Friday, October 12, 2007

openVPN - Homing from work.

The company I work for has graciously set up a VPN (Virtual Private Network) to allow me to be able to work for them at all hours of the day or night, so I figured, heck, why not return the favour and set up my own VPN so I could be "home" at all hours of the work day?

Besides, this would make connecting to the Asterisk server a lot easier as a VPN hides all the NAT issues that so plague the SIP VoIP standard.

So here is the process I used to get my VPN working.

First a summary of what I did:

1) Install openvpn on my MythDora box
2) Generate the necessary certificate files for server and clients
3) Configure the openvpn server on the MythDora box
4) Copy over the client certificates to my laptop
6) Download the Openvpn compatible client and installed it on my laptop
7) Configure the Openvpn client
8) Configure your home router
8) Test the connection
9) Configure openvpn server to start on reboot.

Install openvpn on my MythDora box:

From my home Linux box (same one I used for both MythTV and Asterisk) I open a terminal session and type:

#yum install openvpn
This installs the openvpn software and creates these two directories:

For the tools needed to create certificates: /usr/share/openvpn/easy-rsa/2.0/
Config examples: /usr/share/doc/openvpn-2.1
Generate the necessary certificate files for server and clients:

Now the "hard part" (Actually everything went pretty smooth.) You can find the basic quick start instructions here, but these instructions take your through a lot of steps that your don't need to go through, such as installing the software in some other manner than by using the "yum" command above. The configuration and certificate creation information still applies, but rather than just send you over to read some long document and try to figure out what to ignore and what is important on your own, here is what I did (keep in mind, my Linux distribution is MythDora 4.0, different distributions may not work the same way.)

In the /usr/share/openvpn/easy-rsa/2.0/ directory you need to initialize your "certificate authority", you do this by running the following (note, you can edit the vars file to change the "export KEY_SIZE=1024" entry to "export KEY_SIZE=2048" if you feel you need the extra security ... I did, as I am connecting from work, I don't want to take any unnecessary chances) :

# . ./vars
# ./clean-all
# ./build-ca
When you run the ./build-ca program, you will be promoted for information, it's really not that important what you respond with, but it should make some sense Ex: in my case:

Country Name (2 letter code) [KG]: CA
State or Province Name (full name) [NA]: Ontario
Locality Name (eg, city) [BISHKEK]: Toronto
Organization Name (eg, company) [OpenVPN-TEST]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:MythTV
Email Address [me@myhost.mydomain]
Next you need to create the "server certificates", you do this by running the following command:

./build-key-server server


When prompted for the "Common Name" enter the word "server". The following two promts that require input, I answered "y".

Now, you will need to create the "client certificates", note that you will need to run this process as many times as the number of machines that you will be connecting to your VPN. In my case I only have one laptop that I want connected, so I only needed to run this "client certificate creation" process one time (I ran it twice though to create a second set of certificates just in case I wanted to use them on another system, maybe give a set to my brother so he could VPN into my network and have his own extension off my Asterisk later on?) Each time you run this process, use a unique "Common Name". In my case I just used "client1" and "client2". Again, the last two prompts of each client certificate build process I responded "Y".

./build-key client1
./build-key client2
Next we create our " Diffie Hellman parameters" by running the following:

./build-dh
This will take several minutes so be patient.

Configure the openvpn server on the MythDora box:

So, now we can look in the /usr/share/openvpn/easy-rsa/2.0/keys directory and see a bunch of files. These are your certificates and related files. To make them easier to find in the future I created a directory /etc/openvpn and copied the /usr/share/openvpn/easy-rsa/2.0/keys to there:

# mkdir /etc/openvpn
# cp
/usr/share/openvpn/easy-rsa/2.0/keys /etc/openvpn/.
Now we need to create the configuration files for the server and client. The recommended procedure is to copy the example files over from the examples directory mentioned above and modify them for your purposes, but I will provide you with the configuration I used and highlight the parts that you may want to change for your own configuration. Keep in my that in my configuration I have an internal network of 192.168.1.0/255.255.255.0 and the VPN will create a virtual adapter on my Linux server with the subnet 10.8.0.0/255.255.255.0 to which the VPN clients will be part of when they connect.

The clients, when they run the VPN client software will connect to my MythDora server as 10.8.0.x ("x" being some number between 2 & 254) and see the MythDora server as 10.8.0.1

First the server configuration file (/etc/openvpn/server.conf):

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194

# TCP or UDP server? I used TCP as I have to
# traverse two NAT firewalls and UDP sucks at
# that depending upon the routers and firewalls
# being used.
proto tcp
;proto udp

# Read the config file or documentation to figure this one out
# but I would suggest you just leave it as is.
dev tun

# These are your server certificates.
# If you put them somewhere else, change the localtion
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
# server.key is your private certificate, keep it private (secret.)

# 2048 bit keys. If different location, then update path.
dh /etc/openvpn/keys/dh2048.pem

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist ipp.txt

# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
push "route 192.168.1.0 255.255.255.0"
# In my case I wanted any client connecting to the VPN
# to know to go through the VPN to get to the
# 192.168.1.0 network.
# You may have different requirements
# or a different network config.

# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120

# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo

# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
user nobody
group nobody

# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log

# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
log openvpn.log
log-append openvpn.log

# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3

# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
mute 20

I've left out a bunch of other parameters that could be used, so have a look through the various example config files, or read the documentation to see what else can be configured.

Copy over the client certificates to my laptop:

OK, next we need to copy over the following files to your client machine:

ca.crt
client1.crt
client1.key

Note: this is for "client1", if it were for "client2" you'd copy over the "client2" files and the common "ca.crt" file.

The way you do the copy is not important, except that the more secure method you use the better ... moving the files by floppy and destroying the floppy after you're finished is pretty safe ... sending the files by email or on a public BBS is a pretty damn poor way to go about it ... I used sftp which is very safe, and convenient if you have a sftp client such as filezilla.

Download the Openvpn compatible client and installed it on my laptop:

You can use which ever openvpn compatible client you wish, I used this one (the OpenVPN GUI for Windows) so naturally, the instructions below are for the client I used.

This is a standard windows install, simply download the client installer and run it.

Configure the Openvpn client:

First, you need to move the client certificates you copied over to your client machine into the "C:\Program Files\OpenVPN\config" directory.

Next you need to edit the "C:\Program Files\OpenVPN\config\client.ovpn" file and make the following edits:

Make sure "dev tun" is uncommented and "dev tap" is commented out

Uncomment "proto tcp" and comment "proto udp".

edit "remote my-server-2 1194" to change "my-server-2" to your hostname (if you have a registered domain name for your home network and a static address, then use that, if not I suggest you open a free dynamic DNS account, set up a free domain name under one of their main domains and set up your router to update their records, or download and run one of their clients ... I'll create a separate posting later to explain how to do this in more detail later.

Make sure the proper certificates are being specified, and that they are in the "C:\Program Files\OpenVPN\config" directory, the default client.ovpn file has these as the defaults and should be left as such unless you moved the certificates somewhere else or used a different Common Name than "client1".:
ca ca.crt
cert client1.crt
key client1.key

Configure your home router:

You will have to forward tcp port 1194 to your MythDora box. For testing purposes you should make the MythDora box the "DMZ host", then once you confirm everything works, turn off the "DMZ Host" access and just forward the single 1194 TCP port.

Each router is different in how you make this configuration, but generally speaking the options you are looking for are called "DMZ" and "Port Forwarding".

Test the connection:

To fully test the connection you will need to go to the office and do the final test from there. Before I did this I decided to configure my router to make my MythDora machine the "DMZ" host, meaning it was basically sitting out on the Internet and could be accessed using the external real IP address. I would recommend that you shut down all the other services like MythTV, apache, webmin, vncserver, smb, tftp, cvs, nfs, mysqld, and any other service that a hacker might use to gain easy access to the system. I could then access my server via ssh mythtv@ and make any necessary configuration changes in case the VPN failed.

Once at the office I ssh (I use putty as my ssh client) to my MythDora server, log in and "su" to root, and start up a temporary openvpn session (I actually open two connections to my MythDora box so I can look at the logs if necessary.)

To start the openvpn session type:

/usr/sbin/openvpn /etc/openvpn/server.conf
The session may seem to hang, but it is actually doing somthing.

Now you can run the Windows openvpn client and see if it will connect to your server. If not, in the /etc/openvpn directory you will find a couple log files, openvpn.log being the most useful one for troubleshooting. You can also right click on the Windows openvpn client icon in the system tray and select "View Log" to examine what's going on from the client side.

You can test the actual connection by opening a new ssh session on your laptop and trying to ssh to the openvpn virtual adapter address, 10.8.0.1 by default. If you can get a log in prompt and actually log in using that address, then everything else should work fine.

Configure openvpn server to start on reboot:

As root run the command:
# chkconfig openvpn on

---------------------------------------------

Note 1: in order to use this VPN it is probably best to have a domain name to use, especially if you are like most home users and have an external IP address that can change at any time.

To this end I used the Dynamic DNS servers from www.dyndns.org, which is free and handles the problem of having a "dynamic IP address". I will create a new post detailing the registration, installation and configuration of this service soon.

Note 2: At the moment my SIP client software on my laptop running over the VPN can make and accept telephone calls (SIP,) but for some reason the actual voice stream (rtp) is not passed on ... I haven't had a chance to investigate this, but I recall reading that this is a common problem with a relatively simple fix as I recall, but I haven't have an opportunity to research the problem ... when I find the fix for this problem I will post it.

Wednesday, October 10, 2007

Configuring Asterisk with Voice Network Inc VoIP / SIP service

After installing Asterisk and subscribing to a VoIP DID and PSTN Gateway service the next step was to configure the Asterisk server to actually do some meaningful work.

So here was my basic plan: I would set up some simple 'softphone' software on the family's PCs, give them each an extension and mail box on the Asterisk, then connect the Asterisk to the 'Voice Network Inc' VoIP services.

Then I would configure the Asterisk to: allow calling between extensions (so I can take my laptop to work and call my wife's or daughter's extension just as though I was at home;) allow incoming calls to be answered by Asterisk which then prompts for the caller to enter an extension; allow any of the extensions to make outgoing calls over the PSTN Gateway.

Note: Since one must already know the extension to enter when calling, the first stage of this project will only be used for friends and family whom I provide the extension numbers to use. I will not have a default as yet, as there is no charge for incoming calls, so if telemarketers get frustrated trying to get a valid extension, and can't "zero out" to an operator, big deal ... they can just hang up. Maybe later on, if and when I'm ready to make it a more general access system I'll build a better menu system that allows others to access a "general extension" to ring an extension, or leave a voice mail, but for now that isn't a priority.

The first step was to get a 'softphone' to use for initial testing (later on if this works I can buy some hardware based IP phones, but for now free software based phones will do for what I need.) The most popular VoIP softphone seem to be the X-Lite softphone from CounterPath. You can download a version of X-Lite for Linux, Mac, or Windows.

So with those requirements in mind, here are the related configuration files (note, an Asterisk install usually comes with some example configuration files, the ones I modified I did so by renaming the long and detailed sample files and building my own from scratch. I'll get around to examining the samples as they probably have some good information in them for some of the more advanced features, but that's for later.)

I will use "numbers" to reference comments to prevent as many unnecessary and confusing line wraps as possible.

extensions.conf:
[globals] ;Note 1
OUTBOUNDTRUNK=SIP/voicenetwork_peer
USER1=SIP/user1
USER2=SIP/user2

; VOICE NETWORKS START
; Edit your EXTENSIONS.CONF and place the following information in it
;
[voicenetwork-incoming] ;Note 2
exten => [Assigned DID],1,Goto(s,1) ;2a
exten => s,1,Answer() ;2b
exten => s,2,Wait(1) ;2c
exten => s,3,Background(vm-extension) ;2d
exten => s,4,WaitExten(15) ;2e
exten => i,1,Playback(pbx-invalid) ;2f
exten => i,2,Goto(voicenetwork-incoming,s,1) ;2g
exten => t,1,Playback(vm-goodbye) ;2h
exten => t,2,Hangup() ;2i
exten => 101,1,Dial(${USER1},10) ;2j
exten => 101,2,VoiceMail(u101@default) ;2k
exten => 101,3,Hangup() ;2l
exten => 101,102,VoiceMail(b101@default) ;2m
exten => 101,103,Hangup() ;2n
exten => 102,1,Dial(SIP/user2,10) ;2p
exten => 102,2,VoiceMail(u102@default) ;2q
exten => 102,3,Hangup() ;2r
exten => 102,102,VoiceMail(b102@default) ;2s
exten => 102,103,Hangup() ;2t
exten => 500,1,VoiceMailMain() ;2u

; To use VoiceNetwork.ca to termination your calls
; add the following line to your extensions.conf file
;
[outbound-local] ; Note 3
exten => _9NXXXXXXXXX,1,Dial(SIP/voicenetwork_peer/${EXTEN:1})
exten => _9NXXXXXXXXX,2,Congestion()
exten => _9NXXXXXXXXX,102,Congestion()

[outbound-long-distance] ; Note 4
exten => _91NXXNXXXXXX,1,Dial(SIP/voicenetwork_peer/${EXTEN:1})
exten => _91NXXNXXXXXX,2,Congestion()
exten => _91NXXNXXXXXX,102,Congestion()
exten => _9011.,1,Dial(SIP/voicenetwork_peer/${EXTEN:1})
exten => _9011.,2,Congestion()
exten => _9011.,102,Congestion()

;
; VOICE NETWORKS END



[internal] ; Note 5
include => outbound-local
include => outbound-long-distance
exten => 101,hint,SIP/user1
exten => 101,1,Dial(SIP/user1,10)
exten => 101,2,VoiceMail(u101@default)
exten => 101,3,Hangup()
exten => 101,102,VoiceMail(b101@default)
exten => 101,103,Hangup()
exten => 102,hint,SIP/user2
exten => 102,1,Dial(SIP/user2,10)
exten => 102,2,VoiceMail(u102@default)
exten => 102,3,Hangup()
exten => 102,102,VoiceMail(b102@default)
exten => 102,103,Hangup()
exten => 500,1,VoiceMailMain()
exten => 611,1,Echo()

; Note 6
[asterisk_guitools]
exten = executecommand,1,System(${command})
exten = executecommand,n,Hangup()
exten = record_vmenu,1,Answer
exten = record_vmenu,n,Playback(vm-intro)
exten = record_vmenu,n,Record(${var1})
exten = record_vmenu,n,Playback(vm-saved)
exten = record_vmenu,n,Playback(vm-goodbye)
exten = record_vmenu,n,Hangup
exten = play_file,1,Answer
exten = play_file,n,Playback(${var1})
exten = play_file,n,Hangup
hasbeensetup = Y

[numberplan-custom-1]
plancomment = DialPlan1
include = default
include = parkedcalls
include = parkedcalls

[timebasedrules]
Note 1: This is where you put global Variables. Global variables can save on typing and make reading the information more "human friendly". In this case I really only use one of these variables (USER1) later in the config file just to show how they work (see "2j".)

Note 2: This is the context to define what users in the voicenetwork-incoming context can do. Here's a detailed explanation:

2a:
exten => [Assigned DID],1,Goto(s,1) Replace "[Assigned DID]" with the phone number you selected when you purchased a DID from Voice Network Inc. This causes a call coming in on that "etension" to be transfered to the "s" extension at priority "1". Some VoIP SIP providers pass the phone number you purchased, some pass a special ID number. What I did in order to determine what was being sent was to set up a temporary voicenetwork-incoming context that had the following:
exten => _X.,1,Answer
exten => _X.,2,Wait(1)
exten => _X.,3,SayDigits(${EXTEN})
exten => _X.,4,Wait(1)
exten => _X.,6,Hangup
Which answers anything that comes in, speaks out the number it answered on, then hangs up. The Number it speaks is the number you need to use as the [Assigned DID]

2b:
exten => s,1,Answer() Answers the call

2c:
exten => s,2,Wait(1) Pause for a second

2d:
exten => s,3,Background(vm-extension) Ask use to enter an extension

2e:
exten => s,4,WaitExten(15) Wait for 15 seconds for the user to enter an extension

2f:
exten => i,1,Playback(pbx-invalid) The special "i" extension is called when a user enters an invalid extension. In this case it tells the caller they entered an invalid extension.

2g:
exten => i,2,Goto(voicenetwork-incoming,s,1) The caller is then sent back to the start: extension "s", priority "1".

2h:
exten => t,1,Playback(vm-goodbye) If a caller doesn't enter any extension number before the 15 second wait time, this causes a "timeout" and sends the process to the special "t" extension. It says "goodbye" to the users ...

2i:
exten => t,2,Hangup() ... and hangs up the call.

2j:
exten => 101,1,Dial(${USER1},10) If the user enters a valid extension, in this case if they enter the extension "101", they are taken to this section which dials the phone registered to user ${USER1} (USER1 is a global variable defined in the [globals] section that evaluates to "user1") for 10 seconds. If it is answered then it ends there, if not, after 10 seconds it goes to the next "priority" for that extension; in this case that is "priority" 2.

2k:
exten => 101,2,VoiceMail(u101@default) if the phone isn't answered within 10 seconds, the caller is sent to the voice mail define in the "voicemail.conf" file as voice mail box "101" in the "default" context. The "u101" reference plays a message to the caller telling them that the person at extension 101 is "unavailable" (ie. didn't pick up the ringing phone.) ...

2l:
exten => 101,3,Hangup() ... and then hangs up

2m:
exten => 101,102,VoiceMail(b101@default) This is similar to step "2k" in that it sends the caller to voice mail of the extension dialed. The difference here is that this step is reached only if the extension "rings busy", rather than simply is not picked up (ie. the user is already on the phone and has all the lines in use.) The "b101" tells the voice mail system to play the "user is busy, or already on a call" message when it takes the caller to to the voice mail system ...

2n:
exten => 101,103,Hangup() ... and then hangs up.

2p, 2q, 2r, 2s, and 2t are the same configuration as 2j,2k,2l,2m & 2n except they are for "user2" rather than "user1" (you can create more users by replicating these lines with a new user name, extension number, and voice mail box number.) The only notable difference is in step "2p" where instead of using the ${USER2} variable I use the full "SIP/user2" user definition.


Note 3: This is the context for regular outbound dialing to local 10 digit dialing (my area requires the complete 10 digits for even local dialing, some areas may only require 7 digits, they can change the line _9NXXXXXXXXX,1,Dial(SIP/voicenetwork_peer/${EXTEN:1}) to _9NXXXXXX,1,Dial(SIP/voicenetwork_peer/${EXTEN:1}) or add a new conext if they have local 7 digit dialing for your own area code and local 10 digit dialing for local calls to a different area code.

What that statement says is any number dialed that starts with "9", has the second number in the range of 2 to 9 ("N") followed by any other 6 digits, then send it to the "SIP/voicenetwork_peer" context with the first digit (the "9") removed (the ${EXTEN:1} macro.)

The next two lines are in case of any problems with sending the number to the outbound context. If the lines are all in use, you only dial 9 numbers, you dial 91xxxxxxxxx or 90xxxxxxxxx, or some other problem, you get the message that the number couldn't be dialed.

Note 4: Same as Note 3, except this allows those in this context to also dial long distance numbers (91* for North America long distance, and 9011* for international long distance.)

Note 5: This context is to determine what internal phones can do. First we add the outbound-local and outbound-long-distance contexts to this context to allow them to make outside calls. Then for each internal extension we configure what happens when an internal line dials that extension number: In this case we dial the number for 10 seconds, and fail over to voicemail then hang up just as we did in Step 2.



sip.conf:

[general] ; Note 7
context=default
svrlookup=yes
externip=[your external IP address] ;7a
localnet=192.168.1.0/255.255.255.0 ;7b
register => [peer number]:[password]@did.voicenetwork.ca/ ;7c


[user1] ; Note 8
type=friend ;8a
secret=[password] ;8b
nat=yes ;8c
host=dynamic ;8d
canreinvite=no ;8e
context=internal ;8f

[user2] ; Note 9
type=friend
secret=[password]
nat=yes
host=dynamic
canreinvite=no
context=internal


Note 7: The general context.

7a: This is your external IP address as seen by those out on the Internet. You will need this if you want anyone to initiate a connection from the Internet side. Not really needed for Voice Network Inc. to connect to you as you will be initiating the connection from your asterisk server To determine your external IP address, browse to http://myipaddress.com or some similar website which will show you what address they see you as, or look at your routers "status page" which should (but doesn't always depending upon the ISP you use) show the same information.

7b: Your local IP subnet definition, hopefully you know what yours is, but on most home networks it is either 192.168.1.0/255.255.255.0 or 192.168.0.0/255.255.255.0

7c: You get your peer number when you create one on the Voice Network Inc. website, and the password is the one you define in the "password" field when you configure that peer. Voice Network Inc has a "How-to-videos" section where they show the setup of a Trixbox configuration ... the first part of that video goes into how to create and configure the peer on the Voice Network Inc side of things. You can follow these instructions until they start talking about the Trixbox specifically as those instructions do not directly apply at that point.

Note 8: This section details the configuration of the typical internal IP phone.

8a: Use "friend" here, which simply means that the device both makes and receives connections from the Asterisk box.

8b: This password is one shared by the Asterisk server and the IP phone (the ID will be whatever is in the square brackets, which in this case is "user1". Use this information when configuring the IP phone.

8c: I set "nat=yes" by default as it seems to work even when the address isn't nat-ed ... I may find out later that this is a mistake somehow, but at this point it works, so until I learn otherwise so it shall stay, but this is a warning to those reading that I don't have a clue as to what I'm doing here.

8d: I believe that "dynamic" means that the IP address of the device is handled by DHCP. Again this is just guessing.

8e: "canreinvite=no" causes all communications to be forced to go through the asterisk server. The "yes" option means the asterisk sets up the call and then the two end-point IP devices start talking directly after that and only check back with the asterisk when needed. This is ok if there is no NAT in the way, but NAT ruins the whole process, so it is usually better in the case of a home system like this to just let everything stay connected to the asterisk server.

8f: "context=internal" put this user in the "internal context", which as we say earlier also puts them in the outbound-local and outbound-long-distance contexts as well.

Note 9: The same thing as Note 8, but for user2 this time.


;
; Make sure that you have checked the Send DID option under the EDIT DID option
;
; Edit your SIP.CONF file and place the following lines in it

[voicenetwork_peer] ; Note 10
type=friend
host=did.voicenetwork.ca
dtmfmode=rfc2833
insecure=very
disallow=all
allow=ulaw
context=voicenetwork-incoming ; incoming DID calls will arrive in the voicenetwork-incoming context

Note 10: Add this to your sip.conf file. You get this from Voice Netowrk Inc when you create a peer. After the peer is created, there will be a link in the "configuration example" called "asterisk", click on that to find this same information and a bit more, of which I have already explained in this post.

voicemail.conf
: (This file was one sample file I left alone, and just added the following lines to the default section.)

[default] ;Note 11

101 => [password],user1
102 => [password],user2
Note 11: This section "creates" the users voice mail, assigns the extension to the voicemail, and sets the password.

X-Lite Configuration: To be determined. I have a working configuration, but only for internal phones. I am having some trouble getting external phones to work fully, even if I connect using a VPN ... more on this later.

Sunday, October 7, 2007

VoIP - Voice Network Inc

In order to connect your asterisk to real people with real telephones you are going to need to do at least one of two things: Put some hardware into your Asterisk box that allows you to connect your computer to one or more standard telephone lines (or POTS; Plane Old Telephone Service;) or subscribe to a VoIP provider that you can connect to over the Internet and which in turn provides the hardware that connects to the regular telephone system.

Now, there are advantages and disadvantages to both options which basically boil down to features, flexibility, and cost advantages for the VoIP provider, vs quality and simplicity for your standard POTS provider.

Since I am mainly concerned with cost and flexibility, I have decided to go with VoIP.

There are various levels of VoIP providers, but in the end, the basic services they all offer are what are known as DID (Direct Inward Dialing) services and PSTN (Public Switched Telephone Network) gateway services. Many vendors provide other services on top of those basic services, but as long as you have the basic services and you are willing to do a little work, you can pretty well build yourself a system with all the same services the big VoIP vendors provide, and at no (or little) extra cost.

Those basic services, DID and PSTN gateway services provide the following functionality:

DID (Direct In Dial:) gives you a phone number and allows people to dial that number. When they dial that number it connects them to the VoIP provider, which in turn passes that call over the Internet to your VoIP phone or PBX (Private Branch Exchange - which in my case is my Asterisk box.)

PSTN (Public Switched Telephone Network) Gateway: This service allows you to connect your VoIP phone or PBX to a VoIP providers server, which in turn connects to the PSTN and allows you to call other people connected to the regular PSTN using their POTS phones.

Once you have subscribed to these two services (and they don't necessarily have to be from the same VoIP vendor,) and your VoIP phone or PBX are configured properly, you have the ability to make and receive phone calls from anyone with a phone.

Of course, when you subscribe to a "full service" vendor such as 'Rogers Home Phone', or 'Vonage', you also get some fancy "bells and whistles" such as voice mail, call waiting, call forwarding, etc. All of which are provided for by those vendor's big PBX systems, but since you also have a PBX system (Asterisk) you now have the capability to provide those same features and options without having to pay the high "all in" cost, or "additional charges" usually associated with the "full service" vendors.

So what's the difference? Why should I do it myself rather than let Rogers or Vonage do it for me? Simple ... the basic charge for a DID service can be as low as $5 a month ($1 if you meet certain traffic requirements) and PSTN Gateway services can go as low as $0.01 per minute. So instead of paying $20 a month for a Rogers / Vonage service, plus extra if you want any fancy options, you can pay $10 or less for the basic DID & PSTN Gateway services and build your own fancy options as needed.

So doing some basic research on VoIP providers available in the Greater Toronto Area, I decided I'd give 'Voice Network Inc' a try, and subscribed to their DID and PSTN gateway services.

At this moment I do not have any feel for the quality of their VoIP network, so I cannot really make any positive or negative recommendations as yet on their service. My rational for going with this company was based on them providing features that seemed to best meet my needs.

Some of the reasons I picked Voice Network Inc.


Payment methods: The included the regular methods, including CC, Paypal, and online banking. They also offered EMail money transfer which works best for me. You simply email them a deposit of either $15, $20, $25, or $100, into your account balance, and use the balance to pay for monthly DID and phone call charges. In my case since I'm evaluating the service I went with a small $15 deposit, and purchased one DID number (any charges for making calls is deducted from your balance.) I sent the EMail money transfer Friday evening, and the amount was deposited in my balance at 5am Saturday morning.

Local Calling Charges: Incoming calls are free (I paid $1 a month for the DID, but there are usage conditions that mean that I will likely be charged about $6 a month in the end, but this is "up front" information and will not be a surprise,) and outgoing calls to just about anywhere in Canada will be charged at $0.01 per minute.

Long Distance Charges: My wife's family lives in SouthEast Asia, and the charge for calling her family in that particular city is just slightly over $0.02 per minute; cheaper than your average phone card ... we shall see if the quality is any better.

My initial testing with ths service for local calling seems to be working out quite well in terms of quality ... my first call did sound a little "broken", but when I checked, I was making the call while my wife was streaming live TV from Asian, and the MythTV box was running a "full bore" bittorrent "upload" ... as soon as I turned off the bittorrent client the quality went to "excellent" ... seems that a project for the near future will be to get a hold of a DD-WRT compatible router and configure some QoS (Quality of Service) parameters for my home network.

Upcoming post: My Asterisk config files, which I used to build a basic dial in, dial out, multi extension, voice mail enabled, VoIP system.

Asterisk - Installing a home PBX

As part of the process of reducing my communications bill I want to set up a VoIP service for home phone use. Now I could have just set up a single phone that connects to a VoIP provider, but I figure as long as I'm doing this why not build it on something that will be flexible enough to be useful for future projects, and be immediately able to provide extensions for myself, my wife and daughter.

So that's where Asterisk comes in. An Open-source telephony engine that has all the power of your average office PBX system plus added flexibility and it's free.

Installing asterisk onto my Linux box (same one I run MythTV on) was fairly easy, I simply downloaded the asterisk files from this page and followed the installation instructions at the Asterisk Guru page (Since my Linux system is a MythDora distribution, based on Fedora Core 6, I naturally followed the installation instructions for Fedora Core) .... Note: Some of the instructions don't work exactly as described, but nothing serious enough to mess things up.

Once installed, here are some important basic commands that you will need to know to make configuring the system possible.

Starting asterisk: at the root # prompt type "safe_asterisk"
Stopping asterisk: first connect to the asterisk console by type at the root # prompt: "asterisk -vvvr"; then type at the asterisk console ">" prompt: "stop gracefully".

I haven't added anything yet to start asterisk automatically on reboot, but I assume the simplest way would be to add the line "/usr/sbin/safe_asterisk" to the end of the /etc/rc.d/rc.local file.

Following posts will be in regards to signing up to a VoIP SIP provider, and configuring the asterisk to do something useful.

Internet Service - TekSavvy

Before cancelling my Rogers "Extreme" account, I decided to get a DSL service installed and see if the speeds were at least as good as Cable.

So I call up Teksavvy last Monday (Oct 1) and ask some general questions to make sure I am not committing myself into any long term contracts, so I can have the DSL installed, and if it doesn't work out, then I can cancel the service and just continue using Rogers.

The sales person explained it all to me, and confirmed that I can cancel at any time, so I went ahead and ordered the ADSL service.

Since I already had an ADSL modem from a previous ADSL account a few years back, I didn't need to order one of their modems. Total cost (paid via online backing bill payment method ... the sales guy gave me an account number, then I simply logged onto my online bank account; added them as a "payee"; paid the install charge and 1st months service for a total of $62.59; gave the sales guy the confirmation number; and he gave me an installed date of Friday Oct 5.

Come Oct 5th I take my DSL modem, plug it into the phone line, hook up a spare Dlink router to the modem, configure it with my ID and password, and wait.

Around 3pm I noticed that the green "connected" light was steady, and a couple of minutes after there was a knock on my door. A technician was there telling me that everything was hooked up and should be ready to go. A quick test confirmed everything was working. The tech explained that my CO was very close so I should get near perfect speeds (which I also confrmed ... my 5Mb download, and 800Kb upload rated speeds are in the ~4.4Mb download and 700+ Kb upload.)

So far so good. Rogers can expect a call from me on Monday or Tuesday.

Note: Since I am using "Dry Loop DSL" on top of the usual $29.95 per month charge, there is also a "band B" $9.10 per month surcharge, making the total monthly bill $39.05 plus tax (which I believe is only GST.) According to the Wikipedia article, the "band B" surcharge may no longer be applicable, so I may ask them about this a little latter on after I confirm that accuracy of the Wikipedia information.


Installation Cost
=============
9.10 Band B
29.95 Monthly
19.99 install
-----------------
62.59 incl GST.

Tuesday, October 2, 2007

Preparing for the move Away from Rogers

As mentioned in other posts, I am attempting to move away from Rogers and their high priced services and see just how much money I can save on my $230 / month Rogers communication bill (Digital cable, Internet, and cell phones.)

My plan as it stands now is to look into going with the following:

---------------------------------------
Cell Phones - Replace the two Rogers "family plan" phones and one Fido pay-as-you go phone with three 7-11 Speakout $100 specials ($100 get you $100 air time and a free phone.)

I can swap out the 7-11 sim-card into my existing rogers phones as they are on the same network anyway and should not even need to be unlocked.

My current cell charges are about $120 per month, or $1440 per year, of which I use about 200 minutes per month, or 2400 minutes per year. Of those 2400 minutes, about 1/3 of them were family to family calls, and the other 2/3 were to "non-plan" numbers. Since the 7-11 phones don't have a "free family to family" concept, the 1/3 (800 minutes) need to be doubled as they will cost double. So the total minutes needed will be in the 3200 range. At $0.20 per minute, that means I'm looking at at worst case about $640 worth of minutes.

But instead of just counting on the cell phones I figure I will also set up a cheap VoIP account and use that for normal ""home phone" usage. I can also set up a a simple skype, or VoIP to VoIP type service to keep in touch with the wife while I'm at work.

At the moment I'm looking at Voice Network Inc, mostly because they have the easiest method if signing up, and they seem to be the least expensive ... just what I need to get my feet wet and see if this will work or not.

So the cell phone usage should be minimal, with the bulk of the communications done over the Internet as direct VoIP to VoIP, or through a minimal $0.01 per minuite VoIP DID/Gateway service.

So if I use the same amount of minutes I've used for the last couple of years, and use it in the same pattern, then it should be something like 200 minutes per month total, 66 of those being family minutes (most of which will now be "free",) and the remaining 134 minutes mostly of the $0.01 cent varity.

Total estimated cost:

Cell 7-11 x 3 = $300 + tax = $342 (icluding 300 minutes)
VoIP = $4.50 per month for DID service x 12 = $54 + $1.34 per month usage x 12 = $16.08

Total = $412.08

Additional charge of $200 to get out of the rogers contract early would make it $612.08 ... still a good savings, even if I have to buy another $100 or two of cell phone minutes.
------------------------------------------

Internet. This one was easy, Rogers charges over $50 per month, and traffic shapes the hell out of anything useful. After reading the reviews over on Canadian ISP, and looking at the number of ratings, and the overall score, teksavvy was the obvious choice.

The cost to open an account with them cost a total of $62.59, which includes the months service plus installation charge, and taxes.

Regular costs will be $29.95 for the DSL service, and because it is a "dry loop DSL" (no telephone service on the line) service there is a "band charge" ... in my case it is a "band B" charge of $9.10 per month, making the total $41.40 including GST. Cheaper, and there is no traffic shaping, not usage cap, and the support is magnitudes better than Rogers.
------------------

So the first thing I needed to do was to see if I'm under any contracts, as in order to get out of a contract there is usually some sort of penalty.

So I checked my cell phone contract first, and found out that I was under contract until November 2008, and the penalty for getting out early is $20 for each month left on the contract, up to a maximum of $200 ... I'm hoping that contract applies to the whole "family plan, and not to each individual cell phone, but I certainly doubt it, but even if it is, $400 to break the contract will still leave a sizable savings ... even more so the next year.

I called Rogers to see what kind of contract I was under for Internet and Cable, and it turns out that I am under their "bundle" contract, which if I want to break it would cost me all the saving (15%) that I received from the start of the contract. Fortunately the bundle contract is over the first week of November 2007, which gives me just enough time to test out the Teksavvy internet and VoIP stuff before I go and cancel Rogers ass.

Anyway, we shall see how everything goes ... more to follow.