[jitsi-dev] Questions about integrating openvpn and secure conference calling


#1

Hello all,

I want to provide functionality for encrypted conference calling. I
imagined doing this with openvpn for the network encryption and asterisk
for the sip and meetme functionality. I have alpha web based tools for
aiding account and room creation, and imagined a simple way to present
documentation for users to set up their clients.

Last night I realized that this was going to be all too much for most
users, and someone suggested to me bundling all of this functionality
into a client. I see that there is a java based openvpn client called
Oast (http://sourceforge.net/projects/oast/) and I see that Jitsi makes
use of the OSGi Framework.

Is this a rediculous idea to try and integrate openvpn support into
Jitsi? Am I re-inventing the wheel with the openvpn/asterisk
implementation to provide encrypted voice and conference calling?

Sincerely,
Dennison


#2

Hey Dennison,

Hello all,

I want to provide functionality for encrypted conference calling. I
imagined doing this with openvpn for the network encryption and asterisk
for the sip and meetme functionality. I have alpha web based tools for
aiding account and room creation, and imagined a simple way to present
documentation for users to set up their clients.

Last night I realized that this was going to be all too much for most
users, and someone suggested to me bundling all of this functionality
into a client. I see that there is a java based openvpn client called
Oast (http://sourceforge.net/projects/oast/) and I see that Jitsi makes
use of the OSGi Framework.

Is this a rediculous idea to try and integrate openvpn support into
Jitsi? Am I re-inventing the wheel with the openvpn/asterisk
implementation to provide encrypted voice and conference calling?

It is certainly not ridiculous but probably not the most efficient way
of achieving this either.

Jitsi already implements end-to-end encryption for one-to-one calls and
for conferences that it hosts. This would probably be enough of a
solution for many users and it wouldn't put any dependencies on the server.

In case you definitely want the call to go through asterisk then you'd
better use SRTP with SDES (which Asterisk supports) and TLS for the SIP
signalling. This would give you exactly the same protection as VPN but
you won't need to bother with a VPN (and neither would you need to
suffer its performance penalty).

Also, FWIW, we will soon be adding support for encryption with Jitsi
videobridge (likely to start with SDES and ZRTP trusted MITM).

Hope this helps,
Emil

ยทยทยท

On 17.03.13, 11:45, Dennison Williams wrote:
--
https://jitsi.org