Slashdot Mirror
Asterisk and Linux to Build Secure VoIP Connection
Beave writes "Using Linux and the
Asterisk PBX, it is possible to build a secure, cost effective VoIP (and traditional PSTN) PBX solutions.
This article shows you how to take advantage of various hardware, software and tricks to accomplish this goal within a limited budget."
s/Romans/phone comanies/
More like tells you in the most general of terms what they implemented.
Obviously what is going to be the real killer app is VoIP in a wireless setup. Instead of having a wall jack for your desk phone, it just hooks into the wireless mesh seamlessly.
I'm sure this has already been done. I'd love to see an article about it.
Be sure to check out this article on a sweet Asterisk implementation.
--
Watch this page for Black Friday Information!
The Asterisk Wiki
Note: the wiki search is useless. Search with google instead, use "searchterm site:voip-info.org" (without quotes).
The Asterisk Documentation Project
The Asterisk Mailing Lists
Note: to search the lists use google again. "searchterm site:lists.digium.com" (without quotes)" in google.
the #asterisk chat room on irc.freenode.org. Drop by and say hello.
/msg nickserv register mypassword
/join #asterisk
/msg nickserv identify mypassword
Note that due to problems with massive spambot attacks regisitration is required to join the channel. Simply type
The next time you join you will need to type
.sig
I had no idea Asterix was a linux geek!
At my office we all have our own x-boxes, and using the X-box live service, we are able to happily communicate with each other at a very competetive pricing structure.
The solution offers a simple text messaging scheme, and conference calling facillities.
I can fully recommend this solution to any businesses looking for a cost effective VoIP.
It is also loaded with spyware. Sharman Networks (creators of Kazaa) wrote this software. Use at your own risk.
From an enterprise viewpoint, that is a very large service base, asterisk is dead in the water until it can match the simplicity of the interfaces found on proprietary systems. This isn't a knock on asterisk as a technology solution, but the telcom admin of a large corporation isn't going to want to look at a text file to figure out his dialplan or use some arcane interface when on a more mature system he can use a simple command like 'display dialplan'.
I don't doubt many people have used asterisk as a voice solution for some companies, but not for any major companies and certainly not for any huge call centers. RTFA, a CIO would sh*t if you showed him snippets from some text file. Not to mention the questionable logic of running your voice system on a white box computer. It may be fine and dandy when e-mail is down for an hour, but five minutes without phones is a lifetime for any serious company. 5 9's is not a joke in the voice world and actually a rational expectation.
In other words, I support asterisk simply because I love open source, but don't kid yourself, right now it's just a hobby app (as seen from the enterprise)
If thou see a fair woman pay court to her, for thus thou wilt obtain love
I have two incoming phone lines here. Is a PBX like Asterisk only cost-effective for office environments where they are paying thousands per month for bandwidth, or can this also be used to replace my current 2 line POTS setup?
I have some spare computers, and would love the add voice mail, caller id, etc. Just wondering about keeping my existing phone numbers and monthly costs. When would I break even?
That's really too bad - encrypting VOIP causes extemely annoying overhead problems, because the voice data packets are really small (they're not very big before compressing them, and then they're even smaller), so the minimum overhead for just doing the RTP+UDP+IP headers is several times the size of the voice traffic they carry, and IPSEC adds another two layers of headers, or SSL adds about three, and pretty soon that cute little elegant 8kbps compressed voice stream is looking like 40-80kbps and won't fit on your modem. SIP can use the SRTP protocol as a modification of RTP, so to the extent that anybody implements it, it's basically doing then encryption along with a layer you needed anyway, so it doesn't add much overhead. IAX doesn't appear to have this (which is especially frustrating because the IAX2 trunking protocol makes multiple simultaneous connections much more efficient, though I suppose if you've already done that, the extra overhead of IPSEC or OpenVPN may not bother you as much.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Everything I have read and everyone I have talked to said there is no spyware in skype (as they claim). It is easy to check, spyware would communicate with the mothership somehow, just run a packet sniffer.
What leads you to believe it has spyware? Because the Kazaa guys wrote it? Any actual evidence?
Finkployd
I purchased three Intel white-box computers for $800 each containing 2.6Ghz processors 512MB ram and 40 GB hard drives
Anyone who recommends greybox PCs with non-raid storage for a financial institution...even a small one with only three branches...is not thinking very clearly. If it's for a business-critical application like the phone system, they're categorically insane.
Folks- there's a reason those telco boxes cost lots of dough. They Just Work if they're left alone (in 7-8 years of working with telco equipment, 99% of the problems have been telco line provider problems; hardware failures are extremely rare). There are books upon books written with guidelines for what is considered telco grade, but the common theme is "keeps going, and if it breaks, it does so gracefully".
$2500 can, even for a small bank, be PENNIES ON THE DOLLAR when the system goes down for even a few hours. If you've got a Lucent phone system and a support contract, they find stuff before you do, and no matter what time of day- there's a tech on your doorstep in an hour if they can't remote in via the system's POTS admin modem.
You want a cheap phone system, you get what you pay for. It's remarkably irresponsible for the authors of that article to advocate Asterisk without mentioning that reliability and support pale in comparison to 'real' telco equipment.
Please help metamoderate.
Both Nortel and Avaya PBXs have command line driven user interfaces, which is what I'm referring to. That in itself is only a surface similarity to asterisk. While both are CLI based, the proprietary ones are built not only on simple to recall commands, but it's the TEXT interface where all you have to do is fill out the proper fields that makes them better IMO. asterisk just gives you a blank line. Welcome to your first Linux install. It's the difference between doing 'make oldconfig' and 'make menuconfig'. WTF did you think I was referring to, a GUI? ;-)
If thou see a fair woman pay court to her, for thus thou wilt obtain love
They connected their Asterisk PBX to the PSTN through a $500 card to a T1. How can I connect my Asterisk to my cablemodem (3/0.5Mbps)? What does it connect to over the WAN to complete calls to the global PSTN? Is it 100% reliable, with a complete footprint in urban areas, and failover to the rest of the POTS phones in the world?
Simple, use ethernet and get a voip provider instead of using a PSTN T1. I currently use http://connect.voicepulse.com/, and that works great for me. Pretty cool, because you can have multiple incoming calls over one connection.
Can I get an eye poke?
Dog House Forum
...so the minimum overhead for just doing the RTP+UDP+IP headers is several times the size of the voice traffic they carry, and IPSEC adds another two layers of headers, or SSL adds about three, and pretty soon that cute little elegant 8kbps compressed voice stream is looking like 40-80kbps and won't fit on your modem.
OpenVPN isn't IPsec, and while it uses the OpenSSL library for all the crypto "heavy lifting", it has its own over-the-wire protocol and is much more efficient than the traditional SSL way of doing things.
I use OpenVPN at work, and while I haven't done specific measurements, we've generally found it to be very efficient (not to mention easy-to-use and hassle-free compared to its IPsec-based competitors). Because in UDP mode it doesn't try to guarantee reliability, it also doesn't break protocols (like those used for VoIP data) that expect late packets to just be dropped.
So, in short, I'm not at all convinced that the use of OpenVPN is at all unfortunate or problematic here.
If you want to do SIP/IAX you only need a network card, no fancy $500 T1 cards..You can purchase DID's ( Direct Inward Dial ) from NuFone.net or connect.voicepulse.com to work with Asterisk. They give you a "virtual number" from whatever state you want. You can have multiple calls on the single DID. Basicly you put a statement in your IAX configuration file to register with either of the services ( after signing up with them ) and when you register it tells them what IP address your Asterisk server is to route calls to. Your Asterisk box then routes calls accordingly. You can also pre-pay for outgoing PSTN calls through these services for very cheap. I currently have a DID through Voicepulse and do outgoing through NuFone.net.. works great.
We have an 18-year old ROLM 9751 switch that thinks it's the year A4. Our voicemail is Octel running on OS/2 that thinks it's the year 104.
The old telecom equipment is generally rock solid but if it dies it will take time to fix even under contract. The last time we had a card die we were without phone service for a full day as they had to Fedex a replacement from Toronto to Vancouver.
As a backup against a catastrophic failure of the switch and/or voicemail I've set up an asterix box pre-configured with all the extensions and trunks.
Switching to a complete VOIP setup using softphones at the start and adding VOIP handsets as they can be obtained could have us up with a complete PBX within 2-3 hours.
If you don't want to repeat the past, stop living in it.
A friend of mine, who works for a UK telecom and my company, Axigent, have setup a connection between our two asterisk systems that has proven fairly reliable and "secure". I would say with everything we've gone through to make the connection functional, the author of this column left out a lot of the details as far as full implementation of an Asterisk PBX. A helpful site, or at least one of the more helpful sites I've come across is the wiki at www.voip-info.org, which the author neglected to reference in his article. Knowing someone that works at a Telecom is a plus, I think the cost from both ends as far as equipment has been fairly minimal and the return on the time invested as far as learning what VoIP is capable of has been huge. All of the calls that are made back and forth have been clear. It's pretty impressive to call overseas at no charge.
~.Evanrude
If you're running a UDP protocol, you've still got UDP headers and IP headers and optionally Ethernet headers, wrapped around whatever you're carrying, which already had a UDP header and an IP header, all to carry a payload that's only 10 bytes long, or 20-30 with some codecs. Yes, doing UDP instead of TCP takes care of some problems, but it's still a huge overhead for a protocol that absolutely needs to ship a large number of very small packets every second. By contrast, if you're using it to carry bulky applications like FTP or Email, the overhead's a drop in the bucket, because the data payloads are typically ~1400-1500 bytes. If you're carrying telnet traffic, which often has even smaller data packets than VOIP, you'd think it would be worse, but it's usually not - a 100wpm typist is typing about 15 characters/second (which might each be carried in a their own packet), compared to VOIP with about 50-100 packets/second and much tighter timing concerns.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I've started to use Asterisk for various applications, including as a
- PSTN to VOIP gateway: combine a cheap server, asterisk, and a few $50 voicemodem cards and you've got a VOIP gateway that can connect your outside phone lines to any VOIP phone.
- VOIP to PSTN gateway: cheap server, asterisk, open VOIP provider like VoicePulse Connect, and some Digium FXS cards and you can connect every phone in your house to a VOIP network.
- PSTN/VOIP front-end to IVR gateway: cheap server, Asterisk, IVR provider like Voxeo and you can connect all of the above to custom voice recognition applications. (Asterisk has some built in IVR but its limited today.)
Several companies are starting to offer commercial PBX products based on Asterisk, including http://www.signate.com/ and http://www.fonality.com/.
In summary, Asterisk is becoming an amazing "telephony widget" - it can address a variety of telephony solution requirements, depending on how you configure it.
If you're running a UDP protocol, you've still got UDP headers and IP headers and optionally Ethernet headers, wrapped around whatever you're carrying
Not Ethernet headers if they're running OpenVPN in tun mode, which is the intelligent configuration here (tap mode, the bridging configuration where Ethernet headers are used, is mostly used just by folks who want to do Windows networking over the tunnel without a WINS server). OpenVPN also uses LZO compression, which should help with any non-payload data. (That said, it temporarily disables compression if the stream is made of noncompressable data -- and in the case of precompressed payload, that's pretty darned likely to be the case). (Hrm -- it'd be intelligent to still compress the non-payload info... I don't actually know if the code does that, but am now tempted to go take a look).
So yes, you make a point -- but even so, it's not as bad as it could be.