[OpenSER-Users] OpenSER and Security - how?!

I've been looking at the possibility of using OpenSER as an ingress/egress gateway, mediating access between the internet at large, and a private network containing amongst other things SIP servers through which a call may be routed to provide services such as IVR and call archiving, but which should otherwise be hidden from the outside world. I'm finding two interlinked problems: (1) The internal layout of the network is revealed in Via headers - OK, so this is somewhat intrinsic in SIP, and not really OpenSER's fault, but.... (2) ... If an inbound SIP request has Route headers, loose_route() pretty much sends it whereever the requester asks. There are admonitions in the OpenSER docs about the need to secure loose_route(), but there's no information I can find on how you should do this. In particular, a simple authorization scheme is not good enough - just because someone should be allowed to place calls through the gateway, doesn't mean it should be allowed absolute control over the routing of the request, or they could use information gleaned from Via headers of previous transactions to add or bypass routing steps within the private network at will. It is possible to securely use OpenSER on a security boundary? If so, how? Max.