Expired

IV. Voice-over-IP (VoIP)

Expired

VoIP FAQ: Encryption

Products:
Vigor 2760
Vigor 2762
Vigor 2763
Vigor 2765
Show all

Keywords:
Encrypted
Encryption
SRTP
VoIP
Show all

To use VoIP encryption, you will need to have your DrayTek routers installed with the latest firmware which supports VoIP Encryption. For the Vigor 2820Vn, that is firmware version 3.3.2 or later. Each router should be set up with its own SIP account with a registrar (for example DrayTEL).

Firstly note:

  • VoIP Encryption works only for SIP-to-SIP calling. You cannot use direct IP addresses or calls to/from the PSTN.
  • Your call is not encrypted until you have both heard the same shared key.

Actually, this is the shortest instruction in the world - there is no special setup for VoIP encryption. When you make a VoIP SIP-to-SIP call, your router will automatically try to negotiate encryption with the remote end. If both ends are compatible, it takes about 10 seconds to set up the encryption and once operating, you will both hear a voice telling you your 'shared' secret. That indicates that you are now encrypted and if the shared secret is the same at both ends, you aren't subject to any MitM attack (Man-in-the-Middle). On the VoIP status page in the router's web interface, the call status will go green to also indicate encryption and the remote party is shown with the shared key prefixing their ID.

VoIP Encryption Active

If you prefer, you can force known users to be encrypted; if both ends put the other (remote) party into their router's dial-lan (phone book) and check the option for ZRTP+SRTP then if encryption cannot be established, the call is abandoned.

New York Router Dial-plan setup
Dial-Plan (Phone Book) Setup on the New York router.

How do you rate this article?

1 1 1 1 1 1 1 1 1 1