VoIP tunneling and encryption -short description

    By using encrypted VoIP transport users will be able to communicate confidentially and your VoIP traffic cannot be sniffed and blocked by third party agencies or corporate firewalls.
    Mizu VoIP tunnel is a special VoIP software whose task is to encrypt all communication from/to the clients and to forward the calls to your server(s) using the common SIP protocol. The UDP level encryption will not add any overhead to your network traffic and can work completely transparent. If necessary then will automatically switch to TCP or HTTP. The server is based on a B2B VoIP softswitch unlike traditional VPN solutions which doesn't know anything about the transport they carry.
    Several ISPs, Telco’s and countries like UAE, Iran, Dubai or Oman (Gulf Countries and others) are filtering VoIP or degrading the media in order to force a consumer to use their own VoIP or traditional PSTN services. Using Mizutech built-in encryption you can forget all about these issues. These solutions can work in VoIP networks provided by Mizutech or can be seamlessly integrated in your network without any configuration change in your existing servers.
    The encryption will allow VoIP usage in any countries bypassing VoIP blockages (unlike srtp,zrtp or VPN encryption which can be easily detected by VoIP filters)
    The Mizu VoIP tunneling solution is suitable for ITSP, carriers, call termination, wholesalers, resellers and voip service providers.
    Using the SaaS service (tunnel service hosted by us), you just need to provide us your VoIP server(s) address and branding details. Then you will receive customized softphone for all platforms ready to be used by your customers.
In case if you choose the lifetime license, then you will have to provide a server to host the tunneling service. This can be the same with your VoIP server or a separate box near it.
There is no need to change any settings on your existing VoIP server(s) and no maintenance tasks associated. The tunnel is completely transparent for your users, they will just use a softphone or webphone as normally to make or receive VoIP calls. Our support team is working continuously to make this service hassle free by implementing the latest security standards and changing/adding more obfuscations if required.


What is a voip tunneling server?

VoIP tunneling server refers to a service that interconnects VoIP endpoints with VoIP servers in a way to provide complete endpoint to provider security using different transport methods and bypassing VoIP specific traffic filtering.


How it works?

Any VoIP communication is subject to the same security vulnerabilities as any other form of data on a shared infrastructure. These security concerns were addressed in the National Institute of Standards and Technology's (NIST) paper Security Considerations for Voice over IP Systems

The Mizu tunneling solution has various built-in methods to encrypt both the media and the signaling and to bypass all kind of NAT's, firewalls and voip filtering including the usage in UAE or corporate firewalls.

-encrypted UDP (using a random UDP port. This is usually enough in voip blocked countries like UAE)
-encrypted TCP tunneling (using the standard SSL port so it will bypass most of the firewalls)
-encrypted HTTP tunneling (using the standard HTTP port so it will bypass all corporate proxy systems)

The client might connect trough one of the remote proxies if you are using our distributed network (service included in the standard tunnel license).

The UDP transport doesn’t have any network overhead compared to normal VoIP(SIP/RTP) and has the same quality.
The TCP tunneling has even better quality, but it doesn’t tolerate too much packet loss so good than UDP does.
The HTTP tunneling has between 5% and 35% overhead and needs more server side resources (but it is needed only from behind corporate firewalls when the only single route is via the local http proxy). It can bypass almost all HTTP proxy servers with streaming support.

The client software will always choose the best performing method that works on the enduser network. The network discovery is done on the software startup and it takes around one second.

More technical details

For server to server tunneling the software includes an efficient UDP based module using encrypted short living random streams to bypass VoIP filters.

Included software and services

  • Tunneling server or service (including backups, backup servers and load balancing when needed)
  • Distributed tunnel proxy network (used for VoIP blocked countries to prevent IP/DNS blockage)
  • Client side:
  • Support
    • Free trial period (pay only if you are satisfied)
    • Server setup/configuration
    • 24/7 critical support

The tunneling module is also part of our VoIP softswitch. If you don't already have a VoIP server, then you should order the Softswitch (with the tunneling module selected) instead of the Tunnel service.


Risk free
Mizutech provide a trial period. You have to pay only after the successful test period.

Multiple different encryption method and onion protocol encapsulation using random path and protocols allows you to bypass all kind of VoIP blockage including deep packet filter solutions.

The Mizu Tunnel server act as a transparent gateway between your softswitch and the VoIP clients. No any settings changes are required to be made on your server/softswitch/PBX for this to work.

Bypass all kind of VoIP filtering with no or minimal overhead using low-delay UDP streaming whenever possible (auto failover to TCP or HTTP if needed)

Architecture advantages
Easy to deploy, no need to modify your existing voip server configuration, quick to market.

Performance, troughoutput and scalability
Up to 6000 simultaneous calls, easy to add more servers or implement load-balancing. One tunneling server can handle all your VoIP softswitches (in case if you have more than one)
With the Mizu tunneling server you can also offload a lot of load from your server (for example user to user calls can be handled entirely by the tunneling server).

Rich features
The Mizu tunneling solution is based on a full featured softswitch. All class 5 features are supported so you can add more features to your users even if your existing server doesn't have support for it (for example chat and presence). In addition the tunneling server comes with Mizutech voip clients which you can use to diversify your voip portfolio.

Client to server tunneling
Distribute our customized softphone or create your own using the SDK.

Server to server tunneling
High performance encrypted and obfuscated tunneling between SIP servers using multiple asymmetric short living UDP streams to bypass any VoIP blockade.

The Mizu tunneling service automatically adapts to the user network circumstances and it is prepared for further enhancement to prevent the usage of new blocking technologies.

Comes with a variety of SIP clients
With the tunneling solution you will automatically have access to all of our VoIP clients including Windows dialer, Android client and cross-platform webphone.

The Mizutech support team can handle all the installations and configuration tasks and once it is properly configured, there is no maintenance tasks involved.


  • SIP core standards and a variety of drafts supported supporting voice and video calls, registration, presence and messaging using the SIP/RTP/RTCP protocol suite
  • Bypass all VoIP blockages, NAT's, firewalls, deep packet inspections, STUN and HTTP proxies
  • 12 different transport method (using UDP, TCP or HTTP) to bypass all packet filterings
  • Connects via multiplexing (all traffic in a single port) or uses multiple random ports and multiple peers (to prevent ISP VoIP blockage)
  • Standard and proprietary encryption (based on TLS/DTLS/SRTP/RSA/Blowfish)
  • Sophisticated obfuscations (this is used only in countries where VoIP is blocked)
  • Distributed proxy network to prevent server IP blockage and adding more obfuscation
  • Server to server tunneling (encrypted and obfuscated SIP trunks between countries)
  • Advanced in-call streaming and de-multiplexing (will use multiple-different streams for upload/download in a single call). For example for one call it might use 10 FTP stream for upload and 10 HTTP streams for download
  • Bypassing Narus, Verso and other deep packet inspection platforms detection
  • Prevents DNS spoofing / DNS cache poisoning
  • Call termination to VoIP-GSM gateways
  • Built-in bandwidth saver / bitsaver without any quality compromise
  • Enforcing high QoS by auto adjusting the transport level parameters based on network circumstances and RTP/RTCP statistics
  • Built-in registrar server, sip proxy, IM/presence server and b2b sip stack
  • IM (chat), SMS, Presence (SIP/SIMPLE) and video support
  • All class 5 and PBX features are supported: call hold, transfer, forward, conference, voicemail, speed dial etc
  • Transparent for your server (no any setting changes are needed)
  • Works with any SIP server (Asterisk, OpenSIPS, Cisco, FreePBX, Huawei, VoIPSwitch and all others) and all clients (Cisco PAP2, IP Phones, Linksys ATA, VoIP-GSM gateways, PC2 Phone dialers such as XLite or Eyebeam and all other SIP UA)
  • Automatic transport protocol and NAT detection (with our without ICE, TURN and STUN)
  • Maximize endpoint to provider security
  • Codecs: G.729, G.723, G.711, speex, opus  (narrow-band and wide-band) and many other
  • B2B routing, Transcoding B2BUA
  • SBC (Session Border Controller)
  • DTMF transcoding
  • Custom Routing Rules
  • IP masquerading and port forwarding 
  • Multi-Carrier Support
  • Load Balancing on available devices
  • Automatic call rerouting and failowering
  • Blacklist/White list filtering
  • Basic encryption (SIPS) can be used also directly with legacy SIP servers (TLS/SRTP)
  • DOS attack protection
  • Direct Inward Dialing (DID)
  • Centralized configuration and management
  • Client side load balancing (the most effective and robust load-balancing mechanism)
  • Server side load balancing and failowering
  • And more ...


  • Robust and effective architecture for VoIP routing, encryption and tunneling
  • Transparent, quick to install and easy to manage: Will not disrupt network or application performance, no network or firewall modifications is required, no need for router upgrades or infrastructure change
  • Excellent voice quality with low latency. Optimized for performance and minimized packet delays, with maximum call completion rate and maximum voice service duration. Does not add jitter or delay to your VoIP communication.
  • Proven solution: used by well-known telecom companies with success suppressing any VPN, VoIP Tunnel (VPS) or Voice guard solution. Works with any ITSP and service provider
  • Works with your existing VoIP servers. The tunneling server is using the standard SIP and RTP protocols (all major RFC's and drafts) and has proven compatibility with all existing devices on the market
  • Bypasses firewall restrictions on all mobile 3G/4G/5G networks (including ISP VoIP blockages and bandwidth throttling)
  • Full integration with any VoIP server (Voipswitch, PortaBilling, Asterisx, Trixbox, Cisco, etc)
  • Credit and balance display on the clients + direct links to your website (new user registration, tariff listing, etc)
  • Fast startup: start using encrypted VoIP in a few hours after contacting us. No changes are needed in your existing infrastructure.
  • Communication in all scenarios, i.e. for making and receiving calls from blocked areas e.g. Iran, Dubai in UAE or Oman
  • Reliability: Mizutech tunneling servers are used on enterprise environments where high up-time is a must
  • No quality loss: by using UDP transport level encryption, all the negative impacts of traditional VPN solutions are bypassed
  • Secured communications between clients with maximum call completion rate and maximum voice service duration
  • Very difficult ISP detection, Strict call path protection and security up to termination
  • Both the signaling and the media is encrypted (and can be tunneled in a single or separate streams)
  • High throughput: up to 6000 simultaneous call using one server instance
  • No network overhead. Excellent voice quality without any latency and performance compromise. Unlike other TCP based VoIP tunneling solutions, our server can encrypt UDP packets transparently
  • High speed encryption/decryption: fast proprietary encryption or standard based (tls, srtp)
  • Multiple proprietary encryptions: RSA key exchange, fast encryption with symmetric keys or using blowfish cipher + packet compression
  • The tunneling server can offload a huge traffic from your server(s) by handling all the communications between the clients (voice, video, presence, chat, etc) and forwarding only billed traffic to your server
  • Easy-to-use, easy to integrate and cost-effective with zero configuration and maintenance. No network or firewall modification is required. All authentication requests and billed calls (e.g. calls to PSTN) can be forwarded to your server like they were before.
  • Load balancing and failovering:  the Mizu tunnel can send the traffic to multiple server using different routing algorithms
  • VoIP over HTTP: perfect solution to bypass firewalls in corporate networks (both signaling and media tunneled as a HTTP stream)
  • Automatic failovering from the fast UDP protocol to a bit slower HTTP tunneling which is almost impossible to be blocked (this is especially useful from behind corporate firewalls where all UDP communication can be blocked)
  • No need for any hardware: The Mizu VoIP tunneling are based on software solution and runs on traditional legacy hardware (x86 or x64 pc's and servers). The throughput and robustness is comparable with costly hardware solutions. Windows server is required.
  • Perfect NAT solution: Among the voip encryption, the Mizu VoIP tunneling comes with another advantage: it can bypass any NAT thus solving all the well-known NAT issues in traditional VoIP. And all this is done without any network bandwidth utilization overhead
  • You will improve your VoIP offer not only with tunneling but also with the new Mizutech VoIP clients (softphone, webphone, mizudroid and iOS client)
  • Custom features if needed

VoIP Tunnel


Advantage over VoIP VPN, SSH and IPSec

Traditional tunneling layers doesn't know anything about the tunneled protocol, thus you will completely loose the control over it (no VoIP QoS, no port management, best codec selection). Protocol overhead caused by the encapsulation of VoIP protocol within IPsec dramatically increases the bandwidth requirements for VoIP calls, thus making the VoIP over VPN protocols too fat to be used over for the most majority of enduser internet connections. Another disadvantage of traditional VoIP VPN is the increased server overhead (processing time, network utilization). There are several companies on the market offering "VoIP VPN" by just providing an usual open source (sometimes customized) VPN client and using a standard VPN server, but the service quality is usually disappointing for VoIP and easily blocked by firewalls.

Advantages over standard protocols (TLS/SRTP/ZRTP)

SSL, TLS, SRTP and ZRTP can be easily filtered by firewall and are unusable in voip blocked countries.
These protocol also known to have many intercompatibility issues. While the Mizu solution might use also standard encryption protocols, the network headers don't match with the standard implementations to avoid firewall packet header inspections. The packets are decrypted on the server side and forwarded as clean SIP/RTP to your existing servers thus avoiding all incompatibility issues. Note that the mizutech solution might also include a standard encryption (TLS/SRTP) if set tom but this is used only for encryption (an external obfuscation layer can be applied).

Advantages over SSL based solutions

SSL network and CPU overhead is huge and can be easily blocked by just watching for the standard SSL handshakes.

Advantages over Tor

Even if used with obfuscation, VoIP patter can be easily discovered in Tor traffic and blocked by the ISP. Tor is also well known about low quality links (while they are good in protecting user identity and data with encryption and anonymous routing, the bandwidth and Qos is not adequate for VoIP traffic).

Advantages over hardware based solutions

Hardware costs are much higher while the performance is the same or even less. Their software/firmware can be more difficult to adopt to challenge with the new blocking technologies.

Advantages over other proprietary protocols

Unlike proprietary solutions, the Mizu tunnel has no network overhead, no special hardware requirement and doesn't require any modification in your existing infrastructure.

Try before buying

On your order a trial access is automatically generated for you (No need for any payments. You will have to pay only later if you wish to go ahead in production).
On request we can also install the service on your own server. In this case the followings will be needed:

  • Remote desktop access to your (test) server running Windows OS (Windows server 2003 or 2008 is recommended. Web or Standard edition -both 32 and 64 bit versions are supported. This can be the same server where your softswitch is running. Optionally the server can be hosted by Mizutech
  • The address of your existing softswitch. If you don't already have a softswitch, then our softswitch will be used
  • A test SIP account valid on your existing softswitch
  • Client software branding details (your company name, your web url, brand name, logo, icon, other customizations on your needs)