Asterisk and Linux to Build Secure VoIP Connection

Beave writes "Using Linux and the Asterisk PBX, it is possible to build a secure, cost effective VoIP (and traditional PSTN) PBX solutions. This article shows you how to take advantage of various hardware, software and tricks to accomplish this goal within a limited budget."

Useful Asterisk Resources

[TheMysteriousFuture]

Useful Asterisk Links:

The Asterisk Wiki
Note: the wiki search is useless. Search with google instead, use "searchterm site:voip-info.org" (without quotes).

The Asterisk Documentation Project

The Asterisk Mailing Lists
Note: to search the lists use google again. "searchterm site:lists.digium.com" (without quotes)" in google.

the #asterisk chat room on irc.freenode.org. Drop by and say hello.
Note that due to problems with massive spambot attacks regisitration is required to join the channel. Simply type
/msg nickserv register mypassword
/join #asterisk

The next time you join you will need to type
/msg nickserv identify mypassword

Re:Shows you how?

[Tony+Hoyle]

It's possible, but the available wireless VOIP handsets are 11b only and don't support WPA (both are showstoppers for me).

In the future I'm sure they'll become available.

I use my asterisk server to record incoming/outgoing numbers (the local telco wants paying for this service, although I have to pay them anyway for the callerid so I'm not sure I'm saving much), and to route calls over the cheapest provider (always analogue, as VOIP providers in this country are still 2-3 times more expensive than analogue ones) - which has saved me a fortune.

Re:A view from the industry

[LittleLebowskiUrbanA]

" the simplicity of the interfaces found on proprietary systems"

Apparently you've never used Avaya IP Office. I YEARN for the simplicity of text files. 3 freaking different GUIs to manage it and they're interconnected but you have to change things using at least 2 of them in many places.

Security wasn't part of Asterisk - it was OpenVPN

[billstewart]

The article said that they did't get their security from Asterisk itself - they added it on by using OpenVPN to build encrypted UDP tunnels and push the Asterisk IAX protocol through them. (No apparent detail on how to configure it.) Some of the Asterisk mailing lists talk about adding encryption to the transport protocols, but as near as I can tell from a few Google hits, that's really all a Wishlist for Somebody Else to implement rather than part of the core protocols.

That's really too bad - encrypting VOIP causes extemely annoying overhead problems, because the voice data packets are really small (they're not very big before compressing them, and then they're even smaller), so the minimum overhead for just doing the RTP+UDP+IP headers is several times the size of the voice traffic they carry, and IPSEC adds another two layers of headers, or SSL adds about three, and pretty soon that cute little elegant 8kbps compressed voice stream is looking like 40-80kbps and won't fit on your modem. SIP can use the SRTP protocol as a modification of RTP, so to the extent that anybody implements it, it's basically doing then encryption along with a layer you needed anyway, so it doesn't add much overhead. IAX doesn't appear to have this (which is especially frustrating because the IAX2 trunking protocol makes multiple simultaneous connections much more efficient, though I suppose if you've already done that, the extra overhead of IPSEC or OpenVPN may not bother you as much.)