Known Bugs and Other Issues with Zfone
Zfone is a new secure VoIP phone software package which lets you make secure encrypted phone calls over the Internet. To learn about the right way to install and test Zfone, visit the Getting Started with Zfone page.
To report bugs with Zfone software, visit our bug reporting page.
A word about how Zfone uses this protocol
The ZRTP protocol used by Zfone will soon be integrated into many standalone secure VoIP clients, and that is the most effective way to use the protocol. But the Zfone application is not itself a VoIP client, and uses the ZRTP protocol differently. Zfone lets you turn your existing VoIP client into a secure phone, by passing the VoIP packets through a separate encryption filter outside of the VoIP client. The Zfone software runs in the Internet protocol stack on any Windows XP, Mac OS X, or Linux PC, and intercepts and filters all the VoIP packets as they go in and out of the machine, and secures the call on the fly. You can use a variety of different software VoIP clients to make a VoIP call. The Zfone software detects when the call starts, and initiates a cryptographic key agreement between the two parties, and then proceeds to encrypt and decrypt the voice packets. It has its own little separate GUI, telling the user if the call is secure. It's as if Zfone were a "bump on the wire", sitting between the VoIP client and the Internet. Think of it as a bump in the protocol stack. We're explaining this packet fitering aspect of Zfone here because some bugs may be related to it.
Known Bugs or "Issues"
Most of the trouble we have with this implementation of Zfone stems from the complexity of detecting the VoIP client's SIP and RTP packets on the fly, figuring out what UDP port numbers they use, and triggering ZRTP protocol whenever these packets are detected. That whole class of problems would disappear if the ZRTP protocol were integrated inside a VoIP client. The packet detection problems only arise because we implement the ZRTP protocol in this particular product outside the VoIP client as a "bump in the cord".
Here are the known issues in this version of Zfone:
-
Some VoIP clients attempt to traverse NAT routers by sending RTP voice and video packets through TCP instead of UDP. This protocol tunneling violates the IETF standards for VoIP, which require that RTP media packets be sent over UDP. Zfone assumes that RTP will be found only in UDP packets, and thus will not detect RTP sent through TCP. In that case, Zfone's GUI displays the "Idle" status during a call, and does not engage the ZRTP protocol. Sometimes the packets are going through a media relay which converts them to UDP for the other party, whose Zfone client can therefore see the media stream, but searches in vain for the idled ZRTP peer and displays the "NOT Secure / No ZRTP Peer" status.
If this happens, here are a couple of workarounds: 1) The best solution is to move one of the parties' computers (in particular, the one that displays IDLE) off their local network to an external IP address, thereby simplifying the NAT traversal problem. Even better, move both computers to external IP addresses. 2) Or it might help to switch one of the parties (especially the IDLE one) to a different VoIP client. Often the VoIP client software decides to straighten up and follow the standards when talking to a VoIP client from another vendor.
Any form of protocol tunneling will subvert Zfone's RTP detection mechanism. In fact, most protocol tunneling is done to defeat various packet filtering mechanisms, such as firewalls. This does not indicate a problem with the ZRTP protocol. It's related to trying to run the ZRTP protocol as a packet filter in the IP stack, as Zfone does. It's a problem that would go away completely if the ZRTP protocol were integrated inside a VoIP client, for example by using our Zfone SDK. We are working on improvements in Zfone's SIP/RTP detection logic.
-
Max OS X users may find that Zfone interferes with their ability to turn their OS X built-in firewall on or off. To see an example of this, go into the System Preferences and run the Sharing Preferences, and click on the Firewall settings. OS X won't let you modify your firewall settings as long as Zfone is running, because OS X thinks Zfone is another firewall product. If you need to do anything to your firewall settings, you should be able to do it by using the Zfone menus to turn off the Zfone packet filter. Then you are free to modify your firewall settings. After that, you can tell Zfone to start packet filtering again.
-
Gizmo has added video capabilities to their VoIP client, and Zfone does not yet support video calls on Gizmo. We are working on the problem. In the meantime, just stick to audio calls if you want to use Gizmo.