[Freeswitch-users] encryption infos needed

excelsio at gmx.net excelsio at gmx.net
Thu Jan 1 03:27:56 PST 2009 

Hi,

we want to enhance our old Siemens Hicom 300 and replace it step by step. 
Therefore we decided to try out opensource solutions ourselves. One requirement 
is that the solution has to encrypt all data. So try let´s look at Asterisk was 
our first thought. Well, there seem to be unoffical patches for Asterisk 1.4.x 
with SRTP/SIPS support. So, unofficial. With 1.6.x the support for it hasn´t 
been fully integrated, yet.

So, what´s next out there? => freeswitch  
But what about encryption support? 
SRTP is end to end encryption between phones, SIPS is used for the encryption of signaling "hop-by-hop", well which hop? 
Talking about encryption, it seems there are many different scenarios to 
consider, which looks like they couldn´t encrypted?

Let´s look at our planed setup

public telefon network <--ISDN/S2M-->  Patton 4960 <--ISDN/S2M--> Siemens Hicom 300
                                Patton 4960 <--IP--> freeswitch <--IP--> Snom 320
                                SIP Provider <--IP-- freeswitch <--IP-- Snom 320

1. Incoming calls shoud be reached via landline:

[e.g. telefon network --ISDN/S2M--> Patton 4960 --IP--> freeswitch --IP--> Snom 
320 users]

So, what about encryption between the Patton 4960, the freeswitch and der Snom 
320? Is it possible to encrypt the whole path? Well, how? Is it supported with 
freeswitch?


2. Outcoming calls should go to a SIP provider which supports sip trunking and 
DDI, well SIPconnect:

[e.g. SIP Provider <--SIP trunk--  freeswitch <--IP-- Snom 320 
users]

Same question here: 
What about encryption between the Patton 4960, the freeswitch and der Snom 320? 
Is it possible to encrypt the whole path? Well, how? Is it supported with 
freeswitch? 


2.1 Outcoming calls should be forwarded locally, if the SIP trunk between the 
SIP provider and the freeswitch server fails

[e.g. telefon network <-- ISDN/S2M-- Patton 4960 <--IP-- freeswitch <--IP-- Snom 
320 users]

Same question here: 
What about encryption between the Patton 4960, the freeswitch and der Snom 320? Is 
it possible to encrypt the whole IP path? Well, how? Is it supported with 
freeswitch?


3. The next thing is the encryption of voice and signaling data in general. 
Does the freeswitch solution support this? I think it´s an end to end encryption 
between the users? As freeswitch seems to play a proxy part, I guess yes?

[e.g. freeswitch <--IP--> Snom 320 users <--SRTP/SIPS --> Snom 320]



4. Another problem is the encryption of the voice and signaling data between 
our LAN and the SIP provider. Is it possible to encrypt all data between those 
with the freeswitch solution? Do I need something additionally?

[e.g SIP Provider <--encrypted SIP trunk ??? --> freeswitch]


So what can be done with freeswitch? What else can be done support all scenarios above?
-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger

More information about the FreeSWITCH-users mailing list