Results 1 to 6 of 6

Thread: Local SRTP with insecure ITSP

  1. #1

    Default Local SRTP with insecure ITSP

    We are required to encrypt our VoIP traffic where it travels over the internet which we have currently achieved via a VPN from our office to our ITSP (This is due to the lack of SRTP providers).

    We are now looking at the possibility of remote workers and are trying to implement SRTP and SIPs in order to accomplish encryption of remote workers voip data from where they are to the quadro in our office. We are using a Quadro 2xi and Snom 300 handsets.

    We have enabled SRTP and SIPs between the Snom extensions by enabling SRTP on the snoms and changing the codec option "SRTP Policy" to "Make and accept only secure calls". This is fine until an external call is made from one of the snoms at which point we get an audio message "IP Connection cannot be established". If we change "SRTP Policy" to "Try to establish secure calls, accept anything" then we can make calls externally but a wireshark inspection shows that the RTP payload is not encrypted.

    We assume this is because our ITSP does not support SIPs or SRTP.

    The situation we want to arrive at is that calls are encrypted with SRTP and SIPs from the snom extensions to the quadro 2xi, at which point they are decrypted and continue to our ITSP via plain text SIP and RTP (this will be encrypted by the VPN). Our outbound calls are routed out bya rule in the call routing table.

    Is there a way to set the SRTP options for the outbound rule? Or perhaps another set of options this? Is this situation even possible on the quadro?

  2. #2

    Default

    Quote Originally Posted by crduklimited View Post
    We are required to encrypt our VoIP traffic where it travels over the internet which we have currently achieved via a VPN from our office to our ITSP (This is due to the lack of SRTP providers).

    We are now looking at the possibility of remote workers and are trying to implement SRTP and SIPs in order to accomplish encryption of remote workers voip data from where they are to the quadro in our office. We are using a Quadro 2xi and Snom 300 handsets.

    We have enabled SRTP and SIPs between the Snom extensions by enabling SRTP on the snoms and changing the codec option "SRTP Policy" to "Make and accept only secure calls". This is fine until an external call is made from one of the snoms at which point we get an audio message "IP Connection cannot be established". If we change "SRTP Policy" to "Try to establish secure calls, accept anything" then we can make calls externally but a wireshark inspection shows that the RTP payload is not encrypted.

    We assume this is because our ITSP does not support SIPs or SRTP.

    The situation we want to arrive at is that calls are encrypted with SRTP and SIPs from the snom extensions to the quadro 2xi, at which point they are decrypted and continue to our ITSP via plain text SIP and RTP (this will be encrypted by the VPN). Our outbound calls are routed out bya rule in the call routing table.

    Is there a way to set the SRTP options for the outbound rule? Or perhaps another set of options this? Is this situation even possible on the quadro?

    Get a Router that supports VPN IPSEC tunnels - billion have the 7404v/g nox and others - that allow up to 16 VPN tunnels - surely that would sate the encryption count on the remote users whilst allowing your ITSP encrypting the traffic between the quadro and the outside world.

    The Quadro Wan is secure isnt it?

    Kevin

  3. #3

    Default

    A VPN tunnel to each of the remote workers is an option but we are hoping to avoid the added complexity and expenditure that that solution would bring by using the built in encryption mechanisms (SIPs and SRTP) between quadro and snoms.

  4. #4

    Default

    Quote Originally Posted by crduklimited View Post
    A VPN tunnel to each of the remote workers is an option but we are hoping to avoid the added complexity and expenditure that that solution would bring by using the built in encryption mechanisms (SIPs and SRTP) between quadro and snoms.
    I understand that matey, but it might be the only option available that can offer the IPSEC that is needed to start now.

    Kev

  5. #5

    Default

    Ok thanks for the info.

    So are we sure there is no way to have a call from a snom extension to an ITSP, which is encrypted with SRTP/SIPs from the snom to the quadro, and then unencrypted from the quadro to the ITSP?

  6. #6

    Default

    No, it is not possible. The negotiation of the transport security takes place between endpoints (SNOM and ITSP in your case) and Quadro chooses the mode supported by both endpoints. Quadro is encrypting/decrypting the voice only when it sends/receives the voice on telephony interface (FXO, FXS, ISDN BRI, E1/T1).

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. SRTP
    By Stephan Zeller in forum General Discussions
    Replies: 6
    Last Post: 07-22-2010, 01:28 PM
  2. external and local call handling
    By peterd in forum General Discussions
    Replies: 2
    Last Post: 11-19-2009, 01:31 PM
  3. Upload Local AAA Table
    By etredoux in forum 'How Do I' Questions
    Replies: 3
    Last Post: 12-11-2008, 03:48 PM
  4. SRTP already implemented?
    By damovo in forum General Discussions
    Replies: 1
    Last Post: 04-11-2007, 11:39 PM
  5. SRTP & TLS
    By threebit in forum General Discussions
    Replies: 1
    Last Post: 12-20-2006, 07:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •