Hi, lately I'm getting a lot of questions how GnuGk can help to encrypt communications. So here is a quick explanation how to configure GnuGk as an encryption proxy to ensure that more or all outgoing calls are encrypted, whether your endpoint support encryption themselves or not. First, enable "half call media" which means GnuGk will add encryption if only one side of the call supports encryption. This will enable encryption for those of your endpoints that might not support encryption by themselves. You can also set if you want 128 or 256 bit AES. (Check "h235media=1" in the startup message to make sure your GnuGk has the encryption features enabled.) [RoutedMode] EnableH235HalfCallMedia=1 H235HalfCallMediaStrength=256 To make sure no call goes through without encryption, you can set [RoutedMode] RequireH235HalfCallMedia=1 When you have this switch on, calls without encryption will be aborted. Finally, you can take precautions that its always the "outside" connection that gets encryption added. The GnuGk feature is "half call media" and you have to make sure its not only the internal half of the call that gets encrypted. Thus you can remove the encryption from all endpoint on your internal network and with the above settings GnuGk will add encryption to all outgoing calls. [RoutedMode] RemoveH235Call=192.168.1.0/24, 10.0.1.0/32 See secion 5.1 in the manual for more details on these settings. http://www.gnugk.org/gnugk-manual-5.html#ss5.1 This should do for now, but there is room for future improvement: One important step would be encryption of signalling and H.245 channels and the use of certificates to avoid man-in-the middle attacks. Also, right now only audio and video is encrypted, we might want to extend that to H.239 and data channels. So beware of these limitations. Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@xxxxxxxxxxxxxx Website: http://www.gnugk.org Support: http://www.willamowius.com/gnugk-support.html ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
