|This article does not cite any references or sources. (May 2010)|
A VoIP VPN combines voice over IP and virtual private network technologies to offer a method for delivering secure voice. Because VoIP transmits digitized voice as a stream of data, the VoIP VPN solution accomplishes voice encryption quite simply, applying standard data-encryption mechanisms inherently available in the collection of protocols used to implement a VPN.
The VoIP gateway-router first converts the analog voice signal to digital form, encapsulates the digitized voice within IP packets, then encrypts the digitized voice using IPsec, and finally routes the encrypted voice packets securely through a VPN tunnel. At the remote site, another VoIP router decodes the voice and converts the digital voice to an analog signal for delivery to the phone.
A VoIP VPN can also run within an IP in IP tunnel or using SSL-based OpenVPN. There is no encryption in former case, but traffic overhead is significantly lower in comparison with IPsec tunnel. The advantage of OpenVPN tunneling is that it can run on a dynamic IP and may provide up to 512 bits SSL encryption.
Security is not the only reason to pass Voice over IP through a virtual private network, however. Session Initiation Protocol, a commonly used VoIP protocol is notoriously difficult to pass through a firewall because it uses random port numbers to establish connections. A VPN is also a workaround to avoid a firewall issue when configuring remote VoIP clients.
Installing an extension on a VPN is a simple means to obtain an off-premise extension (OPX), a function which in conventional landline telephony required a leased line from the private branch exchange to the remote site. A worker at a remote location could therefore appear virtually to be at the company's main office, with full internal access to telephone and network.
The protocol overhead caused by the encapsulation of VoIP protocol within IPSec dramatically increases the bandwidth requirements for VoIP calls, thus making the VoIP over VPN protocols too "fat" to be used over a mobile data connections like GPRS, EDGE or UMTS. Although VoIP over VPN is not as usable in mobile environments, it is sometimes used to create "encrypted VoIP trunk" between different sites of a corporations, running VoIP PBX interconnections over a VPN connection.
The recent publication of new VoIP encryption standards built into the protocol, such as ZRTP and SRTP, allow the VoIP client to run without the VPN overhead, integrating with standard features of VoIP PBX without having to manage both the VPN gateway and the PBX.