IV. Voice-over-IP (VoIP)

To use VoIP encryption, you will need to have your DrayTek routers installed with the latest firmware which supports VoIP Encryption. For the Vigor 2820Vn, that is firmware version 3.3.2 or later. Each router should be set up with its own SIP account with a registrar (for example DrayTEL).

Firstly note:

• VoIP Encryption works only for SIP-to-SIP calling. You cannot use direct IP addresses or calls to/from the PSTN.
• Your call is not encrypted until you have both heard the same shared key.

Actually, this is the shortest instruction in the world - there is no special setup for VoIP encryption. When you make a VoIP SIP-to-SIP call, your router will automatically try to negotiate encryption with the remote end. If both ends are compatible, it takes about 10 seconds to set up the encryption and once operating, you will both hear a voice telling you your 'shared' secret. That indicates that you are now encrypted and if the shared secret is the same at both ends, you aren't subject to any MitM attack (Man-in-the-Middle). On the VoIP status page in the router's web interface, the call status will go green to also indicate encryption and the remote party is shown with the shared key prefixing their ID.

If you prefer, you can force known users to be encrypted; if both ends put the other (remote) party into their router's dial-lan (phone book) and check the option for ZRTP+SRTP then if encryption cannot be established, the call is abandoned.

Dial-Plan (Phone Book) Setup on the New York router.

How do you rate this article?