Dear All Can I create pjsip VPN connection for symbian phones? Regards Saed From: syd [mailto:cherkazoo@xxxxxxxxxx] Sent: Friday, July 24, 2009 10:43 PM To: 'pjsip list' Subject: Re: SIP blocked countries issue. Do any body havethesolution? Hi Varun, A simple approach would be using PPTP if your clients are windows based. You can then create the VPN entries and dial VPN connection using win32 api. You need to create the connection in a way that Remote Gateway is not used by default so that on your VPN router you can block anything but your sip servers and termination IP addresses. If you set VPN connection not to use the default gateway on remote, you will also need win32 api to alter the routes on client so that VoIP traffic will go through VPN and everything else will go through local internet connection. This way all you need to do is install either a Cisco router on your server side or a software based VPN solution and the rest will work without changing your server set up. Regards Syd From: pjsip-bounces@xxxxxxxxxxxxxxx [mailto:pjsip-bounces at lists.pjsip.org] On Behalf Of varun pratapsingh Sent: 24 July 2009 10:44 To: pjsip list Subject: Re: SIP blocked countries issue. Do any body havethesolution? Hi Joegen and Syd, Mr. Syd can you tell me any VPN name which would be suitable for it. Can you provide me some implementation details too. It would be a better solution if you have already used VPN solutions in such cases and you ca guide me in the implementation. Mr. Joegen I got your point, according to your discussion I have an implentation in my mind. How will it be if we use some encrypted Tunnelling in this. The summary of the implemantaion is as below. Please see it and do tell me the limitations of the model if you feel beacuse then i will be working on it. All suggestions are invited: I will be using the ecryption like blowfish and deffie hellman key exchange. The architecture would be like that the program would support two modes one is server mode running on the Softswitch in my case and one is client end mode running on the softphone end in my case. The server end program would be running as always as the server is always up and waiting for the clients to setup the tunnel using the secret key sharing using deffie hellman algo then they the further communication would be agreed on some defined ports hence making the tunnel then the further communication would go through this tunnel. The packets in this tunnel are too encrypted by using the blowfish encryption. Now as we know SIP signalling is through 5060 port and RTP through 4000 port but now using our program the ports would be changed after encryption and two new tunnels would be formed one for SIP and other for RTP by the user end and server end by using deffie hellman. So I think this model can be used for SIP communication without any need of VPN overhead and SIP blocked areas would not be able to catch the type of communication. Please anyone who goes through this mail please if you see any loop holes in this model. Kindly let me know immediately because it would be a great help and will be appreciable. An especially mr. Joegen and Mr Syd I expect you some special comments on this. So please find anu bugs and provide me any suggestion for making this system more robust then I will provide a complete documented design and architecture of this model to be revised again. and one day i hope we will have a god solution added to pjsip in this regard. Thanks and Regards: Ravi On Fri, Jul 24, 2009 at 2:07 PM, syd <cherkazoo at live.co.uk> wrote: A VPN solution would work in this case. On the plus side, is it will not require changes on your soft switch set up, but you will need to make sure your client set up handles the VPN traffic correctly. It is widely being used for such purposes. Syd From: pjsip-bounces@xxxxxxxxxxxxxxx [mailto:pjsip-bounces at lists.pjsip.org] On Behalf Of Joegen Baclor Sent: 24 July 2009 09:25 To: pjsip list Subject: Re: SIP blocked countries issue. Do any body havethesolution? TLS/SRTP is not guaranteed. Since SRTP is still RTP, it is distinguishable by the filters so even if you get TLS to penetrate the filters there is a big possibility that you won't get any audio. You have to find a way to mangle the RTP packets in some way that they won't be recognized by the filters. And so far, the only way it can be done is through proprietary means. From: varun <mailto:varunps2003@xxxxxxxxx> pratapsingh Sent: Friday, July 24, 2009 3:57 PM To: pjsip <mailto:pjsip at lists.pjsip.org> list Subject: Re: SIP blocked countries issue. Do any body havethesolution? Hi Joegen, So using TLS/SRTP in Pjsip will resolve the issue. Will it be a right choice. Can you guide me something more on this implementation. What are the limitations which you have tried to point out in the your reply in using TLS /SRTP. Thanks .... Regards: Ravi On Fri, Jul 24, 2009 at 9:33 AM, Joegen Baclor <joegen.baclor at gmail.com> wrote: In countries that are blocked (mostly in middle east), they are using deep penetration packet analyzers for both SIP and RTP. So changing the ports wont usually work. You might get away with a TLS/SRTP combo but this is an end to end requirement limiting the softphone to only work with providers that support both. Another option would be to install SBC's with proprietary encryption support within the blocked country and in another location where SIP is allowed. This would hide SIP and RTP from the filters. OpenSBC for example works with grandstream proprietary CBCom encryption and is tested to bypass these types of blockage. Joegen -------------------------------------------------- From: "Paulo Rog?rio Panhoto" <paulo@xxxxxxxxxxxxxxxxxxxxxx> Sent: Thursday, July 23, 2009 10:57 PM To: "pjsip list" <pjsip at lists.pjsip.org> Subject: Re: SIP blocked countries issue. Do any body have thesolution? Hello Ravi, I guess someone might have asked this before: is SIPS also blocked? varun pratapsingh wrote: Hi All, In some countries SIP is blocked means our softphones are not working. Is there any way which can be used to reslove this issue. some peoples are suggesting VPNs but can,t it be like if we do some encryption of our SIP traffic. Please if any body can give a real solution then it would be a great help. Regards: Ravi ------------------------------------------------------------------------ _______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip at lists.pjsip.org http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org _______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip at lists.pjsip.org http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org _______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip at lists.pjsip.org http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org _____ _______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip at lists.pjsip.org http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org _______________________________________________ Visit our blog: http://blog.pjsip.org pjsip mailing list pjsip at lists.pjsip.org http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20090725/7908fb99/attachment-0001.html>
