Suggestions for VPN/VOIP architecture

Hi everyone.

Attached is what I am assuming it will take to solve my problem.



Problem:
ISP B in another country is blocking VOIP traffic now. I assume if I can setup a site-to-site VPN connection, VOIP (Vonage/SIP) should work again through the VPN using ISP A.

Setup:
Site-to-site VPN setup. Location A will be the VPN server. Location B will be the remote location. VPN Router 2 will connect to VPN Router 1 and stay connected 24/7. The Vonage service and both laptops will operate through the VPN and essentially use ISP A as its outside world connection.

Questions:
1. Are my above comments correct as far as VPN being a solution to enabling VOIP again?
2. Trying to keep costs down and simple, what VPN routers would be suggested? Site B already has a wireless router...so VPN Router B can be wired keeping costs down. I am looking at the Linksys BEFVP41 . Tech support said it should handle SIP traffic.
3. Do any other architectures provide a better solution? At the moment, location B needs to keep that Vonage service, so other VOIP suggestions are not needed.

Thanks in advance.

tooooo much latency in this setup for quality voip. are you sure the isp is blocking? Put a sniffer on there and see what you get.

I would still put a sniffer on there and see what traffic you are seeing. It's very uncommon for service provider to block VoIP. But to answer your question, yes it would probably work. I've never set it up like this before.

get ethereal... www.ethereal.com... install it... and run it. Filter in on your IP address or the IP address of the VONAGE server. Watch for traffic. If your traffic is leaving your network and the Vonage server is not responding, than it's either block or the server is not at that address anymore or you didn't pay your bill and they de-provisioned you.

You are going to need some good high power VPN routers to handle your setup. Make sure your VPN has a seperate cpu for handling the 3DES.

Linksys does not publish the cpu(s) or ram used in this unit. Which generally means it is minimun.

Take a look at Netgear FVS538 it is design with the serious VPN throughput. Comes with 5 VPN client software. You will notice that it has a 533mhz Intel X-scale cpu with lots of ram. I have it little brother FVS338. They have a chart on the website some where that compairs all of there models. I could not find it.

Netgear has a Wireless unit but the specs are not very good. on 9 mbps(?) on wan. They do have a new one being release that is pretty nice gigabit lan w/wireless.

VPN requires alot of hp to handle the encryption. The 538 can handle 256bit.

I have the FVS 338 which can be had for around $200. My under standing the FVS 318 will ony do around 9k with 3des on vpn, so I would avoid it. If you are going to be doing file transfers between sites, I would not go any lower than the FVS328. The 328 only has 60 mbps on the wan. The 338 has 92 like the 538, but only has 1 wan and no gig port.

One thing that comes into play, which alot of people over look is the uplink speed. If you have low uplinks speed, it will be you govering factor. I alwas allow for expansion.

I do not know if voniage will work through vpn, have not tried or heard of any one else doing so. I have heard a lot of people that bought the low end VPN were not satisfied with the performance. It had dialup speeds, real slow. The reason for the units with some horse power.

Your uplink are about average for dsl/broadband, see no problem there.

In theory, once a VPN is setup, its like you are at the remote location. If ports are opened it should work.

Steve Gibson at grc.com has some audios on vpn. He always talks about doing port forwarding to clear up some issues with VOIP.

Most low in routers do port forwarding only. These will give you connection speeds of around 9k, this is like dialup, which may not be fast enough for your VOIP.

I'm not sure what else I can advise you on. Someone else may beable to answer your questions. Or hire a consultant and see what they says.

VPN is nat easy to setup, even with Client software.

i know it has been over a year but i am trying to do exactly what aliaskary77 did. and i have a rv042. my question is is there any forwarding that needs to be done on the routers or all you have to do is establish a vpn connection between the routers and connect the phone adapters?

A voice connection requires a minimum of between 32kbps and 80kbps depending on quality, protocol and a few other factors. Voice traffic is very time-sensitive, but doesn't need every single packet to arrive and hence use UDP. TCP traffic, like VPN's, do need every packet to arrive and waits for an ACK, if it's not recieved it retransmits. So sending your voice traffic over a VPN will not only slow down de connection to a degree that echo is noticeable (due to encryption and decryption), but it will also retransmit packets that are no longer needed (a voice packet recieved out of sequence is dropped) increasing overhead. In the worst case scenario you'd need a bandwitdh of around 100kbit up and 100kbit down for each call.

If you go through with it you need a VPN router capable of encrypting and decrypting 200kbps without being delayed, which requires serious CPU power. I honestly believe it's better to investigate exactly why the connection can no longer be set up, and if there is a block changing UDP ports. No ISP i know of can differentiate voice traffic except by port as analyzing the content of every UDP packet would be far too expensive.

Also you can unblock VoIP using our VPN Privacy Service.
You can get a static IP for your VoIP Gateway or softphone and guaranteed priority for VoIP traffic.

You can try also this service vpn service

For people who want to have VOIP calls terminated to some countries where VOIP is banned by their government, for example:

EGYPT
IRAN
PAKISTAN
BANGLADESH
ETHIOPIA
SRI LANKA
ALGERIA
SUDAN
EL SALVADOR
YEMEN

here there is a great working service from http://www.vpn4voip.com:

* VPN4VOIP.COM - VPN for VOIP is a low cost SSL based VPN service specially designed for VOIP applications. It helps to bypass ISP blocking on VOIP calls utilizing the VPN tunneling technology and assigns mapped static public IP to VOIP gateways for wholesale traffic origination and termination applications. The service is QoS controlled, secure, flexible and reliable. It is claimed to be working 100% with any ISP - Only one open UDP port is needed to get the solution works. You can use their free deployed client software under Windows XP/2003 with two Ethernet cards which changes the PC into a soft VPN router. Client side can use any dynamic or private IP connections to use the service, up to 5 public static IP can be mapped to total 5 VOIP gateways in one single VPN4VOIP account, with new public static IP for Cisco AS5300 or Quintum Tenor gateways, running the wholesale traffic business becomes much more smooth and trouble-free.

This service serves the VOIP wholesale business customers for last three years and has been confirmed to be the most professional VPN service dedicated to the wholesale VOIP industry.

Send email to contact@vpn4voip.com to get free try on their services.

Not sure if you are still needing a solution for this, but the folks talking about needing horsepower for VPN are dead on. The problem with VoIP is that it is a real-time application. Unlike YouTube, Hulu, Netflix, or most online media apps, you can't buffer VoIP or there will be long pauses in the conversation as you wait for the other party's response. The VoIP conversation is also transmitted using UDP which is a fast protocol, but lacks the error checking and retransmit qualities of TCP. It is those very things that make it great for realtime applications.

Now, couple that with encrypting packets as they go out through your VPN tunnel and decrypting packets coming back in. You can see the potential for problems without some fast processors in the routers.

First, if your ISP is blocking VoIP in the USA, I would report them to your state public utilities commission. So far, the FCC has been clear on net neutrality, meaning that it's your bandwidth. Do with it what you want.

Second, I would have just used Skype in this situation anyhow. It works very well and even has video.

My connection is modem to vonage adapter to wireless Time Capsule router. I get to the Internet with no problem, but my VoIP phone is not connected. I was told the ISP blocks VoIP in UAE. Now I'm using a VPN to be able to use Skype. Is there a way to override the blockage on the Vonage connection.

For a long distance oversea call, VoIP is the only economic option in the world. Making a voice

call using a softphone through internet requires accurate programming and you can have the

directions from Ozeki systems. They will tell you how to make a call using VoIP SIP SDK step by

step. You can also know about playing a .wav audio file in the predefined situations. It is very

easy and you can do it in the way you want. You can download the system easily from the website.

<a href="http://www.voip-sip-sdk.com/p_94-softphone-development-basics-how-to-make-a-voice-

call-and-play-a-wav-voip.html">Ozeki VoIP SIP SDK</a> Just take a look.