Closed

Suggestions for VPN/VOIP architecture

Hi everyone.

Attached is what I am assuming it will take to solve my problem.



Problem:
ISP B in another country is blocking VOIP traffic now. I assume if I can setup a site-to-site VPN connection, VOIP (Vonage/SIP) should work again through the VPN using ISP A.

Setup:
Site-to-site VPN setup. Location A will be the VPN server. Location B will be the remote location. VPN Router 2 will connect to VPN Router 1 and stay connected 24/7. The Vonage service and both laptops will operate through the VPN and essentially use ISP A as its outside world connection.

Questions:
1. Are my above comments correct as far as VPN being a solution to enabling VOIP again?
2. Trying to keep costs down and simple, what VPN routers would be suggested? Site B already has a wireless router...so VPN Router B can be wired keeping costs down. I am looking at the Linksys BEFVP41 . Tech support said it should handle SIP traffic.
3. Do any other architectures provide a better solution? At the moment, location B needs to keep that Vonage service, so other VOIP suggestions are not needed.

Thanks in advance.
19 answers Last reply
More about suggestions voip architecture
  1. tooooo much latency in this setup for quality voip. are you sure the isp is blocking? Put a sniffer on there and see what you get.

    Quote:
    Hi everyone.

    Attached is what I am assuming it will take to solve my problem.



    Problem:
    ISP B in another country is blocking VOIP traffic now. I assume if I can setup a site-to-site VPN connection, VOIP (Vonage/SIP) should work again through the VPN using ISP A.

    Setup:
    Site-to-site VPN setup. Location A will be the VPN server. Location B will be the remote location. VPN Router 2 will connect to VPN Router 1 and stay connected 24/7. The Vonage service and both laptops will operate through the VPN and essentially use ISP A as its outside world connection.

    Questions:
    1. Are my above comments correct as far as VPN being a solution to enabling VOIP again?
    2. Trying to keep costs down and simple, what VPN routers would be suggested? Site B already has a wireless router...so VPN Router B can be wired keeping costs down. I am looking at the Linksys BEFVP41 . Tech support said it should handle SIP traffic.
    3. Do any other architectures provide a better solution? At the moment, location B needs to keep that Vonage service, so other VOIP suggestions are not needed.

    Thanks in advance.
  2. i was worried about latency, but i think having the calling option still outweights the cost.

    vonage was working until about a month ago.

    yes, i am sure they are actively blocking it now.

    if both locations are running at least 350k up each, do you think it will work (even with some slight but bearable delay or echo) ?
  3. I would still put a sniffer on there and see what traffic you are seeing. It's very uncommon for service provider to block VoIP. But to answer your question, yes it would probably work. I've never set it up like this before.
  4. i have never used a sniffer, and wouldnt know what to look for. i am googling right now.

    without getting into detail, i know the isp is blocking it. (only isp in country and also protecting local telecom industry.)

    if that were the case, would you suggest a different tech or architecture?

    i do appreciate the responses.
  5. get ethereal... www.ethereal.com... install it... and run it. Filter in on your IP address or the IP address of the VONAGE server. Watch for traffic. If your traffic is leaving your network and the Vonage server is not responding, than it's either block or the server is not at that address anymore or you didn't pay your bill and they de-provisioned you.
  6. you got pm.

    thx
  7. You are going to need some good high power VPN routers to handle your setup. Make sure your VPN has a seperate cpu for handling the 3DES.
  8. Quote:
    You are going to need some good high power VPN routers to handle your setup. Make sure your VPN has a seperate cpu for handling the 3DES.


    would this work?

    Linksys WRV54G

    any other suggestions if not? would like to stay under 200 per router.
  9. Linksys does not publish the cpu(s) or ram used in this unit. Which generally means it is minimun.

    Take a look at Netgear FVS538 it is design with the serious VPN throughput. Comes with 5 VPN client software. You will notice that it has a 533mhz Intel X-scale cpu with lots of ram. I have it little brother FVS338. They have a chart on the website some where that compairs all of there models. I could not find it.

    Netgear has a Wireless unit but the specs are not very good. on 9 mbps(?) on wan. They do have a new one being release that is pretty nice gigabit lan w/wireless.

    VPN requires alot of hp to handle the encryption. The 538 can handle 256bit.
  10. whoa! this is getting into serious hardware.

    it is just one vonage line, which needs 90k. the laptops are not very high use....home users.

    i am assuming the horsepower is needed for the speed in encoding and decoding. i think minimum encryption would work just to get around the isp block....dont you think?
  11. I have the FVS 338 which can be had for around $200. My under standing the FVS 318 will ony do around 9k with 3des on vpn, so I would avoid it. If you are going to be doing file transfers between sites, I would not go any lower than the FVS328. The 328 only has 60 mbps on the wan. The 338 has 92 like the 538, but only has 1 wan and no gig port.

    One thing that comes into play, which alot of people over look is the uplink speed. If you have low uplinks speed, it will be you govering factor. I alwas allow for expansion.
  12. i appreciate the help you are giving on this.

    i still feel it may be a lot more then we need, or have knowledge for.

    a few statements that may help clear up the situation and make it simpler.

    1. family working abroad for 1 year and was using vonage to stay in touch with the states/canada.
    2. isp has actively started blocking voip (i am assuming by port or protocol.
    3. the VPN is simply a way to get vonage to work again. my assumption is VPN would allow this.
    4. a cable connection is being installed here in canada (5mbps down, about 620k up). this will strictly be used for family abroad, and be their "gateway".
    5. Their connection is dsl with 1.5mps down, and about 350k up.
    6. data security is not critical. i am assuming 3des is the best encryption and most power hungry. couldnt we get by with the basic, IKE I assume, and reduce the load on the routers?
    7. there will be no additional network requirements abroad, so expansion is not an issue.

    thanks
  13. I do not know if voniage will work through vpn, have not tried or heard of any one else doing so. I have heard a lot of people that bought the low end VPN were not satisfied with the performance. It had dialup speeds, real slow. The reason for the units with some horse power.

    Your uplink are about average for dsl/broadband, see no problem there.

    In theory, once a VPN is setup, its like you are at the remote location. If ports are opened it should work.

    Steve Gibson at grc.com has some audios on vpn. He always talks about doing port forwarding to clear up some issues with VOIP.

    Most low in routers do port forwarding only. These will give you connection speeds of around 9k, this is like dialup, which may not be fast enough for your VOIP.

    I'm not sure what else I can advise you on. Someone else may beable to answer your questions. Or hire a consultant and see what they says.

    VPN is nat easy to setup, even with Client software.
  14. thanks blue. will defintely check out grc.
  15. i know it has been over a year but i am trying to do exactly what aliaskary77 did. and i have a rv042. my question is is there any forwarding that needs to be done on the routers or all you have to do is establish a vpn connection between the routers and connect the phone adapters?
  16. A voice connection requires a minimum of between 32kbps and 80kbps depending on quality, protocol and a few other factors. Voice traffic is very time-sensitive, but doesn't need every single packet to arrive and hence use UDP. TCP traffic, like VPN's, do need every packet to arrive and waits for an ACK, if it's not recieved it retransmits. So sending your voice traffic over a VPN will not only slow down de connection to a degree that echo is noticeable (due to encryption and decryption), but it will also retransmit packets that are no longer needed (a voice packet recieved out of sequence is dropped) increasing overhead. In the worst case scenario you'd need a bandwitdh of around 100kbit up and 100kbit down for each call.

    If you go through with it you need a VPN router capable of encrypting and decrypting 200kbps without being delayed, which requires serious CPU power. I honestly believe it's better to investigate exactly why the connection can no longer be set up, and if there is a block changing UDP ports. No ISP i know of can differentiate voice traffic except by port as analyzing the content of every UDP packet would be far too expensive.
  17. Hello

    Sounds like you could be living in O m a n.
    Our one and only ISP (even the new one 'Na wr as" has to use it) blocks or does something to prevent S kype, Net2 Phone etc etc from working. There used to be a program called Hot Shield that would alow Sk ype (etc) to work but that's blocked now.
    Easiest option is to subscribe to a VP N company like VP ngates. com or any other provider.
    All my V oip/S IP phones accounts work fine.
    As I have a UK- V PN server account and I use CallS erve (a UK based S IP company) quality of call is great.
    I do not use S kype and know nothing about S Kype in/out so please don't ask.
    All these companies will give a few days trialof their V PN service. Mine cost $ 120 year.
    It's all Good in the Hood now.
  18. Not sure if you are still needing a solution for this, but the folks talking about needing horsepower for VPN are dead on. The problem with VoIP is that it is a real-time application. Unlike YouTube, Hulu, Netflix, or most online media apps, you can't buffer VoIP or there will be long pauses in the conversation as you wait for the other party's response. The VoIP conversation is also transmitted using UDP which is a fast protocol, but lacks the error checking and retransmit qualities of TCP. It is those very things that make it great for realtime applications.

    Now, couple that with encrypting packets as they go out through your VPN tunnel and decrypting packets coming back in. You can see the potential for problems without some fast processors in the routers.

    First, if your ISP is blocking VoIP in the USA, I would report them to your state public utilities commission. So far, the FCC has been clear on net neutrality, meaning that it's your bandwidth. Do with it what you want.

    Second, I would have just used Skype in this situation anyhow. It works very well and even has video.
  19. My connection is modem to vonage adapter to wireless Time Capsule router. I get to the Internet with no problem, but my VoIP phone is not connected. I was told the ISP blocks VoIP in UAE. Now I'm using a VPN to be able to use Skype. Is there a way to override the blockage on the Vonage connection.
Ask a new question

Read More

vpn Internet Service Providers VoIP Networking