Blocking of VoIP services and VPN
Back to Articles
VoIP SIP Security Regulation VPN

Blocking of VoIP services and VPN

July 27, 2018 3 min
Aivis Olsteins

Aivis Olsteins

The fact that the VoIP is blocked in many countries is not new. The list is very long, and mostly includes African, Middle East, South East Asian and some other countries. There are many resources on the internet which lists those countries, and those lists vary from site to site. That is mostly due to the fact that not all countries or governments admit that they are doing so, or they just don't tell anything at all. The reasons range from willingness to protect legacy (read: state monopoly, very high priced) carriers business which can be eroded by people using much cheaper VoIP services to state surveillance which is lot easier to achieve if number of telecom operators is limited. The situation is more complicated by fact, that the methods of blocking vary from country to country. Not all services are blocked everywhere. There are places which blocks VoIP based services like Skype, but will allow regular SIP calls to be made. Or it can be vice-versa, or they can block both. Then, some relatively forgotten protocol like H.323 or MGCP might work or not. Also techniques to block vary very widely. Perhaps it is related to the level of sophistication of people implementing the services or actual willingness to comply. We have seen schemes very primitive like blocking default SIP port 5060 only. These can be circumvented very easy, by selecting non-standard port. Then, there are techniques which are more sophisticated: by inspecting packed payload and blocking all packets by their contents, e.g. regardless of port used just block all SIP packets. Those blocking methods, in turn can be circumvented by usage of encryption which hides contents of the packets. Most easiest way is to use VPN - it encrypts the traffic and no content is visible to interceptor. I am not a security expert, but I can image that there are methods which allow to detect a VoIP traffic inside of VPN as well.

Lately, small country in Equatorial Africa also joined the list of VoIP blockers. The method of changing default SIP ports did not help, it was at least somehow advanced. We decided to try VPN, and in particular SoftEther VPN server and client. We decided to use its default protocol, Ethernet over HTTPS. The choice was made because SoftEther is reported to have better latency due to full Ethernet frame utilization, which is essential for quality of VoIP conversations. Also, the use of HTTPS protocol on standard port 443 makes it very hard to detect as a something which is not actually a HTTPS. There are many webpages now with HTTPS support, and it would be very difficult for detection system to really distinguish between real HTTPS web traffic and SIP traffic hidden on VPN disguised as HTTPS.

The results were good: the SIP sessions were possible to establish, with any standard SIP device, and without changing anything in the SIP configuration (both server and client). The voice quality was reported by both parties, inside the blocked region and other party outside to be of high quality.

The soltion is now available for our SIP customers of DataTechLabs Cloud services.

Share this article

Aivis Olsteins

Aivis Olsteins

An experienced telecommunications professional with expertise in network architecture, cloud communications, and emerging technologies. Passionate about helping businesses leverage modern telecom solutions to drive growth and innovation.

Related Articles

Case Study: Global Communications Company

Case Study: Global Communications Company

A leading communications company used our cloud Voice platform to send 30 million OTP calls per month to their customers, resulting in cost reduction and incrased conversion

Read Article
Bridging The Delay Gap in Conversational AI: The Backpressure Analogy

Bridging The Delay Gap in Conversational AI: The Backpressure Analogy

Conversational AI struggles with the time gap between text generation and speech synthesis. A “backpressure” mechanism, akin to network data flow control, could slow text generation to match speech synthesis speed, improving user interaction.

Read Article
How Voice AI Agents Can Automate Outbound Calls and Unlock New Opportunities for Businesses: A Deeper Dive

How Voice AI Agents Can Automate Outbound Calls and Unlock New Opportunities for Businesses: A Deeper Dive

AI voice agents transform healthcare scheduling by reducing costs, administrative tasks, and no-shows. They offer 24/7 service, multilingual support, proactive reminders, and valuable insights, improving efficiency and patient experiences.

Read Article
How to Fix Your Context: Mitigating and Avoiding Context Failures in LLMs

How to Fix Your Context: Mitigating and Avoiding Context Failures in LLMs

Larger context windows in LLMs cause poisoning, distraction, confusion, and clash. Effective context management (RAG, pruning, quarantine, summarization, tool loadouts, offloading) remains essential for high-quality outputs.

Read Article

SUBSCRIBE TO OUR NEWSLETTER

Stay up to date with the latest news and updates from our telecom experts