SRTP and Asterisk


#1

Hi

I’ve a question, is there anyone who got srtp support into asterisk? I’m looking at this topic and found libSRTP which could be practical? Anyone tried this? Or an other approach?

Comments are very welcome.

chris…


#2

Great question. I’m eager to see if anyone has done Asterisk with SRTP.

Or, anyone had luck using RTP over open-source software-based VPNs?


#3

Hi,

*hmmm looks nobody thougt about SRTP? Think this would be a great security feature in Asterisk. Cause everywere security is an important issue except in Asterisk?
I’m sorry, i’m not an developer, so I can’t bring SRTP support into Asterisk.

Until now I know a hardphone, snom 320, and a softphone, minisip, which support srtp. If Asterisk would support it, probably more phones would support it.

KeX


#4

bugs.digium.com/view.php?id=5413

0005413: [patch][post 1-2] Secure RTP (SRTP)
Description This patch adds initial support for secure RTP using libsrt[1]. It can
be used in for example an implementation of the sdecriptions draft[2].

[1] srtp.sourceforge.net/srtp.html [^]
[2] ietf.org/internet-drafts/dra … ons-12.txt [^]

It seems there is now active developement in implementing the use of libSRTP into asterix.

I mentioned it here too:
sourceforge.net/forum/forum.php … _id=120874

regards

Gerhard Gaussling


#5

[quote=“KeX”]Hi,

*hmmm looks nobody thougt about SRTP? Think this would be a great security feature in Asterisk. Cause everywere security is an important issue except in Asterisk?
I’m sorry, i’m not an developer, so I can’t bring SRTP support into Asterisk.

Until now I know a hardphone, snom 320, and a softphone, minisip, which support srtp. If Asterisk would support it, probably more phones would support it.

KeX[/quote]
There are also snom 190, snom 360 and maybe several other sipPhones by snom, and I found the sipura spa-841:
myphonecall.co.uk/voip/iptel … phone.aspx

Also at your interest could be this essay:
How Secure Is VoIP?
BY Ahmar Ghaffar
tmcnet.com/voip/1104/FeatureSecurity.htm

and this flash movie which shows how easy it is to sniff a sip session:
irongeek.com/i.php?page=videos/cainvoip1

also see this site for an overview:
voip-info.org/wiki/view/Asterisk+encryption
mundy.org/blog/index.php?p=72
thread.gmane.org/gmane.comp.tele … evel/14717
in German:
heise.de/newsticker/meldung/65312
heise.de/security/artikel/65321

regards

Gerhard


#6

Hallo floggy

Thanks for your answers. Just looked at the patch. Looks nice. Just tried it out and patched my asterisk source. But when I start asterisk with asterisk -vvvvvvvvc I get an err : /

[res_srtp.so] => (Secure RTP (SRTP)) Warning, flexibel rate not heavily tested! Speicherzugriffsfehler Ouch ... error while writing audio data: : Broken pipe Warning, flexibel rate not heavily tested!

Have u got any idea what that could be? (srtp is installed)
Have u tried out the srtp patch?

chris…


#7

No, I’m not the right person to help you with that patch.
I only run into that by deciding which DSL/VoIP Provider/software/hardware I should use. I even got no Broadband yet.

I suggest to discuss that as a bug report with the developer. I think the developer rely on feedback! So go for it.

[quote]Speicherzugriffsfehler
Ouch … error while writing audio data: : Broken pipe [/quote]
It seems to me that there is a permission problem in your config…
But, I’m not a programmer.

Sorry

Please, report your experience! I should be not the only one who is curious in SRTP used in asterix!

Gerhard


#8

i’m a newbie @ asterisk and look into implementing it in a SMB. For us, needless to say, privacy (i.e. encryption) is a must. Now, it seems that encrypting VOIP traffic is still on the wishlist…

can SRTP truly encrypt (any) voip traffic? If so, must it be complient with a specific voip provider? How can this traffic be “de-encrypted” when hitting the pstn network?

thanks for any help on this topic…

ps: didnt phil zimmermann wasnt going to develop the “z-phone”, a pgp implementation for voip? no news ever since the annoincement…