# Asterisk VoIP Server over OpenVPN in Tor Hidden Service.



## Norbert Szczybelski (Jan 4, 2017)

Good Evening.

Generate encryption keys with OpenSSL.

OpenVPN server openvpn.conf configuration file:

```
mode server
tls-server
dev tun
proto tcp-server
port 1194

server 10.8.0.0 255.255.0.0

ca /vpn/ca.crt
cert /vpn/server.crt
key /vpn/server.key
dh /vpn/dh2048.pem
tls-crypt /vpn/ta.key

cipher AES-256-CBC
auth SHA3-512

log /var/log/openvpn.log
status /var/log/openvpn-status.log

user nobody
group nobody
persist-key
persist-tun
chroot /usr/local/etc/openvpn/jail
auth-nocache

# If you want to allow clients to communicate between themselves e.g. start own services like UnrealIRCd Servers.
client-to-client
client-config-dir /ccd
```

OpenVPN clients client.conf configuration file:

```
client
remote-cert-tls server
dev tun

<connection>
remote youroniondomain.onion 1194 tcp-client
socks-proxy 127.0.0.1 9050
</connection>

cipher AES-256-CBC
auth SHA3-512

user nobody
group nogroup
persist-key
persist-tun
chroot /etc/openvpn/jail
auth-nocache

log /var/log/openvpn/openvpn.log
status /var/log/openvpn/openvpn-status.log

<ca>
</ca>

<cert>
</cert>

<key>
</key>

<tls-crypt>
</tls-crypt>
```

Tor Hidden Service torrc configuration file:

```
HiddenServiceDir /usr/local/torhs/szczybelski/
HiddenServicePort 1194 127.0.0.1:1194
```

Tor clients torrc configuration file:

```
SOCKSPort 9050
```

Asterisk sip.conf configuration file:

```
[general]
transport=udp
port=5060
bindaddr=10.8.0.1
disallow=all
allow=ulaw
allow=alaw
allow=gsm
directmedia=no
nat=yes
localnet=10.8.0.0/255.255.255.0

[friends_internal](!)
type=friend
host=dynamic
context=from-internal
disallow=all
allow=ulaw
allow=alaw
allow=gsm

[demo-alice](friends_internal)
secret=password

[demo-bob](friends_internal)
secret=password

[demo-norbert](friends_internal)
secret=password
```

Asterisk extensions.conf configuration file:

```
[from-internal]
exten=>6001,1,Dial(SIP/demo-alice,20)
exten=>6002,1,Dial(SIP/demo-bob,20)
exten=>6003,1,Dial(SIP/demo-norbert,20)
```

My main conception of this tutorial was to proof that VoIP can work in Tor.

This is chrooted configuration but if someone really need to start that kind of network, *please isolate servers* in virtual machines.
I prefer FreeBSD bhyve.

Also update CPU microcode against Spectre and Meltdown vulnerabilities.

I illustrate simply setup:

172.16.0.2/10.8.0.1 OpenVPN Server – bhyve VM on server.
172.16.0.3/10.8.0.10 OpenVPN Client with Apache – bhyve VM on server.
172.16.0.4/10.8.0.20 OpenVPN Client with Asterisk – bhyve VM on server.
172.16.0.5/10.8.0.30 OpenVPN Client with UnrealIRCd – bhyve VM on server.
…
172.31.0.9/10.8.10.10 OpenVPN Client with Apache – bhyve VM on client.
192.168.38.37/10.8.10.20 OpenVPN Client with UnrealIRCd – bhyve VM on client.

… and so on.

Setup static IP addresses in ccd directory for these servers.

Not tested but you can also start BIND DNS Server for hostnames against IP addresses.

That’s all!
It’s working with 1 s delay.
Enjoy!

There are also Quantum Resistant OpenVPN Project:
*OPEN QUANTUM SAFE - Software for prototyping quantum-resistant cryptography*
https://openquantumsafe.org
https://github.com/open-quantum-safe
https://github.com/open-quantum-safe/liboqs
https://github.com/open-quantum-safe/openssl
*I am not providing any security warranty, just sharing information.

Any security improvements are welcome.*

Also on Whonix Wiki:








						Voice over IP (VoIP)
					

Anonymous Voice over IP (VoIP). Encrypted, anonymous phone calls using the Tor Anonymity Network.




					www.whonix.org
				




Also published on:








						How To setup Asterisk VoIP server over OpenVPN in Tor hidden service.
					

First create OpenSSL CA with easy-rsa or OpenSSL for OpenVPN.  This is OpenVPN server configuration file:   tls-server  port 1194  proto tcp  dev tun  ca /etc/ssl/ca.crt  cert /etc/ssl/server.crt  key /etc/ssl/server.key  dh /etc/ssl/dh2048.pem  topology subnet  server 10.0.0.0 255.255.0.0...




					forums.whonix.org
				











						Asterisk VoIP Server over OpenVPN in Tor Hidden Service
					

Generate encryption keys with OpenSSL. OpenVPN server openvpn.conf configuration file: mode server tls-server dev tun proto tcp-server port 1194  server 10.8.0.0 255.255.0.0   ca /vpn/ca.crt cert /...




					askubuntu.com
				











						Asterisk VoIP Server over OpenVPN in Tor Hidden Service
					

Evening. Generate encryption keys with OpenSSL. OpenVPN server openvpn.conf configuration file: mode server tls-server dev tun proto tcp-server port 1194  server 10.8.0.0 255.255.0.0   ca /vpn/ca.crt




					tor.stackexchange.com
				











						Asterisk VoIP Server over OpenVPN in Tor Hidden Service
					

Generate encryption keys with OpenSSL. OpenVPN Server openvpn.conf configuration file: mode server tls-server dev tun proto tcp-server port 1194 server 10.8.0.0 255.255.0.0 ca /vpn/ca.crt cert /vpn…




					szczybelski.wordpress.com
				




Norbert.


----------

