Good afternoon. We’re sitting down today with VirtualPBX Chief Technology Officer Daniel Ruiz to ask him a few questions about how VPN for VoIP works. We’ve encountered a few new customers recently who left their previous provider because that provider was no longer offering the ability to use VPN. Many businesses have legitimate reasons for using VPNs to protect their environments, and losing that option can be a huge dealbreaker for them.
(Rachel Anderson, CMO) So let's start with the basics. Daniel, why do businesses use VPNs? What are the main reasons?
(Daniel Ruiz, CTO) The main reason VPNs became so popular is to secure the communication between two endpoints. There are now other reasons a company or person might use a VPN, such as bypassing geo-restrictions, avoiding throttling by service providers, and securing communication over public networks.
Some VoIP providers aren't allowing companies to use VPNs. How would a business normally use a VPN in conjunction with VoIP services?
A business may use a VPN to bypass certain restrictions. Once connected to a VPN, the user should be able to use the network as if it were their own. Since all communication is encrypted, the service provider cannot inspect the traffic going through that VPN. This means businesses can use VoIP or other applications securely within the VPN.
If that's the case, why would a VoIP provider restrict VPN traffic?
That’s a good question. Sending VoIP traffic through a VPN can be affected by latency and packet loss. If the VPN service isn’t optimized, users can experience issues. That might be the main reason why some VoIP providers restrict VPN use—because it can lead to disputes with customers about whether the issue is caused by the VPN or the VoIP provider’s service.
Interesting. If businesses want to ensure good audio quality while using a VPN, how can they do that?
There are several ways. They can use optimized VPNs, such as OpenVPN, or newer standards that allow for split tunneling, where some traffic goes through the VPN and some does not. Businesses can also use Quality of Service (QoS) settings within the VPN to prioritize VoIP traffic.
We clearly allow businesses to use VPNs, and that doesn't mean our customers aren't protected. If businesses choose to use VPNs for security, how can they do that with or without a VPN?
The main reason to use a VPN is to encrypt data between endpoints. Another common use case is to bypass geographic restrictions. Some countries do not allow VoIP services to exit the country, so businesses use VPNs to connect through another country.
A lot of our competitors are probably restricting VPNs to control which locations can access their services.
Yes, that could be the case. They may not want their service used in specific countries, so they claim they don’t support VPNs as a workaround.
You mentioned encryption earlier. Encryption is certainly an option within our business phone product—we offer encrypted VoIP calls, and it's an easy setting to enable in our system. You also touched on how VPNs can affect call quality and mentioned QoS. Can you explain that term for those who may not be familiar?
Quality of Service (QoS) is used to prioritize traffic on a network. Not all internet service providers offer this, but businesses can configure it within their firewall. This became a big issue when streaming media became popular—call centers were affected the most because agents would stream music while taking calls. If QoS isn’t used, VoIP and streaming traffic compete for bandwidth, leading to poor call quality, robotic voices, or dropped calls.
That makes sense. So in shared office spaces where many people are using the internet, QoS would be a great recommendation?
Yes, definitely. There are other solutions as well, such as segmenting the network into subnets. For example, businesses can set firewall rules that allow agents to make and receive calls but block music or video streaming on their work network. Meanwhile, administrators might be allowed to stream media but with VoIP traffic prioritized.
We've talked about different ways businesses can manage their internet traffic. Given how critical VoIP is, losing a sales due to poor call quality from someone streaming music is unacceptable. Businesses need to consider their internet provider, capacity, and traffic management. We also discussed encryption in the VirtualPBX business phone product. Are there any other security considerations businesses should make when choosing a VoIP provider?
There are two key components in a VoIP call: signaling and the actual voice traffic. Both need to be secured. If signaling isn’t encrypted, information like caller ID, caller name, and phone numbers can be exposed. The voice portion, RTP (Real-time Transport Protocol), also needs to be encrypted. Businesses should ensure their VoIP provider offers encryption for both.
How does this apply to devices? With VirtualPBX, we offer mobile and desktop applications, a browser-based Web Phone, and hardware options like desk phones and conference phones. How do these work with a VPN?
Once you connect to a VPN, traffic is secured. However, it depends on the VPN provider. If you’re using a third-party VPN service, encryption is only in place while data is within that VPN. Once it exits, it may no longer be encrypted. If a business runs its own VPN, they are securing the traffic between endpoints, but once the data leaves their network and goes to the internet, it may not be encrypted. That’s why it’s important to use Secure RTP (SRTP) and encrypted SIP (Session Initiation Protocol) to ensure end-to-end security.
How does VirtualPBX handle this?
We support SRTP and secure SIP across our network. This ensures communication from our endpoints—whether softphones, Web Phones, or desk phones—is encrypted end-to-end.
That’s great. I know customers often ask about that. Some internet service providers restrict VoIP functionality—T-Mobile, for example, used to block VoIP on home routers. What can customers do if their ISP blocks VoIP?
Some ISPs block VoIP outright, while others use the same network ports for their own VoIP services, preventing customers from using a different provider. In those cases, the best solution is to switch ISPs. Even if you find a workaround, there’s nothing stopping the ISP from blocking it again later.
That’s especially relevant for remote employees working from home. Businesses need to ensure their employees can make and receive calls reliably.
Yes, exactly.
We've already had several customers looking for a new provider that allows VPNs for VoIP. For businesses currently with a provider that no longer supports VPNs, what steps should they take?
First, confirm whether the provider truly doesn’t support VoIP over VPN. If they do support secure SIP and SRTP, it’s better to use those rather than relying on a VPN. However, in some cases, like in Florida, where internet quality can be inconsistent, using a VPN to route calls through a more stable region has resolved issues like packet loss and robotic voices.
That’s really interesting. Some VoIP providers block VPNs due to perceived quality issues, but in some cases, VPNs can actually improve call quality.
Yes, exactly. In places where internet service is unreliable, a VPN can provide a more stable connection and solve call quality problems.
If businesses know VPNs work for them but their provider doesn’t allow it, what should they do?
Find a new provider that does. Even if they find a temporary workaround, their provider may block it again later.
That makes sense. Are there any final thoughts on VPNs for VoIP or network security that we haven’t covered?
I think we covered the basics.
Well, if anyone has more questions, Daniel leads a very knowledgeable team that has dealt with every scenario—from call quality issues to network restrictions and VPNs.
Yes, we have.
Fantastic. If you have questions, come to us. Thank you, Daniel, for answering our questions about VPNs for VoIP.
Thank you, Rachel.
