<div dir="ltr"><div>I have (on a rural area DSL line) a desk phone registered directly on line 1, and line 2 over the VPN, whenever someone on line 1 tells me I couldn't hear you well, I am saying calling you back with another line, every time they will respond immediately Ah. Now your voice is much better.</div><div>TCP connections are also much more reliable over the VPN than direct.</div><div>I am using WG over UDP with MTU 80 bytes lower than the worst case general MTU.</div><div><br></div><div>I digged through my issue, and found that some hops in my long list of local hops (last mile/s) are very unreliable, and not responding when they drop (crime #1) a big packet even if DF was set (crime #2), so best for me was to have wireguard do the fragmentation on my side, as well as signal to the TCP connections to lower their MSS automatically.</div><div>In other cases a VPN will also be able to patch TCP issues related to asymmetric routing, or firewall timeouts.</div><div><br></div><div>To be noted, </div><div>#1 VPN device CPU should be fast enough to do the packaging, as there is usually no hardware assistance for the VPN prepackaging.. a good gigabit router could easily become a source of latency when it involves something more than passing/nating packets between ports</div><div>#2 having a VPN without adjusting the MTU (either manually or automatically) will increase packet loss, this is the source of the myth that VPN is a overhead for VOIP</div><div><br></div><div>My understanding in networking may be flawed but this is my practical experience accumulated so far.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Mar 9, 2024 at 4:00 PM Alex Balashov via VoiceOps <<a href="mailto:voiceops@voiceops.org">voiceops@voiceops.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">No, it's true, consider me appropriately humbled. I underappreciated the nuance of this issue. I thought we were talking about something closer to the physicality of networks, not packet inspection/filtering/etc.<br>
<br>
-- Alex<br>
<br>
> On 9 Mar 2024, at 08:11, James Cloos <<a href="mailto:cloos@jhcloos.com" target="_blank">cloos@jhcloos.com</a>> wrote:<br>
> <br>
>>>>>> "AB" == Alex Balashov writes:<br>
> <br>
>>> I don't trust last mile networks to reliably deliver SIP calls. I usually end up putting them into VPNs, TLS, etc.<br>
> <br>
> AB> VPNs and TLS make last-mile networks more reliable? :-) <br>
> <br>
> on the vpn side, wireguard (which runs over udp) certainly does.<br>
> <br>
> I imagine ipsec sometimes can, too. but wg is easier.<br>
> <br>
> -JimC<br>
> -- <br>
> James Cloos <<a href="mailto:cloos@jhcloos.com" target="_blank">cloos@jhcloos.com</a>><br>
> OpenPGP: <a href="https://jhcloos.com/0x997A9F17ED7DAEA6.asc" rel="noreferrer" target="_blank">https://jhcloos.com/0x997A9F17ED7DAEA6.asc</a><br>
<br>
-- <br>
Alex Balashov<br>
Principal Consultant<br>
Evariste Systems LLC<br>
Web: <a href="https://evaristesys.com" rel="noreferrer" target="_blank">https://evaristesys.com</a><br>
Tel: +1-706-510-6800<br>
<br>
_______________________________________________<br>
VoiceOps mailing list<br>
<a href="mailto:VoiceOps@voiceops.org" target="_blank">VoiceOps@voiceops.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/voiceops" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/voiceops</a><br>
</blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><b>Pinchas S. Neiman</b></div><div>Software Engineer At ESEQ Technology Corp.</div><div>845.213.1229 #2</div><img width="200" height="68" src="https://ci3.googleusercontent.com/mail-sig/AIorK4z1Lx063u893FlkIV1C3aJbVPjgKnaA2Xu8q_iPdyFOnK_JX05usgghpAIwmPqB-1t-3fdaShNHoCPf7fFwa1twYZt-xjsBZheqmsCQrg"><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div>