Sign in with
Sign up | Sign in
Your question
Closed

Suggestions for VPN/VOIP architecture

Last response: in Networking
Share
July 11, 2006 6:03:08 PM

Hi everyone.

Attached is what I am assuming it will take to solve my problem.



Problem:
ISP B in another country is blocking VOIP traffic now. I assume if I can setup a site-to-site VPN connection, VOIP (Vonage/SIP) should work again through the VPN using ISP A.

Setup:
Site-to-site VPN setup. Location A will be the VPN server. Location B will be the remote location. VPN Router 2 will connect to VPN Router 1 and stay connected 24/7. The Vonage service and both laptops will operate through the VPN and essentially use ISP A as its outside world connection.

Questions:
1. Are my above comments correct as far as VPN being a solution to enabling VOIP again?
2. Trying to keep costs down and simple, what VPN routers would be suggested? Site B already has a wireless router...so VPN Router B can be wired keeping costs down. I am looking at the Linksys BEFVP41 . Tech support said it should handle SIP traffic.
3. Do any other architectures provide a better solution? At the moment, location B needs to keep that Vonage service, so other VOIP suggestions are not needed.

Thanks in advance.
July 14, 2006 3:14:18 AM

tooooo much latency in this setup for quality voip. are you sure the isp is blocking? Put a sniffer on there and see what you get.

Quote:
Hi everyone.

Attached is what I am assuming it will take to solve my problem.



Problem:
ISP B in another country is blocking VOIP traffic now. I assume if I can setup a site-to-site VPN connection, VOIP (Vonage/SIP) should work again through the VPN using ISP A.

Setup:
Site-to-site VPN setup. Location A will be the VPN server. Location B will be the remote location. VPN Router 2 will connect to VPN Router 1 and stay connected 24/7. The Vonage service and both laptops will operate through the VPN and essentially use ISP A as its outside world connection.

Questions:
1. Are my above comments correct as far as VPN being a solution to enabling VOIP again?
2. Trying to keep costs down and simple, what VPN routers would be suggested? Site B already has a wireless router...so VPN Router B can be wired keeping costs down. I am looking at the Linksys BEFVP41 . Tech support said it should handle SIP traffic.
3. Do any other architectures provide a better solution? At the moment, location B needs to keep that Vonage service, so other VOIP suggestions are not needed.

Thanks in advance.
July 14, 2006 3:18:41 AM

i was worried about latency, but i think having the calling option still outweights the cost.

vonage was working until about a month ago.

yes, i am sure they are actively blocking it now.

if both locations are running at least 350k up each, do you think it will work (even with some slight but bearable delay or echo) ?
Related resources
Can't find your answer ? Ask !
July 14, 2006 3:33:17 AM

I would still put a sniffer on there and see what traffic you are seeing. It's very uncommon for service provider to block VoIP. But to answer your question, yes it would probably work. I've never set it up like this before.
July 14, 2006 3:35:55 AM

i have never used a sniffer, and wouldnt know what to look for. i am googling right now.

without getting into detail, i know the isp is blocking it. (only isp in country and also protecting local telecom industry.)

if that were the case, would you suggest a different tech or architecture?

i do appreciate the responses.
July 14, 2006 3:40:24 AM

get ethereal... www.ethereal.com... install it... and run it. Filter in on your IP address or the IP address of the VONAGE server. Watch for traffic. If your traffic is leaving your network and the Vonage server is not responding, than it's either block or the server is not at that address anymore or you didn't pay your bill and they de-provisioned you.
July 15, 2006 8:14:30 PM

You are going to need some good high power VPN routers to handle your setup. Make sure your VPN has a seperate cpu for handling the 3DES.
July 16, 2006 12:55:12 AM

Quote:
You are going to need some good high power VPN routers to handle your setup. Make sure your VPN has a seperate cpu for handling the 3DES.


would this work?

Linksys WRV54G

any other suggestions if not? would like to stay under 200 per router.
July 16, 2006 1:39:50 AM

Linksys does not publish the cpu(s) or ram used in this unit. Which generally means it is minimun.

Take a look at Netgear FVS538 it is design with the serious VPN throughput. Comes with 5 VPN client software. You will notice that it has a 533mhz Intel X-scale cpu with lots of ram. I have it little brother FVS338. They have a chart on the website some where that compairs all of there models. I could not find it.

Netgear has a Wireless unit but the specs are not very good. on 9 mbps(?) on wan. They do have a new one being release that is pretty nice gigabit lan w/wireless.

VPN requires alot of hp to handle the encryption. The 538 can handle 256bit.
July 16, 2006 2:07:30 AM

whoa! this is getting into serious hardware.

it is just one vonage line, which needs 90k. the laptops are not very high use....home users.

i am assuming the horsepower is needed for the speed in encoding and decoding. i think minimum encryption would work just to get around the isp block....dont you think?
July 16, 2006 2:31:12 AM

I have the FVS 338 which can be had for around $200. My under standing the FVS 318 will ony do around 9k with 3des on vpn, so I would avoid it. If you are going to be doing file transfers between sites, I would not go any lower than the FVS328. The 328 only has 60 mbps on the wan. The 338 has 92 like the 538, but only has 1 wan and no gig port.

One thing that comes into play, which alot of people over look is the uplink speed. If you have low uplinks speed, it will be you govering factor. I alwas allow for expansion.
July 16, 2006 2:48:58 AM

i appreciate the help you are giving on this.

i still feel it may be a lot more then we need, or have knowledge for.

a few statements that may help clear up the situation and make it simpler.

1. family working abroad for 1 year and was using vonage to stay in touch with the states/canada.
2. isp has actively started blocking voip (i am assuming by port or protocol.
3. the VPN is simply a way to get vonage to work again. my assumption is VPN would allow this.
4. a cable connection is being installed here in canada (5mbps down, about 620k up). this will strictly be used for family abroad, and be their "gateway".
5. Their connection is dsl with 1.5mps down, and about 350k up.
6. data security is not critical. i am assuming 3des is the best encryption and most power hungry. couldnt we get by with the basic, IKE I assume, and reduce the load on the routers?
7. there will be no additional network requirements abroad, so expansion is not an issue.

thanks
July 16, 2006 4:11:43 AM

I do not know if voniage will work through vpn, have not tried or heard of any one else doing so. I have heard a lot of people that bought the low end VPN were not satisfied with the performance. It had dialup speeds, real slow. The reason for the units with some horse power.

Your uplink are about average for dsl/broadband, see no problem there.

In theory, once a VPN is setup, its like you are at the remote location. If ports are opened it should work.

Steve Gibson at grc.com has some audios on vpn. He always talks about doing port forwarding to clear up some issues with VOIP.

Most low in routers do port forwarding only. These will give you connection speeds of around 9k, this is like dialup, which may not be fast enough for your VOIP.

I'm not sure what else I can advise you on. Someone else may beable to answer your questions. Or hire a consultant and see what they says.

VPN is nat easy to setup, even with Client software.
July 16, 2006 5:33:04 AM

thanks blue. will defintely check out grc.
October 20, 2007 5:29:02 PM

i know it has been over a year but i am trying to do exactly what aliaskary77 did. and i have a rv042. my question is is there any forwarding that needs to be done on the routers or all you have to do is establish a vpn connection between the routers and connect the phone adapters?



February 6, 2008 7:48:47 AM

A voice connection requires a minimum of between 32kbps and 80kbps depending on quality, protocol and a few other factors. Voice traffic is very time-sensitive, but doesn't need every single packet to arrive and hence use UDP. TCP traffic, like VPN's, do need every packet to arrive and waits for an ACK, if it's not recieved it retransmits. So sending your voice traffic over a VPN will not only slow down de connection to a degree that echo is noticeable (due to encryption and decryption), but it will also retransmit packets that are no longer needed (a voice packet recieved out of sequence is dropped) increasing overhead. In the worst case scenario you'd need a bandwitdh of around 100kbit up and 100kbit down for each call.

If you go through with it you need a VPN router capable of encrypting and decrypting 200kbps without being delayed, which requires serious CPU power. I honestly believe it's better to investigate exactly why the connection can no longer be set up, and if there is a block changing UDP ports. No ISP i know of can differentiate voice traffic except by port as analyzing the content of every UDP packet would be far too expensive.
May 18, 2008 8:08:11 AM

Here is a commercial services providing VPN tunneling for VoIP traffic

http://www.vpn4voip.com - VPN for VOIP is a low cost SSL based VPN service specially designed for VOIP applications. It helps to bypass ISP blocking on VOIP calls utilizing the VPN tunneling technology and assigns mapped static public IP to VOIP gateways for wholesale traffic origination and termination applications. The service is QoS controlled, secure, flexible and reliable. It is claimed to be working 100% with any ISP - Only one open UDP port is needed to get the solution works. You can use their free deployed client software under Windows XP/2003 with two Ethernet cards which changes the PC into a soft VPN router, or just purchase their affordable standalone VPN4VOIP router. Client side can use any dynamic or private IP connections to use the service.
September 23, 2008 10:46:45 AM

Also you can unblock VoIP using our VPN Privacy Service.
You can get a static IP for your VoIP Gateway or softphone and guaranteed priority for VoIP traffic.
September 30, 2008 6:49:20 PM

Hello

Sounds like you could be living in O m a n.
Our one and only ISP (even the new one 'Na wr as" has to use it) blocks or does something to prevent S kype, Net2 Phone etc etc from working. There used to be a program called Hot Shield that would alow Sk ype (etc) to work but that's blocked now.
Easiest option is to subscribe to a VP N company like VP ngates. com or any other provider.
All my V oip/S IP phones accounts work fine.
As I have a UK- V PN server account and I use CallS erve (a UK based S IP company) quality of call is great.
I do not use S kype and know nothing about S Kype in/out so please don't ask.
All these companies will give a few days trialof their V PN service. Mine cost $ 120 year.
It's all Good in the Hood now.
Anonymous
December 16, 2008 5:33:19 PM

You can try also this service vpn service
December 18, 2008 4:20:19 AM

Mac dvd to iPod is an excellent DVD to iPod conversion tool that is designed for Mac OS users to convert DVD to iPod touch, iPod classic, iPod nano and other iPod players,
By using DVD to iPod Converter for Mac you can easily convert your favorite DVDs to iPod Touch,iPod Classic and iPod Nano,
want to convert your funny videos to you iPod, take a look at iPod Video Converter for Mac ,
enjoy your DVDs and videos on your iPod by browsing Convert DVD to iPod for Mac .
July 16, 2010 7:57:04 PM

For people who want to have VOIP calls terminated to some countries where VOIP is banned by their government, for example:

EGYPT
IRAN
PAKISTAN
BANGLADESH
ETHIOPIA
SRI LANKA
ALGERIA
SUDAN
EL SALVADOR
YEMEN

here there is a great working service from http://www.vpn4voip.com:

* VPN4VOIP.COM - VPN for VOIP is a low cost SSL based VPN service specially designed for VOIP applications. It helps to bypass ISP blocking on VOIP calls utilizing the VPN tunneling technology and assigns mapped static public IP to VOIP gateways for wholesale traffic origination and termination applications. The service is QoS controlled, secure, flexible and reliable. It is claimed to be working 100% with any ISP - Only one open UDP port is needed to get the solution works. You can use their free deployed client software under Windows XP/2003 with two Ethernet cards which changes the PC into a soft VPN router. Client side can use any dynamic or private IP connections to use the service, up to 5 public static IP can be mapped to total 5 VOIP gateways in one single VPN4VOIP account, with new public static IP for Cisco AS5300 or Quintum Tenor gateways, running the wholesale traffic business becomes much more smooth and trouble-free.

This service serves the VOIP wholesale business customers for last three years and has been confirmed to be the most professional VPN service dedicated to the wholesale VOIP industry.

Send email to contact@vpn4voip.com to get free try on their services.
February 9, 2011 3:38:21 PM

For anyone with similar issue I can recommend Mizutech voip tunneling software. Unlike VPN solutions, this will not add any network overhead. Email to info@mizu-voip.com for the details.
July 12, 2011 6:47:49 PM

Not sure if you are still needing a solution for this, but the folks talking about needing horsepower for VPN are dead on. The problem with VoIP is that it is a real-time application. Unlike YouTube, Hulu, Netflix, or most online media apps, you can't buffer VoIP or there will be long pauses in the conversation as you wait for the other party's response. The VoIP conversation is also transmitted using UDP which is a fast protocol, but lacks the error checking and retransmit qualities of TCP. It is those very things that make it great for realtime applications.

Now, couple that with encrypting packets as they go out through your VPN tunnel and decrypting packets coming back in. You can see the potential for problems without some fast processors in the routers.

First, if your ISP is blocking VoIP in the USA, I would report them to your state public utilities commission. So far, the FCC has been clear on net neutrality, meaning that it's your bandwidth. Do with it what you want.

Second, I would have just used Skype in this situation anyhow. It works very well and even has video.
September 13, 2011 11:14:18 PM

Synccomm Communication also providing VPN service for VoIP, site 2 site VPN service to unblock VoIP traffic.

Active vpn service is running in Bangladesh, UAE & Qatar for voip purpose.
October 4, 2011 11:18:43 AM

My connection is modem to vonage adapter to wireless Time Capsule router. I get to the Internet with no problem, but my VoIP phone is not connected. I was told the ISP blocks VoIP in UAE. Now I'm using a VPN to be able to use Skype. Is there a way to override the blockage on the Vonage connection.
December 7, 2011 7:00:51 AM

For a long distance oversea call, VoIP is the only economic option in the world. Making a voice

call using a softphone through internet requires accurate programming and you can have the

directions from Ozeki systems. They will tell you how to make a call using VoIP SIP SDK step by

step. You can also know about playing a .wav audio file in the predefined situations. It is very

easy and you can do it in the way you want. You can download the system easily from the website.

<a href="http://www.voip-sip-sdk.com/p_94-softphone-development-...

call-and-play-a-wav-voip.html">Ozeki VoIP SIP SDK</a> Just take a look.
December 7, 2011 7:01:19 AM

For a long distance oversea call, VoIP is the only economic option in the world. Making a voice

call using a softphone through internet requires accurate programming and you can have the

directions from Ozeki systems. They will tell you how to make a call using VoIP SIP SDK step by

step. You can also know about playing a .wav audio file in the predefined situations. It is very

easy and you can do it in the way you want. You can download the system easily from the website.

<a href="http://www.voip-sip-sdk.com/p_94-softphone-development-...

call-and-play-a-wav-voip.html">Ozeki VoIP SIP SDK</a> Just take a look.
!