Hi All,
I need one IPSec supported opensource SIP server for testing my sip client endpoint.Could you please tell me which SIP server supporting IPSec ?
Thanks in advance.
Thanks Priyaranjan
Hello,
an ipsec tunnel appears as an network interface, therefore a lower layer than a SIP server deals with. As soon as you get the ipsec tunnel running, kamailio can be started and receive traffic on it. Nothing else special needed for kamailio.
Also, you can run kamailio on a single interface and instruct kernel to do packet forwarding from many tunnels to it.
Cheers, Daniel
On 01/06/15 11:21, Priyaranjan Nayak wrote:
Hi All,
I need one IPSec supported opensource SIP server for testing my sip client endpoint.Could you please tell me which SIP server supporting IPSec ?
Thanks in advance.
Thanks Priyaranjan
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi!
I think he refers to IMS where IPsec is used dynamically. With the first REGISTER the client and the server exchange data which can be used (together with the password) to calculate the IPsec security associations. Then the client and the SIP server communicate with the OS to setup the IPsec session. All following SIP requests will then be sent via IPsec (automatically encrypted and decrypted by the OS if the IPsec SAs match).
Further, Linux (unfortunately) does not use tunnel interfaces for IPsec anymore.
regards Klaus
Am 02.06.2015 um 12:15 schrieb Daniel-Constantin Mierla:
Hello,
an ipsec tunnel appears as an network interface, therefore a lower layer than a SIP server deals with. As soon as you get the ipsec tunnel running, kamailio can be started and receive traffic on it. Nothing else special needed for kamailio.
Also, you can run kamailio on a single interface and instruct kernel to do packet forwarding from many tunnels to it.
Cheers, Daniel
On 01/06/15 11:21, Priyaranjan Nayak wrote:
Hi All,
I need one IPSec supported opensource SIP server for testing my sip client endpoint.Could you please tell me which SIP server supporting IPSec ?
Thanks in advance.
Thanks Priyaranjan
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla http://twitter.com/#!/miconda -http://www.linkedin.com/in/miconda Kamailio World Conference, May 27-29, 2015 Berlin, Germany -http://www.kamailioworld.com
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Subject: [SR-Users] IPSec supporting open source SIP Server Date: Mon, Jun 01, 2015 at 02:51:00PM +0530 Quoting Priyaranjan Nayak (priyaranjan4169@gmail.com):
Hi All,
I need one IPSec supported opensource SIP server for testing my sip client endpoint.Could you please tell me which SIP server supporting IPSec ?
It is not the server but the operating system that handles the ipsec support. As Daniel wrote down-thread you can run an IPsec VPN endpoint on your server, or you can run ipsec in host-to-host mode.
I run some replication connections protected by ipsec in host-to-host mode in my Kamailio environment, and it simply works from the application point of view. . In the ipsec policy setup I've defined that all traffic to a given host must be protected by AH / ESP and that goes for traffic to that host as well.
Once this is in place, the IP stack will take the packets from the applications that match those rules and encapsulate them before they hit the wire, and also check that all packet from those hosts are correspondingly treated.
The net result is that most if not all sensible applications will support ipsec once they are on a operating system that does do ipsec.
For finding phones / terminals / devices that support ipsec, I assume that you will have to look a bit harder, but there are indications of openvpn support in snom phones, among others. Now, OpenVPN is not ipsec, it is a SSL tunnel, but given the pathetic state of the "broadband" that sometimes is the best one can achieve.
We recently implemented strongswan project which supports ipsec.
https://www.strongswan.org/ On Jun 2, 2015 6:59 AM, "Måns Nilsson" mansaxel@besserwisser.org wrote:
Subject: [SR-Users] IPSec supporting open source SIP Server Date: Mon, Jun 01, 2015 at 02:51:00PM +0530 Quoting Priyaranjan Nayak ( priyaranjan4169@gmail.com):
Hi All,
I need one IPSec supported opensource SIP server for testing my sip
client
endpoint.Could you please tell me which SIP server supporting IPSec ?
It is not the server but the operating system that handles the ipsec support. As Daniel wrote down-thread you can run an IPsec VPN endpoint on your server, or you can run ipsec in host-to-host mode.
I run some replication connections protected by ipsec in host-to-host mode in my Kamailio environment, and it simply works from the application point of view. . In the ipsec policy setup I've defined that all traffic to a given host must be protected by AH / ESP and that goes for traffic to that host as well.
Once this is in place, the IP stack will take the packets from the applications that match those rules and encapsulate them before they hit the wire, and also check that all packet from those hosts are correspondingly treated.
The net result is that most if not all sensible applications will support ipsec once they are on a operating system that does do ipsec.
For finding phones / terminals / devices that support ipsec, I assume that you will have to look a bit harder, but there are indications of openvpn support in snom phones, among others. Now, OpenVPN is not ipsec, it is a SSL tunnel, but given the pathetic state of the "broadband" that sometimes is the best one can achieve.
-- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 Hello, GORRY-O!! I'm a GENIUS from HARVARD!!
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel-Constantin Mierla -
Gonzalo Gasca Meza -
Klaus Darilion -
Måns Nilsson -
Priyaranjan Nayak