Asterisk@home (for Business)

The Clown Man

I have read a few reviews about this software and I have installed it on an AMD 2000+ PC with a view to setting up 5 lines/channels with the full PBX functionality through Blueface's business package using the 6MBdown/2MBup Digiweb metro line. (Digiweb tell me that VoIP traffic is prioritised on that metro package.)

I assume I will be able to use 5 channels on that bandwidth by utilising silence suppression. (If I need it.) I'm using this as an rough indicator that this is the case. I'm also assuming that Asterisk@home has the silence suppression functionality and that Blueface supports it.

I have previously installed the full Asterisk running on Mandrake 10.1 but I've decided to go with Asterisk@home for ease of use because I'm a linux newbie.

Before I go full steam with this is there anything above that I need to be corrected on or any assumptions that are way off the mark?

Has anyone any experience with a similar system?



I also want to make sure that some form of encryption is used for confidentiality. (I work in a solicitors office and this is important.) I have been on to Blueface about setting up a VPN tunnel to carry the trunks. I have IPCop installed and it is set up to use its resident ipsec VPN and I also have an OpenVPN addon installed. Are these the best VPN solutions or is there a better linux VPN software package to use?

I'm waiting for Blueface's techie to ring me about the VPN but they tell me they are willing to try any approach to set it up.

The Clown Man

Oh, and is the idea of a VPN a practical one? How secure are the calls when they are routed by Blueface? I assume they are no less secure then a normal telephone call.

Again, am I assuming too much?


(Cheers for any help! )

sirlinux

First off asterisk doesnt do silence suppression, it would be a good idea to use g.729 compression and the iax2 protocol rather than sip and turn on trunking in your iax.conf if you want to save bandwidth, but you have more than enough bandwidth to run 5 calls even usuing g.711, as for encryption a vpn is a good idea, there is an encryption=yes option in iax.conf but i havent seen much about it, ipsec is porbably best as there is more latency on openvpn. What phones/hardware are you using?

sirlinux

on the vpn front i prefer www.m0n0.ch but ipcop/smoothwall does the job.

The Clown Man

I use IPCop anyway mainly for the ease of use and the fact that DansGuardian works nicely hand-in-hand with it. It is the general firewall for the office network with I hope to run the VoIP on.

I'll take your advise on using g.729. And I'll try and use the ipsec VPN but since the upgrade to 1.4 ipcop has started using certificates and all this which is straying away from the old stlye ipsec VPN that I was familiar enough with years ago. Still though I'll find out eventually. Hopefully someone in Blueface is familiar enough with VPNs.

Cheers for the advice!

Anyone else got any advice/suggestions?

The Clown Man

Oh, just thinking, would the g.729 reduce the line quality severely?

It looks as per the calculator I mentioned above to be fairly low bandwidth compared to the others but is the line still clear enough?

sirlinux

g.729 sounds just fine, but you dont need it if that 2mb is just for VOIP,, g.711 gets you near ISDN quality, if your sharing that line for any other purpose your going to need a good qos implementation, watch out for jitter as well, thats why i would use iax as it has a jitter buffer.

The Clown Man

I'll be using the 2MB upload for other uses as well - general internet traffic and two constant Remote Desktop Connections that are constantly streaming audio - but prioritising the VoIP traffic at the IPCop box. (Which I'm using as my broadband modem with the ZyXEL router acting as a PPPoE bridge.)

What about any of the other protocols? Say g.726. The calculator has it using 40kbps average which sounds about right ...

sirlinux

What hardware are you going to be using in the office? that should let us know what kind of expectations the end users will have, are you bridging into an existing phone system if so how do you plan to do it and what type of phone system is it? what type of phone lines do they use now (isdn/PRI or analog).

The Clown Man wrote:

I'll be using the 2MB upload for other uses as well - general internet traffic and two constant Remote Desktop Connections that are constantly streaming audio - but prioritising the VoIP traffic at the IPCop box. (Which I'm using as my broadband modem with the ZyXEL router acting as a PPPoE bridge.)

What about any of the other protocols? Say g.726. The calculator has it using 40kbps average which sounds about right ...

WillieFlynn

The Clown Man wrote:

I also want to make sure that some form of encryption is used for confidentiality. (I work in a solicitors office and this is important.) I have been on to Blueface about setting up a VPN tunnel to carry the trunks. I have IPCop installed and it is set up to use its resident ipsec VPN and I also have an OpenVPN addon installed. Are these the best VPN solutions or is there a better linux VPN software package to use?

SSH (which is on all Unix / Linux) machines can route other insecure protocols over an encrypted tunnel and is very easy to use. I use it to access computers remotely using various protocols, as it has virtualy no setup other than allowing one open port on the firewall.

Jaden

I'm an Asterisk@home with IpCop user too (that's two of us then). I have a 2Mb 8:1 contended Irishbroadband line serving about 70 extensions. I have no noticeable problems with bandwidth. I don't route my mobile calls over the blueface trunk, I'll be using some form of SIP to GSM gateway for that.

Can't say I've ever given encryption any serious thought, but if I did, I'd use SSH.

The Clown Man

Sirlinux,

I haven't decided on what hardware to use yet but I'm looking at these as hardware phones complete with physical handset for the solicitors and non-secretarial staff and I am thinking of staying with soft-phones for the secretarial staff. The reason for this is that the secretarial staff are wearing headphones connected to their PCs anyway because they are transcribing from a networked digital dictation system I recently installed. I reckoned that to keep the calls on the PC and hence on the same headset would be the most effective way of doing it.

The other thing is that our network is installed with a point per PC at the moment. I will have to get it upgraded to cater for ethernet IP phones. I wonder are there USB hardware phones out there that might utilise a PC's static IP and might route the audio back to the PC for use with a headset? Anyone have any experience with anything like this/know where to get them?

I dont think I can use my current hardware as it is bloody ancient (12+ yrs old) and I'll want displays etc for caller IDs etc.


WillieFlynn,

I had a quick browse for one and couldn't find anything offhand but do you know of any how-to's or tutorials to set up SSH for use with a VoIP port? I assume all traffic to Blueface will be on one port anyway. Sound like a nice option though.

At the moment I am on to Blueface's Mark Piordan and I'm waiting for him to get back to me on an IPSec .conf I sent him so we may have it set up soon anyway but if SSH is a better solution I might mention it to him ...


Jaden,

How many channels are you using with 70 extensions? I have 13 extensions on 3 PSTN lines at the moment and due to a serious increase of phone usage over the past few years it's sometimes a real pain trying to get a line out! Is your 2MB line supporting more than 5 channels? Does the Blueface business package not only support 5?

Also, I had been pondering a GSM gateway for mobile calls (maybe a step too advanced for the time being but once I get more familiar with it I was going to look further) and I'd love to hear any solutions you might find!


Cheers for the help guys!

The Clown Man

Actually, just saw this.

Seems that SSH is not a "viable method" for VoIP ... doesn't explain why though ...

sirlinux

those grandstream phones have an ethernet loop through if you cant get more ethernet ports (you just plug it in front of the pc), linksys have some very nice sip phones coming to the market (e.g. spa941) benefiting from cisco's design input and cisco do the best ip phone out there. However one think to note it is advisable to put voice on a seperate lan/vlan as ordinary lan traffic eg. broadcasts can cause havoc with voice quality. As for softphone, have you tried it in a production environment?? they are good for the odd bit of usage but i would suggest a trial or even getting some ata's to use your old phones if cost is an issue.
IAX2 only uses one port (4569 udp) sip (5060 udp and your rtp range) uses a good few udp ports,so that might help your tunneling issue, however i doubt ssh would work as you would have to switch your UDP traffic onto tcp and udp over tcp isnt great it prefers it's native ip transport, ipsec supports udp over ip it does add overhead but it isnt to bad.
SIP gsm gateways are expensive pieces of kit, but if you are making serious amounts of gsm calls you will make it back.

The Clown Man

I have pretty much decided to go with the ipsec vpn and IAX2. I'm finalising setup of it tonight and I'll tell you how it goes.

The ethernet looping solves my network issues - that's fantastic. On the network usage I'm not all that sure that the internal network traffic is going to upset the VoIP too much. I would need to have a new network installed in order to set up a seperate LAN. The network traffic is mainly email, database and low bandwidth audio traffic so there aren't any huge files being transferred at any time that would clog up the 100megs. It would also probably be cheaper if there are problems to just get gigabit NICs and a gigabit 16 port hub. I'm hoping there won't be any huge traffic problems anyway. I wonder if there is any way of prioritising the traffic over the existing network ...

aaronc

The Clown Man wrote:

Actually, just saw this.

Seems that SSH is not a "viable method" for VoIP ... doesn't explain why though ...

Because SSH doesn't support UDP tunnels

http://www.employees.org/~satch/ssh/faq/ssh-faq-5.html#ss5.5

As was mentioned earlier in the thread openvpn is what's needed for the encrypted tunnel, it can do UDP or TCP.

IPSec should be an even better option since it's lower down the stack and therefore closer to the OS and possibly even in the router firmware and the performance should therefore be superior to applciation layer software.

Aaron

Jaden

I have found, through painful experience, that keeping VOIP traffic on your LAN can cause all kinds of problems. Sirlinux is right when he suggests that these should be kept separate, especially if Windows XP is involved.

This is fairly easily done using IpCop, without too much trouble.

Method 1.
Assuming you have a 3rd NIC installed, and an orange (DMZ) zone in IpCop, just put your Asterisk server and all your SIP phones there. You will need to create some DMZ pinholes to get softphones on your LAN to register with the Asterisk server on Orange. I have a list of these if needed.

It is strongly suggested that you use the Quality of Service stuff in IpCop (it calls it Traffic Shaping) to make sure that SIP ports and protocols are given priority over normal network traffic, at the red interface. Otherwise big downloads (think windows update) will affect voice call quality. Turning on the Squid proxy server in transparent mode, and setting the max object size to 25Mb will cache windows updates and other downloaded objects, saving precious bandwidth.

Method 2 (What I did).
To keep voice call quality at optimal levels, I ordered another Broadband line, and setup another IpCop box SIP phones on green, and used the same subnet on both IpCop orange zones. See poor diagram below:

Line 1 Line2
| |
Red1 Red2
| |
Orange1

---

Orange2
| |
Green1 Green2
| |
LAN VOIP

This allows both LAN and VOIP to see the Asterisk server. Be careful that only the Asterisk server uses Red2 as it's default gateway.

As for GSM gateways, I was using Nokia 22s, but it was taking a long time to connect calls (16 seconds or so). I am now plumping for O2's offering:

http://web.o2.ie/business/services/cost_control/mobile_line.jsp

I'm going to get 2 of the "cell route" devices. Just a matter of setting up dial plans once these guys are up and running .

I'll share my experiences when I get this up and runn ing. Feel free to ask anything about the IpCop setup.

The Clown Man

Jaden,

Cheers for the reply.

Yes I was thinking that if there is a big effect on VoIP from LAN traffic what I'll (attempt) to do is have a new hub installed with new points for each phone. Then I can set up a new network on an orange zone that is phsically seperate from my current network up to the point where IPCop routes traffic to the internet. What I was then intending on doing was, purely using traffic shaping, prioritise all traffic on the ports and protocols that the VoIP uses. (I already have internet traffic etc set to low priority for my streaming audio dictation traffic to run on high.)

Your solution is aimed at reserving QoS for the VoIP on the broadband line right? Would traffic shaping not have been a simpler option to reserve QoS? I'm hoping the traffic shaping will fully preserve line quality and keep jitter to a minimum. Is this a terrible assumption to make?

Also, are you using 2 seperate LANs? So that in essence you have 2 totally seperate networks on seperate hardware with seperate lines?


Sirlunix's mention of vLAN's also raised the option that I could set up a vLAN and prioritise LAN traffic that way. However, yesterday I did not know what the hell a vLAN was and after some research the thought of trying to figure out how to set up one and then assign it to a different interface on my IPCop box scares the bloody hell out of me!

Jaden

I have 2 separate(ish) LANs. I'll explain.

192.168.1.xxx is for LAN traffic and sits on green on my first IpCop box.

192.168.2.xxx is for VOIP traffic and sits on green on my second IpCop box.

192.168.3.xxx is the subnet used by BOTH orange zones. One card has 192.168.3.1 and the other 192.168.3.2. Depending on which you assign as a default gateway, traffic can be routed through on Red zone or the other. Both Green zones can see all devices on the Orange subnet. Handy for fallover too.

This setup has the advantage of keeping broadcast traffic to a minimum, while also allowing me to have my SIP server resolve to an external address when the SIP extension is external, and to an internal address when local. My SIP phones will be traveling, so this is useful.

With traffic shaping, I have not found a simple way of setting all SIP used port to high priority (How do you do this with UDP 10000:20000?). My workaround is simply to set all other traffic types to low priority.

Incidently, I bought a 48 port, 10/100 POE hub from Dell specifically to be used with my Grandstream phones. Dead handy, as it powers the phones straight out of the box - no need to use the PSUs. Other devices can be plugged into the same hub with no smoke appearing.

The Clown Man

Lol so if I have my phone connected to my network point and my PC connected to my phone's second socket my PC doesn't blow up right?

POE is the way to go for these phones though. With a good UPS the phones won't go down with the power which I know would have been a pain in some previous situations.

I can see what you are doing with the orange subnets. But my question is are your PC's and your VoIP phones using the same hub? ie is your physical network routing VoIP traffic and general LAN traffic at the same time. It would be easy for me to set up a new IP range and a new ipcop box but would that help with the network traffic flooding the internal lines? Unless I have two physical networks using two seperate gateways into one broadband router I can't see how anything short of maybe a vLAN effectively smoothing VoIP traffic on our internal network any more than I can with traffic shaping.

I won't be able to get a new line like you have because it wouldn't be financially sensible from our point of view. If we did get a separate 2mb line we would be spending more on rental before calls than we currently do on our overall phone bills.

I will have to use traffic shaping and prioritise my VoIP traffic by whatever way I can find.

My real worry is that my internal network will be too unstable as I do not have any form of "traffic shaping" before the gateway. However, if you are operating your two green networks on one hub with no VoIP issues then yours may be a case in fact that I have no need to worry!

sirlinux

Just a quick one, you will need a switch (and a decent one at that though they arent expensive anymore) for voip, it wont work over a hub you will get jitter and breakup.
I think perhaps you should get a trial phone and a pay as you go blueface (or other) account and do a bit more testing on what you plan to do, even buy a pap2 ata for €65 from blueface, plug it in as an additional line (or 2) on your existing phone system and work through any issues you might have.

The Clown Man

Oh dont worry I'm not buying anything till i test and retest.

Do I replace my 16 port hub with a switch? I have a 5 port hub on the ground floor for the 4 downstairs points. Do I need to replace that as well?

Is it just a matter of plug out old -> plug in new or will it have any effect on my network?

sirlinux

yes you will need to replace the hubs, you just swap them out, consider running new cables to a central switch rather than spanning multiple hubs the way you have now (unless distance is a factor), the on switch bandwidth will be more than a single link out to a remote switch. Gigabit switches are fairly affordable these days.

The Clown Man

Yea I'm looking at this and I'm seeing a solution to all my network woes ...

Cheers sirlunix!

Distance and the fact that we have a mf of a concrete wall in our office has made us use 2 hubs. I'll get a 5 port switch for downstairs. Any vLAN or network prioritisation done by the main switch should be supported but the 5 port right?

[edit]
... or this.
[/edit]

The Clown Man

I have got my VPN to Blueface set up now and I have tested a direct link to thier proxy through it bypassing my asterisk server.

We tried using g711 but my 3meg dsl line with 256k upload would not even support one line. However, we had a relatively good line set up on SIP/g729.

I'm going to try to set up a IAX2 g729 trunk and I have a question or two.

Firstly, what do I use in the Registry String?
The blueface website has username:password@sip.blueface.ie/1234. What the hell is the 1234 supposed to be?

Also, Can I specify what protocol to use or does the phone do that for me?

What are the best free softphones to use with g729?

Thanks.

KeithMur

The Clown Man wrote:

Firstly, what do I use in the Registry String?
The blueface website has username:password@sip.blueface.ie/1234. What the hell is the 1234 supposed to be?

Thats if you have an extension number 1234 it would automatically forward to it. Alternatively, with A@H you can just specify the path yourself

Also, Can I specify what protocol to use or does the phone do that for me?

You can specify in the iax.conf files.

What are the best free softphones to use with g729?

AFAIK the x-lite at www.xten.com

The Clown Man

I picked up the free version of the Xten PRO softphone which supports g729 and I am trying to make an outbound call to no avail.

I have included "allow=g729" in the sip.conf (I'm back to SIP again) but the softphone keeps switching to 711u.

Also, I'm pretty sure my calls are not hitting the trunk. I'm getting an annoying female voice telling me "That speed dial is not in our system. Please try again!"

So I'm left wondering have I set up my routing properly.

I have included:

; Dial the Blue Face Speaking Clock.
exten => 303,1,Dial(IAX2/blueface-out/303)
exten => 303,2,Hangup
; Send PSTN calls to Blue Face.
exten => _X.,1,Dial(IAX2/blueface-out/${EXTEN})
exten => _X.,2,Hangup

in the extensions.conf.

Now I'm not too sure what to enter in the Dial Patterns field in setup>outbound routing.

I had guessed that _x. would catch everything and send it to the trunk but it seems I'm wrong.


So my main questions now are why is my softphone returning to 711 each time I dial and why are my calls not leaving asterisk.

Does anyone have a example setup or tutorial that will work with Blueface for Asterisk@home?

The Blueface website has .conf changes but I'm wary about changing my conf's with too much in case it conflicts with Asterisk@homes preset ones.


Cheers for any help.

sirlinux

if your using @home go to the sip extension setup change allow=g729 and disallow=all, messing with .conf's while usuing asterisk@home is not such a good idea, stick with one or the other, you shold be able to define blueface as an iax trunk and router all your calls that way using the web interface.

aaronc

The Clown Man wrote:

Does anyone have a example setup or tutorial that will work with Blueface for Asterisk@home?

The Blueface website has .conf changes but I'm wary about changing my conf's with too much in case it conflicts with Asterisk@homes preset ones.

If you send an email into support@blueface.ie we can send you out some example Asterisk@Home screenshots that were kindly provided to us by another user. They may help out.

Aaron

KeithMur

Have you tried loging into your system through ssh and looking at the asterisk CLI. This will help you troubleshoot your problem

The Clown Man

Cheers for the replies guys.

I finally got calling out sorted. Sirlinux was absolutely right about using AMP and editing configs. AMP doesn't seem to like you editing it's configs manually. Changes made through AMP were taking effect and changes to the configs were not.

Now I can't seem to get calls in. The asterisk CLI is showing absolutely no movement at all when I dial the blueface number followed by my extension number. So I am waiting for Blueface tech support to call me back to see what might be wrong.

Otherwise, I am having a bit of difficulty setting up voicemail. I have bought 5 g729 licenses and they are registered on my Asterisk box but still the voicemail is not working. I am aware of the fact that because of licensing, Asterisk is set up initially with a g729 pass-thru which does not allow the use of voicemail. But now that I have licenses how do I set it up to use voicemail as normal?

Cheers for the help.