I just had a few questions about Trixbox (more Asterisk) security.
From what I can see (from wireshark) the SIP passwords during the authentication phase are sent encrypted with MD5. Am I correct in this statement? Additionally has anyone had any success with Asterisk TLS encryption + eyeBeam soft phones? I have a self signed certificate installed, and have the box listening on 5061 (TCP). The phone registers fine, but I cant make a call. eyeBeam gives me "beeps" and I see this on Asterisk;
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 10.20.122.74:46119;branch=z9hG4bK-d8754z-0e38d85121741936-1---d8754z-;received=10.20.122.74;rport=4674
From: "Joe Schmo"sip:101@trixbox.corporate.local;tag=2978c14b
To: "500"sip:500@trixbox.corporate.local;tag=as713a8e22
Call-ID: ZWI3ODRjYzIxZjZlZDlmMzAyMWM4YTcxODE5MjM3ZTQ.
CSeq: 1 INVITE
User-Agent: Asterisk PBX 1.6.0.9-samy-r27
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="725fc8ec"
Content-Length: 0
Member Since:
2009-11-06