[Freeswitch-users] VoIP encryption recommendations

Bipin Patel bipin at xbipin.com
Wed Feb 20 12:46:19 UTC 2019


Well webrtc currently works coz it's fairly new but how would the end user 
place calls? Preferred way is using some app rather than through browser 
and the main aim is to get the port opened on ISP side coz if there is 
traffic flow and port gets opened then the filtering would stop until the 
flow continues and in that duration I'm also able to send normal sip and 
rtp even but if the flow stops for like 5 seconds the filtering begins again.


Some tunnels used this method in the past, they send normal http or https 
traffic both ways and filtering stops and then they send whatever packets 
they want on same port and things start flowing but the isp over time 
figures this out and manages to block it


Earlier within the country VoIP was allowed but since WhatsApp calling and 
Google duo started they apply same filter locally even. The other thing I 
noticed is the closer your are to a ISP Telecom exchange the harder like 
becomes to bypass the block and the farther you are then routers in between 
tend to add their overhead and the packet pattern changes a bit which makes 
life easier to bypass it


On February 20, 2019 1:26:25 PM Giovanni Maruzzelli <gmaruzz at gmail.com> wrote:
> I would give a try webrtc with STUN/TURN on your server on 443, using 
> websocket on port 443 on same server that will serve https on same port. 
> You can use apache reverse websocket proxy, able to discriminate between 
> plain https and ssl websocket requests.
>
> So, in this example, a total of two servers: one dedicated to 
> https/webrtc(sip or verto), one to stun/turn, both servers using ssl on 
> 443. You can optionally add a third server for SIP TLS signaling, this too 
> on 443, with media going through the stun/turn server.
>
> Maybe as codec you want to use a variable rate codec (check your opus 
> config, or another one) and no comforto noise/rtp waste, so you have a 
> (relatively) random traffic pattern, instead of a steady rtp flow.
>
> -giovanni
>
>
> On Tue, Feb 19, 2019 at 10:15 PM Joel Serrano <joel at textplus.com> wrote:
> Bipin,
>
> Did you try the linphone tunnel? AFAIR they encrypt SIP+RTP on client 
> (requires linphone obviously), they also provide a server which receives 
> such connections and pass over the unencrypted SIP+RTP to the backend.
>
> I think it's worth the try... some years ago it got around most blocks we 
> tested. We ended up not implementing it but the initial tests did look 
> good, don't know nowadays though...
>
>
> On Tue, Feb 19, 2019 at 11:59 AM Bipin Patel via FreeSWITCH-users 
> <freeswitch-users at lists.freeswitch.org> wrote:
>
>
>
> ---------- Forwarded message ----------
> From: Bipin Patel <bipin at xbipin.com>
> To: <freeswitch-users at lists.freeswitch.org>
> Cc:
> Bcc:
> Date: Tue, 19 Feb 2019 23:58:21 +0400
> Subject: Re: [Freeswitch-users] VoIP encryption recommendations
>
>
> Btw we have tried almost all codecs and currently using g711u but it's just 
> impossible to get through easily not to mention the isp even blacklists 
> whole data center subnets if they find any data center to be a safe heaven 
> for VoIP providers.
>
> They even have this mechanism that home users if attempt to connect to any 
> blocked service then their IP ends up on a blacklist and then the filtering 
> gets worse for them until they reboot the router which gets them a new IP 
> and things get back to normal
>
> No wonder this region is considered a million dollar market where Microsoft 
> and Facebook itself can't manage to keep Skype and WhatsApp calls even 
> running no matter what.
>
>
> On February 19, 2019 11:50:45 PM Bipin Patel <bipin at xbipin.com> wrote:
>> Hi,
>>
>>
>> The whole sip protocol is blocked and udp VPN don't connect and tcp ones 
>> they delay packets a lot so calls end up heavily choppy. On mobile data the 
>> restrictions are even heavier and if packets are anywhere close to VoIP or 
>> VoIP over VPN etc they get filtered. Etisalat is the isp which buys 
>> blocking equipment from some vendor in UK who specialize in blocking VoIP 
>> and VPN. Last I was told by some person working there was they use a lot of 
>> L7 packet inspectors.
>>
>> Secondly it's not about setting up custom solutions for any company or 
>> client but we generate a lot of retail traffic so users need something that 
>> they can run on mobile etc like a customized dialer. Untill now I used to 
>> give them a openvpn profile which they used to run and then use Zoiper to 
>> place calls but all that is blocked now.
>>
>> Webrtc seems to work as of now coz it's new but there isn't a webrtc based 
>> mobile dialer till now which anyone can install and just use it to place calls
>>
>>
>>
>> On February 19, 2019 9:47:46 PM Sergey Safarov <s.safarov at gmail.com> wrote:
>>> In your case need
>>> 1) increase ptime value to 40;
>>> 2) use codec without compression;
>>> 3) need to enable VAD feature;
>>>
>>> Also you can route torrent client network traffic via VPN together with 
>>> VoIP traffic. This will mask VoIP packets and not allow math your traffic 
>>> to VoIP profile on ISP equipment.
>>>
>>> вт, 19 февр. 2019 г. в 19:53, Bipin Patel via FreeSWITCH-users 
>>> <freeswitch-users at lists.freeswitch.org>:
>>>
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: Bipin Patel <bipin at xbipin.com>
>>> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
>>> Cc:
>>> Bcc:
>>> Date: Tue, 19 Feb 2019 20:24:20 +0400
>>> Subject: VoIP encryption recommendations
>>>
>>> hi,
>>>
>>> i would like the ask the community about VoIP encryption, currently in few 
>>> middle east countries VoIP is officially blocked. The isp are so aggressive 
>>> that they use all sorts of fancy tools to block it including skype calls, 
>>> whatsapp calls etc and are very successful in doing it. So far companies 
>>> like voipswitch and recently few others have been providing tunneling 
>>> mechanisms  to get over this but recently UDP traffic is heavily filtered 
>>> and they go to the extreme of checking packet length and pattern and 
>>> artificially introduce delay, jitter or simply block it if the number of 
>>> hits are high. Switching to TLS/SRTP also doesnt help, it works with some 
>>> isp but as soon as you try same using mobile data it stops working coz they 
>>> match packet length and block based on the profile. ZRTP doesnt work coz a 
>>> normal RTP streams needs to start and then it starts encrypting it but 
>>> those initial RTP get blocked.
>>>
>>> With lack of any more VoIP encryption protocols its almost getting 
>>> impossible to bypass block so has anyone have any ideas of any other modern 
>>> form of encryption which can be used for VoIP (btw VPN are also blocked and 
>>> more over if packet size increases then nothing works on mobile data).
>>>
>>> The market demand of skype replacements is also extremely high coz skype, 
>>> hangouts, whatsapp video, instagram video, viber etc etc, u name it and its 
>>> blocked.
>>>
>>> --
>>> Regards,
>>> Bipin
>>>
>>>
>>>
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: Bipin Patel via FreeSWITCH-users <freeswitch-users at lists.freeswitch.org>
>>> To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
>>> Cc:
>>> Bcc:
>>> Date: Tue, 19 Feb 2019 08:53:29 -0800 (PST)
>>> Subject: [Freeswitch-users] VoIP encryption recommendations
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Services
>>> sales at freeswitch.com
>>> https://freeswitch.com
>>>
>>> Official FreeSWITCH Sites
>>> https://freeswitch.com/oss
>>> https://freeswitch.org/confluence
>>> https://cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> https://freeswitch.com
>
>
>
>
> ---------- Forwarded message ----------
> From: Bipin Patel via FreeSWITCH-users <freeswitch-users at lists.freeswitch.org>
> To: <freeswitch-users at lists.freeswitch.org>
> Cc:
> Bcc:
> Date: Tue, 19 Feb 2019 11:59:01 -0800 (PST)
> Subject: Re: [Freeswitch-users] VoIP encryption recommendations
> _________________________________________________________________________
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
> _________________________________________________________________________
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com
>
>
> --
>
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20190220/ff2295f9/attachment.html>


More information about the FreeSWITCH-users mailing list