I’ve read several times that SIP (or VoIP) is not realistic over VPN. So I was wondering what the options are to secure a SIP endpoint over the Internet. I don’t want to use IP restrictions as dynamic DNS will make this too inconvenient.
What I was thinking is:
Can an asterisk server authenticate the client using a client-side certificate?
Can the SIP-endpoint authenticate the server using a server-side certificate?
Can the connection be encrypted?
I think I heard about SIP over SSL which would indicate to me that number 2 and 3 are possible using this. In this case, does that lead to a good quality connection?
I would really like it is #1 were possible. My biggest concern with VoIP over the internet would be someone else connecting to my VoIP server and making/receiving calls and mis-representing my company.
Thanks for all your help.