Hello,
I need to build a VoIP system who receives SIP and RTP traffic in a public IP and encrypt both of them with TLS and SRTP respectively. The main point is to have security inside of the local network (I know it may sound unuseful).
So, I was trying to build the whole system in Kamailio but I got stucked with the RTP to SRTP bridge and I do not really know how to do it. I know that there are some modules like rtpproxy-ng and rtpengine as media relay that can handle SRTP... any ideas? I just want to make sure that I am in the right way.
If it could be done in Kamailio, have I to write the code to encrypt RTP, like the algorithm or something?
Would it be convenient to send the RTP packets to Asterisk? (and Asterisk would somehow encrypt them?)
I am pretty new with all of this, any help will be apreciate, thank you.
Hi,
you are on the right track. Mediaproxy-ng/rtpengine does the conversion of SDP profiles for you, so basically, you will only need to flag the call with the right parameters and rtpengine will do the rest.
Check out the webrtc example that comes with Kamailio, or my example [1]. You can use this as a starting point to understand how rptengine does the translations.
And in regards of TLS, check out the tls module documentation, but in summary, you can choose to encrypt communication in one socket, and maintain clear UDP/TCP in another. Kamailio will handle the routing among the two.
[1] https://github.com/caruizdiaz/kamailio-ws
Regards, Carlos
On Thu, Jun 26, 2014 at 3:35 AM, Dani Kamailio dani.kamailio@gmail.com wrote:
Hello,
I need to build a VoIP system who receives SIP and RTP traffic in a public IP and encrypt both of them with TLS and SRTP respectively. The main point is to have security inside of the local network (I know it may sound unuseful).
So, I was trying to build the whole system in Kamailio but I got stucked with the RTP to SRTP bridge and I do not really know how to do it. I know that there are some modules like rtpproxy-ng and rtpengine as media relay that can handle SRTP... any ideas? I just want to make sure that I am in the right way.
If it could be done in Kamailio, have I to write the code to encrypt RTP, like the algorithm or something?
Would it be convenient to send the RTP packets to Asterisk? (and Asterisk would somehow encrypt them?)
I am pretty new with all of this, any help will be apreciate, thank you.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Thank you Carlos, I was taking a look of you work and it is really interesting. I was trying to somehow apply the conversion that you did with Websockets on my conversion/encryption but I haven't reached into the solution.
I was able to install Kamilio with the rtpproxy-ng module and rtpengine as media relay. Also I was able to do the TLS encryption.
But when I set the flags for rtpengine, I can just set the whole media as SRTP or RTP. I am not able to do one side in SRTP and the other with RTP. (I wanted Kamailio with rtpengine to encrypt calls).
Is that conversion able with some configuration of flags? Which documentation could help me to understand how to do this process?
If someone has any clue... Thank you in advance.
Regards, Daniel.
2014-06-26 15:59 GMT+02:00 Carlos Ruiz Díaz carlos.ruizdiaz@gmail.com:
Hi,
you are on the right track. Mediaproxy-ng/rtpengine does the conversion of SDP profiles for you, so basically, you will only need to flag the call with the right parameters and rtpengine will do the rest.
Check out the webrtc example that comes with Kamailio, or my example [1]. You can use this as a starting point to understand how rptengine does the translations.
And in regards of TLS, check out the tls module documentation, but in summary, you can choose to encrypt communication in one socket, and maintain clear UDP/TCP in another. Kamailio will handle the routing among the two.
[1] https://github.com/caruizdiaz/kamailio-ws
Regards, Carlos
On Thu, Jun 26, 2014 at 3:35 AM, Dani Kamailio dani.kamailio@gmail.com wrote:
Hello,
I need to build a VoIP system who receives SIP and RTP traffic in a public IP and encrypt both of them with TLS and SRTP respectively. The main point is to have security inside of the local network (I know it may sound unuseful).
So, I was trying to build the whole system in Kamailio but I got stucked with the RTP to SRTP bridge and I do not really know how to do it. I know that there are some modules like rtpproxy-ng and rtpengine as media relay that can handle SRTP... any ideas? I just want to make sure that I am in the right way.
If it could be done in Kamailio, have I to write the code to encrypt RTP, like the algorithm or something?
Would it be convenient to send the RTP packets to Asterisk? (and Asterisk would somehow encrypt them?)
I am pretty new with all of this, any help will be apreciate, thank you.
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Carlos http://caruizdiaz.com http://ngvoice.com +52 55 3048 3303
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-
Carlos Ruiz Díaz -
Dani Kamailio