Asterisk and Linux to Build Secure VoIP Connection

Beave writes "Using Linux and the Asterisk PBX, it is possible to build a secure, cost effective VoIP (and traditional PSTN) PBX solutions. This article shows you how to take advantage of various hardware, software and tricks to accomplish this goal within a limited budget."

What will the Romans do?

Oh wait, that was Asterix and Obelix.

s/Romans/phone comanies/

Shows you how?

[Dancin_Santa]

More like tells you in the most general of terms what they implemented.

Obviously what is going to be the real killer app is VoIP in a wireless setup. Instead of having a wall jack for your desk phone, it just hooks into the wireless mesh seamlessly.

I'm sure this has already been done. I'd love to see an article about it.

Re:Shows you how?

[Tony+Hoyle]

It's possible, but the available wireless VOIP handsets are 11b only and don't support WPA (both are showstoppers for me).

In the future I'm sure they'll become available.

I use my asterisk server to record incoming/outgoing numbers (the local telco wants paying for this service, although I have to pay them anyway for the callerid so I'm not sure I'm saving much), and to route calls over the cheapest provider (always analogue, as VOIP providers in this country are still 2-3 times more expensive than analogue ones) - which has saved me a fortune.

Re:Shows you how?

[itwerx]

although I have to pay them anyway for the callerid

You'll still get it even if you don't pay for it because it's a PITA to truly turn it off in the switch and the telcos never bother. :)
Call 'em up, ask 'em what the caller-id charge is for, when they explain tell 'em you don't need it and please take it off and voila' - you'll still have it without having to pay...

This is cool...

[dealsites]

Be sure to check out this article on a sweet Asterisk implementation.
--
Watch this page for Black Friday Information!

Useful Asterisk Resources

[TheMysteriousFuture]

Useful Asterisk Links:

The Asterisk Wiki
Note: the wiki search is useless. Search with google instead, use "searchterm site:voip-info.org" (without quotes).

The Asterisk Documentation Project

The Asterisk Mailing Lists
Note: to search the lists use google again. "searchterm site:lists.digium.com" (without quotes)" in google.

the #asterisk chat room on irc.freenode.org. Drop by and say hello.
Note that due to problems with massive spambot attacks regisitration is required to join the channel. Simply type
/msg nickserv register mypassword
/join #asterisk

The next time you join you will need to type
/msg nickserv identify mypassword

Our solution

[frankthechicken]

At my office we all have our own x-boxes, and using the X-box live service, we are able to happily communicate with each other at a very competetive pricing structure.

The solution offers a simple text messaging scheme, and conference calling facillities.

I can fully recommend this solution to any businesses looking for a cost effective VoIP.

Re:Well, Skype just works.

[joormotha]

It is also loaded with spyware. Sharman Networks (creators of Kazaa) wrote this software. Use at your own risk.

A view from the industry

[jaymzter]

From an enterprise viewpoint, that is a very large service base, asterisk is dead in the water until it can match the simplicity of the interfaces found on proprietary systems. This isn't a knock on asterisk as a technology solution, but the telcom admin of a large corporation isn't going to want to look at a text file to figure out his dialplan or use some arcane interface when on a more mature system he can use a simple command like 'display dialplan'.
I don't doubt many people have used asterisk as a voice solution for some companies, but not for any major companies and certainly not for any huge call centers. RTFA, a CIO would sh*t if you showed him snippets from some text file. Not to mention the questionable logic of running your voice system on a white box computer. It may be fine and dandy when e-mail is down for an hour, but five minutes without phones is a lifetime for any serious company. 5 9's is not a joke in the voice world and actually a rational expectation.
In other words, I support asterisk simply because I love open source, but don't kid yourself, right now it's just a hobby app (as seen from the enterprise)

Re:A view from the industry

[LittleLebowskiUrbanA]

" the simplicity of the interfaces found on proprietary systems"

Apparently you've never used Avaya IP Office. I YEARN for the simplicity of text files. 3 freaking different GUIs to manage it and they're interconnected but you have to change things using at least 2 of them in many places.

Is Asterisk Ready for Home Users?

[PetoskeyGuy]

I have two incoming phone lines here. Is a PBX like Asterisk only cost-effective for office environments where they are paying thousands per month for bandwidth, or can this also be used to replace my current 2 line POTS setup?

I have some spare computers, and would love the add voice mail, caller id, etc. Just wondering about keeping my existing phone numbers and monthly costs. When would I break even?

Security wasn't part of Asterisk - it was OpenVPN

[billstewart]

The article said that they did't get their security from Asterisk itself - they added it on by using OpenVPN to build encrypted UDP tunnels and push the Asterisk IAX protocol through them. (No apparent detail on how to configure it.) Some of the Asterisk mailing lists talk about adding encryption to the transport protocols, but as near as I can tell from a few Google hits, that's really all a Wishlist for Somebody Else to implement rather than part of the core protocols.

That's really too bad - encrypting VOIP causes extemely annoying overhead problems, because the voice data packets are really small (they're not very big before compressing them, and then they're even smaller), so the minimum overhead for just doing the RTP+UDP+IP headers is several times the size of the voice traffic they carry, and IPSEC adds another two layers of headers, or SSL adds about three, and pretty soon that cute little elegant 8kbps compressed voice stream is looking like 40-80kbps and won't fit on your modem. SIP can use the SRTP protocol as a modification of RTP, so to the extent that anybody implements it, it's basically doing then encryption along with a layer you needed anyway, so it doesn't add much overhead. IAX doesn't appear to have this (which is especially frustrating because the IAX2 trunking protocol makes multiple simultaneous connections much more efficient, though I suppose if you've already done that, the extra overhead of IPSEC or OpenVPN may not bother you as much.)

limited budget indeed

[SuperBanana]

I purchased three Intel white-box computers for $800 each containing 2.6Ghz processors 512MB ram and 40 GB hard drives

Anyone who recommends greybox PCs with non-raid storage for a financial institution...even a small one with only three branches...is not thinking very clearly. If it's for a business-critical application like the phone system, they're categorically insane.

Folks- there's a reason those telco boxes cost lots of dough. They Just Work if they're left alone (in 7-8 years of working with telco equipment, 99% of the problems have been telco line provider problems; hardware failures are extremely rare). There are books upon books written with guidelines for what is considered telco grade, but the common theme is "keeps going, and if it breaks, it does so gracefully".

$2500 can, even for a small bank, be PENNIES ON THE DOLLAR when the system goes down for even a few hours. If you've got a Lucent phone system and a support contract, they find stuff before you do, and no matter what time of day- there's a tech on your doorstep in an hour if they can't remote in via the system's POTS admin modem.

You want a cheap phone system, you get what you pay for. It's remarkably irresponsible for the authors of that article to advocate Asterisk without mentioning that reliability and support pale in comparison to 'real' telco equipment.