VoIP VPN
Encyclopedia
A VoIP VPN combines voice over IP
and virtual private network
technologies to offer a method for delivering secure voice
. Because VoIP transmits digitized voice as a stream of data, the VoIP VPN solution accomplishes voice encryption quite simply, applying standard data-encryption mechanisms inherently available in the collection of protocols used to implement a VPN
.
The VoIP gateway-router first converts the analog voice signal to digital form, encapsulates the digitized voice within IP
packets, then encrypts the digitized voice using IPsec
, and finally routes the encrypted voice packets securely through a VPN tunnel. At the remote site, another VoIP router decodes the voice and converts the digital voice to an analog signal for delivery to the phone.
A VoIP VPN can also run within an IP in IP
tunnel or using SSL-based OpenVPN
. There is no encryption in former case, but traffic overhead is significantly lower in comparison with IPsec
tunnel. The advantage of OpenVPN tunneling is that it can run on a dynamic IP and may provide up to 512 bits SSL encryption.
through a virtual private network
, however. Session Initiation Protocol
, a commonly used VoIP protocol is notoriously difficult to pass through a firewall
because it uses random port numbers to establish connections. A VPN is also a workaround to avoid a firewall issue when configuring remote VoIP clients.
However latest VoIP standard STUN, ICE
and TURN
eliminate natively some NAT
problems of VoIP.
Although VoIP over VPN is not as usable in mobile environments, it is sometimes used to create "encrypted VoIP trunk" between different sites of a corporations, running VoIP PBX interconnections over a VPN connection.
and SRTP
, allow the VoIP client to run without the VPN overhead, integrating with standard features of VoIP PBX without having to manage both the VPN gateway and the PBX. That's right, no VPN overhead.
software by using a Linux distribution
, or BSD, as an operating system
, a VoIP server, and an IPsec
server.
Voice over IP
Voice over Internet Protocol is a family of technologies, methodologies, communication protocols, and transmission techniques for the delivery of voice communications and multimedia sessions over Internet Protocol networks, such as the Internet...
and virtual private network
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
technologies to offer a method for delivering secure voice
Secure voice
Secure voice is a term in cryptography for the encryption of voice communication over a range of communication types such as radio, telephone or IP.-History:...
. Because VoIP transmits digitized voice as a stream of data, the VoIP VPN solution accomplishes voice encryption quite simply, applying standard data-encryption mechanisms inherently available in the collection of protocols used to implement a VPN
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
.
The VoIP gateway-router first converts the analog voice signal to digital form, encapsulates the digitized voice within IP
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
packets, then encrypts the digitized voice using IPsec
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
, and finally routes the encrypted voice packets securely through a VPN tunnel. At the remote site, another VoIP router decodes the voice and converts the digital voice to an analog signal for delivery to the phone.
A VoIP VPN can also run within an IP in IP
IP in IP
IP in IP is an IP tunneling protocol that encapsulates one IP packet in another IP packet. To encapsulate an IP packet in another IP packet, an outer header is added with SourceIP, the entry point of the tunnel and the Destination point, the exit point of the tunnel. While doing this the inner...
tunnel or using SSL-based OpenVPN
OpenVPN
OpenVPN is a free and open source software application that implements virtual private network techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for...
. There is no encryption in former case, but traffic overhead is significantly lower in comparison with IPsec
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
tunnel. The advantage of OpenVPN tunneling is that it can run on a dynamic IP and may provide up to 512 bits SSL encryption.
Advantages
Security is not the only reason to pass Voice over IPVoice over IP
Voice over Internet Protocol is a family of technologies, methodologies, communication protocols, and transmission techniques for the delivery of voice communications and multimedia sessions over Internet Protocol networks, such as the Internet...
through a virtual private network
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
, however. Session Initiation Protocol
Session Initiation Protocol
The Session Initiation Protocol is an IETF-defined signaling protocol widely used for controlling communication sessions such as voice and video calls over Internet Protocol . The protocol can be used for creating, modifying and terminating two-party or multiparty sessions...
, a commonly used VoIP protocol is notoriously difficult to pass through a firewall
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
because it uses random port numbers to establish connections. A VPN is also a workaround to avoid a firewall issue when configuring remote VoIP clients.
However latest VoIP standard STUN, ICE
Interactive Connectivity Establishment
Interactive Connectivity Establishment is a technique used in computer networking involving network address translators in Internet applications of Voice over Internet Protocol , peer-to-peer communications, video, instant messaging and other interactive media...
and TURN
Traversal Using Relay NAT
Traversal Using Relays around NAT is a protocol that allows for an element behind a Network address translator or firewall to receive incoming data over TCP or UDP connections. It is most useful for elements behind symmetric NATs or firewalls that wish to be on the receiving end of a connection...
eliminate natively some NAT
Network address translation
In computer networking, network address translation is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device....
problems of VoIP.
Disadvantages
The protocol overhead caused by the encapsulation of VoIP protocol within IPSec dramatically increases the bandwidth requirements for VoIP calls, thus making the VoIP over VPN protocols too "fat" to be used over a mobile data connections like GPRS, EDGE or UMTS.Although VoIP over VPN is not as usable in mobile environments, it is sometimes used to create "encrypted VoIP trunk" between different sites of a corporations, running VoIP PBX interconnections over a VPN connection.
New solutions
The recent publication of new VoIP encryption standards built into the protocol, such as ZRTPZRTP
ZRTP is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over Internet Protocol phone telephony call based on the Real-time Transport Protocol. It uses Diffie-Hellman key exchange and the Secure Real-time Transport Protocol for...
and SRTP
Secure Real-time Transport Protocol
The Secure Real-time Transport Protocol defines a profile of RTP , intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications...
, allow the VoIP client to run without the VPN overhead, integrating with standard features of VoIP PBX without having to manage both the VPN gateway and the PBX. That's right, no VPN overhead.
Free implementation
VoIP VPN solution may be accomplished with free open sourceOpen source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
software by using a Linux distribution
Linux distribution
A Linux distribution is a member of the family of Unix-like operating systems built on top of the Linux kernel. Such distributions are operating systems including a large collection of software applications such as word processors, spreadsheets, media players, and database applications...
, or BSD, as an operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
, a VoIP server, and an IPsec
IPsec
Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
server.