So I live in San Francisco and have an iPhone, which means I need a supplemental way to make reliable telephone calls. I work from home a good amount, and being able to stay on a business call is a plus.

I was thinking about going with the Skype solution, but I prefer a dedicated device as a phone, so I decided to build another Asterisk box and reconfigure my Aastra 57iCT to talk through it. Here’s what I did, in the form of a tutorial.

What You’ll Need

These are the basic pieces.

1. A SIP Phone. You can use a soft phone (a computer program), but as I said, I prefer an actual phone device. The Aastra offerings are excellent.

1. PBX in a Flash. There are many Asterisk distros, plus you can just pull down all the dozens of packages and put them in Linux yourself. But that’s silly, so don’t do that. Just go with PBX in a Flash; it’s the best one out there right now in my opinion.

1. A VOIP Provider. Even if you have Asterisk you need a provider that’ll cross the boundary between digital and POTS. I use TinCanTalk, which has been phenomenal for me. Their VOIP quality and service availability is the best I’ve seen across multiple providers, and the support is outstanding. Plus, they are one of the few providers that openly embrace Asterisk.

Setup

• First you need to install Asterisk (PBiaF). It’s a simple process. I have it on an ESX server (VMware), but you can put it on iron as well. You just boot to it and press go; it installs itself. Here are the docs for getting you going. Basically all you need to do to start is set a static IP (optional), run the script updater (see the docs), and then do the actual package download and install. Choose the “download” option, which is recommended by the installer.

• Once you’re all up and running, you’ll need to log into the Asterisk box. You should have already set your root password, but now you need to set the maint user’s password. You can do that from the command line (using the passwd-maint command) once you’ve SSH’d into the system using root/password_you_set. This is the user (maint) that gets you into the web interface, which is located at http://boxname.

• Now you need to set up an extension within Asterisk. This is all you need for a basic setup. Keep in mind that the extension and the secret are the key pieces here. They are the credentials that phones will use to log in with.
  

• Then we configure your SIP phone to connect to Asterisk. It’s pretty much the same information. The authentication name is the extension number you created in Asterisk (mine was 100), and the password is whatever you made it (also in Asterisk). The Proxy server is your Asterisk box, as is your Registrar server.
  

• Next, you connect your Asterisk box to your provider, which, in this case is TinCanTalk. This is surprisingly easy. Basically, just as your SIP phone connects to Asterisk, your Asterisk box connects to TinCanTalk. This is configured in two places–under Trunks (create a new SIP trunk), and under Inbound Routes.

Those settings in the text fields are the key to a good connection. They work for me, but if you know of any better settings do let me know. Pay special attention to the username and secret fields; those are your credentials. Also, they are entered again in the Register String at the bottom in the form of username:password@server.

Then, configure your Inbound Route:

• You’ll also need to configure your firewall to accept incoming traffic from TinCanTalk so that it can make it to your server. Having incoming SIP traffic bouncing off of your firewall/router means the phone won’t ring when someone calls. You want to make sure two things are forwarded: UDP 5060 (SIP), and UDP 5004 (the RTP port that TinCanTalk uses). I recommend making this rule as tight as possible, i.e. ensure that only TinCanTalk servers can hit your system on these ports. And if you have a firewall that can offer any SIP inspection, consider taking advantage of it.

• Finally, you have to do one last bit of trickery so you can have two-way audio. If you don’t you’ll almost work by you will have trouble receiving calls, hearing both sides of a conversation, etc. You need to add to the /etc/asterisk/sip_custom.conf file the following lines:
  
  

externip=your_external_ip/dns_name
localnet=192.168.1.0/255.255.255.0

So if you have a dynamic DNS provider you can use that DNS name, and if you have a static IP you can use that instead.

Make Some Calls

That should do it for a basic setup. This doesn’t even touch on doing the really wicked stuff, like using Skype through your Asterisk box, or making calls out of your Google Voice account. But this should get you operational.

Hit me up with any questions at http://danielmiessler.com/contact/. ::

Notes

¹ Also be sure to harden your PBX. In addition to making your firewall rule as restrictive as possible, ensure that all your passwords are as strong as tolerable. There is a good amount of SIP brute forcing out there, and you don’t want to be one of “those guys”. ^{2 3}

Question: What’s better than Google Voice?

Ha! Gotcha–it’s a trick question–the answer is nothing. Well, almost nothing.

The only thing better than Google Voice is having it integrate with Asterisk, and that’s exactly what’s about to happen. Here’s an excerpt from Nerd Vittles’ post on the topic:

For today, we’ve set our sights on the Google Voice feature set which is easiest to integrate into existing Asterisk systems: free voicemail message transcription, free calling in the United States, and free GOOG-411 directory assistance. For lack of a better term, we call it… Googlified Messaging™.

Nice. Then there’s this nugget:

It appears the entire Google Voice platform is SIP-based which makes it a perfect fit with Asterisk.

Mmmm…SIP. So here are a few things you can get from Google Voice / Asterisk integration:

• free voicemail message transcription
• free calling in the United States
• free GOOG-411 directory assistance

And keep in mind–this is all from your actual home phone, not just from your mobile or via the Internet (assuming you have Asterisk, of course). Excessively cool stuff; I can’t wait to implement it on my own Asterisk setup. ::

Scenario

1. You have an Asterisk server behind a Check Point firewall trying to contact a VOIP provider located on the Internet

Problem

1. SIP requires that your VOIP provider be able to contact you through your firewall on the port that you registered from
2. When your Asterisk box registers it registers with both source and destination port of UDP 5060
3. Unfortunately, Check Point NATs the source port on the way out to some random high-numbered port
4. The VOIP provider sees that high-numbered port as the return port number, and initiates contact with you on that port
5. Check Point takes that incoming high-numbered port traffic and sends it back to the Asterisk server-WHICH THE ASTERISK SERVER ISN’T LISTENING ON
6. The Asterisk server responds with ICMP Port Unreachable messages, basically saying, “Dude, I said 5060–what the hell is this other crap you’re sending me?”

Rant

Basically, the issue is that you can’t tell Check Point to NOT mangle the source port of your outgoing SIP connections.

I’ve tried static NAT and I’ve tried editing the SIP service so that it uses the “none” protocol handler. Nope. Regardless of the settings used, Check Point changes the source port on the way out and breaks SIP.

The really sad part is that Linksys has solved this problem; you can configure a cheapo router to use the original source port–but not a full, enterprise-level Check Point box. It makes me physically ill. ::

[ I'm using a fully functioning demo of R65, for those of you who asked. The fact that it's a trial doesn't effect its NAT functionality ]

I’ve been gathering requirements for my Asterisk-based home VOIP system and have just had an epiphany.

I don’t need to buy any wireless VOIP phones to use with my Asterisk box; soon I’ll be able to just use my iPhone as my home phone!

I was looking at the Aastra and Linksys options, for example, and preparing to do research on which would integrate best with an contact directory. Ideally I am looking for a solution that can tie into my Apple Address Book.

The SDK to Save the Day

But no worries — as of the 11th, when the iPhone 3G and version 2 of the SDK launch, the reality of VOIP on the iPhone will likely be upon us. There are already a ton of projects out there that leverage the iPhone for VOIP capabilities, so this iPhone/HomePhone functionality could not be far behind.

Why Do We Care?

Think about this: when you get home your iPhone will connect to your home wireless, which is tied in with your Asterisk system. It registers itself with Asterisk — basically saying, “I’m home now, send any home calls to my iPhone.” As of that moment, any incoming calls to your home number will ring on your iPhone.

Plus, any outbound calls you make from the house will route out of your Asterisk box (VOIP) instead of over AT&T, meaning you’ll save money on minutes. Not only that, but there are even projects that are working on letting you browse your Asterisk VOIP voicemail through the iPhone’s Visual Voicemail interface.

The iPhone is about to change VOIP forever, and having it replace common household phones is going to be a big part of it.:

Links

[ The Asterisk Project ]
[ The Top VOIP Soft Phones for the iPhone ]
[ iCall ]
[ Fring ]

iCall is a new, totally legit native iPhone application that will let you swtich from a regular AT&T call (which uses minutes) to a WiFi call (which is free).

Check out the video.

iPhone. Want.

A couple fellow geeks convinced me yesterday that I need to have a VOIP infrastructure at home. Here’s how they did it:

You’re not running Asterisk at home?

That’s all it took. So yeah, it’s the project in line right after my web server migration. I’m putting it in VMWare (of course) and I’ll then be on the lookout for some cool VOIP phone options.

I suppose what I’ll be looking for is some sort of device that I can use wirelessly throughout the house. The image I have in mind is completely free, secure, and reliable phone connectivity, i.e. me roaming around the house talking for free over the Internet.

I need to read up on the project and start searching for a cool “phone” to use with it. If anyone out there is in the know on this stuff, do me a favor and let me know what the deal is. I’m all over it.