[pjsip] SIP blocked countries issue. Do any bodyhavethesolution?

vivek shrivastava vivek.mics at gmail.com
Sat Aug 1 03:18:22 EDT 2009


Hello
 Any reply Please

On Fri, Jul 31, 2009 at 8:37 PM, vivek shrivastava <vivek.mics at gmail.com>wrote:

> Hello
>  I need to Use the blowfish algo for the encryption  in the symbian . had
> the Blowfish algo also .
> i am using the Pjsip 1.0.3 with the Non APS functionality .
> Where i mean in which function i can trap the call data as as before
> sending it to socket i need to grab it in buffer and apply algo
> and forwerd it.
> Please guide if any one has Done or Idea
>
> Regards
>
>
>
> On Fri, Jul 31, 2009 at 7:59 AM, Nigel Hsiung <nigelcz at hotmail.com> wrote:
>
>>
>> Hi Ravi,
>>
>> >> I will be using the ecryption like blowfish and deffie hellman key
>> >> exchange. The architecture would be like that the program would support
>> >> two modes one is server mode running on the Softswitch in my case and
>> one is
>> >> client end mode running on the softphone end in my case. The server end
>> >> program would be running as always as the server is always up and
>> waiting
>> >> for the clients to setup the tunnel using the secret key sharing using
>> >> deffie hellman algo
>>
>>
>> One way i could think of would be to use GDOI. Set up the GDOI key
>> controller. Add ur softswitch and softphone client as group members. Push
>> and pull the keys for the IPSec tunnel as u like -
>> http://en.wikipedia.org/wiki/GDOI
>>
>> I once did an analysis using GDOI (from vovida.org) to setup a secure
>> tunnel. GDOI is similar to what u mentioned above except that its design for
>> group communication (build upon IKE). It can use PSK for level 1
>> authentication. After negotiation, session level keys are exchange between 2
>> peers using diffie hellman. This session key also keeps changing to achieve
>> PFS (perfect forward secrecy). The end result is an IPSEC ESP tunnel.
>>
>> Bandwidth and latency due to encryption/decryption will be No1 cause of
>> concern not to mention the need to distribute the secret PSK and the need of
>> every client to run a gdoi client.
>>
>> best,
>> Nigel
>>
>> ------------------------------
>> From: zpbappi at gmail.com
>> Date: Thu, 30 Jul 2009 15:10:11 +0700
>> To: pjsip at lists.pjsip.org
>>
>> Subject: Re: [pjsip] SIP blocked countries issue. Do any
>> bodyhavethesolution?
>>
>> hi voip guru,
>> do you have suggestion to implement http/vpn tunneling using pjsip? please
>> tell us something about the required modification/addition to be done in
>> pjproject.
>>
>> regards,
>> zp bappi.
>>
>>
>> On Thu, Jul 30, 2009 at 6:24 AM, VOIP Guru <voicecanada at gmail.com> wrote:
>>
>> Most of the operators are using DPI or deep packet inspection
>> mechnism. Also some of them block RTP as well. TLS will not work
>> because they are also recognizable.
>> Only tested solution is HTTP tunneling. operator have to block every
>> traffic before they block HTTP.
>>
>> Good luck
>>
>> On 7/29/09, Gang Liu <gangban.lau at gmail.com> wrote:
>> > I also prefer encryption. I built h323 softphone at middle east serval
>> years
>> > ago which they all use different encryption. And as I know they still
>> work
>> > well now.But some solutions based on standard VPN failed because
>> sometimes
>> > VPN were blocked too if you have many softphone clients.
>> >
>> > regards,
>> > Gang
>> >
>> > On Sat, Jul 25, 2009 at 8:18 AM, Joegen Baclor
>> > <joegen.baclor at gmail.com>wrote:
>> >
>> >>  You got the general concept correct.  Encryption should be done
>> between
>> >> your client towards a switch that supports your proprietary encryption.
>> >> The
>> >> switch should be in a network that allows SIP to flow.  All
>> communications
>> >> to the outside internet should always traverse the switch as the first
>> >> hop.
>> >>
>> >> UA-Blocked [encrypted] -> ((Blocked Network)) -> [encrypted]
>> >> Switch-Non-Blocked [SIP]  -> ((Open-Internet)) -> Carrier
>> >>
>> >> One piece of advise.  You don’t have to use complex encryption to
>> achieve
>> >> this.  A simple XOR on RTP and SIP using a shared key would be enough.
>> >> This
>> >> would make your encryption algo light weight.
>> >>
>> >> This is getting a bit off-topic in this list.   Just send me an
>> off-list
>> >> message if you have more questions before the mailing list police kicks
>> us
>> >> out [image: Smile emoticon].
>> >>
>> >>
>> >>  *From:* varun pratapsingh <varunps2003 at gmail.com>
>> >> *Sent:* Friday, July 24, 2009 5:44 PM
>> >> *To:* pjsip list <pjsip at lists.pjsip.org>
>> >> *Subject:* Re: [pjsip] SIP blocked countries issue. Do any
>> >> bodyhavethesolution?
>> >>
>> >> Hi Joegen and Syd,
>> >>
>> >> Mr. Syd can you tell me any VPN name which would be suitable for it.
>> Can
>> >> you provide me some implementation details too. It would be a better
>> >> solution if you have already used VPN solutions in such cases and you
>> ca
>> >> guide me in the implementation.
>> >>
>> >> Mr. Joegen I got your point, according to your discussion I have an
>> >> implentation in my mind. How will it be if we use some encrypted
>> >> Tunnelling
>> >> in this. The summary of the implemantaion is as below. Please see it
>> and
>> >> do
>> >> tell me the limitations of the model if you feel beacuse then i will be
>> >> working on it. All suggestions are invited:
>> >>
>> >> I will be using the ecryption like blowfish and deffie hellman key
>> >> exchange. The architecture would be like that the program would support
>> >> two
>> >> modes one is server mode running on the Softswitch in my case and one
>> is
>> >> client end mode running on the softphone end in my case. The server end
>> >> program would be running as always as the server is always up and
>> waiting
>> >> for the clients to setup the tunnel using the secret key sharing using
>> >> deffie hellman algo then they the further communication would be agreed
>> on
>> >> some defined ports hence making the tunnel then the further
>> communication
>> >> would go through this tunnel. The packets in this tunnel are too
>> encrypted
>> >> by using the blowfish encryption. Now as we know SIP signalling is
>> through
>> >> 5060 port and RTP through 4000 port but now using our program the ports
>> >> would be changed after encryption and two new tunnels would be formed
>> one
>> >> for SIP and other for RTP by the user end and server end by using
>> deffie
>> >> hellman.
>> >>
>> >> So I think this model can be used for SIP communication without any
>> need
>> >> of
>> >> VPN overhead and SIP blocked areas would not be able to catch the type
>> of
>> >> communication.
>> >>
>> >> Please anyone who goes through this mail please if you see any loop
>> holes
>> >> in this model. Kindly let me know immediately because it would be a
>> great
>> >> help and will be appreciable.
>> >> An especially mr. Joegen and Mr Syd I expect you some special comments
>> on
>> >> this.
>> >>
>> >> So please find anu bugs and provide me any suggestion for making this
>> >> system more robust then I will provide a complete documented design and
>> >> architecture of this model to be revised again. and one day i hope we
>> will
>> >> have a god solution added to pjsip in this regard.
>> >>
>> >> Thanks and Regards:
>> >> Ravi
>> >>
>> >>
>> >> On Fri, Jul 24, 2009 at 2:07 PM, syd <cherkazoo at live.co.uk> wrote:
>> >>
>> >>>  A VPN solution would work in this case. On the plus side, is it will
>> not
>> >>> require changes on your soft switch set up, but you will need to make
>> >>> sure
>> >>> your client set up handles the VPN traffic correctly. It is widely
>> being
>> >>> used for such purposes.
>> >>>
>> >>>
>> >>>
>> >>> Syd
>> >>>
>> >>>
>> >>>
>> >>> *From:* pjsip-bounces at lists.pjsip.org [mailto:
>> >>> pjsip-bounces at lists.pjsip.org] *On Behalf Of *Joegen Baclor
>> >>> *Sent:* 24 July 2009 09:25
>> >>>
>> >>> *To:* pjsip list
>> >>> *Subject:* Re: [pjsip] SIP blocked countries issue. Do any body
>> >>> havethesolution?
>> >>>
>> >>>
>> >>>
>> >>> TLS/SRTP is not guaranteed.   Since SRTP is still RTP, it is
>> >>> distinguishable by the filters so even if you get TLS to penetrate the
>> >>> filters there is a big possibility that you won't get any audio.   You
>> >>> have
>> >>> to find a way to mangle the RTP packets in some way that they won't be
>> >>> recognized by the filters.  And so far, the only way it can be done is
>> >>> through proprietary means.
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> *From:* varun pratapsingh <varunps2003 at gmail.com>
>> >>>
>> >>> *Sent:* Friday, July 24, 2009 3:57 PM
>> >>>
>> >>> *To:* pjsip list <pjsip at lists.pjsip.org>
>> >>>
>> >>> *Subject:* Re: [pjsip] SIP blocked countries issue. Do any body
>> >>> havethesolution?
>> >>>
>> >>>
>> >>>
>> >>> Hi Joegen,
>> >>>
>> >>> So using TLS/SRTP in Pjsip will resolve the issue. Will it be a right
>> >>> choice. Can you guide me something more on this implementation. What
>> are
>> >>> the
>> >>> limitations which you have tried to point out in the your reply in
>> using
>> >>> TLS
>> >>> /SRTP.
>> >>>
>> >>> Thanks ....
>> >>>
>> >>> Regards:
>> >>> Ravi
>> >>>
>> >>>
>> >>>
>> >>>  On Fri, Jul 24, 2009 at 9:33 AM, Joegen Baclor <
>> joegen.baclor at gmail.com>
>> >>> wrote:
>> >>>
>> >>> In countries that are blocked (mostly in middle east), they are using
>> >>> deep
>> >>> penetration packet analyzers for both SIP and RTP.  So changing the
>> ports
>> >>> wont usually work.  You might get away with a TLS/SRTP combo but this
>> is
>> >>> an
>> >>> end to end requirement limiting the softphone to only work with
>> providers
>> >>> that support both.   Another option would be to install SBC's with
>> >>> proprietary encryption support within the blocked country and in
>> another
>> >>> location where SIP is allowed.   This would hide SIP and RTP from the
>> >>> filters.  OpenSBC for example works with grandstream proprietary CBCom
>> >>> encryption and is tested to bypass these types of blockage.
>> >>>
>> >>> Joegen
>> >>>
>> >>> --------------------------------------------------
>> >>> From: "Paulo Rogério Panhoto" <paulo at voicetechnology.com.br>
>> >>> Sent: Thursday, July 23, 2009 10:57 PM
>> >>> To: "pjsip list" <pjsip at lists.pjsip.org>
>> >>> Subject: Re: [pjsip] SIP blocked countries issue. Do any body have
>> >>> thesolution?
>> >>>
>> >>>
>> >>>
>> >>> Hello Ravi,
>> >>>
>> >>>   I guess someone might have asked this before: is SIPS also blocked?
>> >>>
>> >>> varun pratapsingh wrote:
>> >>>
>> >>> Hi All,
>> >>>
>> >>> In some countries SIP is blocked means our softphones are not working.
>> Is
>> >>> there any way which can be used to reslove this issue. some peoples
>> are
>> >>> suggesting VPNs but can,t it be like if we do some encryption of our
>> SIP
>> >>> traffic.
>> >>>
>> >>> Please if any body can give  a real solution then it would be a great
>> >>> help.
>> >>>
>> >>>
>> >>> Regards:
>> >>> Ravi
>> >>>
>> ------------------------------------------------------------------------
>> >>>
>> >>> _______________________________________________
>> >>> Visit our blog: http://blog.pjsip.org
>> >>>
>> >>> pjsip mailing list
>> >>> pjsip at lists.pjsip.org
>> >>> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> Visit our blog: http://blog.pjsip.org
>> >>>
>> >>> pjsip mailing list
>> >>> pjsip at lists.pjsip.org
>> >>> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> Visit our blog: http://blog.pjsip.org
>> >>>
>> >>> pjsip mailing list
>> >>> pjsip at lists.pjsip.org
>> >>> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>> >>>
>> >>>
>> >>>
>> >>>  ------------------------------
>> >>>
>> >>> _______________________________________________
>> >>> Visit our blog: http://blog.pjsip.org
>> >>>
>> >>> pjsip mailing list
>> >>> pjsip at lists.pjsip.org
>> >>> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>> >>>
>> >>> _______________________________________________
>> >>> Visit our blog: http://blog.pjsip.org
>> >>>
>> >>> pjsip mailing list
>> >>> pjsip at lists.pjsip.org
>> >>> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>> >>>
>> >>>
>> >>  ------------------------------
>> >>
>> >> _______________________________________________
>> >> Visit our blog: http://blog.pjsip.org
>> >>
>> >> pjsip mailing list
>> >> pjsip at lists.pjsip.org
>> >> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>> >>
>> >> _______________________________________________
>> >> Visit our blog: http://blog.pjsip.org
>> >>
>> >> pjsip mailing list
>> >> pjsip at lists.pjsip.org
>> >> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>> >>
>> >>
>> >
>>
>> _______________________________________________
>> Visit our blog: http://blog.pjsip.org
>>
>> pjsip mailing list
>> pjsip at lists.pjsip.org
>> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>>
>>
>>
>> ------------------------------
>> See all the ways you can stay connected to friends and family<http://www.microsoft.com/windows/windowslive/default.aspx>
>>
>> _______________________________________________
>> Visit our blog: http://blog.pjsip.org
>>
>> pjsip mailing list
>> pjsip at lists.pjsip.org
>> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pjsip.org/pipermail/pjsip_lists.pjsip.org/attachments/20090801/315b1994/attachment.html>


More information about the pjsip mailing list