



Asterisk and Linux to Build Secure VoIP Connection 140
Beave writes "Using Linux and the
Asterisk PBX, it is possible to build a secure, cost effective VoIP (and traditional PSTN) PBX solutions.
This article shows you how to take advantage of various hardware, software and tricks to accomplish this goal within a limited budget."
What will the Romans do? (Score:5, Funny)
s/Romans/phone comanies/
Re:What will the Romans do? (Score:2)
Shows you how? (Score:5, Insightful)
Obviously what is going to be the real killer app is VoIP in a wireless setup. Instead of having a wall jack for your desk phone, it just hooks into the wireless mesh seamlessly.
I'm sure this has already been done. I'd love to see an article about it.
Re:Shows you how? (Score:5, Informative)
In the future I'm sure they'll become available.
I use my asterisk server to record incoming/outgoing numbers (the local telco wants paying for this service, although I have to pay them anyway for the callerid so I'm not sure I'm saving much), and to route calls over the cheapest provider (always analogue, as VOIP providers in this country are still 2-3 times more expensive than analogue ones) - which has saved me a fortune.
Re:Shows you how? (Score:5, Interesting)
You'll still get it even if you don't pay for it because it's a PITA to truly turn it off in the switch and the telcos never bother.
Call 'em up, ask 'em what the caller-id charge is for, when they explain tell 'em you don't need it and please take it off and voila' - you'll still have it without having to pay...
Re:Shows you how? (Score:1, Interesting)
Re:Shows you how? (Score:2, Informative)
Now, I say "easy" as the term is certainly relative when working with telco switches. I won't bore people with stories; suffice to say the CLI is very cryptic and the menu interface (from which all real work is done) is a bit complicated to the uninitiated.
Re:Shows you how? (Score:2)
Re:Shows you how? (Score:2)
Yep, and customers get pissy when somebody screws up.
Re:Shows you how? (Score:1)
Net2Phone XJ100 802.11g Phone [net2phone.com]
802.11g but doesn't say anything about WPA. Might be proprietary and only work with their VoiceLine service though. I don't know.
Re:Shows you how? (Score:1)
http://www.zyxel.com/product/P2000W.html [zyxel.com]
It allows users to make or receive phone calls as long as they are in the coverage of IEEE 802.11b or 11g wireless Access Points.
- 64/128 bit WEP encryption
Re:Shows you how? (Score:3, Informative)
So you get a PDA and a WiFi conectivity and there you go.
Probably not the best or most ideal solution, but it is something that does exist.
Re:Shows you how? (Score:2)
Security wasn't part of Asterisk - it was OpenVPN (Score:5, Informative)
That's really too bad - encrypting VOIP causes extemely annoying overhead problems, because the voice data packets are really small (they're not very big before compressing them, and then they're even smaller), so the minimum overhead for just doing the RTP+UDP+IP headers is several times the size of the voice traffic they carry, and IPSEC adds another two layers of headers, or SSL adds about three, and pretty soon that cute little elegant 8kbps compressed voice stream is looking like 40-80kbps and won't fit on your modem. SIP can use the SRTP protocol as a modification of RTP, so to the extent that anybody implements it, it's basically doing then encryption along with a layer you needed anyway, so it doesn't add much overhead. IAX doesn't appear to have this (which is especially frustrating because the IAX2 trunking protocol makes multiple simultaneous connections much more efficient, though I suppose if you've already done that, the extra overhead of IPSEC or OpenVPN may not bother you as much.)
Re:Security wasn't part of Asterisk - it was OpenV (Score:4, Informative)
OpenVPN isn't IPsec, and while it uses the OpenSSL library for all the crypto "heavy lifting", it has its own over-the-wire protocol and is much more efficient than the traditional SSL way of doing things.
I use OpenVPN at work, and while I haven't done specific measurements, we've generally found it to be very efficient (not to mention easy-to-use and hassle-free compared to its IPsec-based competitors). Because in UDP mode it doesn't try to guarantee reliability, it also doesn't break protocols (like those used for VoIP data) that expect late packets to just be dropped.
So, in short, I'm not at all convinced that the use of OpenVPN is at all unfortunate or problematic here.
Re:Security wasn't part of Asterisk - it was OpenV (Score:3, Informative)
Re:Security wasn't part of Asterisk - it was OpenV (Score:3, Interesting)
Not Ethernet headers if they're running OpenVPN in tun mode, which is the intelligent configuration here (tap mode, the bridging configuration where Ethernet headers are used, is mostly used just by folks who want to do Windows networking over the tunnel without a WINS server). OpenVPN also uses LZO compression, which should help with any non-payload data. (
IAX2's trunking support should help. (Score:2)
IAX2's trunking support should help, then, by reducing the VPN-related overhead in much the same way as it reduces IP overhead.
Re:Security wasn't part of Asterisk - it was OpenV (Score:1, Informative)
Not necesarily.
The IP header is 20bytes, UDP is not used ontop of RTP as you suggest, RTP is a slight adaption of UDP which has a header size of around 20bytes again iirc (plain udp is 8 bytes) although that can be compressed. IIRC on average a VoIP packet is around 28bytes although that'd depend on the codec in use. That wouldn't push an 8kb/s stream up to 80kb/s, maybe 25 or 30 if you inc
A few differences in how I would have implimented (Score:2)
1) IPSec is probably better than OpenVPN for something like this. It will be lighter-weight because you don't have UDP headers. There are also very mature open source implimentations, and they will integrate with many third parties.
2) Any IP addresses on the WAN interfaces could be used for IPSec tunnels.
Otherwise it is a great tutorial.
Re:Shows you how? (Score:1)
This is cool... (Score:5, Interesting)
--
Watch this page for Black Friday Information! [dealsites.net]
Useful Asterisk Resources (Score:5, Informative)
The Asterisk Wiki [voip-info.org]
Note: the wiki search is useless. Search with google instead, use "searchterm site:voip-info.org" (without quotes).
The Asterisk Documentation Project [asteriskdocs.org]
The Asterisk Mailing Lists [digium.com]
Note: to search the lists use google again. "searchterm site:lists.digium.com" (without quotes)" in google.
the #asterisk chat room on irc.freenode.org. Drop by and say hello.
/msg nickserv register mypassword
/join #asterisk
/msg nickserv identify mypassword
Note that due to problems with massive spambot attacks regisitration is required to join the channel. Simply type
The next time you join you will need to type
Re:Useful Asterisk Resources (Score:3, Informative)
-ben
Re:Useful Asterisk Resources (Score:2, Informative)
For up to date information on Asterisk you can visit the Daily Asterisk News:
http://www.sineapps.com/news.php [sineapps.com] - HTML
http://www.sineapps.com/rssfeed.php [sineapps.com] - RSS Feed
The above site contains (as you may have already guessed) daily updates on the Asterisk PABX and all related information.
Cheers,
Matt
Whoa! (Score:4, Funny)
Re:Whoa! (Score:1)
Re:Whoa! (Score:2)
That was kinda the whole point.
Re:Reminds me of a pissing match I had once (Score:2)
Our solution (Score:5, Interesting)
The solution offers a simple text messaging scheme, and conference calling facillities.
I can fully recommend this solution to any businesses looking for a cost effective VoIP.
Re:Our solution (Score:2)
we already have a computer, no sense in getting another.
Re:Our solution (Score:2, Funny)
Actually, so do we, I was trying to make a little joke, which appears to have been taken seriously.
I liked the idea of people talking wearing their "Xbox communicator" headsets whilst using the gamepad to furiously tap messages to each other.
But if some people find it interesting, maybe there is some, small, tiny merit in the idea.
Re:Our solution (Score:1)
HAHA..
HAHAHHAHAHABAHA
BWHAHAHAHHAHAH HAH A AHHAH AHH AHHAH AHAH HAHA HAH AH A
You CAN'T be serious. XBOX LIVE? for a BUSINESS VOIP SOLUTION? BWHHAHHAHAHAHAH that's the best thing I've heard all day. Thanks for the laugh.
HAHAHAHAH
Now if you are a 2 man operation that might work okay if you don't ever take customer calls. But
How do you have:
Call Queues
Music On Hold
Find Me Follow Me
Voicemail
Transfering
et al
with xbox live.
Re:Our solution (Score:1)
Re:Our solution (Score:1)
Running Asterisk on a xbox has absolutely nothing to do with using xbox live and saying it's a viable solution for small business.
Productivity? (Score:1)
Gento o ebuild (Score:1)
And if your a hardcore BSD person... check out this page about Asterisk on BSD [digium.com]
Hum... much like the senior citizens [funwavs.com]... Gentoo and BSD may serve a purpose.
A view from the industry (Score:5, Insightful)
I don't doubt many people have used asterisk as a voice solution for some companies, but not for any major companies and certainly not for any huge call centers. RTFA, a CIO would sh*t if you showed him snippets from some text file. Not to mention the questionable logic of running your voice system on a white box computer. It may be fine and dandy when e-mail is down for an hour, but five minutes without phones is a lifetime for any serious company. 5 9's is not a joke in the voice world and actually a rational expectation.
In other words, I support asterisk simply because I love open source, but don't kid yourself, right now it's just a hobby app (as seen from the enterprise)
Re:A view from the industry (Score:5, Informative)
Apparently you've never used Avaya IP Office. I YEARN for the simplicity of text files. 3 freaking different GUIs to manage it and they're interconnected but you have to change things using at least 2 of them in many places.
Re:A view from the industry (Score:3, Interesting)
Its easy to build pretty GUI's over configura
Re:A view from the industry (Score:2)
And yeah, IP Office is a joke
Re:A view from the industry (Score:2)
I have problems getting free support (forums, mailins lists, docs, etc..) for IP Office and am starting to realize that I'm locked into Avaya and their local vendor for everything. Is that the case with the larger PBXs from Avaya?
Re:A view from the industry (Score:2, Informative)
Hmmm.. You know.. you are absolutely right. Using "display dialplan" on a more mature solution is infinitely easier than using the "show dialplan" command that is found in Asterisk.
asterisk*CLI> help show dialplan
Usage: show dialplan [exten@][context]
Show dialplan
NEXT!
Re:A view from the industry (Score:3, Informative)
All that aside however, this isn't about knocking asterisk! I compared it to a Large Enterprise, and stated the obvious, that's all
Re:A view from the industry (Score:1)
A Webadmin type interface for Asterix would go a long ways toward making the product more acceptable to end users.
As for uptime, telco CO switches and PBX's,
Are you joking? (Score:1)
Because form the ones I've had to use, I can tell you, I'll get far more flexibility and power out of asterisk than most commercial PBX systems I've seen.
BTW, if it's such a "hobby" app, why is it that some extremely large VOIP providers use it? Serious businesses, too..
Re:Are you joking? (Score:2, Informative)
Re:Are you joking? (Score:1)
THe type of differences you are talking about would not even be noticed by a Cio/cfo/whatever.
a CLI (which asterisk has, by the way) is not significantly different than editing text. Further, text files often give you a clearer picture of what's going on than a simple command line.
vonage (Score:1)
Re:A view from the industry (Score:2, Interesting)
except, 'show dialplan' already works in the asterisk cli, I just typed it a couple of hours ago.
>Not to mention the questionable logic of running your voice system on a white box computer.
Netfinity's are cheap on Ebay, I just got one for $400 Cdn 4 way Xeon w/ 4 gig
Re:A view from the industry (Score:2, Informative)
Re:A view from the industry (Score:1)
Re:A view from the industry (Score:2, Interesting)
Re:A view from the industry (Score:3, Insightful)
I'm not disagreeing with you about Asterix's readiness or lack thereof, I don't really have an opinion. But I do have a lot of experience with CIOs going through the buying process, and I can tell you that they think i
Re:A view from the industry (Score:2)
You're right! about a year ago, I convinced the IT Director to implement Plone as a company intranet (instead of Sharepoint or Oracle Portal). I got a nice, brand-name, rackmount server. Installed RH9, created a tested recovery plan and nightly backups scripted in cron. Works great and it's been a big success, which i
Re:A view from the industry (Score:1)
Also here is what MOST people don't understand.
There really isn't any reason for people to develop (and release for free) a comprehensive GUI for Asterisk, and here's why.
Most of the people who contribute to Asterisk do Asterisk consulting (some full
Re:A view from the industry (Score:1)
Re:A view from the industry (Score:1)
.
Re:A view from the industry (Score:1)
As with most things Linux, the install problems usually get simplier through heavy use.
I tried installing asterisk 18 months ago, and wasn't getting their, not much like http://voip-info.org/wiki-Asterisk [voip-info.org] that I could find then, not much hardware in the market place...
3 weeks ago, I tried again, succesfully. 10* better. now dozens of voip phones, and config sc
Re:A view from the industry (Score:1)
Well, it is usually a decimal expression, but could always be re-written: -Peter
Re:A view from the industry (Score:1)
Re:A view from the industry (Score:1)
So what? (Score:1)
Is Asterisk Ready for Home Users? (Score:5, Interesting)
I have some spare computers, and would love the add voice mail, caller id, etc. Just wondering about keeping my existing phone numbers and monthly costs. When would I break even?
Re:Is Asterisk Ready for Home Users? (Score:2)
I'm pretty new to the whole concept, but it looks like for a whopping $99.95, you can get One of these [yahoo.com] to build yourself a home software PBX on a POTS line. My ignorant assumption, though, is that it just acts as a phone-call router for your existing phone numbers in this case, but I'm sure someone will correct me if I'm wrong.
Re:Is Asterisk Ready for Home Users? (Score:2)
CP
Re:Is Asterisk Ready for Home Users? (Score:1)
I lost power during $hurricane_name for anywhere from not at all to nearly two days,a nd I got it easy. My phone worked the /whole time/.
Re:Is Asterisk Ready for Home Users? (Score:2)
Re:Is Asterisk Ready for Home Users? (Score:1)
What about Speex (Score:2)
Re:What about Speex (Score:1, Insightful)
Unsafe as homes? (Score:2)
Re:Unsafe as homes? (Score:1)
Re:Unsafe as homes? (Score:1)
We HAVE :-) Several years ago there was a bug in the then-current Nokia series (like the 5110, 6110 etc), that locked up completely if you sent an SMS to them consisting of 160 periods (.)
Consumer broadband? (Score:2)
Re:Consumer broadband? (Score:4, Interesting)
Simple, use ethernet and get a voip provider instead of using a PSTN T1. I currently use http://connect.voicepulse.com/ [voicepulse.com], and that works great for me. Pretty cool, because you can have multiple incoming calls over one connection.
limited budget indeed (Score:5, Insightful)
I purchased three Intel white-box computers for $800 each containing 2.6Ghz processors 512MB ram and 40 GB hard drives
Anyone who recommends greybox PCs with non-raid storage for a financial institution...even a small one with only three branches...is not thinking very clearly. If it's for a business-critical application like the phone system, they're categorically insane.
Folks- there's a reason those telco boxes cost lots of dough. They Just Work if they're left alone (in 7-8 years of working with telco equipment, 99% of the problems have been telco line provider problems; hardware failures are extremely rare). There are books upon books written with guidelines for what is considered telco grade, but the common theme is "keeps going, and if it breaks, it does so gracefully".
$2500 can, even for a small bank, be PENNIES ON THE DOLLAR when the system goes down for even a few hours. If you've got a Lucent phone system and a support contract, they find stuff before you do, and no matter what time of day- there's a tech on your doorstep in an hour if they can't remote in via the system's POTS admin modem.
You want a cheap phone system, you get what you pay for. It's remarkably irresponsible for the authors of that article to advocate Asterisk without mentioning that reliability and support pale in comparison to 'real' telco equipment.
Re:limited budget indeed (Score:1)
Re:limited budget indeed (Score:1, Insightful)
Re:limited budget indeed (Score:1, Insightful)
I think they are doing pretty good.
This isn't secure VoIP. There's no encryption. (Score:2)
If it did end-to-end encryption with suitable handsets, that would be useful.
How does voip work for residential? (Score:1)
Let's say a small voip for residential similar to vonage.
It's easy to understand voip when it's ip to ip but I get confused when it's ip to pstn.
Do I need an asterisk box or something similar in each area code that I want to provide service? How do I purchase the numbers for the area code's I want? If I want to have say 1000 lines at first for my customer pool do I actually need 1000 individual rj11 lines? Or do these t1 lines thingie's merge a bunch
Re:How does voip work for residential? (Score:2, Informative)
Re:How does voip work for residential? (Score:1)
Re:How does voip work for residential? (Score:1)
Telco Equipment... (Score:1)
Re:Telco Equipment... (Score:1)
Asterisk is our backup (Score:3, Interesting)
The old telecom equipment is generally rock solid but if it dies it will take time to fix even under contract. The last time we had a card die we were without phone service for a full day as they had to Fedex a replacement from Toronto to Vancouver.
As a backup against a catastrophic failure of the switch and/or voicemail I've set up an asterix box pre-configured with all the extensions and trunks.
Switching to a complete VOIP setup using softphones at the start and adding VOIP handsets as they can be obtained could have us up with a complete PBX within 2-3 hours.
Trans-Atlantic VoIP (Score:4, Insightful)
asterisk daily news (Score:1, Informative)
asterisk news [sineapps.com]
asterisk daily news [sineapps.com]
Please don't mod below 0...trying to google bomb to move this awesome site up a bit.
Asterisk Versatility (Score:2, Informative)
- PSTN to VOIP gateway: combine a cheap server, asterisk, and a few $50 voicemodem cards and you've got a VOIP gateway that can connect your outside phone lines to any VOIP phone.
- VOIP to PSTN gateway: cheap server, asterisk, open VOIP provider like VoicePulse Connect [voicepulse.com], and some Digium FXS cards [digium.com] and you can connect every phone in your house to a VOIP network.
- PSTN/VOIP front-end to IVR gateway: cheap server, Asterisk, IVR [voxeo.com] provider like
Easy Debian Asterisk Installation (Score:1)
Re:Well, Skype just works. (Score:4, Interesting)
Comment removed (Score:4, Interesting)
Re:Well, Skype just works. (Score:1)
The people who made Skype made FastTrack. Sharman Networks purchased the rights to it.
Disclaimer: All facts stated here may merely be beliefs.