Encrypting VoIP Communications with VPN
If you’re looking to scale your business, VoIP might be just the thing you need. VoIP stands for Voice Over Internet Protocol, and it is a phone service that is used over the Internet.
VoIP has continued to increase in adoption because it is cost effective and eliminates the need for business landlines. Organizations no longer need to tie their phone operations to a particular location. By using VoIP, they can expand and grow beyond the physical limitations of an office.
Businesses all around the world are turning to VoIP for their primary phone systems because it allows them to scale beyond their office walls, save money, and keep people connected regardless of geographical distance.
However, phones of all kinds, including VoIP, can be compromised by hackers. You can add a layer of security to mitigate VoIP security risks with a VPN. This secures your data and voice traffic as the VPN provides VoIP encryption.
VoIP Security Risks and Solutions
Phone calls are typically not very secure. Cybercriminals use a lot of different tactics to listen in on the calls you receive on your cell phone. It’s surprisingly easy for them — criminals can use radio frequency scanners and a digital data interpreter to eavesdrop on unsecured calls. With a VoIP system, however, you can set up a VPN to secure phone calls within your network.
By combining a VPN with your VoIP phone system, you will be able to secure all of your voice and data traffic, as well as secure the devices that your employees are working on. You provide your teams with the encryption to safely handle all kinds of calls, no matter where they are in the world.
VPN and VoIP Security Solutions in Action
Take for instance a tech support company that handles support calls for various customers. When large corporations want to outsource their customer support operations, this tech support company is their first choice. Instead of having a large, physical call center office, this company has its employees take calls from their home offices. Employees can work from home across multiple time zones and the company uses Voice over IP to provide this flexibility. Using VoIP lowers their operating costs substantially.
The customer runs their VoIP infrastructure from their data center. Their VoIP solution does not inherently support security — secure VoIP protocols like SIPS and SRTP are not in use, which means there are some VoIP security risks the company needs to address. Because their employees work from their homes, the need to address the following for their network setup:
- Secure communications over VoIP
- Ensure VoIP works irrespective of an employee’s home network NAT setup
- Flexibility for employees to use a variety of VoIP devices such as desk phones, soft clients on laptops, or smartphones
- Prevent denial of service attacks on their VoIP system by only allowing authentic clients to connect
OpenVPN protocol uses TLS/SSL and is therefore NAT-friendly. It can easily tunnel the VoIP protocols through NAT. Use of the VPN-assigned IP addresses also makes the VoIP devices appear to be on the same private network as the secure VoIP Server. This simplifies VoIP implementation as it does not need to deal with NAT traversal.
The VoIP communication is secured by tunneling it inside of the VPN. Only specific inbound ports used by VPN clients need to be opened for incoming traffic at the data center housing the secure VoIP server. This compares to the need to open a wide range of ports that SIP and SRTP tend to use. Securing VoIP with OpenVPN meets all of the customer’s needs.
The customer installed OpenVPN Access Server in the data center housing the secure VoIP Server. They configured access control to allow access only to the secure VoIP Server. Auto-login profiles were generated and distributed to the employees to import into their VoIP phones or the OpenVPN Connect Client. For employees wanting to use an office phone, Analog Telephone Adapters that support OpenVPN such as Yeastar or IP phones such as those from Snom Technology were recommended.
The use of OpenVPN technology provided security for both the secure VoIP Server at the data center and VoIP communications. VoIP encryption is in place, the VoIP solution is less complicated without the need to deal with the complexities of NAT traversal, and the employees can use their device of choice to conduct business.
How to Secure VoIP Communication with VPN
To begin offering top of the line VoIP Security, you need to deploy Access Server and at least one client, via our OpenVPN client or Connect client.
To deploy Access Server, you can:
- Deploy it yourself, using our Quick Start Guide.
- Deploy a ready-to-launch instance on Amazon Web Services
- Deploy a ready-to-launch instance on Microsoft Azure
- Deploy a ready-to-launch instance on Google Cloud
- Deploy a ready-to-launch instance on Digital Ocean
- Deploy a ready-to-launch instance on Oracle
- Explore some of our more detailed self-deployment options.
The VPN Tunnel service can be configured to use either TCP or UDP. In the TCP case, it can also be configured to forward the Connect Client and/or Admin Web UI services. If service forwarding is used, only one TCP port needs to be made available to Internet clients. If applications requiring UDP communication (such as VoIP) are to be used over the VPN, configuring OpenVPN Access Server to use UDP for VPN Tunneling will result in the VPN tunnel communication being more efficient. In this case, the UDP port (number 1193, by default) on the server must also be made available to Internet clients.