[Devel] best solution to masquerade sip message

Raymond Chen rchen at broadz.com
Tue Apr 11 16:30:49 CEST 2006 

Hi Klaus, 

tested TLS transport with client.  But that didn't hide the protocol as 
the way we want.  from the tcp header, we still see SIP/2.0 as SIP 
protocol.   TLS only encrypts the URI and port of from header.  Is there 
any other solution to completely hide the SIP protocol being detected.


|INVITE sip:+15209204015 at 64.102.254.147:5060;user=phone
SIP/2.0
Record-Route:
<sip:+15209204015 at 64.102.254.146:5060;user=phone;maddr=64.102.254.146>
Via SIP/2.0/UDP 
64.102.254.146:5060;branch=4708f6b8-16a78dd4-f3d5e768-aa17128a-1
Via SIP/2.0/UDP 207.68.169.181;branch=393E1BB3, SIP/2.0/TLS 
64.102.254.150:2402;received-port=2402
|Record-Route: 
<sip:+15209204015 at ciscoNc.sipProxy.vdn.pilport.com:5060;user=phone;maddr=207.68.169.181>;
tag=729CC26274322D2EB8C120684CB7557C
Proxy-Authorization: basic MDAwMzNmZmY4MDM5Yjg5ZDou|
From: "00033fff8039b89d" 
<sip00033fff8039b89d at sipProxy.vdn.pilport.com443>;tag=c7ee8263-4337-48b7-8ffe-d8a7e3f447cc 

To:
<sip:+15209204015 at ciscoNc.sipProxy.vdn.pilport.com;user=phone>
Call-ID: 62e28ba0-12fb-4b7a-8402-2b64a76c11af at 64.102.254.150
CSeq: 2 INVITE
Contact: <sip:64.102.254.1502402;|transport=tls>|
User-Agent: Windows RTC/1.0
Content-Type: application/sdp
Content-Length: 464


|thanks

Ray

Raymond Chen wrote:
> Klaus Darilion wrote:
>> Raymond Chen wrote:
>>> hi Klaus,
>>>
>>> is there a native vpn solution to openser? I see TLS is supported in 
>>> server to server scenario. can we implement client tls solution 
>>> without making change to openser?
>>
>>
>> TLS can be used for server-server and client-server connections. It's 
>> not heavily used (thus not heavily tested) but theoretically it 
>> should work. Maybe there can be some issues with TLS and client 
>> behind NAT (keep alive ...) which may occur. But once the issues are 
>> detected and you can give exact problem description I'm sure we can 
>> fix it.
>>
>> regards
>> klaus
>>
>>
>>
> thanks, klaus.   I am going to try minisip client first to see if I 
> can make it work simply by configuration.  let you know when I am done.
>
> thanks
>
> Ray
>
>
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
>
>
>

-- 
-------------- next part --------------
Skipped content of type multipart/related

More information about the Devel mailing list