIP protocol being detected.


INVITE sip:[EMAIL PROTECTED]:5060;user=phone
SIP/2.0
Record-Route:
<sip:[EMAIL PROTECTED]:5060;user=phone;maddr=64.102.254.146>
Via SIP/2.0/UDP 64.102.254.146:5060;branch=4708f6b8-16a78dd4-f3d5e768-aa17128a-1
Via SIP/2.0/UDP 207.68.169.181;branch=393E1BB3, SIP/2.0/TLS 64.102.254.150:2402;received-port=2402
Record-Route: <sip:[EMAIL PROTECTED]:5060;user=phone;maddr=207.68.169.181>;
tag=729CC26274322D2EB8C120684CB7557C
Proxy-Authorization: basic MDAwMzNmZmY4MDM5Yjg5ZDou
From: "00033fff8039b89d" <[EMAIL PROTECTED]>;tag=c7ee8263-4337-48b7-8ffe-d8a7e3f447cc
To:
<sip:[EMAIL PROTECTED];user=phone>
Call-ID: [EMAIL PROTECTED]
CSeq: 2 INVITE
Contact: <sip:64.102.254.1502402;transport=tls>
User-Agent: Windows RTC/1.0
Content-Type: application/sdp
Content-Length: 464


thanks

Ray

Raymond Chen wrote:
Klaus Darilion wrote:
Raymond Chen wrote:
hi Klaus,

is there a native vpn solution to openser? I see TLS is supported in server to server scenario. can we implement client tls solution without making change to openser?


TLS can be used for server-server and client-server connections. It's not heavily used (thus not heavily tested) but theoretically it should work. Maybe there can be some issues with TLS and client behind NAT (keep alive ...) which may occur. But once the issues are detected and you can give exact problem description I'm sure we can fix it.

regards
klaus



thanks, klaus.   I am going to try minisip client first to see if I can make it work simply by configuration.  let you know when I am done.

thanks

Ray


_______________________________________________
Devel mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/devel




-- 
_______________________________________________
Devel mailing list
[email protected]
http://openser.org/cgi-bin/mailman/listinfo/devel

Reply via email to