Re: [asterisk-users] Iax Encryption
Cavalera Claudio Luigi wrote: > Is this the libiax used currently on asterisk > http://ftp.digium.com/pub/libiax/ ? No. Asterisk has its own IAX2 implementation. > I would like to understand if someone is using this in production. I have no idea if anyone is using it. It's easy to use, so I assume that some people are ... > Moreover which Iax client do you use to test this? I'm actually not aware of any IAX clients that have implemented encryption. -- Russell Bryant Senior Software Engineer Open Source Team Lead Digium, Inc. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Iax Encryption
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Russell Bryant > > I would like to understand if someone is using this in production. > > I have no idea if anyone is using it. It's easy to use, so I > assume that some > people are ... > I guess what you are meaning here is it's easy to configure on asterisk side. So this encryption is now considered robust enough to be used in production? I'm asking this because of comments I've found here: http://www.voip-info.org/wiki/index.php?page=IAX%20encryption about beta stage encryption. Thanks, Claudio Internet Email Confidentiality Footer - La presente comunicazione, con le informazioni in essa contenute e ogni documento o file allegato, e' rivolta unicamente alla/e persona/e cui e' indirizzata ed alle altre da questa autorizzata/e a riceverla. Se non siete i destinatari/autorizzati siete avvisati che qualsiasi azione, copia, comunicazione, divulgazione o simili basate sul contenuto di tali informazioni e' vietata e potrebbe essere contro la legge (art. 616 C.P., D.Lgs n. 196/2003 Codice in materia di protezione dei dati personali). Se avete ricevuto questa comunicazione per errore, vi preghiamo di darne immediata notizia al mittente e di distruggere il messaggio originale e ogni file allegato senza farne copia alcuna o riprodurne in alcun modo il contenuto. This e-mail and its attachments are intended for the addressee(s) only and are confidential and/or may contain legally privileged information. If you have received this message by mistake or are not one of the addressees above, you may take no action based on it, and you may not copy or show it to anyone; please reply to this e-mail and point out the error which has occurred. - ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Iax Encryption
Cavalera Claudio Luigi wrote: > I guess what you are meaning here is it's easy to configure on asterisk > side. Correct. > So this encryption is now considered robust enough to be used in > production? I certainly consider it that way. There should not be any problems with it. At our last developer's conference, we discussed some potential ways to improve it, but it should be fine as it is. > I'm asking this because of comments I've found here: > http://www.voip-info.org/wiki/index.php?page=IAX%20encryption > about beta stage encryption. Content on the wiki is quite often incorrect and/or out of date, unfortunately. -- Russell Bryant Senior Software Engineer Open Source Team Lead Digium, Inc. ___ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX Encryption
On 23 Jul 2007, at 15:53, Matthew Brothers wrote: > I am playing around with IAX encryption and have had good success. > I read somewhere, that trunked packets are not encrypted. Does > anybody know if this means the trunk packets themselves are not > encrypted but the voice frames in them are encrypted or does this > mean that if you are using trunking then encryption of the voice > frames will not occur. I have used Wireshark to sniff the packets > and it looks like the encryption is being setup normally when > trunking is enabled. I just can't tell if the voice frame within > the trunked packet is encrypted. Any assistance would be appreciated. I thought that Encryption and Trunking are mutually exclusive in IAX. What does the iax debug in asterisk show? Tim Panton www.mexuar.net www.westhawk.co.uk/ ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX Encryption
IAX is not encrypted. What you're seeing in wireshark is likely the authentication method you've chosen. (RSA or MD5) You can encrypt it with a VPN as long as you have a pipe fat enough to deal with the overhead a VPN puts on packets. Yours, Michael Munger, dCAP 404-438-2128 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Panton Sent: Wednesday, July 25, 2007 1:58 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] IAX Encryption On 23 Jul 2007, at 15:53, Matthew Brothers wrote: > I am playing around with IAX encryption and have had good success. > I read somewhere, that trunked packets are not encrypted. Does > anybody know if this means the trunk packets themselves are not > encrypted but the voice frames in them are encrypted or does this > mean that if you are using trunking then encryption of the voice > frames will not occur. I have used Wireshark to sniff the packets > and it looks like the encryption is being setup normally when > trunking is enabled. I just can't tell if the voice frame within > the trunked packet is encrypted. Any assistance would be appreciated. I thought that Encryption and Trunking are mutually exclusive in IAX. What does the iax debug in asterisk show? Tim Panton www.mexuar.net www.westhawk.co.uk/ ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX Encryption
Iax channel can be encrypted. Not just the authentication, even rtp data, see: http://www.voip-info.org/wiki/view/IAX+encryption On 8/4/07, Michael Munger <[EMAIL PROTECTED]> wrote: > > IAX is not encrypted. What you're seeing in wireshark is likely the > authentication method you've chosen. (RSA or MD5) > > You can encrypt it with a VPN as long as you have a pipe fat enough to > deal with the overhead a VPN puts on packets. > > Yours, > > Michael Munger, dCAP > 404-438-2128 > [EMAIL PROTECTED] > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tim Panton > Sent: Wednesday, July 25, 2007 1:58 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: Re: [asterisk-users] IAX Encryption > > > On 23 Jul 2007, at 15:53, Matthew Brothers wrote: > > > I am playing around with IAX encryption and have had good success. > > I read somewhere, that trunked packets are not encrypted. Does > > anybody know if this means the trunk packets themselves are not > > encrypted but the voice frames in them are encrypted or does this > > mean that if you are using trunking then encryption of the voice > > frames will not occur. I have used Wireshark to sniff the packets > > and it looks like the encryption is being setup normally when > > trunking is enabled. I just can't tell if the voice frame within > > the trunked packet is encrypted. Any assistance would be appreciated. > > I thought that Encryption and Trunking are mutually exclusive in IAX. > > What does the iax debug in asterisk show? > > Tim Panton > > www.mexuar.net > www.westhawk.co.uk/ > > > > > ___ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > > > > ___ > --Bandwidth and Colocation Provided by http://www.api-digital.com-- > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users > ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] IAX Encryption
On 4 Aug 2007, at 14:04, Michael Munger wrote: > IAX is not encrypted. What you're seeing in wireshark is likely the > authentication method you've chosen. (RSA or MD5) In IAX that doesn't look like encryption - the challenge and response are in hex strings. > > You can encrypt it with a VPN as long as you have a pipe fat enough to > deal with the overhead a VPN puts on packets. or you can set encryption=yes in iax.conf and let asterisk do the work! iax2 debug will show the encrypted packets and the decoded results, so you can quickly tell the difference. Also I think 'iax2 show channels' displays an (E) next to the channel if encryption is on. Tim Panton www.mexuar.net www.westhawk.co.uk/ ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] iax encryption
John Hammen wrote: Hi All, I was wondering if there is any way to encrypt IAX traffic? I am aware of the ability to use md5 or RSA for authentication, but I'm talking about the packets themselves, after authorization has already occured... Forgive me if this is documented somewhere, but I all I could find online was a presentation with the statement "there has been talk of adding encryption to the IAX protocol". Does anyone know the current status of this i.e. is there any active developement going on? There's native IAX encryption in CVS-HEAD right now. I haven't had a chance to dig in to the source code to infer how to set things up. Perhaps someone more clueful could post a little HOWTO? It's obviously a very, very important feature. B. ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] iax encryption
John Hammen wrote: Hi All, I was wondering if there is any way to encrypt IAX traffic? I am aware of the ability to use md5 or RSA for authentication, but I'm talking about the packets themselves, after authorization has already occured... Forgive me if this is documented somewhere, but I all I could find online was a presentation with the statement "there has been talk of adding encryption to the IAX protocol". Does anyone know the current status of this i.e. is there any active developement going on? There's some code to do this in CVS, but it is incomplete. If you want something that works right now, just tunnel your stuff through a VPN, like openVPN or something.. -SteveK ___ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users