[TriLUG] More Asterisk Questions

Jon Carnes jonc at nc.rr.com
Wed Nov 9 17:57:59 EST 2005


On Wed, 2005-11-09 at 16:59, Ken Mink wrote:
> As a follow up to my earlier posts, I set up OpenVPN and my remote user is
> using Xten's Eyebeam to connect to our * machine. Everything is connecting
> up fine.
> 
> However, the voice quality is horrible. We've done some testing. If he comes
> in via the vpn, the quality sucks. If I set up port forwarding and he comes
> in that way, the voice quality is good, on par with a cell phone. The
> network path is the same either way. The firewall machine is OLD, a p5-200.
> The question is, do VPNs introduce latency that degrades the voice quality
> by their very nature or is our vpn server so slow that the slow
> encrypting/decrypting is causing it?

The answer to both those questions is yes. Fortunately you really don't
need to do *any* encrypting of the data. You really just want what we
used to call an IP Tunnel - where you tunnel a protocol across the
internet (mainly to bypass firewalls).

I've played with this as well and I can get a decent connection using an
IPSec (very low encryption) tunnel using an OpenBSD box that has a 1Ghz
AMD processor. The added latency in that setup was around 10ms and was
*very* consistent - no packets lost - no excessive buffering - no
fragmenting of packets.

We used G7.29 for the voice (which is incredibly low bandwidth ~15kb/s)
and the quality was about almost indistinguishable from the phones using
our Voice Proxy Firewall. The jitter across the VPN was slightly higher
and any transient latency problems seemed to be magnified for traffic
going the VPN route.

You need to measure your latencies in parallel - across the VPN and
across the internet path. If you are getting significant latency spikes
through the VPN that are not mirrored by the internet access then you
have a problem somewhere.

I would definitely use OpenBSD for the VPN and use a faster processor
(especially if you are using encryption).

The biggest worry - outside of increased latencies - is fragmenting
packets. This will out and out kill your Voice traffic.

>  The second question is what is the best
> codec to use? It's currently set to gsm just because that's what it
> defaulted to. Is there a better choice?
> 
GSM ain't great but as long as your vpn isn't doing any excessive
buffering then it should work fine. The best is G7.29 but you have to
license each endpoint in order to use that. You can get the licensing
through Digium ($10/license).

Good Luck -

Jon Carnes





More information about the TriLUG mailing list