Instructions for configuring SIP apps

This commit is contained in:
Bob Mottram 2016-03-22 20:03:03 +00:00
parent 616b874bb4
commit 32097104ea
2 changed files with 145 additions and 1 deletions

View File

@ -311,6 +311,32 @@ Selecting the server by pressing on it then connects you to the server so that y
/Note: if you don't know the default domain name and you did a full installation then it will be the same as the wiki domain name./ /Note: if you don't know the default domain name and you did a full installation then it will be the same as the wiki domain name./
** SIP phones ** SIP phones
Freedombone also supports SIP phones The username and domain is the same as for your email address, and the SIP password and extension number will appear within the README file in your home directory. Various SIP client options are available, such as CSipSimple on Android and Jitsi on desktop or laptop machines. Ideally use clients which support ZRTP, which will provide the best level of security. Freedombone also supports SIP phones The username and domain is the same as for your email address, and the SIP password and extension number will appear within the README file in your home directory. Various SIP client options are available, such as CSipSimple on Android and Jitsi on desktop or laptop machines. Ideally use clients which support ZRTP, which will provide the best level of security.
*** About ZRTP
[[https://jitsi.org/Documentation/ZrtpFAQ][ZRTP]] appears to be the current best standard to end-to-end encrypted voice calls, combining good security with simplicity of use. When the initial cryptographic negotiation between phones is done at the start of a call a short authentication string (SAS) is calculated and displayed at both ends. To check that there isn't anyone intercepting the call and acting as a /man in the middle/ - as [[https://en.wikipedia.org/wiki/Stingray_phone_tracker][stingray type devices]] try to do - the short authentication string can be read out and verbally confirmed between the callers. If it's the same then you can be pretty confident that the call is secure.
*** Using with CSIPSimple
Add an account. Under *General Wizards* choose *Expert* and enter the following details:
| Account name | Your username |
| Account ID | sip:username@yourdomain |
| Registration URI | sip:yourdefaultdomain |
| Realm | * |
| Username | Your username |
| Data (Password) | Your SIP password |
| ZRTP Mode | Create ZRTP |
If everything is working the account should appear in green with a status of *Registered*.
*** Using with Ring
From the menu select *Manage accounts*.
Add an account with the following details:
| Alias | Your full name or nickname |
| Protocol | SIP |
| Hostname | yourdefaultdomain |
| Username | Your username |
| Password | Your SIP password |
Select the *Security* tab. Under *SRTP Key Exchange* select *ZRTP*. Unde *SRTP Preferences* select *Not supported warning* and *Display SAS Once*.
* RSS Reader * RSS Reader
The way that RSS reading is set up on Freedombone gives you strong reading privacy. Not only is there onion routing between you and the server but also between the server and the source of the RSS feed. The only down side is that many RSS feeds are still http only, and so could be vulnerable to injection attacks, but it's expected that more of this will go to https in the foreseeable future due to a combination of growing recognition of security issues and systems like Let's Encrypt which make obtaining certificates much easier. The way that RSS reading is set up on Freedombone gives you strong reading privacy. Not only is there onion routing between you and the server but also between the server and the source of the RSS feed. The only down side is that many RSS feeds are still http only, and so could be vulnerable to injection attacks, but it's expected that more of this will go to https in the foreseeable future due to a combination of growing recognition of security issues and systems like Let's Encrypt which make obtaining certificates much easier.

View File

@ -3,7 +3,7 @@
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head> <head>
<!-- 2016-03-20 Sun 15:23 --> <!-- 2016-03-22 Tue 20:01 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" /> <meta name="viewport" content="width=device-width, initial-scale=1" />
<title></title> <title></title>
@ -832,6 +832,124 @@ Selecting the server by pressing on it then connects you to the server so that y
Freedombone also supports SIP phones The username and domain is the same as for your email address, and the SIP password and extension number will appear within the README file in your home directory. Various SIP client options are available, such as CSipSimple on Android and Jitsi on desktop or laptop machines. Ideally use clients which support ZRTP, which will provide the best level of security. Freedombone also supports SIP phones The username and domain is the same as for your email address, and the SIP password and extension number will appear within the README file in your home directory. Various SIP client options are available, such as CSipSimple on Android and Jitsi on desktop or laptop machines. Ideally use clients which support ZRTP, which will provide the best level of security.
</p> </p>
</div> </div>
<div id="outline-container-orgheadline34" class="outline-4">
<h4 id="orgheadline34">About ZRTP</h4>
<div class="outline-text-4" id="text-orgheadline34">
<p>
<a href="https://jitsi.org/Documentation/ZrtpFAQ">ZRTP</a> appears to be the current best standard to end-to-end encrypted voice calls, combining good security with simplicity of use. When the initial cryptographic negotiation between phones is done at the start of a call a short authentication string (SAS) is calculated and displayed at both ends. To check that there isn't anyone intercepting the call and acting as a <i>man in the middle</i> - as <a href="https://en.wikipedia.org/wiki/Stingray_phone_tracker">stingray type devices</a> try to do - the short authentication string can be read out and verbally confirmed between the callers. If it's the same then you can be pretty confident that the call is secure.
</p>
</div>
</div>
<div id="outline-container-orgheadline35" class="outline-4">
<h4 id="orgheadline35">Using with CSIPSimple</h4>
<div class="outline-text-4" id="text-orgheadline35">
<p>
Add an account. Under <b>General Wizards</b> choose <b>Expert</b> and enter the following details:
</p>
<table border="2" cellspacing="0" cellpadding="6" rules="groups" frame="hsides">
<colgroup>
<col class="org-left" />
<col class="org-left" />
</colgroup>
<tbody>
<tr>
<td class="org-left">Account name</td>
<td class="org-left">Your username</td>
</tr>
<tr>
<td class="org-left">Account ID</td>
<td class="org-left">sip:username@yourdomain</td>
</tr>
<tr>
<td class="org-left">Registration URI</td>
<td class="org-left">sip:yourdefaultdomain</td>
</tr>
<tr>
<td class="org-left">Realm</td>
<td class="org-left">*</td>
</tr>
<tr>
<td class="org-left">Username</td>
<td class="org-left">Your username</td>
</tr>
<tr>
<td class="org-left">Data (Password)</td>
<td class="org-left">Your SIP password</td>
</tr>
<tr>
<td class="org-left">ZRTP Mode</td>
<td class="org-left">Create ZRTP</td>
</tr>
</tbody>
</table>
<p>
If everything is working the account should appear in green with a status of <b>Registered</b>.
</p>
</div>
</div>
<div id="outline-container-orgheadline36" class="outline-4">
<h4 id="orgheadline36">Using with Ring</h4>
<div class="outline-text-4" id="text-orgheadline36">
<p>
From the menu select <b>Manage accounts</b>.
</p>
<p>
Add an account with the following details:
</p>
<table border="2" cellspacing="0" cellpadding="6" rules="groups" frame="hsides">
<colgroup>
<col class="org-left" />
<col class="org-left" />
</colgroup>
<tbody>
<tr>
<td class="org-left">Alias</td>
<td class="org-left">Your full name or nickname</td>
</tr>
<tr>
<td class="org-left">Protocol</td>
<td class="org-left">SIP</td>
</tr>
<tr>
<td class="org-left">Hostname</td>
<td class="org-left">yourdefaultdomain</td>
</tr>
<tr>
<td class="org-left">Username</td>
<td class="org-left">Your username</td>
</tr>
<tr>
<td class="org-left">Password</td>
<td class="org-left">Your SIP password</td>
</tr>
</tbody>
</table>
<p>
Select the <b>Security</b> tab. Under <b>SRTP Key Exchange</b> select <b>ZRTP</b>. Unde <b>SRTP Preferences</b> select <b>Not supported warning</b> and <b>Display SAS Once</b>.
</p>
</div>
</div>
</div> </div>
</div> </div>