Source: snapvoip.blogspot.com

As VoIP business users in countries like Dubai are being blocked. Many users are turning to VPN solutions to allow the ability to use VoIP and get around the current blocking issue. This however is an expensive and unnecessary solution as SpeedVoip Technology able to resolve this issue. SpeedVoIP has released a betyter solution for Voip Blocking called VGCP (VoiceGuard Control Protocol) .

1. Overview

Yahoo messenger, Skype, Microsoft Messenger and Vonage offer a subscriber the ability to "call" someone using Softphone/Gateway ATA/IPPhone/IAD. However, several ISPs are blocking or degrading this service in order to force a consumer to use a ISP sponsored service. States such as the UAE block this technology outright while US corporations, such as Clearwire, claim that they might degrade the quality of competing services by adding choppy and delayed services.
SpeedVoIP is a leader in circumventing VoIP blocking imposed by ISP or Telco. For vision of Net Neutrality, VoiceGuard @ is created to address a growing number of ISPs who either degrade or block voice services over their networks. VoiceGuard @ gives choice back to the subscribers or customers of ITSP.

2. Technology

VGCP(Voice Guard Control Protocol)

VGCP is a proprietary layer 2 link protocol working at between IP stack and nic driver for VoIP anti-blocking. The core patent-pending VGCP is industry’s most state-of-the-art voice service provider class security protocol whose scalability and flexibility results in not to compromise voice quality and overhead. VGCP controls and monitors full voice signaling and media flow intelligently, meanwhile disguises sip and rtp packets into normal allowed data packets such as DNS and TFTP, and makes two-way encryption and decryption driven by user-customized policy. VGCP is fully transparent to upper SIP proxy or UA which means VoiceGuard can work with any 3rd-party Softphone/ATA/Gateway/IPPhone/IADs and SIP proxy or server not like some competitors which take effect on their own device and softswitch.

SidePass

Due to unique architecture, when deploying VoiceGuard Border Controller(VGBC) at customer CPE side, VGBC can work in the way similar to that of soho router, but it only encrypts and decrypts SIP and RTP packets on link layer, not to handup these packets to IP stack for forwarding while bypassing other data packets originating from SIP terminals. In this scenario, peak throughput and minimal CPU overhead can be easily achieved.

TrafficDisturb

Current leading carrier-class VoIP blocking platform such as NarusInsight can detect VoIP traffic with a special algorithm“traffic classification in the dark” which filters VoIP traffic based on behavioral-signature model. Compared with previous one of payload-signature model, NarusInsight is more sophisticated and robust. After deep study into traffic behavior of SIP UA, Proxy and Registrar, VoiceGuard can real-time incorporate light-weight traffic for puzzling and bypassing VoIP blocking system without consuming more bandwidth and compromising voice quality. Even in some circumstance, VoiceGuard can simulate traffic behavior of universal data networking protocol such as OICQ, MSN and so on.

3. Key Features

• Maximum call completion rate and maximum voice service duration

• SIP core standards and a variety of drafts supported

• Proprietary link layer protocol for controlling

• Any 3rd-party Softphone/ATA/Gateway/IPPhone/IAD and SIP Proxy/Registrar/SBC supported

• The most comprehensive codec including g.711/g.723/g.729ab/iLBC/gsm/speechX supported

• Bypassing Narus and Verso platform detection

• Flexible user-customized encryption policy driven

• Strict call path protection and security up to termination

• Only simultaneous signaling/media/T.38 fax packet support across any firewall.

• No network or firewall modification is required.

• Excellent voice quality without any latency and performance compromise

• Small footprint terminal SDK .

• Available on all major platforms.

SpeedVoIP

Source: snapvoip.blogspot.com

As VoIP business users in countries like Dubai are being blocked. Many users are turning to VPN solutions to allow the ability to use VoIP and get around the current blocking issue. This however is an expensive and unnecessary solution as SpeedVoip Technology able to resolve this issue. SpeedVoIP has released a betyter solution for Voip Blocking called VGCP (VoiceGuard Control Protocol) .

1. Overview

Yahoo messenger, Skype, Microsoft Messenger and Vonage offer a subscriber the ability to "call" someone using Softphone/Gateway ATA/IPPhone/IAD. However, several ISPs are blocking or degrading this service in order to force a consumer to use a ISP sponsored service. States such as the UAE block this technology outright while US corporations, such as Clearwire, claim that they might degrade the quality of competing services by adding choppy and delayed services.
SpeedVoIP is a leader in circumventing VoIP blocking imposed by ISP or Telco. For vision of Net Neutrality, VoiceGuard @ is created to address a growing number of ISPs who either degrade or block voice services over their networks. VoiceGuard @ gives choice back to the subscribers or customers of ITSP.

2. Technology

VGCP(Voice Guard Control Protocol)

VGCP is a proprietary layer 2 link protocol working at between IP stack and nic driver for VoIP anti-blocking. The core patent-pending VGCP is industry’s most state-of-the-art voice service provider class security protocol whose scalability and flexibility results in not to compromise voice quality and overhead. VGCP controls and monitors full voice signaling and media flow intelligently, meanwhile disguises sip and rtp packets into normal allowed data packets such as DNS and TFTP, and makes two-way encryption and decryption driven by user-customized policy. VGCP is fully transparent to upper SIP proxy or UA which means VoiceGuard can work with any 3rd-party Softphone/ATA/Gateway/IPPhone/IADs and SIP proxy or server not like some competitors which take effect on their own device and softswitch.

SidePass

Due to unique architecture, when deploying VoiceGuard Border Controller(VGBC) at customer CPE side, VGBC can work in the way similar to that of soho router, but it only encrypts and decrypts SIP and RTP packets on link layer, not to handup these packets to IP stack for forwarding while bypassing other data packets originating from SIP terminals. In this scenario, peak throughput and minimal CPU overhead can be easily achieved.

TrafficDisturb

Current leading carrier-class VoIP blocking platform such as NarusInsight can detect VoIP traffic with a special algorithm“traffic classification in the dark” which filters VoIP traffic based on behavioral-signature model. Compared with previous one of payload-signature model, NarusInsight is more sophisticated and robust. After deep study into traffic behavior of SIP UA, Proxy and Registrar, VoiceGuard can real-time incorporate light-weight traffic for puzzling and bypassing VoIP blocking system without consuming more bandwidth and compromising voice quality. Even in some circumstance, VoiceGuard can simulate traffic behavior of universal data networking protocol such as OICQ, MSN and so on.

3. Key Features

• Maximum call completion rate and maximum voice service duration

• SIP core standards and a variety of drafts supported

• Proprietary link layer protocol for controlling

• Any 3rd-party Softphone/ATA/Gateway/IPPhone/IAD and SIP Proxy/Registrar/SBC supported

• The most comprehensive codec including g.711/g.723/g.729ab/iLBC/gsm/speechX supported

• Bypassing Narus and Verso platform detection

• Flexible user-customized encryption policy driven

• Strict call path protection and security up to termination

• Only simultaneous signaling/media/T.38 fax packet support across any firewall.

• No network or firewall modification is required.

• Excellent voice quality without any latency and performance compromise

• Small footprint terminal SDK .

• Available on all major platforms.

SpeedVoIP

Source: snapvoip.blogspot.com

Siproxd is an proxy/masquerading daemon specially designed for SIP protocol. It handles registrations of SIP clients on a private IP network and performs rewriting of the SIP message bodies to make SIP connections possible via an masquerading firewall. It allows SIP clients (like kphone, linphone) to work behind an IP masquerading firewall or router. It could also be installed on the firewall itself. Installation is very simple as well.

SIP (Session Initiation Protocol, RFC3261) is used by Softphones and Hardphones (Voice over IP) to initiate a VoIP communication. By itself, SIP does not work via masquerading firewalls as the transfered data contains IP addresses and port numbers.

STUN servers are used to help SIP clients to figure out its public visible IP address and use this one instead of th non routable IP address. As a drawback, usually on the firewall, a wide range of ports must be opened up for the incoming RTP traffic and the SIP client must also support STUN, which most of them do.

Siproxd provides another approach (application layer proxy) and places itself as outbound proxy in between the local SIP client and the remote SIP client or SIP registrar. It rewrites the SIP traffic on the fly and also includes a RTP proxy for incoming and outgoing RTP traffic (the actual audio potion of a SIP based VoIP call). The port range for receiving RTP data is configurable, so the firewall needs to allow /open only a small port range.

Now here is the Masquerading Asterisk Server;

The Asterisk server will register itself as a SIP UA (Client) to an external SIP registrar. In this example sipphone.com is used as the external SIP provider. As Asterisk does not allow to specify an SIP outbound proxy we need to use transparent proxying. The context values of the asterisk configuration needs to be adapted to fit your needs.

Various Configuration files;

siproxd.conf:

if_inbound = eth0
if_outbound = ppp0
hosts_allow_reg = 10.0.0.0/24
sip_listen_port = 5060
daemonize = 1
silence_log = 1
log_calls = 1
user = siproxd
registration_file = /var/lib/siproxd_registrations
pid_file = /var/run/siproxd/siproxd.pid
rtp_proxy_enable = 1
rtp_port_low = 7070
rtp_port_high = 7089
rtp_timeout = 300
default_expires = 600
debug_level = 0
debug_port = 0

Firewall configuration (iptables):

# redirect outgoing SIP traffic to siproxd (myself)
iptables -t nat -A PREROUTING -m udp -p udp -i eth0 \
–source 10.0.0.11 –destination-port 5060 -j REDIRECT
# allow incoming SIP and RTP traffic
iptables -A INPUT -m udp -p udp -i ppp0 –dport 5060 -j ACCEPT
iptables -A INPUT -m udp -p udp -i ppp0 –dport 7070:7080 -j ACCEPT

Asterisk configuration (SIP related part):

Note: Very important are the fromuser and fromdomain keywords in the client section. They are required to have Asterisk send the correct From headers in SIP dialogs.

sip.conf:

[general]
port = 5060 ; Port to bind to (SIP is 5060)
bindaddr = 0.0.0.0 ; Address to bind to (all addresses on machine)
context = from-sip-external ; Send unknown SIP callers to this context
callerid = Unknown
defaultexpirey = 900

; codecs
disallow=all
allow=gsm ; 13 Kbps
allow=ulaw ; 64 Kbps
allow=alaw ; 64 Kbps

; SIP Trunk to sipphone.com you can use you own outbound SIP trunk here
; the SIP number is taken randomly for this example
register=17476691234:@proxy01.sipphone.com

[17476691234]
type=user
nat=never
context=from-pstn
canreinvite=no

[sipphone1]
username=17476691234
type=peer
qualify=2000
host=proxy01.sipphone.com
fromuser=17476691234
fromdomain=proxy01.sipphone.com
context=from-pstn
canreinvite=no
secret=

; local SIP extensions
[200]
username=200
type=friend
secret=XXXXXX
qualify=500
port=5060
pickupgroup=
nat=never
mailbox=
host=dynamic
dtmfmode=rfc2833
disallow=
context=from-internal
canreinvite=no
callgroup=
callerid="Extension 200"
allow=all

There you have it, a firewalled Asterisk server or Trixbox.

Links;
SIPROXD at Sourceforge.net

Source: snapvoip.blogspot.com

It was a year full of achievements and events for OpenSER in 2006. The release in summer (OpenSER 1.1.0), and a continuous increase in features set, development and robustness of OpenSER. What was new in 1.1.0 could be read in the link given below.
Since then the Development community has expanded features and capabilities of the OpenSER and intend to release a new version, very soon.
Some of the intended features for the next version, OpenSER 1.2.0 and the beginning of 2007 are;
- domainpolicy – policies to connect federations
- imc – instant messaging conferencing
- mi_fifo and mi_xmlrpc – FIFO and XMLRPC transports for the new management interface (MI)
- perl – embed perl programming in configuration file
- presence – SIMPLE Presence Server implementation
- pua, pua_mi, pua_usrloc – presence user agent client implementations for user location records and management interface
- seas – connector to SIP Application Server – WeSIP – Java SIP Servlet Application Server (http://www.wesip.eu)
- snmpstats – SNMP (Simple Network Management Interface) interface to OpenSER statistics
- sst – SIP session timer support
- xmpp – transparent SIP-XMPP gateway

Read more about these in documentation section for OpenSER 1.2.0 in the link given below.

I am looking forward to see OpenSER opening more doors in VoIP IP Telephony and SIP technology in 2007

Links;
What was new in OpenSER 1.1.0
OpenSER 1.2.0 documentation