Grandstream GXP2000 and OBi100

<< < (5/6) > >>

Brian01:
Is there any way to add some security to this?

I wanted to use the Obi110 to call out on Google Voice from an Android Gingerbread phone using the native SIP stack.  (not the obion app)  The instructions here worked just fine.

However, if I have ports 5060-5061 open to the internet, then anyone can use my obi to call out if they can discover the username.

Is there any way to add authentication?  Is the username passed in the open?

Stewart:
Quote

Is there any way to add authentication?  Is the username passed in the open?
I don't believe there is any way to make this really secure.

You can get pretty good protection from random attacks by using an obscure port (not 5060 or 5061) and a long pseudo-random user name.  However, that won't protect you from someone who can capture your traffic (unlikely over 3G, but certainly possible over open or WEP Wi-Fi).

If you are using this for domestic calling, you could set up the OBi to permit only specific area codes when bridging.  If calling internationally, GV rates are not very aggressive -- I'd just use a regular SIP provider instead.

Dale:
Quote from: Brian01 on October 08, 2011, 04:04:35 pm

Is there any way to add some security to this?

I wanted to use the Obi110 to call out on Google Voice from an Android Gingerbread phone using the native SIP stack.  (not the obion app)  The instructions here worked just fine.



Brian, can you point to the instructions? All I could find was a thread saying that it was not possible: http://www.obitalk.com/forum/index.php?topic=205.msg930#msg930

Brian01:
OK, I posted my Android config in that thread:
http://www.obitalk.com/forum/index.php?topic=205.msg10762#msg10762

Regarding security, I noticed from above that you can use X_AccessList to limit access by ip address.  That's something, anyways.

Thanks everyone for the info.

Dale:
Thanks Brian, yes I saw them there.

If one has a domain name pointing to one's home network, I suspect one could in fact set it up to access your Obi even when not at home...

something like this:

Obi at fixed IP address 192.168.1.200
Some domain name pointing you your home router (such as from no-ip.com)
Eg myzootyname.com
Home router set to direct incoming traffic on port 5066 to the obi.

then the Obi is essentially at myzootyname.com:5066

now one issue I see is that when we are away from home but on a wifi network, making a phone call will use the home network twice - voice data would go from the phone to the router to the OBi and then out through the router again to the end point. Depending on the speed of the home network connection this may be no problem.

This would mean that one can use it when away from home.

I am also interested in using the native Nexus S stack so that I get fill contact list integration etc. (I did import my contact list into the Obion app but contact changes wont sync up I am sure.

Navigation

[0] Message Index

[#] Next page

[*] Previous page