Encrypting VoIP Traffic with OpenVPN

September 30, 2007 at 5:30 pm 2 comments

A feature that callwithus.com advertises is to encrypt your VoIP traffic so you can get around issues where ISPs block SIP traffic. I decided to try it out. The instructions on their website are really just for testing it out with a soft phone. They don’t support routing your subnet, so you can’t really connect with a client PC, then route your ATA to that machine…

But, being enterprising, I thought I would give it a shot. My current firewall of choice is pfSense. It’s a great package based on Monowall, but with different goals. At any rate, pfSense supports OpenVPN in both client and server mode. Using the WebGUI, I added an OpenVPN connection to the callwithus VPN server, using their text config file as a rough guide. Within minutes, I had a connection up and running. From my pfSense box, I could ping through the VPN tunnel, but I could not from other machines on my LAN.

I did some troubleshooting and tried various methods to get it to work. Ultimately, there wasn’t an OpenVPN way to do this unless I could get the people at callwithus to modify their OpenVPN server config. Since that was unlikely to happen (since I know they wouldn’t be in a hurry to support everyone’s private IP addressing), I looked for other alternatives. I tried manually configuring NAT in pfSense, but couldn’t get anything working. Finally, I looked at the pfSense source code and figured out what needed to happen for this to work in a test mode. I did all the modifications needed via SSH, and my NAT started working immediately. I reconfigured my ATA to communicate to their VoIP server’s private IP Address (behind the OpenVPN tunnel), and made a test phone call. Things sounded ok. I did have some minor issues, but I was testing to a cell phone, so I’ll let that slide (since who really knows which end had that problem).

The bottom line: It works. If you are ultra paranoid or have an ISP that is blocking VoIP traffic, sign up with callwithus and all your VoIP traffic will be encrypted, assuming you can get the OpenVPN mojo working.


Entry filed under: Networking.

Voice Over IP woes SageTV vs. BeyondTV

2 Comments Add your own

  • 1. matthello  |  July 17, 2009 at 12:16 pm

    Hi Jack,

    I’m curious if you ever tracked down the quality issue related to using SIP over OpenVPN. Was the call quality with encrypted VPN better or worse than without? Thanks

    voice broadcasting hosted predictive dialing

    • 2. ptaylor  |  July 17, 2009 at 5:31 pm

      I don’t think I tested long enough to be sure one way or the other. I had occasional issues with quality normally, so I’m not sure if the VPN added to that or not.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


September 2007
« Jul   Oct »

Most Recent Posts

%d bloggers like this: