theMcMurray’s Blog

Insights into our crazy world!

VOIP over VPN on the cheap!

We’ve successfully introduced a secure VOIP solution at my office. You see one of the major problems with VOIP calls placed over the internet is that anybody has the potential to capture the audio stream of the call. Some has said that it would be possible to go one step further for a hacker to actually injet audio into an existing phone call. This threat was not acceptable for our VOIP needs, so I set to work finding a quick, cheap and reliable solution to provide a ‘secure’ call.

When I say ‘secure’ I refer to the inability for a remote hacker to capture and inject audio. This is achieved by creating a Virtual Private Network (VPN) connection between the phone on he internet and the VOIP server at the office.

The biggest piece of this project was the VPN concentrator, yes I could of used a Linux box running OpenSwan together with a couple of nics and iptables, but we needed a solution which could handle a DSL connection (initiating pppoa) and also extract data channels from a Fractional T1, while passing the audio channels onto the PBX. I know if I searched Google enough I could get a Linux box to do all this – but time was an issue and I’m no Guru!

So we opted for the Adtran NetVanta 3305 to quench this need. It’s doing a very good job, but the initial setting up was a bear, again since I’m no Guru with the AOS operation system which comes with the Adtran units. This is also acting at the VPN Concentrator at our central office.

As for the VPN end-points to be located with the remote VOIP phone, we used the Linksys WRT54GL v1.1 routers. OpenWRT was the replacement firmware of choice and with a few swindling of nvram settings and installing a few packages, we successfully established a secure VPN tunnel.

Not like this happened overnight though! I’d say this ability took me about 6 weeks to discover, configure and deploy. The hardest part was trying to get the VPN devices to talk the same IKE & ESP protocols, but once I found that out – it was plain sailing.

We currently have 15 of these devices out in the field, securing the phone calls of our remote workers. Each remote worker who needs a secure line is just $50 for the Linksys Router. (Our initial equipment purchase for the ADTRAN and supporting nims was about $2000).

Would you agree – VPN on the cheap?

By: Ian | 2007/09/27 | Ian - UTBC - Work | Trackback | Comments [RSS 2.0]

Leave a Reply »»

Profile for imcm



theMcMurray’s Blog is proudly powered by WordPress
WP Theme "Fast Lane" design by: beng hafner

, , , , , , , , eBay.com, , Economist.com, , , , , Elsevier.com, , , , , , , , , , , , , , , , EnergyStar.gov, , , , , , , , , , , , , , , , , , , , EPA.gov, , , , , ETHZ.ch, , , ErekAlert.org, , , , Excite.com, Expedia.com, , Flickr.com, , , , , , , , , , , , , , , Freshmeat.net, , , , , , , , , , , , , , , , , FWS.gov, , ,