HOME

TheInfoList



OR:

A VoIP VPN combines
voice over IP Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Internet t ...
and
virtual private network A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The b ...
technologies to offer a method for delivering
secure voice Secure voice (alternatively secure speech or ciphony) is a term in cryptography for the encryption of voice communication over a range of communication types such as radio, telephone or IP. History The implementation of voice encryption dat ...
. Because VoIP transmits digitized voice as a stream of data, the VoIP VPN solution accomplishes voice
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can d ...
quite simply, applying standard data-encryption mechanisms inherently available in the collection of protocols used to implement a
VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
. The
VoIP gateway A VoIP gateway is a gateway device that uses Internet Protocols to transmit and receive voice communications (VoIP). Setup A typical VoIP gateway has interfaces to both IP networks and PSTN (Public switched telephone network) or POTS (Plain old ...
-router first converts the analog voice signal to digital form, encapsulates the digitized voice within IP packets, then encrypts the digitized voice using
IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
, and finally routes the encrypted voice packets securely through a VPN tunnel. At the remote site, another VoIP router decodes the voice and converts the digital voice to an analog signal for delivery to the phone. A VoIP VPN can also run within an
IP in IP IP in IP is an IP tunneling protocol that encapsulates one IP packet in another IP packet. To encapsulate an IP packet in another IP packet, an outer header is added with Source IP, the entry point of the tunnel, and Destination IP, the exit point ...
tunnel or using SSL-based
OpenVPN OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server app ...
. There is no encryption in former case, but traffic overhead is significantly lower in comparison with
IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
tunnel. The advantage of OpenVPN tunneling is that it can run on a dynamic IP and may provide up to 512 bits SSL encryption.


Advantages

Security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
is not the only reason to pass
Voice over IP Voice over Internet Protocol (VoIP), also called IP telephony, is a method and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Internet t ...
through a
virtual private network A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The b ...
, however.
Session Initiation Protocol The Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications. SIP is used in Internet telephony, in private IP telepho ...
, a commonly used VoIP protocol is notoriously difficult to pass through a
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
because it uses random port numbers to establish connections. A VPN is also a workaround to avoid a
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
issue when configuring remote VoIP clients. However, latest VoIP standard STUN,
ICE Ice is water frozen into a solid state, typically forming at or below temperatures of 0 degrees Celsius or Depending on the presence of impurities such as particles of soil or bubbles of air, it can appear transparent or a more or less opaq ...
and TURN eliminate natively some
NAT Nat or NAT may refer to: Computing * Network address translation (NAT), in computer networking Organizations * National Actors Theatre, New York City, U.S. * National AIDS trust, a British charity * National Archives of Thailand * National As ...
problems of VoIP. Installing an
extension Extension, extend or extended may refer to: Mathematics Logic or set theory * Axiom of extensionality * Extensible cardinal * Extension (model theory) * Extension (predicate logic), the set of tuples of values that satisfy the predicate * E ...
on a VPN is a simple means to obtain an
off-premises extension {{Unreferenced, date=December 2009 An off-premises extension (OPX), sometimes also known as off-premises station (OPS), is an extension telephone at a location distant from its servicing exchange. One type of off-premises extension, connected to ...
(OPX), a function which in conventional landline telephony required a
leased line A leased line is a private telecommunications circuit between two or more locations provided according to a commercial contract. It is sometimes also known as a private circuit, and as a data line in the UK. Typically, leased lines are used by ...
from the
private branch exchange A business telephone system is a multiline telephone system typically used in business environments, encompassing systems ranging in technology from the key telephone system (KTS) to the private branch exchange (PBX). A business telephone syst ...
to the remote site. A worker at a remote location could therefore appear virtually to be at the company's main office, with full internal access to telephone and network.


Disadvantages

The protocol overhead caused by the encapsulation of VoIP protocol within IPSec dramatically increases the bandwidth requirements for VoIP calls, thus making the VoIP over VPN protocols too "fat" to be used over a mobile data connections like
GPRS General Packet Radio Service (GPRS) is a packet oriented mobile data standard on the 2G and 3G cellular communication network's global system for mobile communications (GSM). GPRS was established by European Telecommunications Standards Insti ...
,
EDGE Edge or EDGE may refer to: Technology Computing * Edge computing, a network load-balancing system * Edge device, an entry point to a computer network * Adobe Edge, a graphical development application * Microsoft Edge, a web browser developed by ...
or
UMTS The Universal Mobile Telecommunications System (UMTS) is a third generation mobile cellular system for networks based on the GSM standard. Developed and maintained by the 3GPP (3rd Generation Partnership Project), UMTS is a component of the Inte ...
. Although VoIP over VPN is not as usable in mobile environments, it is sometimes used to create "encrypted VoIP trunk" between different sites of a corporations, running VoIP PBX interconnections over a VPN connection.


New solutions

The recent publication of new VoIP encryption standards built into the protocol, such as
ZRTP ZRTP (composed of Z and Real-time Transport Protocol) is a cryptographic key-agreement protocol to negotiate the keys for encryption between two end points in a Voice over IP (VoIP) phone telephony call based on the Real-time Transport Protocol. I ...
and SRTP, allow the VoIP client to run without the VPN overhead, integrating with standard features of VoIP PBX without having to manage both the VPN gateway and the PBX.


Free implementation

VoIP VPN solution may be accomplished with free
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
software by using a
Linux distribution A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading one ...
or
BSD The Berkeley Software Distribution or Berkeley Standard Distribution (BSD) is a discontinued operating system based on Research Unix, developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berk ...
as an
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
, a VoIP server, and an
IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
server.


References

https://www.pcmag.com/article/365673/when-to-use-a-vpn-to-carry-voip-traffic


Sources

{{Reflist Voice over IP Virtual private networks