At 11:45 1/06/2005 -0700, Shawn Nunley wrote:
>Eric Vyncke [] wrote:
>>IPsec and VoIP work fine together at the expense of a much
>> higher required bandwidth (due to IPsec headers). This may
>> be your case.

>Actually, higher bandwidth is only going to alleviate a problem that is
>related to the volume of data that can be passed between the two endpoints.
>The real problem in using a VPN technology on top of a real-time service
>like voice is latency. If the encryption layer adds any significant latency
>to the conversation, it can really mess with voice traffic. You can add
>bandwidth until you're blue in the face and the problem will still be there.

Of course, you need to get a small latency. I won't argue on that :-)

But, most (if not all) current VPN products are fast enough (most with dedicated HW) so that latency is not a problem nowadays.

And, having helped people to use VoIP over IPsec (even over Internet -- which is what I'm using when teleworking), I can confirm that the two remaining issues are bandwidth (x3 or x4 compared to plain voice) and another issue linked to QoS handling on the slowest link (typically the uplink for residential) where QoS (and specially link fragmentation & interleave over MLPPP) is critical.

Hope this helps


VPN mailing list