Comparative Analysis of VPN Protocols at Layer 2 Focusing on Voice Over Internet Protocol

Voice over Internet Protocols (VoIP) is an IP-based communication technology or commonly known as Internet Protocols (IP). In which, IP is currently widely used for mobile communication activities. However, the main concern in the application of VoIP technology is the system ability to maintain information confidentiality while guaranteeing protection to its primary users. For this reason, it requires to do the addition of Virtual Private Network (VPN) features. Conceptually, it aims to create connection lines in secret by utilizing the internal network structure (intranet) and to be accessed remotely using tunneling protocols in its security system. The purpose of this research is to compare the Quality of Service (QoS) on several tunneling protocols. Moreover, it is conducted to also analyze several security system mechanisms including Delay, Jitter, Throughput and Packet Loss. This analyzation is used for determining the best quality of some of the piloted tunneling security protocols. Furthermore, this work compares several methods of VoIP voice-call-testing in term of Generic Routing Encapsulation with IPSecurity (GRE+IPSec), Internet Protocol in Internet Protocol based Session Initiation Protocol (IPIP+SIP-based), Secure Socket Layer (SSL), and Layer 2 Tunneling Protocol IPSecurity (L2TP+IPSec). Accordingly, the comparative results show the better performance compared to the existing work, which is proven by the ability of the proposed method to provide the VoIP based on ITU-T.G.1010.


I. INTRODUCTION
The internet's need for the application of communication technologies (voice, video, and data) is bringing about a very vital change in modern times today [1], [2], [3]. This brings changes to the gadget industry to develop technologies that can facilitate current communication needs, one of which is using VoIP (Voice over Internet Protocol) [4], [5], [6]. VoIP is a technology that enables long-distance voice conversation over the internet. According to some VoIP research, there are new ways of communicating that enable users to initiate phone calls over IP networks [7], [8], [9]. The advantage of voip compared to PSTN (Public Switched Telephone Network) is the ability to send voice packets over packetswitched networks so that data-voice packets can use the best of performance investigations using IAX (Inter-Asterisk Exchange Protocol) and SIP (Session Initiation Protocol) by measuring QoS levels, then analysis of VoIP performance without VPN with VoIP that implements PPTP (Point-to-Point Tunneling Protocol) VPN. The test results showed that PPTP-VPN cannot be intercepted because the conversation data packet is encrypted by PPTP-VPN so that the codec for the deposit file cannot be read. This means that communication using the SIP protocol and PPTP-VPN is secure and has no loopholes for eavesdropping by irresponsible parties. As VPNs are not just PPTP, this research explores other VoIP-VPN techniques to be used as decision support for the best VoIP-VPN in the design of a built VoIP system.
According to [19] explaining voip research problems regarding QoS VoIP analysis based on measurements of major factors affecting QoS according to ITU (International Telecommunication Union) standards, including delay, jitter and packet loss. In this study, a comparison was conducted between several security mechanisms such as Packet Filter Firewall and Virtual Private Network (VPN).
According to [20] describes the problem of VoIP research regarding exploration and investigation of the rate and magnitude of decreased QoS VoIP traffic running through heterogeneous networks using the OPNET Tool Modeler simulation method.
According to [21] explaining his research problem about simulating IPSec-based VPN tunnel systems can be connected using EVE-NG simulator. The simulation results were calculated and analyzed by QoS on OSPF, RIPv2 and EIGRP routing. The simulation was conducted at EVE-NG by likening a company that has 1 headquarters and 2 branch offices with servers located in the data center. The simulation was conducted on a VoIP service with an asterisk server.
According to [22] describes his research issues regarding the use of the TRIXBOX CE System that allows users to implement VoIP services. One internet protocol (IP) based application is the 3CX Phone System for voice signal [23], [24], [25], video and PSTN (Public Switch Telephone Network). 3CX Phone System [26], [27] facilitates configuration and maintenance over the Web or GUI (Graphical User Interface), making it easier to use.
According to [28] explaining his research problem regarding QoS Tunneling Protocol PPTP and L2TP Performance Comparison on VPN networks using Mikrotik. Because tunneling methods vary, this study compares several methods including GRE+IPSec, IPIP-SIP based, L2TP+IPSec and SSL.
The decrease in QoS (Quality of Service) caused by the use of several complex encryption algorithms is an impact when upgrading the network security system mentioned above [10], [11], [12], [13], [14], [15]. Balance must be agreed between the security system and QoS as long as the security system solution is implemented by minimizing delays, jitters and packet losses to ensure that QoS has been successfully maintained. Thus, the recommendation of voip communication security system in this research is VPN (Virtual Private Network). A VPN is a method that uses tunneling to create a private network on a public network where network security is equivalent to the security provided by a leased line. VPNs have two types of classifications based on network topology: Remote Access VPN and Site-to-site VPN [16], [19], [20], [29]. VoIP communication security system using a VPN [26], [30], [31] such as Generic Routing Encapsulation IPSecurity (GRE+IPSec) [10], [21] Internet Protocol in Internet Protocol Session Initiation Protocol based (IPIP-SIP based) [23], [24], [25], Layer 2 Tunneling Protoocol IP security (L2TP+IPSec) and Secure Socket Layer (SSL) [28], [32], [33].

A. MOTIVATION
The purpose of this research is to analyze VoIP performance with QoS parameters, security in the network by tunneling and using several protocols to produce VoIP quality analysis data, as well as obtaining results from the influence of several security system mechanisms on QoS VoIP and analyzing based on measurement of key factors that affect including: delay, jitter, throughput and packet loss. The hypothesis in this research is to find the best QoS VoIP and ensure that packet delivery is not delayed or lost during transmission over the network.

B. CONTRIBUTION
Contribution to this research is expected to be one of the alternatives to the technical solution of VoIP-based telephony system connection with VPN in accordance with the recommendations of international Telecommunication Union Telecommunication Standardization Sector (ITU-T) and TIPHON standards to support government policies in running work form home and remote working without harming employee productivity and capabilities by utilizing available technologies and systems.
It is expected that this research is theoretically useful for development and knowledge, and the results can enrich the science in particular related to voice telephony connections with the mechanisms of VPN security systems.

II. VOIP AND PROTOCOLS
VoIP is a technology that enables conversations of voice, video and data remotely over internet media or LANs over an IP network. Voice data is converted into digital code and streamed over a network that sends data packets, rather than through the analog circuitry of a regular phone [7], [8], [9]. Multimedia sessions are exchanges between users that can include voice, video, or text. SIP provides communication services for users, for example with RTP (Real Time Transport Protocol) used for real-time data transfer, with SDP (Session Description Protocol) used to describe multimedia sessions, with MEGACO (Media Gateway Control Protocol) used for communication with PSTN (Public Switch Telephone Network).
A VPN is a communication technology that allows users to have the right and settings of connectivity to a public network and use it to join a local network and/or vice versa. A VPN network is built on a tunnel that serves as the path responsible for the security of the data running on it; the VPN tunnel that correlates with this research is L2TP [10], [34]. L2TP is a development of PPTP plus L2F. Network security protocol and encryption are used for the same authentication as PPTP, but in its data communication LTP uses UDP. UDP is one of the main protocols above IP and is a simpler transport protocol compared to TCP.
Internet Protocol Security (IPsec) is a network layer security control widely used to protect data communications [30]. IPSec is a set of specifications to secure communications over the Internet. Its main function is to secure IP communication by verifying each session with individual encryption through both transportation mode and canalization mode. Their primary function is to secure IP communications, encrypting each session in both transport and canalization modes. Transport mode means the message in the data packet is encrypted, while canalization is the data packet as a whole which is encrypted. IPsec supports two types of security communication: [10], [21], [30].

1) AUTHENTICATION HEADER PROTOCOL (AHP)
It provides data authentication and integrity, as well as user authentication and protection against multiple attacks (typically man-in-the-middle attacks). This protocol gives the recipient confidence in the identity of the sender and that the data has been unaltered in transit. The AH protocol provides no encryption against the data being transferred. AH information in the header of the delivered IP packet.

2) ENCAPSULATION SECURITY PAYLOAD (ESP)
This protocol encapsulates and encrypts user data for confidentiality. ESP can provide authentication and protection against multiple attacks. Like AH, ESP information is included in the header of the transmitted IP packet. IPIP works by encapsulating packets from one IP to another, forming a network tunnel. IPIP can be used on almost all routers that support IPIP. However, IPIP cannot be bridged locally. It must use different IP address segments [23], [24], [25].
Tunneling is an alternative for us to connect two or more sites that may be very distant from each other. Tunneling is simple and inexpensive compared to building physical media between sites [10], [21], [30].

III. PROPOSED METHOD A. SYSTEM DEVELOPMENT METHODS
The steps taken in this research adopt / perform the PPDIOO (Prepare, Plan, Design, Implement, Operate, Optimize) method and become PDEA (Prepare, Design, Experiment and Analyze) steps method as shown in figure 1 [35], [36], [37]. This method was chosen because it contains the right elements to implement. The selection of PDEA method is because the PDEA method has more advantages over the cycle of the method. In the PDEA method the method cycle will not stop until the work is completed, so there is continuous optimization until the work done can meet existing needs. This condition is very suitable for the development of VoIP, because VoIP must be reviewed and optimized continuously for a long period of time.
Security when conducting voice communication is very important because it concerns the privacy of its users on the VoIP architecture. VoIP servers using VPNs are a solution to close security gaps in data and voice. A VPN is a computer network that connects between nodes utilizing the public internet network at each site. When implementing a VPN, the interconnection between nodes will have a dedicated virtual path on top of an independent public network. This method is usually used to make communication secure, VPN is one alternative to send data and voice, which is private or secure. Figure 1 shows that each stage of the PDEA method has an interrelated explanation with the next stage. The ''prepare'' stage starts from identifying problems, and planning the research that will be achieved from this research. In addition, it also prepares supporting devices including servers that serve as database centers, then router devices that create data transmission routes securely, and switches as distributions and connecting several devices either wired or wireless.
The data in this research were obtained from the performance of 1 VoIP server, 3 Routers, 3 Switch and hosts as shown at figure 2.
In the ''design'' step, the target to be achieved is the success of connecting / building communication in 3 different locations (Tangerang, Jakarta, Bandung). The reason is that this research location requires a network connection that is cheap, fast, secure and can communicate with clients in branch offices.
In the ''experiment'' step, the thing to do is to design a network architecture diagram, install forticlient VPN and install wireshark software to measure QoS parameters including delay, jitter, packet loss, and throughput to the protocol to be tested and compared to the best protocol between GRE+IPSec, IPIP-SIP based, L2TP+IPSec and Secure Socket Layer (SSL). Finally, implementation of hardware and software configurations.
In the ''analyze'' phase is the last stage in the PDEA method, the thing to do is to monitor, retrieve data and perform system analysis. The results are then analyzed and adjusted the best installation system to the protocol to be tested and evaluated.

1) GRE+IPSEC CONFIGURATION
After the server computer settings are successfully installed until the remote address parameters have been addressed to each client location, then add the Keepalive function that aims when the link from the tunnel down, the router will keep the tunnel interface running. IP address tunnel Rtr_Tgr (Router Tangerang) Figure 5 shows the appearance of configuration settings in the L2TP+IPSec tunnel. The ''Destination Address Gateway'' parameter must be filled in and equipped with entering the Existing Public IP on each router. Figure 6 shows the appearance of configuration settings on the SSL tunnel. The parameters ''Remote Gateway and Customize Port'' must be filled and equipped.

B. QUALITY OF SERVICE PARAMETER
QoS is the ability to provide better network traffic services by providing throughput, packet loss, jitter and controlled delays. This research refers to the standardization of ITU-T. G.1010 regarding the value limit that has been determined in order to ensure QoS can be accepted or felt by both users. Some of the disruptions that occur in network wire and wireless can occur and are difficult to avoid. These disruptions can decrease the performance of a network. Here are some parameters used to determine the performance of a network and the value limit of the ITU-T standard. G.1010 [38], [39], [40].

1) DELAY
Delay is the time data takes to travel from source to destination. Delay can be affected by distance, physical congestion, or processing time. Delay category calculation using Eq. 1.

4) THROUGHPUT
Throughput is the total number of successful packet arrivals observed at the destination during a given time interval,  parameter affecting QoS performance on a VoIP network can be analysed against ITU-T.

A. TUNNEL+IPSEC
QoS GRE Tunnel+IPSec data experiments were performed on all tunnels used and data is known from Wireshark in each client. Table 5 presents the average test results. Data collection has been carried out with respect to the results shown in Table 5. The packet loss results show 0 (zero) which is categorized as ''Very Good'' indicating that no packets are lost during transmission. This shows a positive characteristic towards the reliability of the voice communication (VoIP) designed is very good when working on the GRE IPsec protocol.
The delay results produced an average of 10.1018ms during the 5 (five) days of monitoring, categorized as ''Very Good'' based on the ITU-T.G.1010 standard. This implies that the delay experienced by the transmitted packets is low. This becomes very important for real-time services designed today. Therefore, it is beneficial and ensures that the communication that has been designed is efficient and responsive.
The jitter results show an average of 10.333ms during the 5 (five) day monitoring, this is categorized as ''Good'' based on the ITU.T.G.1010 standard. That is, it indicates that the variation in delay between packets is minimal. A ''good'' level of jitter implies a stable and predictable delay, which is desirable for maintaining the quality of time-sensitive applications.
The throughput results show an average of 139.8Kbps during the 5 (five) days monitoring, this is categorised as ''Bad'' based on the ITU.T.G.1010 standard. This indicates that the data transfer rate is to focus on voice communication (VoIP).
Analysis of the GRE IPsec protocol shows success based on the merging of two technologies, namely GRE and IP security (IPsec). This combination provides secure and private communication over IP-VPN networks. Analysis of GRE IPsec shows positive aspects such as ''zero'' packet loss, ''Low'' delay, and ''Good'' jitter, but ''Bad'' throughput due to limitations in design and infrastructure in the design still supports VoIP communication.

B. IPIP-SIP BASED
QoS IPIP-SIP based VPN data experiments were performed on all tunnels used and data is known from Wireshark in each client. Table 6 presents the average test results.
The IPIP-SIP protocol is a combination of IPIP and SIP protocols used to tunnel IP packets and manage communication sessions. Compared to GRE IPsec, IPIP-SIP shows promising characteristics with zero packet loss, excellent delay, and good jitter. However, the identified issues with throughput indicate limitations in design and infrastructure.
The packet loss results show 0 (zero) which is categorized as ''Very Good'' indicating that this protocol design has been reliable in ensuring data transmission with no loss of  information data packets. This is a positive analysis, as the design has ensured the integrity of the transmitted data.
Analysis of packet loss indicates that the design of this protocol ensures reliable data delivery without loss. This is a positive aspect, as it guarantees the integrity of the transmitted data.
The resulting delay averaged 9.734ms during 5 (five) days of monitoring, this is categorized as ''Very Good'' based on the ITU.T.G.1010 standard. This shows that the protocol design has been successfully optimized with low delay results.
The resulting jitter averaged 9.78776ms during 5 (five) days of monitoring, this is categorized as ''Good'' based on the ITU.T.G.1010 standard. This shows that the protocol design has successfully minimized the delay variation between packets. This delay stability is beneficial for maintaining consistent and smooth transmission, especially for real-time applications.
The resulting throughput averaged 146.17Kbps during the 5 (five) days of monitoring, which is categorized as ''Bad'' based on the ITU.T.G.1010 standard. This indicates that the network infrastructure cannot efficiently handle large-scale data transfer rates because this research focuses on voice communication (VoIP). Authorized licensed use limited to the terms of the applicable license agreement with IEEE. Restrictions apply. The steps that have been taken to optimize and succeed better than GRE IPsec analysis is to evaluate the network infrastructure has been done mitigation process and reconfiguration using IPIP-SIP based protocol and it can be seen that on day-3 there is a very significant improvement that has been done between VoIP communication from site TGR to JKT, JKT to BDG, TGR to JKT to BDG.
The application of QoS mechanisms to prioritize IPIP-SIP traffic by ensuring that it receives sufficient bandwidth and higher priority than other traffic. Compared to GRE IPsec, IPIP-SIP shows better performance in terms of packet loss, delay, and jitter. By assessing and optimizing the infrastructure, implementing QoS mechanisms, optimizing protocols, and using load-balancing techniques, the throughput of IPIP-SIP can be improved, leading to an overall improvement in performance.

C. L2TP IPSEC
QoS L2TP IPSec data experiments were performed on all tunnels used and data is known from Wireshark in each client. Table 7 presents the average test results.
L2TP IPsec refers to a combination of two protocols: Layer 2 Tunneling Protocol (L2TP) which functions as a tunneling and data encapsulation process, and IP Security (IPsec) which functions to provide security and encryption  process on the transmitted data that has been working within the VPN network.
Data collection has been carried out with respect to the results shown in Table 7. The packet loss results show 0 (zero) which is categorized as ''Very Good'' indicating that all transmitted packets have perfectly reached their destination without any information being lost. This shows a positive characteristic towards the reliability of the voice communication (VoIP) design is very good when working on the L2TP IPsec protocol.
The resulting delay averaged 9.76ms during 5 (five) days of monitoring, this is categorized as ''Very Good'' based on the ITU.T.G.1010 standard. This shows that the transmitted delay is low, meaning that in real-time the results of this design have been carried out and have successfully worked in the L2TP IPsec network.
The resulting jitter averaged 9.73ms during the 5 (five) days of monitoring, which is categorized as ''Good'' based on the ITU.T.G.1010 standard. This implies that the delay variation between packets is minimal. This is very important in maintaining consistent and smooth transmission in VoIP voice communication networks.
The resulting throughput averaged 146.17Kbps during the 5 (five) days of monitoring, this is categorized as ''Bad'' based on the ITU.T.G.1010 standard. This shows that the speed of data transfer on the network is due to the communication that is carried out being limited to cross-voice communication so this shows that this design is not effective in sending data on a large scale because the tests carried out are in the voice communication channel.
So the analysis of L2TP IPsec shows a positive analysis of packet loss, delay, and jitter. However, the throughput results show limitations on bandwidth, the implementation of QoS mechanisms is optimal and can help improve the overall performance of L2TP IPsec and increase throughput better than the conditions in testing on GRE IPsec and IPIP-SIP based as evidenced on day-2.

D. SSL
QoS SSL VPN data experiments were performed on all tunnels used and data is known from Wireshark in each client.  Threats: 1. Network Infrastructure Limitations: SSL performance can be affected by network infrastructure limitations, bandwidth limitations, network congestion, or nonoptimal routing. 2. Increased Computational Overhead: SSL involves additional computational overhead due to encryption and decryption operations. Compared to GRE IPSec, IPIP-SIP, and L2TP IPSec, SSL showed better performance in terms of packet loss, delay, and jitter. Network infrastructure evaluation based on the results of identifying and overcoming bottlenecks or limitations that affect throughput in other protocol schemes has been improved so that it shows optimal results. Then, network equipment (routers and switches) has been successful to increase capacity and performance. To optimise network configuration, including routing protocols and QoS settings. Table 9 shows the average results of QoS parameter testing that has been conducted for 5 days in the working time span (08.00 AM -04.00 PM), obtained the smallest average delay in VoIP call testing using the VPN SSL method of 9.574ms, compared to the IPIP SIP based VPN method of 9.734ms, compared to the IPsec L2TP VPN method of 9.864ms, compared to the GRE +IPsec Tunnel method of 10.108ms. The system and method used have been successful and work optimally, so it can be analyzed that Delay is cumulatively very good (< 150 ms) refers to the QoS ITU-T standardization table (Table 1). Delay can be caused by several factors that affect it and including distance, physical media, or also a long process time.

E. ANALYSIS DATA
In Jitter testing, the average jitter result that has been done for 5 days in the working time span (08.00 AM -04.00 PM), it can be analyzed that the smallest jitter uses ssl VPN method of 9.671ms. The cause of Jitter occurrence is due to failures that occur on the receiving side. Although each of these VPN methods is equally a good category (0 up to 75 ms) refers to the QoS ITU-T standardization table (Table 2).
In Packet Loss testing, the final results showed that each of these VPN methods was equally a very good category (0%) referring to the QoS ITU-T (Table 3) standardization table. In Throughput testing, the best results when communicating VoIP using the VPN SSL method of 154.61 Kbps compared to VoIP communication using the other three VPN tunneling methods. Although the results have a difference that is not too large, but with a large throughput value can be analyzed that the quality of VoIP communication running on networks that utilize the VPN SSL method is better because the number of packets received is greater than using other VPN tunneling methods. The final results show that each of these VPN methods is equally a bad category (0 up to 338 Kbps) referring to the QoS ITU-T.G.1010 (Table 4) standardization table. Some Throughput factors in bad category research due to several factors that affect it and including distance factors, the type of data transferred is voice data, and weather conditions that cannot be predicted during research.
Based on the final results of the analysis in table 9 shows that the SSL protocol has successfully outperformed the other protocols this is because SSL shows strength in security, no packet loss, excellent delay, and good jitter overall can be significantly improved as follows: 1) Applying data compression techniques to reduce the amount of data transmitted over the network, thereby increasing throughput. 2) Utilising caching mechanisms to store frequently accessed data, thereby reducing the need for retransmissions and improving overall performance. 3) Implementing load-balancing techniques to distribute SSL traffic across multiple servers. 4) Utilising a CDN to offload SSL processing and caching to geographically distributed servers, thereby reducing the load on the main infrastructure and improving performance.

V. CONCLUSION
The results of the experiment that has been analyzed in a system and PDEA method that has been implemented against several VoIP VPN tunneling mechanisms, then in this research concluded that the four voIP tunneling methods can work optimally and run according to the scenario. The best VoIP call quality results are SSL VPN methods that have a delay of 9,574 ms, jitter of 9,671, throughput of 154.61 Kbps and packet loss of 0%. Another method is due to the addition of IPSec, causing the performance of the server CPU is harder caused by the encryption process for security.