[Freeswitch-users] encryption infos needed

Ognjen Seslija oseslija at gmail.com
Fri Jan 2 02:32:16 PST 2009 

Hello,

I'm using FreeSWITCH mostly as a PBX for multi tenants. Secure calling is
supported fully by FreeSWITCH and to my knowledge it is the only open-source
solution where it works w/o any hacks or tweaks.
Current major brand of phones supporting SRTP and TLS that I've tested are
Linksys and Snom. I'm told on the IRC channel that there are more working.
FreeSWITCH as an SIP B2BUA can be configured to offer SRTP in SDP
negogitation in the B-leg (just use export sip_secure_media param). That
means that if a phone and the other softswitch/gateway supports SRTP you can
have whole path encrypted.
I have tried following scenario: Linkys phone calling 9888 ext which is a
conference server at conference.freeswitch.org, so we have
Linksys SRTP -> FS SRTP -> other FS SRTP (whole media path between a phone
and two FS servers encrypted).

The only question left to answer is does Patton offer SRTP/TLS. FreeSWITCH
won't be an issue here.

Regards,
Ognjen
On Thu, Jan 1, 2009 at 12:27 PM, <excelsio at gmx.net> wrote:

> Hi,
>
> we want to enhance our old Siemens Hicom 300 and replace it step by step.
> Therefore we decided to try out opensource solutions ourselves. One
> requirement
> is that the solution has to encrypt all data. So try let´s look at Asterisk
> was
> our first thought. Well, there seem to be unoffical patches for Asterisk
> 1.4.x
> with SRTP/SIPS support. So, unofficial. With 1.6.x the support for it
> hasn´t
> been fully integrated, yet.
>
> So, what´s next out there? => freeswitch
> But what about encryption support?
> SRTP is end to end encryption between phones, SIPS is used for the
> encryption of signaling "hop-by-hop", well which hop?
> Talking about encryption, it seems there are many different scenarios to
> consider, which looks like they couldn´t encrypted?
>
> Let´s look at our planed setup
>
> public telefon network <--ISDN/S2M-->  Patton 4960 <--ISDN/S2M--> Siemens
> Hicom 300
>                                Patton 4960 <--IP--> freeswitch <--IP-->
> Snom 320
>                                SIP Provider <--IP-- freeswitch <--IP-- Snom
> 320
>
> 1. Incoming calls shoud be reached via landline:
>
> [e.g. telefon network --ISDN/S2M--> Patton 4960 --IP--> freeswitch --IP-->
> Snom
> 320 users]
>
> So, what about encryption between the Patton 4960, the freeswitch and der
> Snom
> 320? Is it possible to encrypt the whole path? Well, how? Is it supported
> with
> freeswitch?
>
>
> 2. Outcoming calls should go to a SIP provider which supports sip trunking
> and
> DDI, well SIPconnect:
>
> [e.g. SIP Provider <--SIP trunk--  freeswitch <--IP-- Snom 320
> users]
>
> Same question here:
> What about encryption between the Patton 4960, the freeswitch and der Snom
> 320?
> Is it possible to encrypt the whole path? Well, how? Is it supported with
> freeswitch?
>
>
> 2.1 Outcoming calls should be forwarded locally, if the SIP trunk between
> the
> SIP provider and the freeswitch server fails
>
> [e.g. telefon network <-- ISDN/S2M-- Patton 4960 <--IP-- freeswitch <--IP--
> Snom
> 320 users]
>
> Same question here:
> What about encryption between the Patton 4960, the freeswitch and der Snom
> 320? Is
> it possible to encrypt the whole IP path? Well, how? Is it supported with
> freeswitch?
>
>
> 3. The next thing is the encryption of voice and signaling data in general.
> Does the freeswitch solution support this? I think it´s an end to end
> encryption
> between the users? As freeswitch seems to play a proxy part, I guess yes?
>
> [e.g. freeswitch <--IP--> Snom 320 users <--SRTP/SIPS --> Snom 320]
>
>
>
> 4. Another problem is the encryption of the voice and signaling data
> between
> our LAN and the SIP provider. Is it possible to encrypt all data between
> those
> with the freeswitch solution? Do I need something additionally?
>
> [e.g SIP Provider <--encrypted SIP trunk ??? --> freeswitch]
>
>
> So what can be done with freeswitch? What else can be done support all
> scenarios above?
> --
> Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen:
> http://www.gmx.net/de/go/multimessenger
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20090102/2fd4a097/attachment-0002.html

More information about the FreeSWITCH-users mailing list