VoIP over VPN
VoIP through a VPN connection.
Many home workers use VPNs for connecting to their business resources. A VPN (Virtual Private Network) is a secure network connection that use protocols to encrypt information before sending it. Using a public infrastructure, such as the Internet, they can provide remote offices or individual users with secure access to their organization's network. The data is encrypted at the sending end and decrypting at the receiving end. Typical small VPN routers may support various VPN protocols, such as IPSec, PPTP, and PPPoE Passthrough.
Although, it's important to keep secure the remote access to data resources, it may not be as important to secure telephone connections. VoIP connections through a VPN connection are sometimes done to limit NAT issues, as the home office becomes an extension of the businesses LAN. This type of scenario would be more typical of IP-PBXs, such as an Asterisk server or as shown below Shoretel. If home office workers are connecting to a hosted VoIP provider, their VPN back to the office would probably not tunnel voice, which would connect out through their home router directly to the VoISP over the Internet.
Diagram of ShoreTel IP-PBX with remote VPN connection.
Bandwidth usage for a VoIP connection over a VPN.
Using G729, a compressed codec, the following packet size can be calculated:
Voice payload (G.729)
20 bytes
RTP header
12 bytes
UDP header
8 bytes
IP header
20 bytes
VPN header
20 to 60 bytes
New IP header
20 bytes
160 bytes * 8= 1280 bits
Total bandwidth = 1280 bits / 20 ms
Total bandwidth = 64,000 bps*
For a non-compressed G711 codec the total bandwidth would be greater. For instance, using a Layer 3 data rate for a G.711 call (50 pps) is 80 Kbps. Encrypting that packet using IPSec Tunnel mode for IP GRE increases that rate to approximately 112 Kbps in each direction. These bandwidth requirements would be needed for both the inbound and outbound voice streams, (so double). For additional considerations, a router's CPU capabilities would be based on packets per second, not packet size, as the limiting factor of a router's performance.
*These bandwidth requirements would be needed for both the inbound and outbound voice streams, (so double).