I have run VOIP using the free X-Ten SIP protocol soft phone on a laptop, inside a PPTP VPN, which ran inside an 802.11g 128-bit WEP encrypted Wi-Fi connection. The PPTP VPN continued across the Internet to an Asterisk voice PBX at an other location, serviced by a different ISP. The audio quality was fine.
Running the SIP protocol inside a VPN removes any QoS benefits (if there are any) that the SIP protocol might have running naked across the Internet. However, by running SIP inside a VPN, you eliminate all the firewall and network address translation problems you would otherwise have. Running the SIP protocol naked across the Internet requires a a number of ports to be opened up through the firewall. It is quite messy in that regard. When you run it inside a VPN, you are home free, with no firewall modifications required.
The only VOIP protocol that I run straight in through my firewall, without tunneling it through a VPN, is the IAX2 (Inter Asterisk eXchange) telephone trunking protocol, but it uses just a single UDP port (4569) and authenticates using certificates.
[ QUOTE ] my QOS rules for my SIP devices under the vpn no take efect ?
[/ QUOTE ]That is one of the problems with VPNs. When you run traffic inside an encrypted tunnel, the routers in the path can only apply QoS to the VPN tunnel itself. There is no possibility of differenciating the traffic that runs inside it, since it is all encrypted.
Enable this feature in order to copy the content of the Type of Service (TOS) flag in the plaintext IP header to the encrypted packet. This makes it possible to route IPSec traffic according to its priority.
Enable this feature in order to copy the content of the Type of Service (TOS) flag in the plaintext IP header to the encrypted packet. This makes it possible to route IPSec traffic according to its priority.
You got me there. I am still running ASL v4, and I wasn't aware of the copy TOS flag feature. Having the TOS settings copied to the VPN packet header will obviously help ensuring priority passage for the voice traffic, but it is no quarantee. We can't be sure that all the equipment in the path will prioritize according to the TOS flag. Equipment that do QoS solely on the basis of packet type won't be affected by the TOS settings.
Personally I run Asterisk IAX voice protocol through my ASL firewall. UDP on port 4569 has been set for high priority in the QoS in ASL, and the TOS flag on the IAX packets has been set to minimum delay from within Asterisk. This is a raw link, so there is no VPN wrapper. That is all I can do from my end. Beyond that I can only hope for the best in terms of speedy Internet packet delivery.
