<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<body>
<div dir="auto">
<div dir="auto"><div dir="auto" style="font-family: sans-serif; font-size: medium;">Well webrtc currently works coz it's fairly new but how would the end user place calls? Preferred way is using some app rather than through browser and the main aim is to get the port opened on ISP side coz if there is traffic flow and port gets opened then the filtering would stop until the flow continues and in that duration I'm also able to send normal sip and rtp even but if the flow stops for like 5 seconds the filtering begins again.</div><div dir="auto" style="font-family: sans-serif; font-size: medium;"><br></div><div dir="auto" style="font-family: sans-serif; font-size: medium;">Some tunnels used this method in the past, they send normal http or https traffic both ways and filtering stops and then they send whatever packets they want on same port and things start flowing but the isp over time figures this out and manages to block it</div><div dir="auto" style="font-family: sans-serif; font-size: medium;"><br></div><div dir="auto" style="font-family: sans-serif; font-size: medium;">Earlier within the country VoIP was allowed but since WhatsApp calling and Google duo started they apply same filter locally even. The other thing I noticed is the closer your are to a ISP Telecom exchange the harder like becomes to bypass the block and the farther you are then routers in between tend to add their overhead and the packet pattern changes a bit which makes life easier to bypass it</div><div dir="auto" style="font-family: sans-serif; font-size: medium;"><br></div></div><div dir='auto'><br></div>
<div id="aqm-original" style="color: black;">
<!-- body start -->
<div class="aqm-original-body">
<div style="color: black;">
<p style="color: black; font-size: 10pt; font-family: sans-serif; margin: 8pt 0;">On February 20, 2019 1:26:25 PM Giovanni Maruzzelli <gmaruzz@gmail.com> wrote:</p>
<blockquote type="cite" class="gmail_quote" style="margin: 0 0 0 0.75ex; border-left: 1px solid #808080; padding-left: 0.75ex;">
<div dir="ltr"><div>I would give a try webrtc with STUN/TURN on your server on 443, using websocket on port 443 on same server that will serve https on same port. You can use apache reverse websocket proxy, able to discriminate between plain https and ssl websocket requests. <br></div><div><br></div><div>So, in this example, a total of two servers: one dedicated to https/webrtc(sip or verto), one to stun/turn, both servers using ssl on 443. You can optionally add a third server for SIP TLS signaling, this too on 443, with media going through the stun/turn server.</div><div><br></div><div>Maybe as codec you want to use a variable rate codec (check your opus config, or another one) and no comforto noise/rtp waste, so you have a (relatively) random traffic pattern, instead of a steady rtp flow.<br></div><div><br></div><div>-giovanni<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 19, 2019 at 10:15 PM Joel Serrano <<a href="mailto:joel@textplus.com">joel@textplus.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Bipin, <div><br></div><div>Did you try the linphone tunnel? AFAIR they encrypt SIP+RTP on client (requires linphone obviously), they also provide a server which receives such connections and pass over the unencrypted SIP+RTP to the backend.</div><div><br></div><div>I think it's worth the try... some years ago it got around most blocks we tested. We ended up not implementing it but the initial tests did look good, don't know nowadays though... </div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 19, 2019 at 11:59 AM Bipin Patel via FreeSWITCH-users <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br><br><br>---------- Forwarded message ----------<br>From: Bipin Patel <<a href="mailto:bipin@xbipin.com" target="_blank">bipin@xbipin.com</a>><br>To: <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>><br>Cc: <br>Bcc: <br>Date: Tue, 19 Feb 2019 23:58:21 +0400<br>Subject: Re: [Freeswitch-users] VoIP encryption recommendations<br><u></u>
<div>
<div dir="auto">
<div dir="auto"><br></div><div dir="auto">Btw we have tried almost all codecs and currently using g711u but it's just impossible to get through easily not to mention the isp even blacklists whole data center subnets if they find any data center to be a safe heaven for VoIP providers.</div><div dir="auto"><br></div><div dir="auto">They even have this mechanism that home users if attempt to connect to any blocked service then their IP ends up on a blacklist and then the filtering gets worse for them until they reboot the router which gets them a new IP and things get back to normal</div><div dir="auto"><br></div><div dir="auto">No wonder this region is considered a million dollar market where Microsoft and Facebook itself can't manage to keep Skype and WhatsApp calls even running no matter what.</div><div dir="auto"><br></div><div dir="auto"><br></div>
<div id="gmail-m_-386272895840133793gmail-m_-2497045127509366772aqm-original" style="color:black">
<div class="gmail-m_-386272895840133793gmail-m_-2497045127509366772aqm-original-body">
<div style="color:black">
<p style="color:black;font-size:10pt;font-family:sans-serif;margin:8pt 0px">On February 19, 2019 11:50:45 PM Bipin Patel <<a href="mailto:bipin@xbipin.com" target="_blank">bipin@xbipin.com</a>> wrote:</p>
<blockquote type="cite" class="gmail_quote" style="margin:0px 0px 0px 0.75ex;border-left:1px solid rgb(128,128,128);padding-left:0.75ex">
<div dir="auto">
<div dir="auto"><div dir="auto" style="font-family:sans-serif">Hi,</div><div dir="auto" style="font-family:sans-serif"><br></div><div dir="auto" style="font-family:sans-serif"><br></div><div dir="auto" style="font-family:sans-serif">The whole sip protocol is blocked and udp VPN don't connect and tcp ones they delay packets a lot so calls end up heavily choppy. On mobile data the restrictions are even heavier and if packets are anywhere close to VoIP or VoIP over VPN etc they get filtered. Etisalat is the isp which buys blocking equipment from some vendor in UK who specialize in blocking VoIP and VPN. Last I was told by some person working there was they use a lot of L7 packet inspectors.</div><div dir="auto" style="font-family:sans-serif"><br></div><div dir="auto" style="font-family:sans-serif">Secondly it's not about setting up custom solutions for any company or client but we generate a lot of retail traffic so users need something that they can run on mobile etc like a customized dialer. Untill now I used to give them a openvpn profile which they used to run and then use Zoiper to place calls but all that is blocked now.</div><div dir="auto" style="font-family:sans-serif"><br></div><div dir="auto" style="font-family:sans-serif">Webrtc seems to work as of now coz it's new but there isn't a webrtc based mobile dialer till now which anyone can install and just use it to place calls</div><div dir="auto" style="font-family:sans-serif"><br></div><div dir="auto" style="font-family:sans-serif"><br></div></div><div dir="auto"><br></div>
<div style="color:black">
<div class="gmail-m_-386272895840133793gmail-m_-2497045127509366772aqm-original-body">
<div style="color:black">
<p style="color:black;font-size:10pt;font-family:sans-serif;margin:8pt 0px">On February 19, 2019 9:47:46 PM Sergey Safarov <<a href="mailto:s.safarov@gmail.com" target="_blank">s.safarov@gmail.com</a>> wrote:</p>
<blockquote type="cite" class="gmail_quote" style="margin:0px 0px 0px 0.75ex;border-left:1px solid rgb(128,128,128);padding-left:0.75ex">
<div dir="ltr">In your case need<br>1) increase ptime value to 40;<br>2) use codec without compression;<br>3) need to enable VAD feature;<div><br>Also you can route torrent client network traffic via VPN together with VoIP traffic. This will mask VoIP packets and not allow math your traffic to VoIP profile on ISP equipment.</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">вт, 19 февр. 2019 г. в 19:53, Bipin Patel via FreeSWITCH-users <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br><br><br>---------- Forwarded message ----------<br>From: Bipin Patel <<a href="mailto:bipin@xbipin.com" target="_blank">bipin@xbipin.com</a>><br>To: FreeSWITCH Users Help <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>><br>Cc: <br>Bcc: <br>Date: Tue, 19 Feb 2019 20:24:20 +0400<br>Subject: VoIP encryption recommendations<br>
<div bgcolor="#FFFFFF">
<span><span style="font-family:Arial">hi,<br>
<br>
i would like the ask the community about VoIP encryption,
currently in few middle east countries VoIP is officially
blocked. The isp are so aggressive that they use all sorts of
fancy tools to block it including skype calls, whatsapp calls
etc and are very successful in doing it. So far companies like
voipswitch and recently few others have been providing tunneling
mechanisms to get over this but recently UDP traffic is heavily
filtered and they go to the extreme of checking packet length
and pattern and artificially introduce delay, jitter or simply
block it if the number of hits are high. Switching to TLS/SRTP
also doesnt help, it works with some isp but as soon as you try
same using mobile data it stops working coz they match packet
length and block based on the profile. ZRTP doesnt work coz a
normal RTP streams needs to start and then it starts encrypting
it but those initial RTP get blocked.<br>
<br>
With lack of any more VoIP encryption protocols its almost
getting impossible to bypass block so has anyone have any ideas
of any other modern form of encryption which can be used for
VoIP (btw VPN are also blocked and more over if packet size
increases then nothing works on mobile data).<br>
<br>
The market demand of skype replacements is also extremely high
coz skype, hangouts, whatsapp video, instagram video, viber etc
etc, u name it and its blocked.<br>
<br>
</span></span>
<div class="gmail-m_-386272895840133793gmail-m_-2497045127509366772m_-5392227457241306863moz-signature">-- <br>
Regards,<br>
Bipin<br>
<br>
<br>
</div>
</div>
<br><br><br>---------- Forwarded message ----------<br>From: Bipin Patel via FreeSWITCH-users <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>><br>To: FreeSWITCH Users Help <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>><br>Cc: <br>Bcc: <br>Date: Tue, 19 Feb 2019 08:53:29 -0800 (PST)<br>Subject: [Freeswitch-users] VoIP encryption recommendations<br>_________________________________________________________________________<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div>
</blockquote>
</div>
</div>
</div><div dir="auto"><br></div>
</div></blockquote>
</div>
</div>
</div><div dir="auto"><br></div>
</div></div>
<br><br><br>---------- Forwarded message ----------<br>From: Bipin Patel via FreeSWITCH-users <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>><br>To: <<a href="mailto:freeswitch-users@lists.freeswitch.org" target="_blank">freeswitch-users@lists.freeswitch.org</a>><br>Cc: <br>Bcc: <br>Date: Tue, 19 Feb 2019 11:59:01 -0800 (PST)<br>Subject: Re: [Freeswitch-users] VoIP encryption recommendations<br>_________________________________________________________________________<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div>
_________________________________________________________________________<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature">Sincerely,<br><br>Giovanni Maruzzelli<br>OpenTelecom.IT<br>cell: +39 347 266 56 18<br><br></div>
</blockquote>
</div>
</div>
<!-- body end -->
</div><div dir="auto"><br></div>
</div></body>
</html>