Asterisk and Linux to Build Secure VoIP Connection

Beave writes "Using Linux and the Asterisk PBX, it is possible to build a secure, cost effective VoIP (and traditional PSTN) PBX solutions. This article shows you how to take advantage of various hardware, software and tricks to accomplish this goal within a limited budget."

What will the Romans do?

Oh wait, that was Asterix and Obelix.

s/Romans/phone comanies/

Re:What will the Romans do?

Where's my potion? Obelix can't have any because he fell into it when he was a baby. Wait isn't that how Blade became a vampire killer? Weird.

Re:What will the Romans do?

[Pvt_Waldo]

Curse you by Toutatis! That was gonna be MY POST!

Re:What will the Romans do?

How can you dare cursing in my name! You won't have protection in the village any more.

Shows you how?

[Dancin_Santa]

More like tells you in the most general of terms what they implemented.

Obviously what is going to be the real killer app is VoIP in a wireless setup. Instead of having a wall jack for your desk phone, it just hooks into the wireless mesh seamlessly.

I'm sure this has already been done. I'd love to see an article about it.

Re:Shows you how?

[Tony+Hoyle]

It's possible, but the available wireless VOIP handsets are 11b only and don't support WPA (both are showstoppers for me).

In the future I'm sure they'll become available.

I use my asterisk server to record incoming/outgoing numbers (the local telco wants paying for this service, although I have to pay them anyway for the callerid so I'm not sure I'm saving much), and to route calls over the cheapest provider (always analogue, as VOIP providers in this country are still 2-3 times more expensive than analogue ones) - which has saved me a fortune.

Re:Shows you how?

[Student_Tech]

Well you could get a PDA with a VOIP app running on it. For example, the Zaurus can have either KPhone/Pi or tkcPhone(demo version on their website). Both of those apps are SIP compatible.

So you get a PDA and a WiFi conectivity and there you go.

Probably not the best or most ideal solution, but it is something that does exist.

Re:Shows you how?

[itwerx]

although I have to pay them anyway for the callerid

You'll still get it even if you don't pay for it because it's a PITA to truly turn it off in the switch and the telcos never bother. :)
Call 'em up, ask 'em what the caller-id charge is for, when they explain tell 'em you don't need it and please take it off and voila' - you'll still have it without having to pay...

Re:Shows you how?

WiFi often has high latencies; that makes it undesirable for voice communications.

Re:Shows you how?

How hard would it really be? With the system as much computer controlled as it is, if they have your account number (maybe pulled it up automaticly when you called?) wouldn't it just be a simple "ok, your caller ID service has been discontinued" and have the system turn it off?

Re:Shows you how?

[Cramer]

This is incorrect. As one who has dealt with Lucent 5ESS switches, it's as "easy" to turn off as it is to turn on in the first place. It's one of the many line provisioning options.

Now, I say "easy" as the term is certainly relative when working with telco switches. I won't bore people with stories; suffice to say the CLI is very cryptic and the menu interface (from which all real work is done) is a bit complicated to the uninitiated.

Re:Shows you how?

[SpaceLifeForm]

Well, RC (Recent Change) is cryptic, there is no doubt. And an experienced worker can easily change it. The complexity comes in due to bundling with other features (such as 3-way calling and call-waiting) that would have to be un-bundled as a software item on the switch for that specific subscriber. At that time, it does get messier, and I can see some telcos just making the decision to only change the billing side, and to leave the software setup on the switch as is.

Re:Shows you how?

Easy on the 3 kinds we play with... Customer services deal w billing, call us, 30 seconds later it's gone....
Modern switches are CLI; log on, one sigle line entry, quick account query to verify then log out..

Re:Shows you how?

[charyou-tree]

It's possible, but the available wireless VOIP handsets are 11b only and don't support WPA (both are showstoppers for me).

Net2Phone XJ100 802.11g Phone

802.11g but doesn't say anything about WPA. Might be proprietary and only work with their VoiceLine service though. I don't know.

Re:Shows you how?

[FireFury03]

If anyone knows of a VoIP app for Symbian UIQ I'd be very interested - I've been looking around for one to run on my Sony Ericsson P900 phone for ages and so far have found nothing. :(

Re:Shows you how?

[Dare+nMc]

> It's possible, but the available wireless VOIP handsets are 11b only and don't support WPA (both are showstoppers for me).
http://www.zyxel.com/product/P2000W.html

It allows users to make or receive phone calls as long as they are in the coverage of IEEE 802.11b or 11g wireless Access Points. ...
- 64/128 bit WEP encryption

Re:Shows you how?

[itwerx]

At that time, it does get messier

Yep, and customers get pissy when somebody screws up. :) I'm sure in a few years when it's common knowledge that it gets left on and nobody's paying for it anymore then they'll start actually turning it off.

Re:Shows you how?

[nikkoslack]

I did it in my office. I bought a Linksys WET11 (http://www.linksys.com/products/product.asp?grid= 33&scid=36&prid=602) and hooked it up to my Cisco 7960 - Instant wireless VOIP, anywhere in the world 802.11 access is available.

This is cool...

[dealsites]

Be sure to check out this article on a sweet Asterisk implementation.
--
Watch this page for Black Friday Information!

Useful Asterisk Resources

[TheMysteriousFuture]

Useful Asterisk Links:

The Asterisk Wiki
Note: the wiki search is useless. Search with google instead, use "searchterm site:voip-info.org" (without quotes).

The Asterisk Documentation Project

The Asterisk Mailing Lists
Note: to search the lists use google again. "searchterm site:lists.digium.com" (without quotes)" in google.

the #asterisk chat room on irc.freenode.org. Drop by and say hello.
Note that due to problems with massive spambot attacks regisitration is required to join the channel. Simply type
/msg nickserv register mypassword
/join #asterisk

The next time you join you will need to type
/msg nickserv identify mypassword

Re:Useful Asterisk Resources

[fiji]

Also useful for checking your connection to see if it can handle VoIP: testyourvoip.com (the site has had an overhaul... some interesting new features)

-ben

Re:Useful Asterisk Resources

[ZX81]

Shameless Self Plug:

For up to date information on Asterisk you can visit the Daily Asterisk News:

http://www.sineapps.com/news.php - HTML
http://www.sineapps.com/rssfeed.php - RSS Feed

The above site contains (as you may have already guessed) daily updates on the Asterisk PABX and all related information.

Cheers,

Matt

Re:Useful Asterisk Resources

Rather then modding me as troll spend the same point on:
MOD PARENT UP

Totally serious here, this is the second best Asterisk resource available (next to the wiki). It is absolutly amazing that Matt comes up with the time to keep up with every single interesting or need-to-know change in Asterisk or Asterisk related stuff. And all without a SINGLE Ad on the site!

Wish I had some points....

Whoa!

[cmcguffin]

I had no idea Asterix was a linux geek!

Re:Whoa!

Actually, Asterix is really a closed-source kinda guy. After all, the crazy Gauls never let the Romans know the secret recipe for their magic potion....

Re:Whoa!

Did YOU ever see him with a girlfriend?

Re:Whoa!

[BJH]

Nah, Asterix and Obelix are just users. I'm sure Getafix would have a posse of open-source potion developers if he could find somebody as good as he is.

Re:Whoa!

[Spudley]

Hmmm... Nah, the potion was a *secret* recipe.

That was kinda the whole point. :-D

Reminds me of a pissing match I had once

[ShatteredDream]

With a guy on FreeRepublic.com about Linux use in universities. He claimed that Linux is "forced on students" because of a rabidly anti-Microsoft passion and that the professors are desparately trying to make us think that Linux isn't a POS compared to Windows.

The real reason taht Linux is so well received and used in the university settings around the world is that it is conducive toward so many types of projects. Imagine trying to hack windows for this. Now Linux. No licensing, no fees, nothing.

Re:Reminds me of a pissing match I had once

[WindBourne]

Actually, you can hack windows for this. Avaya did. It's development costs were more than double. It required more than double the system to do half the work. And it produced the phrase "blue screams of death".

Our solution

[frankthechicken]

At my office we all have our own x-boxes, and using the X-box live service, we are able to happily communicate with each other at a very competetive pricing structure.

The solution offers a simple text messaging scheme, and conference calling facillities.

I can fully recommend this solution to any businesses looking for a cost effective VoIP.

Re:Our solution

[geekoid]

we just use skype.
we already have a computer, no sense in getting another.

Re:Our solution

[frankthechicken]

we just use skype

Actually, so do we, I was trying to make a little joke, which appears to have been taken seriously.

I liked the idea of people talking wearing their "Xbox communicator" headsets whilst using the gamepad to furiously tap messages to each other.

But if some people find it interesting, maybe there is some, small, tiny merit in the idea.

Re:Our solution

[big+tex]

Bush won! four more years of rape, pillage, burn and rape!

Ob. Blazing Saddles:

Lamarr: Qualifications?
Outlaw: Rape, murder, arson and rape.
Lamarr: You said rape twice.
Outlaw: I like rape.

Re:Our solution

[TheMysteriousFuture]

ha.

HAHA..

HAHAHHAHAHABAHA
BWHAHAHAHHAHAH HAH A AHHAH AHH AHHAH AHAH HAHA HAH AH A

You CAN'T be serious. XBOX LIVE? for a BUSINESS VOIP SOLUTION? BWHHAHHAHAHAHAH that's the best thing I've heard all day. Thanks for the laugh.

HAHAHAHAH

Now if you are a 2 man operation that might work okay if you don't ever take customer calls. But
How do you have:
Call Queues
Music On Hold
Find Me Follow Me
Voicemail
Transfering
et al

with xbox live.

Re:Our solution

Slashmod + sense of humour = Universe collapsing in on itself...

Re:Our solution

[xsecrets]

Now you'll really be laughing in a week when the /. post about someone porting this to xbox linux comes in.

Re:Our solution

[TheMysteriousFuture]

It's already been done. Asterisk runs fine on xebian and Gentoox. You can use USB FXS adapters to connect phones. If you google there is even a video from a conference where it was demo'ed.

Running Asterisk on a xbox has absolutely nothing to do with using xbox live and saying it's a viable solution for small business.

Gento o ebuild

[Ingolfke]

Gentoo has the ebuild information here

And if your a hardcore BSD person... check out this page about Asterisk on BSD

Hum... much like the senior citizens... Gentoo and BSD may serve a purpose.

Re:Gento o ebuild

if your a hardcore BSD person

"you're".

Re:Well, Skype just works.

[joormotha]

It is also loaded with spyware. Sharman Networks (creators of Kazaa) wrote this software. Use at your own risk.

A view from the industry

[jaymzter]

From an enterprise viewpoint, that is a very large service base, asterisk is dead in the water until it can match the simplicity of the interfaces found on proprietary systems. This isn't a knock on asterisk as a technology solution, but the telcom admin of a large corporation isn't going to want to look at a text file to figure out his dialplan or use some arcane interface when on a more mature system he can use a simple command like 'display dialplan'.
I don't doubt many people have used asterisk as a voice solution for some companies, but not for any major companies and certainly not for any huge call centers. RTFA, a CIO would sh*t if you showed him snippets from some text file. Not to mention the questionable logic of running your voice system on a white box computer. It may be fine and dandy when e-mail is down for an hour, but five minutes without phones is a lifetime for any serious company. 5 9's is not a joke in the voice world and actually a rational expectation.
In other words, I support asterisk simply because I love open source, but don't kid yourself, right now it's just a hobby app (as seen from the enterprise)

Re:A view from the industry

[LittleLebowskiUrbanA]

" the simplicity of the interfaces found on proprietary systems"

Apparently you've never used Avaya IP Office. I YEARN for the simplicity of text files. 3 freaking different GUIs to manage it and they're interconnected but you have to change things using at least 2 of them in many places.

Re:A view from the industry

Welcome to Unix, my friend.

Besides, what kind of stupid corporation would let a Windows admin manage their phone systems?

Re:A view from the industry

[Damin]

"the telcom admin of a large corporation isn't going to want to look at a text file to figure out his dialplan or use some arcane interface when on a more mature system he can use a simple command like 'display dialplan'."

Hmmm.. You know.. you are absolutely right. Using "display dialplan" on a more mature solution is infinitely easier than using the "show dialplan" command that is found in Asterisk.

asterisk*CLI> help show dialplan
Usage: show dialplan [exten@][context]
Show dialplan

NEXT!

Re:A view from the industry

In over 40 years I have never seen 0.99999, except from 100.000% PSTN. Less than 316 seconds downtime per year on a PBX? Hah!

Re:A view from the industry

[DLG]

Likewise, as primary network and telephony guru at my firm, my Cisco CallManager based system, despite being primarily LDAP and SQL based as far as configuration is concerned (except of course where we are using H323 at gateways instead of MGCP) the interfaces necessary for the creation and move-add-changes of users is grueling. It makes me what to develop my own front end, ut of course if I start writing to their databases my support would go out of the window.

Its easy to build pretty GUI's over configuration files. It would be nice if by following some sort of reasonable open standard for the backend data storage, we could create flexible and extendable interfaces as well as services.

Does anyone know whether Asterix as any ability to manage MGCP/H323 based hardware such as vg248's or x6608 PRI blades?

Re:A view from the industry

[jaymzter]

Ok, I'll take next! 'change dialplan', versus what exactly in asterisk? No need to respond, I've read their convoluted explanation of their concept of a dialplan.
All that aside however, this isn't about knocking asterisk! I compared it to a Large Enterprise, and stated the obvious, that's all

Re:A view from the industry

[jaymzter]

IP Office isn't for large sites, which is what my post referred to. Not to down you, but you apparently have never used a Nortel or Avaya PBX designed for thousands of users, then you'd know what I was referring to. It's drop dead simple to configure them, until you get into the heavy call center features, that is.
And yeah, IP Office is a joke

Re:A view from the industry

You don't know much about the reliability of linux on white boxes, do you? It sounds like your gauging white box reliability according to your experience w/ windows. I have a number of white boxes that have been running reliably for years.

Not reliable enough? You want redundant power supplies w/ a couple of UPS's. Redundant disks. Easy. Get a commodity box from Dell, run software raid. Big whoop.

You think you're not running a computer with an operating system and moving parts already? Ha!

You could probably pay the neighbor kid down the street to put a fuzzy web front end on for your boss who's queries are apparently not very sophisticated. "How much? When? Where? Who? Jelly donut!"

Re:A view from the industry

[ispland]

Valid comments about making config and changes. I come from the days when all configuration was routinely done at a command line man-machine interface. It works fine, but did require training. Today we have solid but totally proprietary (and expensive) web or PC based graphical configuration systems, often requiring a separate PC just for programming.

A Webadmin type interface for Asterix would go a long ways toward making the product more acceptable to end users.

As for uptime, telco CO switches and PBX's, I've installed quite a few. Most are incredibly reliable due to rigid controls in design and testing, but I've seen lots of software and hardware problems that caused minor and/or major problems. Getting these software bugs documented and acted upon by the vendor generally took weeks or months before a new relese came out, and the end user generally paid dearly for the upgrade to fix what should have worked in the first place.

Not to mention the cost (and delays) of adding new features. Or the total lack of interoperability of telephone sets from different vendors.

Re:A view from the industry

[colenski]

>but the telcom admin of a large corporation isn't going to want to look at a text file to figure out his dialplan or use some arcane interface >when on a more mature system he can use a simple command like 'display dialplan'.

except, 'show dialplan' already works in the asterisk cli, I just typed it a couple of hours ago.

>Not to mention the questionable logic of running your voice system on a white box computer.

Netfinity's are cheap on Ebay, I just got one for $400 Cdn 4 way Xeon w/ 4 gig RAM. Fully supported, documented, and you can't kill them with a sledgehammer. My Asterisk install with FC2 runs just fine on it, thank you. I simulated over 100 concurrent SIP sessions and the CPU's barely broke a sweat.

>match the simplicity of the interfaces found on proprietary systems.

Oh, it is to laugh. I'm currently supporting 80 seats running a $120,000 Mitel ICP3300 that uses something that can loosely be called a GUI, but is actually a wrapper on the CLI. Even to do simple things you have to go from GUI1 to GUI2 to CLI1 to CLI2...it's a fucking joke. In Asterisk, after you do your intitial setup (allocate your channels to a call processing context etc), you only edit voicemail.conf and extensions.conf. It's a blessing.

There is a dumbed down GUI at voxbox but it's pretty primitive. Gimme the .conf file any day.

Re:A view from the industry

[zmanea]

I can speak from experience on this. I work for a company that provides IT services for small companies. We implemented Cisco Callmanager at one of our clients and Asterisk at another. The client running CallManager has about 200 employees and when all was said and done cost about $250k (2 Call Managers, Unity, IPCC, router, switches, 7940s & 7960s). The client running Asterisk has about 15 employees and when all was said and done the cost was about $1000 (Asterisk on a Dell, Digium card, Handytone phones). Both solutions provided nearly identical functionality. CallManager was a PITA to get up and running and is a major PITA to administer and troubleshoot. If a user is going to be in an IPCC queue it can take 30 minutes to set them up. I can setup a new user in Asterisk in about 5 minutes. On average I easily spend 10 hours a week managing the CallManager system and maybe 10 minutes week on the Asterisk system, granted the Asterisk system is being used by a much smaller company. Asterisk is a full blown PBX that can be the best solution for small companies voice needs. It does have its limitations, mainly redundancy and scalability. Even with its limitations it has been a solid solution compared to the Cisco product. Some things are so simple with Asterisk yet nearly impossible with Cisco.

Re:A view from the industry

[tylenol3]

I'm in the industry also, and I don't understand why Asterisk couldn't be an enterprise-grade application. Sensis here in Australia (one of the largest unified web/voice service centers in the country) runs on a proprietary soft PABX, which is a Windows-based solution. While the unified messaging capabilities and user interfaces are a bit more developed, the hardware on which they run is the same. It costs much less to build a fully redundant data server than it does a fully redundant proprietary voice server. I think it's a good solution for anyone willing to give it a shot.

What I don't understand is why people seem to lose perspective of their telephone maintenance when they start talking VOIP. Just because you change to an IP platform doesn't mean you can't still outsource maintenance to a company dedicated to keeping your voice systems up and running. Chances are if you pulled out your old PABX and had an experienced company install an Asterisk solution, you could pay roughly the same amount for 24x7 cover that you're already paying on your Nortel or Avaya switch.

I would like to know if any other telecomms CPE providers have considered Asterisk as a managed solution offering. Provide or partner with a data carrier for SLA'd data connections, use SIP handsets on the desktop, and locate the Asterisk server off-site. You could probably even think of it in terms of a server farm and tennant a certain amount of CPU cycles to smaller businesses. Consolidate voicemail hardware between companies, etc. With the proper carrier channels, you could offer relatively cheap call termination by placing POPs in key cities and bill as a monthly service.

Anyone out there doing this sort of thing?

Re:A view from the industry

[LittleLebowskiUrbanA]

Very true about the large sites.

I have problems getting free support (forums, mailins lists, docs, etc..) for IP Office and am starting to realize that I'm locked into Avaya and their local vendor for everything. Is that the case with the larger PBXs from Avaya?

Re:A view from the industry

[Stinking+Pig]

Actually, it's fairly uncommon at large companies for the CIO to give a damn about how the thing is configured... that's your problem, Slashbot. Similarly, they wil indeed sh*t if they find it's running on a white box computer... but the choice of platform is your problem, not the software's.

I'm not disagreeing with you about Asterix's readiness or lack thereof, I don't really have an opinion. But I do have a lot of experience with CIOs going through the buying process, and I can tell you that they think in terms of services rendered, costs incurred, and risks undertaken. If you can provide the service required at a reasonable cost with minimal risk, they really don't care how you're going to do it so long as your solution passes the sniff test. White box hardware in a mission critical solution stinks to high heaven, but an open source app on good gear with a clear set of contingency and support plans has a fighting chance these days.

Re:A view from the industry

I don't know what kind of wonderful PBX software you use, but at my company our PBX is managed by an arcane windows-explorer style tree view with critical fields which aren't labeled floating in empty space. Well, not floating--you'd never realize they existed if someone didn't show you they were there first. You have to memorize how far over in the mass of grey to click just to add a mailbox, becuase the entry box appears magically on input. And, due to an interesting bug in the remote console, we have to add mailboxes by dialing in from an external analog line or else it hangs. Not exactly robust or easy to use. :-/

Re:A view from the industry

[TheMysteriousFuture]

*SIGH*. You don't like the text file configs for asterisk? Then contribute to one of the several Asterisk GUI projects. Or better yet spend some of the cash you would have paid for that Avaya or Cisco system to sponsor some developers to write a PHB style GUI.

Also here is what MOST people don't understand.
There really isn't any reason for people to develop (and release for free) a comprehensive GUI for Asterisk, and here's why.

Most of the people who contribute to Asterisk do Asterisk consulting (some full time, others part time). Once you learn Asterisk config file syntax it is very simple and you write them without even thinking about it.

After you've done a single major Asterisk install it takes you literally 1/10'th of the time to write config files for subsequent installs as all you have to do is modify a couple of extension numbers, and maybe change IVR prompts and you're done.

It honestly is easier for me to edit a text config file with VIM then it would be to use a GUI. And by definition a GUI is not going to be as flexible as config files (unless it is hopelessly complicated). Period...

Unless the GUI is simply a pretty way to show the config file to make PHB's such as yourself happy , but doesn't hide the config file syntax. In which case, what's the point?

I'm rambling now...I await the trolls (I'm anti open source, yadda. Yadda. Blah. Blah. Yadda. Yadda. Yoda!)

I shouldn't even bother posting this.

Re:A view from the industry

[TheMysteriousFuture]

gah! all those speeling errors. Must...remember...to...preview. I can't wait for my very own speeling troll to appear.

Re:A view from the industry

Why should the person in charge of a telecom at a Fortune 500 contribute to a GUI project when he can get a system that is within his budget that has everything he needs?

If I'm that telecom admin, I'm banking on proven technolgies and companies with a reputation for reliability, not open source zealotry.

Guess what? I run Asterisk at home too, but I know what is practical and what is not. What you suggest is not practical nor does it make sense at all.

Re:A view from the industry

[TheMysteriousFuture]

yep
.

Re:A view from the industry

[Dare+nMc]

>but the telcom admin of a large corporation isn't going to want to look at a text file to figure out his dialplan or use some arcane interface
As with most things Linux, the install problems usually get simplier through heavy use.

I tried installing asterisk 18 months ago, and wasn't getting their, not much like http://voip-info.org/wiki-Asterisk that I could find then, not much hardware in the market place...

3 weeks ago, I tried again, succesfully. 10* better. now dozens of voip phones, and config scripts...

it's still at the state of hundreds of config files floating around, but you already got:
http://dontpokebadgers.com/rss2cisco
giving scripts that auto configure your cisco config files, and extensions, passwords,... with a querry from a mysql database, and http://sourceforge.net/projects/jasterisk/ that lets you do all real time call routing/handeling from a PC app.

granted both of these take a bunch of config options, but so do those pripriotory systems yo mention. just you send them to a company to configure off site before the bring the $100,000 box's to the site, a couple months later.

Get a linux guru a couple months, and you will have all those fancy java/cgi/whatever scripts doing all this from a single website, thats more intuitive than the costly box. I feal confident saying this, because I got the PBX all loading, and sending XML content on scripts I customized, in 3 weeks, and I had no idea what the rc.d directory was good for, and never wrote a cgi script before.

Re:A view from the industry

[pete-classic]

5 9's is not a joke in the voice world and actually a rational expectation.

Well, it is usually a decimal expression, but could always be re-written:

99999
------
100000

-Peter

Re:A view from the industry

[dheltzel]

White box hardware in a mission critical solution stinks to high heaven, but an open source app on good gear with a clear set of contingency and support plans has a fighting chance these days

You're right! about a year ago, I convinced the IT Director to implement Plone as a company intranet (instead of Sharepoint or Oracle Portal). I got a nice, brand-name, rackmount server. Installed RH9, created a tested recovery plan and nightly backups scripted in cron. Works great and it's been a big success, which is quite an accomplishment for a first-time portal implementation, from what I've read about them.

This is an example of not getting what you paid for, but much, much more. Our Plone implementation was much cheaper than a commercial package, not just in up front costs, but also in configuration and customization. I went to a week's worth of training on Oracle's Portal and it is still much easier to work on Plone even with no formal Plone/Zope/Python training. I have come to believe that Oracle's products are deliberately made more complicated than necessary in order to support Oracle Consultants and DBA's. I'm an Oracle DBA, so I'm a bit conflicted about that strategy, but not so much as to refuse to benefit from it.

The OSS we use has been very beneficial to our company -- Thank you open source developers everywhere!

Re:A view from the industry

[mountaingeek]

Thats funny. From the asterisk cli prompt I can type in "show dialplan", and it displays the dialplan.

Re:A view from the industry

[xsecrets]

how did you get it down to $1000? I ask because my company is doing several phone systems for small businesses these days and to get the price down we've been using referbed legacy systems, but they are a bit of pain and lack some functionaliy, but when looking at this after reading this article I've found the cards run around $500 and even if you use the cheapest computer you can find (not a good idea in my opinion) it's still $399 or so that doesn't leave much room for phones, which is what always eats your lunch anyways.

Re:A view from the industry

[nikkoslack]

You need to read a little before spouting off there, maverick: [code] pbxMobile*CLI> help show dialplan Usage: show dialplan [exten@][context] Show dialplan pbxMobile*CLI> [/code] Asterisk has a VERY easy interface to grok a VOIP PBX

So what?

We've been doing this with 3com NBX equipment and IPcop VPNs for years. Works great.

Is Asterisk Ready for Home Users?

[PetoskeyGuy]

I have two incoming phone lines here. Is a PBX like Asterisk only cost-effective for office environments where they are paying thousands per month for bandwidth, or can this also be used to replace my current 2 line POTS setup?

I have some spare computers, and would love the add voice mail, caller id, etc. Just wondering about keeping my existing phone numbers and monthly costs. When would I break even?

Re:Is Asterisk Ready for Home Users?

[Dr.Dubious+DDQ]

I'm pretty new to the whole concept, but it looks like for a whopping $99.95, you can get One of these to build yourself a home software PBX on a POTS line. My ignorant assumption, though, is that it just acts as a phone-call router for your existing phone numbers in this case, but I'm sure someone will correct me if I'm wrong.

Re:Is Asterisk Ready for Home Users?

[petecarlson]

That's an FXO card which hooks up to a standard pots line. You would also need a voip phone or an FXS card which you can plug a standard phone into. For a home system you don't realy need a FXO card because it is unlikly that you would want to pay for a pots line to route local calls.

CP

Re:Is Asterisk Ready for Home Users?

[b1scuit]

But you might want to have a POTS line handy for when the power goes out for more than a few hours.

I lost power during $hurricane_name for anywhere from not at all to nearly two days,a nd I got it easy. My phone worked the /whole time/.

Re:Is Asterisk Ready for Home Users?

[petecarlson]

I haven't had a pots line in seven years, but I guess if you wanted one you could write a dialplan to route 911 and local calls over the FXO card. BTW the card mentioned in the inital post has a "pass through" port which the pots line can pass through even with the asterisk box off. It would be nice to have a pots line for testing but I normaly loop one of my FXS ports back to the FXO port and then route X trafic that way for testing.

Re:Is Asterisk Ready for Home Users?

[qqaz]

Actually, this is nothing more than an Intel Ambient winmodem that digium wrote drivers for. Any modem with the same chipset (Ambient MD3200 I believe) should work. I've got an asterisk setup at home with one of these. I used the gentoo ebuild with a modem I got for $20 on ebay. Works great, I have the coolest answering machine on the block.

What about Speex

[LWATCDR]

Can it use Speex for audio compresion?

Re:What about Speex

Yes - Yes you can.

Security wasn't part of Asterisk - it was OpenVPN

[billstewart]

The article said that they did't get their security from Asterisk itself - they added it on by using OpenVPN to build encrypted UDP tunnels and push the Asterisk IAX protocol through them. (No apparent detail on how to configure it.) Some of the Asterisk mailing lists talk about adding encryption to the transport protocols, but as near as I can tell from a few Google hits, that's really all a Wishlist for Somebody Else to implement rather than part of the core protocols.

That's really too bad - encrypting VOIP causes extemely annoying overhead problems, because the voice data packets are really small (they're not very big before compressing them, and then they're even smaller), so the minimum overhead for just doing the RTP+UDP+IP headers is several times the size of the voice traffic they carry, and IPSEC adds another two layers of headers, or SSL adds about three, and pretty soon that cute little elegant 8kbps compressed voice stream is looking like 40-80kbps and won't fit on your modem. SIP can use the SRTP protocol as a modification of RTP, so to the extent that anybody implements it, it's basically doing then encryption along with a layer you needed anyway, so it doesn't add much overhead. IAX doesn't appear to have this (which is especially frustrating because the IAX2 trunking protocol makes multiple simultaneous connections much more efficient, though I suppose if you've already done that, the extra overhead of IPSEC or OpenVPN may not bother you as much.)

Unsafe as homes?

[Doc+Ruby]

What the world needs now, is mobile firewall, sweet firewall. It's amazing that we haven't heard of the SMS of Death yet, or Symbian trojans. Where's that PalmOS firewall? Then the phone can be safe for an OpenVPN client.

Re:Unsafe as homes?

[edanshekar]

http://www.bluefiresecurity.com/

Re:Unsafe as homes?

[GekkePrutser]

It's amazing that we haven't heard of the SMS of Death yet

We HAVE :-) Several years ago there was a bug in the then-current Nokia series (like the 5110, 6110 etc), that locked up completely if you sent an SMS to them consisting of 160 periods (.)

A view from the [GUI] industry

"From an enterprise viewpoint, that is a very large service base, asterisk is dead in the water until it can match the simplicity of the interfaces found on proprietary systems."

*pfft*

Obviously someone who grew up on windows GUI's.

Fortune 500 company, were the phone was our life.

Interface to our PBX was a green screen interface.

It worked fine (too fine! but that's another story. :)

Re:Well, Skype just works.

[finkployd]

Everything I have read and everyone I have talked to said there is no spyware in skype (as they claim). It is easy to check, spyware would communicate with the mothership somehow, just run a packet sniffer.

What leads you to believe it has spyware? Because the Kazaa guys wrote it? Any actual evidence?

Finkployd

Consumer broadband?

[Doc+Ruby]

They connected their Asterisk PBX to the PSTN through a $500 card to a T1. How can I connect my Asterisk to my cablemodem (3/0.5Mbps)? What does it connect to over the WAN to complete calls to the global PSTN? Is it 100% reliable, with a complete footprint in urban areas, and failover to the rest of the POTS phones in the world?

Re:Consumer broadband?

[DA-MAN]

They connected their Asterisk PBX to the PSTN through a $500 card to a T1. How can I connect my Asterisk to my cablemodem (3/0.5Mbps)? What does it connect to over the WAN to complete calls to the global PSTN? Is it 100% reliable, with a complete footprint in urban areas, and failover to the rest of the POTS phones in the world?

Simple, use ethernet and get a voip provider instead of using a PSTN T1. I currently use http://connect.voicepulse.com/, and that works great for me. Pretty cool, because you can have multiple incoming calls over one connection.

Re:Consumer broadband?

"How can I connect my Asterisk to my cablemodem (3/0.5Mbps" You can't unless you use a VoIP provider like Vonage.

"What does it connect to over the WAN to complete calls to the global PSTN" - It doesnt connect to anything, the LEC cuts that T1 into 24 channels. In his case 8 channels are voice and the remaining 16 are Inet. The LEC puts voice and data on the T1 at the local CO. and splits it back out when he sends. His T1 card does the same thing.

Are you joking?

[mindstrm]

Please.. PLEASE.. tell me what enterprise PBX system it is you have that has this wonderful user friendly interface?

Because form the ones I've had to use, I can tell you, I'll get far more flexibility and power out of asterisk than most commercial PBX systems I've seen.

BTW, if it's such a "hobby" app, why is it that some extremely large VOIP providers use it? Serious businesses, too..

Re:Are you joking?

[jaymzter]

Both Nortel and Avaya PBXs have command line driven user interfaces, which is what I'm referring to. That in itself is only a surface similarity to asterisk. While both are CLI based, the proprietary ones are built not only on simple to recall commands, but it's the TEXT interface where all you have to do is fill out the proper fields that makes them better IMO. asterisk just gives you a blank line. Welcome to your first Linux install. It's the difference between doing 'make oldconfig' and 'make menuconfig'. WTF did you think I was referring to, a GUI? ;-)

Re:Are you joking?

[mindstrm]

Because you mentionend "the cio would not like text files for config".

THe type of differences you are talking about would not even be noticed by a Cio/cfo/whatever.

a CLI (which asterisk has, by the way) is not significantly different than editing text. Further, text files often give you a clearer picture of what's going on than a simple command line.

limited budget indeed

[SuperBanana]

I purchased three Intel white-box computers for $800 each containing 2.6Ghz processors 512MB ram and 40 GB hard drives

Anyone who recommends greybox PCs with non-raid storage for a financial institution...even a small one with only three branches...is not thinking very clearly. If it's for a business-critical application like the phone system, they're categorically insane.

Folks- there's a reason those telco boxes cost lots of dough. They Just Work if they're left alone (in 7-8 years of working with telco equipment, 99% of the problems have been telco line provider problems; hardware failures are extremely rare). There are books upon books written with guidelines for what is considered telco grade, but the common theme is "keeps going, and if it breaks, it does so gracefully".

$2500 can, even for a small bank, be PENNIES ON THE DOLLAR when the system goes down for even a few hours. If you've got a Lucent phone system and a support contract, they find stuff before you do, and no matter what time of day- there's a tech on your doorstep in an hour if they can't remote in via the system's POTS admin modem.

You want a cheap phone system, you get what you pay for. It's remarkably irresponsible for the authors of that article to advocate Asterisk without mentioning that reliability and support pale in comparison to 'real' telco equipment.

Re:limited budget indeed

[Beave]

You obviously missed the part where it said buying _multiple_ backup machines, and you'd still save money. People, can we read the article.

Re:limited budget indeed

While the authors were remiss in suggesting the systems they did there is no reason why an Asterisk based system can not be built with the redundancy and scaleability of a "real telco solution". Telcos and large suppliers have a vested interest in making telephony seem more difficult then it is, and frankly the cat is out of the bag. It is very possible to build a system with a very high level of reliability for a fraction of the cost of a commercial system. I've had a lucent phone system and a support contract and it isn't all that its cracked up to be.

The key to building these solutions is alot of redundancy both in the hardware and with clustering. Voip + Clustering gets you very close to telco grade. Support is really the biggest issue, but there are a growing number of companies providing it, and if its set up well you won't be needing much of it. I take issue with the parent poster disparaging these open source systems as somehow inferior to products from Avaya, Nortel and others. Its just not true anymore. The only area where these vendors have any competetive advantage is in their interface designs, and as convoluted as Asterisk is I'll take it anyday over Avayas windows management software.

Re:limited budget indeed

You obviously haven't worked with cheap-ass brokers. That money is their toy - you don't get any, and they still whine when their decade old boxen go blue screen - not that they paid for that either.

so sad - so sorry

Re:limited budget indeed

[isometrick]

There's a company that banks their proven reliability on the redundancy of their software. Not hardware.

I think they are doing pretty good.

This isn't secure VoIP. There's no encryption.

[Animats]

Where's the security? This doesn't do anything to secure the connection. It's just a PBX on a PC.

If it did end-to-end encryption with suitable handsets, that would be useful.

Re:This isn't secure VoIP. There's no encryption.

They used OpenVPN to do PBX-to-PBX _encrypted_ communications between branches. What part of that don't you understand?

Re:This isn't secure VoIP. There's no encryption.

OpenVPN (http://www.openvpn.org) was used to secure the connection across the Internet to the remote branches.

How does voip work for residential?

[Sark666]

I'm trying to understand the complete business cycle

Let's say a small voip for residential similar to vonage.

It's easy to understand voip when it's ip to ip but I get confused when it's ip to pstn.

Do I need an asterisk box or something similar in each area code that I want to provide service? How do I purchase the numbers for the area code's I want? If I want to have say 1000 lines at first for my customer pool do I actually need 1000 individual rj11 lines? Or do these t1 lines thingie's merge a bunch of phones lines within this?

I'd really like to read an article explaining the a-z of voip if anyone has any.

Re:How does voip work for residential?

[x.Draino.x]

If you want to do SIP/IAX you only need a network card, no fancy $500 T1 cards..You can purchase DID's ( Direct Inward Dial ) from NuFone.net or connect.voicepulse.com to work with Asterisk. They give you a "virtual number" from whatever state you want. You can have multiple calls on the single DID. Basicly you put a statement in your IAX configuration file to register with either of the services ( after signing up with them ) and when you register it tells them what IP address your Asterisk server is to route calls to. Your Asterisk box then routes calls accordingly. You can also pre-pay for outgoing PSTN calls through these services for very cheap. I currently have a DID through Voicepulse and do outgoing through NuFone.net.. works great.

Re:How does voip work for residential?

That 100% true. However, a lot of businesses still like have "true" telco connection to there offices. IE - Non-VoIP "POTS" type lines. It's hard to sell a business "virtual numbers", when they know - even without power in the building, that a POTS line will always function.

Re:How does voip work for residential?

[Sark666]

Hmm, what I meant was if I wanted to startup a residential voip service for example. Do I need asterisk boxes in each area where i want to purchase area codes? I'm looking at a complete solution and not relying on nufone or what have you. What I'm basically asking is how does vonage do it? Do they 'need' to have offices in each city where they want to provide service? I assume they over sell. What's a normal line to customer ratio? Basically I want to understand the complete cycle of how voip works from a company's like vonage perspective.

Re:How does voip work for residential?

[x.Draino.x]

No clue, sorry man. Digium ( I believe owned by Mark Spencer who started Asterisk ) would probably be able to tell you. You may have to buy something from them though to get support. iAXY's are only like $100.

Re:How does voip work for residential?

Atleast for Packet8, they do it all via IP. When a call comes in, one of Level3's nearby SIP gateways will connect to my phone adapter to establish the call.

You would lease DIDs from a CLEC such as Level3, Focal, etc. To avoid having to purchase T1s, etc you can just use IP connectivity to your SIP provider. So, no you don't need a presence in each area.

Re:How does voip work for residential?

to parent, for decent info on VoIP check out: http://www.acmqueue.com/modules.php?name=Content&p a=showpage&pid=203 that article is one of many on that site. sno

Re:How does voip work for residential?

I work for a clec that does business in the midwest and southeast. I have actually turned up many pri's with voip providers. Most of them order PRI's with DID's on them which we then connect to thier CISCO AS5300 gateways.We also provide an internet pipe for them as well in our colocations. All local inbound and outbound traffic is routed through us and they take thier LD traffic across thier network to the closest gateway they have for LD. I am pretty sure that with all the VOIP provider's for residential business do not have thier own class 5 switch in the markets that other clecs serve and its cheaper to least pri's from clec's because we have already incurred the cost to connect to the RBOC's.

vonage

[sonictheboom]

my understanding is that Vonage uses the voice mail code in Asterix

Telco Equipment...

[p388l3s]

after reading some of the posts about this i can only say, man you people are spoiled! ;-) Last time i was anywhere near telco equipment in a big financial institute they still had 386's running the damn stuff ( this was Australia, u know what i'm sayin if you know about telstra/optus ), the comm's guy asked me if we had something else to put the software on and put some cards in, i suggested a nice P3 and he chocked and said it was too new, i ended up giving him an old pentium 66 or the like and he was chuffed! As for these guys, i didn't see mention of Battery backup's, raid or redundant backup's so i'm thinking they like living on the edge! kinda scary for a banking environment, although they are saving on local to local bank call's etc, but still, not the kinda bank i want to trust with my cash! they you go, you can have this $0.02 for free.

Re:Telco Equipment...

I was directly involved with the article, so I can answer those.

Yes - we have backup power/UPS on each unit. That should have probably been mentioned in the article. I appologize for not doing so. It wasn't really something we went into heavy thought about. It's just something we do.

We did not do raid, however, we where able to buy multiple machines for each office. We duplicated the configuration of the primary box to the secondary. This way, if one dies, it's easy to swap out. I believe that was mentioned in the article. Yes - you have to move 3 cables in order to get the backup online. These remote office house about 15 people. These are very rural areas. Yes - we could do RAID. We still might, but probably not with a duplicate machine sitting next to it.

With the primary and backup machines, plus duplicate T100P cards, the organization still saved a lot of money. I guess we should have been more clear on that.

Re:Telco Equipment...

[p388l3s]

thanks for the reply, good to hear that you do take redundancy seriously, and just for your knowledge thanks for the article in the first place it has given me a few ideas to mull over, and will be of some assistance in setting up something like this if it comes to pass. :-)

Re:Security wasn't part of Asterisk - it was OpenV

[cduffy]

...so the minimum overhead for just doing the RTP+UDP+IP headers is several times the size of the voice traffic they carry, and IPSEC adds another two layers of headers, or SSL adds about three, and pretty soon that cute little elegant 8kbps compressed voice stream is looking like 40-80kbps and won't fit on your modem.

OpenVPN isn't IPsec, and while it uses the OpenSSL library for all the crypto "heavy lifting", it has its own over-the-wire protocol and is much more efficient than the traditional SSL way of doing things.

I use OpenVPN at work, and while I haven't done specific measurements, we've generally found it to be very efficient (not to mention easy-to-use and hassle-free compared to its IPsec-based competitors). Because in UDP mode it doesn't try to guarantee reliability, it also doesn't break protocols (like those used for VoIP data) that expect late packets to just be dropped.

So, in short, I'm not at all convinced that the use of OpenVPN is at all unfortunate or problematic here.

Re:Well, Skype just works.

[Wizarth]

Sharman Networks did not create the FastTrack protocol/network. They made Kazaa Media Desktop, which used it, and loaded it with Spyware.

The people who made Skype made FastTrack. Sharman Networks purchased the rights to it.

Disclaimer: All facts stated here may merely be beliefs.

A few differences in how I would have implimented

[einhverfr]

this solution

1) IPSec is probably better than OpenVPN for something like this. It will be lighter-weight because you don't have UDP headers. There are also very mature open source implimentations, and they will integrate with many third parties.

2) Any IP addresses on the WAN interfaces could be used for IPSec tunnels.

Otherwise it is a great tutorial.

Re:Liberals Dirty Tricks fail to work - AGAIN

Huh? I'm just a troll trying to stir things up.

Asterisk is our backup

[ashitaka]

We have an 18-year old ROLM 9751 switch that thinks it's the year A4. Our voicemail is Octel running on OS/2 that thinks it's the year 104.

The old telecom equipment is generally rock solid but if it dies it will take time to fix even under contract. The last time we had a card die we were without phone service for a full day as they had to Fedex a replacement from Toronto to Vancouver.

As a backup against a catastrophic failure of the switch and/or voicemail I've set up an asterix box pre-configured with all the extensions and trunks.
Switching to a complete VOIP setup using softphones at the start and adding VOIP handsets as they can be obtained could have us up with a complete PBX within 2-3 hours.

Trans-Atlantic VoIP

[Evanrude]

A friend of mine, who works for a UK telecom and my company, Axigent, have setup a connection between our two asterisk systems that has proven fairly reliable and "secure". I would say with everything we've gone through to make the connection functional, the author of this column left out a lot of the details as far as full implementation of an Asterisk PBX. A helpful site, or at least one of the more helpful sites I've come across is the wiki at www.voip-info.org, which the author neglected to reference in his article. Knowing someone that works at a Telecom is a plus, I think the cost from both ends as far as equipment has been fairly minimal and the return on the time invested as far as learning what VoIP is capable of has been huge. All of the calls that are made back and forth have been clear. It's pretty impressive to call overseas at no charge.

What we are testing

We are actually testing about the same thing. Using Asterisk in the main office. Some sales staff will work from home and need an extension there. We found the DrayTek Vigor2900V. Basically a Firewall/VPN with two FXS ports. It supports SIP and a few other standards that Asterisk supports. We will be doing this with Snom phones over VPN. Link to product is provided.

http://www.idreus.com/index.php?page=subproduct& pr oduct_id=37

asterisk daily news

news asterisk daily
asterisk news
asterisk daily news

Please don't mod below 0...trying to google bomb to move this awesome site up a bit.

VOIP / ASTERISK

Wow, it's amazing how deep the rabbit hole goes...

Asterisk / SIP / PBX

How do I create my own asterisk pbx.. at home, without spending a dollar..

this is assuming you have a linux box with a voice modem installed.

you can #1 install asterisk

#2 find yourself a sip service provider with pstn termination
SIPPhone / GlobalVillage will do.

They'll give you a sip username / pwd.

configure your asterisk sip.conf file. probably will have to configure some other files.

but typically your calls will go through your phone connected to your modem, then be connected via sip to a sip provider.

This will probably take some work and is most likely not going to be an operation supported by your sip service provider / or asterisk since you haven't purchased anything.

Re:Security wasn't part of Asterisk - it was OpenV

[billstewart]

If you're running a UDP protocol, you've still got UDP headers and IP headers and optionally Ethernet headers, wrapped around whatever you're carrying, which already had a UDP header and an IP header, all to carry a payload that's only 10 bytes long, or 20-30 with some codecs. Yes, doing UDP instead of TCP takes care of some problems, but it's still a huge overhead for a protocol that absolutely needs to ship a large number of very small packets every second. By contrast, if you're using it to carry bulky applications like FTP or Email, the overhead's a drop in the bucket, because the data payloads are typically ~1400-1500 bytes. If you're carrying telnet traffic, which often has even smaller data packets than VOIP, you'd think it would be worse, but it's usually not - a 100wpm typist is typing about 15 characters/second (which might each be carried in a their own packet), compared to VOIP with about 50-100 packets/second and much tighter timing concerns.

Re:Security wasn't part of Asterisk - it was OpenV

the minimum overhead for just doing the RTP+UDP+IP headers is several times the size of the voice traffic they carry

Not necesarily.

The IP header is 20bytes, UDP is not used ontop of RTP as you suggest, RTP is a slight adaption of UDP which has a header size of around 20bytes again iirc (plain udp is 8 bytes) although that can be compressed. IIRC on average a VoIP packet is around 28bytes although that'd depend on the codec in use. That wouldn't push an 8kb/s stream up to 80kb/s, maybe 25 or 30 if you include ipsec.

With a single VoIP connection you're not usually doing anything like 1500byte packets anyway but from TFA it sounds like IAX2 allows multiple VoIP streams to be put into the same packet which decreases the ratio of the header overhead.

You seem to be hinting that it'd be nice if IAX2 supported encryption itself, which it certainly would. I wonder if this would be as fast in practise as just running the entire stream over kernel-level IPSec.

Asterisk Versatility

[visionik]

I've started to use Asterisk for various applications, including as a

- PSTN to VOIP gateway: combine a cheap server, asterisk, and a few $50 voicemodem cards and you've got a VOIP gateway that can connect your outside phone lines to any VOIP phone.

- VOIP to PSTN gateway: cheap server, asterisk, open VOIP provider like VoicePulse Connect, and some Digium FXS cards and you can connect every phone in your house to a VOIP network.

- PSTN/VOIP front-end to IVR gateway: cheap server, Asterisk, IVR provider like Voxeo and you can connect all of the above to custom voice recognition applications. (Asterisk has some built in IVR but its limited today.)

Several companies are starting to offer commercial PBX products based on Asterisk, including http://www.signate.com/ and http://www.fonality.com/.

In summary, Asterisk is becoming an amazing "telephony widget" - it can address a variety of telephony solution requirements, depending on how you configure it.

Re:Security wasn't part of Asterisk - it was OpenV

[cduffy]

If you're running a UDP protocol, you've still got UDP headers and IP headers and optionally Ethernet headers, wrapped around whatever you're carrying

Not Ethernet headers if they're running OpenVPN in tun mode, which is the intelligent configuration here (tap mode, the bridging configuration where Ethernet headers are used, is mostly used just by folks who want to do Windows networking over the tunnel without a WINS server). OpenVPN also uses LZO compression, which should help with any non-payload data. (That said, it temporarily disables compression if the stream is made of noncompressable data -- and in the case of precompressed payload, that's pretty darned likely to be the case). (Hrm -- it'd be intelligent to still compress the non-payload info... I don't actually know if the code does that, but am now tempted to go take a look).

So yes, you make a point -- but even so, it's not as bad as it could be.

Re:1st pst!

Go man! Good for you! Fsck'n A! Wh00t!

IAX2's trunking support should help.

[cduffy]

As I understand it, this is being applied to protect conversations between two branch offices -- a case where there are likely to be a number of separate streams running simultaniously over the same line.

IAX2's trunking support should help, then, by reducing the VPN-related overhead in much the same way as it reduces IP overhead.

Productivity?

[lorcha]

I bet you have no problems maintaining productivity levels with an X-box on everybody's desks...

Easy Debian Asterisk Installation

[rangal]

We have an easy and simple installer under the name of Xorcom Rapid. It installs Debian and Asterisk from scratch (while destroying everything else on your computer). It is available for (free) download at: www.xorcom.com