Asterisk VOIP and pfSense IPSec VPN Clients

I had setup a pfSense 2.1 based IPSec VPN following the instructions at https://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0 which worked well for my mobile devices and machines.

However, using a SIP based softphone over VPN connecting to my workplace’s Asterisk based VOIP setup never really worked properly. I dabbled in changing the subnet masks, changing asterisk settings, phone settings, NAT and many other things – all of which didn’t really work. The maximum I was able to achieve was calling up *43 which is the echo number and hear my own voice.

The reason for it to not work was that my VPN setup was having a different IP Address range (e.g. 192.168.10.x/24), and my LAN network was different (say 192.168.5.x/24). This is how the VPN is setup, but this allows one way communication – my VPN clients can reach the LAN, but LAN cannot reach the VPN clients. So, Asterisk server, while signaling worked, the media didn’t. So the ring was there, but no voice, since it was trying to send it back to 192.168.10.x series and my pfSense box wasn’t passing it through.

The simple solution was adding a firewall rule in LAN settings, and allowing the LAN subnet to pass traffic to the 192.168.10.x/24 network (Protocol: any, Ports: any). By default it is blocked. And THEN I could ping my VPN clients from LAN too which was the ideal setup, even for remote troubleshooting.

Advertisement

Tracking your Route through GPS – Getting Started

It was 14th February 2013, Valentine’s Day. Inspired by one Motorola commercial, I set out to walk in a ‘heart shaped’ route, as a Valentine Gift for my beloved wife. The commercial is available at http://youtu.be/iG2DRiQt1b0 and the end result was tracked on Sports Tracker, with me walking in a heart shaped route near Lotus Temple, Delhi, India.

I don’t have a good navigation sense, and rely mostly on GPS/Google Maps/Map My India for my everyday needs. Thus, to accomplish this task I’d specially bought a professional compass to track the directions, and had planned to cover at least 2 kilometers walking/running (though eventually it was restricted to 100 meters, reasons I’ll not delve into).

But, the biggest gain (apart from the delighted beloved, and learning how to use a compass) was that I came across various techniques that are used across the globe to track/plan a route. It’s more awesome than I ever imagined!

Continue reading →

Quest for Ultimate 3G Wireless Internet setup at home – Delhi, India

I had a deep desire to have a network setup at home which was wireless and flexible. I used to have 2 Wimax connections (Tata Wimax & Reliance Wimax), and one ADSL (MTNL) running 24×7. Unfortunately Tata Wimax shut down its services, and I disconnected Reliance Wimax connection. With the start of 3G services, I really wanted more flexibility and expected better uptime, and was ready to live with the disadvantages such as lack of Static IP, and significantly higher cost.

So, I set out to perform the longest duration and most expensive test I’ve ever done – 3 months and approximately Rs. 35000/- on equipment and prepaid recharges cost. The location was East Delhi, and duration was October 2012 to December 2012. The performance may change in future, so YMMV. The ingredients were

Two 3G Routers

• DLink DIR-456U (Rs. 6000)
• Micromax MMX400R (Rs. 3000)

Two 3G USB Dongles & One 3G USB Supporting Router

• ZTE K3770-z USB Dongle (Vodafone, Factory Unlocked) (Rs. 1400)
• Huawei E1731 / 173Bu-1 USB Dongle (Airtel Locked, later Unlocked) (Rs. 1600 + Rs. 300 for unlocking it via dc-unlocker.com)
• Asus RT-N66U Dark Knight Wifi Router with 3G USB Dongle Support (Rs. 14500)

The DLink 456U I bought off from Ebay, and Micromax MMX400R, ZTE K3770-z, Huawei E1731, and ASUS RT-N66U from Nehru Place, Delhi.

Four Service Providers

• Airtel
• MTNL
• Reliance 3G
• Vodafone

These 4 service providers have license to provide 3G services in Delhi. I bought 4 Prepaid SIM Cards of each and activated whatever 3G service was needed and their plans.

Additionally also bought one Nokia 101 Dual SIM phone (Rs. 1500) to easily check the balance, validity etc. and send/receive sms messages and USSD codes.

First, The Verdict

Vodafone as service provider, unlocked Huawei E1731 and Asus RT-N66U are awesome, and I assume I’d be staying with Vodafone for a long time to come.

This was my first Vodafone connection and I was delighted to see how Vodafone performed. It’s slightly on the higher side from the cost perspective, but if you want to have serious net connectivity, then Vodafone would suit you well considering the fact that it gets you

• Excellent Download and Upload speeds (unlike Airtel)
• The connection doesn’t disconnect every few hours and thus the IP remains the same (unlike Reliance)
• Connects in the first go and you don’t really have to wait (unlike MTNL)

Vodafone does not allow connectivity from outside to your setup, so you as such cannot do port forwarding easily, unless it is initiated from the client end (such as by creating a tunnel using ssh -R on Linux).

Having the perfect connectivity between the ASUS router and 3G USB dongle was the most difficult part, and Huawei one performed satisfactorily.

Continue reading →

Wireless on Ubuntu 11.10 and Lenovo Thinkpad E420

Unlike 11.04 and earlier, Ubuntu 11.10 runs much better on Lenovo Thinkpad E420. The only glitch is the wifi drivers which don’t run by default, and it could be corrected easily

Using LiveCD or a running system

• Press Super (Window) key, and open Terminal
• Type sudo modprobe -r acer_wmi

That’s all. You should be able to connect to the wireless till next reboot.

Making the change permanent

Edit the file /etc/modprobe.d/blacklist.conf and in the end type

blacklist acer_wmi

Reboot and you’re done. If you’re doing it entirely from the GUI, then editing the file could be done by pressing ALT+F2 (this would open a “Run” window) and typing there gksu gedit /etc/modprobe.d/blacklist.conf

Please note: This applies to wireless card having rtl8188ce chipset. You can view that by typing lspci in a terminal and searching for the entries respective to Network Controller.

Ubuntu 11.04 on Lenovo E420

Update: 16 October 2011 – Ubuntu 11.10 works better. http://wp.me/p9bZ0-1Q

I recently got a Lenovo E420 laptop, and I just went ahead and installed Ubuntu 11.04 on it. Few are some of the things that may help those who’re facing issues with it. I got 4 GB RAM on Core i5. It’s 64bit processor, so I preferred 64bit Ubuntu instead of 32bit pae kernel.

Wireless

The machine has rtl8188ce chipset, and the Realtek drivers available from Realtek’s website don’t work well. You just need to blacklist acer_wmi module

Edit /etc/modprobe.d/blacklist.conf and add

blacklist acer_wmi

Save and reboot. This won’t work if you’ve compiled Realtek drivers and installed them. It’ll work only in the default install. Here’s more detailed link –  http://askubuntu.com/questions/53625/wireless-on-thinkpad-edge-e420s

Random screen lockups

I am not sure why it occurred – due to the kernel or due to the compiz settings. I did both. Installed Kernel 2.6.39 from http://kernel.ubuntu.com/~kernel-ppa/mainline/v2.6.39-rc4-natty/

Also, I installed CompizConfig Settings Manager (ccsm) from Ubuntu Software Center, and then disabled this option

General -> OpenGL -> Sync to VBlank (uncheck this)

Reboot. The system may not hang. http://www.preshweb.co.uk/2011/05/ubuntu-11-04-x-freezing-after-screensaver-active-laptop-lid-closed/

Update 26 July 2011: There are still instances of system hanging 😦 Unable to identify the cause as yet. However, this time the system just hangs with no mouse movement at all. This behavior I experienced in 32bit-pae kernel too and usually happens when system has gone through more than a few standbys. Will diagnose and update further.

Update 2 – 30 July 2011 : I updated the BIOS to v1.16 (earlier it was 1.10), but it didn’t do any good. The system still got hung. It is not due to standby also as I disabled the “Suspend” option from Power Management section and rebooted the computer and used it for around 3 hours after which I got a Kernel Panic. Realtek has put a new version of their drivers for rtl8188ce chipset – I’ve just installed those and rebooted and it seems to be working. Will update later if it has cured the hanging problem.

Update 3 – 31 July 2011 : After installing the realtek rtl8188ce drivers as mentioned in the post above, I’ve not rebooted the machine since more than 24 hours. Had suspended it more than a few times, and did various experiments which earlier eventually led to a freeze. But I’m happy to report that till now all has been good and it has not yet hung. I’ll keep working on it for next few days and see if there has been a proper resolution.

Indicator icons for unsupported apps

I installed gnome-do and I was unable to see the indicator icon for that. Installed dconf-editor from Ubuntu Software Center.

Got the name of the application from .xsession-errors file (TrayChild). Opened dconf-editor and added ‘Do’ in there. Logged out and logged back in and all is well.

http://askubuntu.com/questions/36898/how-can-i-see-a-list-of-all-the-systray-icons-that-are-not-whitelisted/39750#39750

Don’t set systray-whitelist to “all” as that may lead to the icons in indicator being unclickable.

To be honest, it was horrendous to use Ubuntu 11.04 due to severe productivity issues for the first week. I installed 32bit pae kernel so that the 4GB RAM could be supported. But I couldn’t upgrade it to 2.6.39 as no pae kernel was available for 2.6.39. I rather installed 64bit Ubuntu, and updated it immediately and rest did what I mentioned above. No more hangs till now, and life has been happy.

Nokia E6 Symbian Anna IMAP with push mail

Nokia Symbian based phones have a terrible IMAP support. If you have IMAP server of your own, you only have two options

• Use “Nokia Messaging” which means you receive your emails via Nokia servers (similar to blackberry) and it’d not be your phone but nokia servers which would connect to your IMAP server and push mails to your phone. This works better, but then you’re giving your details to Nokia, and could be a privacy issue for some.
• Use the in-built IMAP client. This would mean you don’t have a ‘push’ email, but a check interval of 5 minutes. Not awesome.

Following is one more way to set to use IMAP via the Nokia Mail for Exchange client, and you don’t need to have any Microsoft Exchange setup.

 

Concept

1. You need to be running an IMAP server.
2. There’s an open source PHP based software called “z-push” which allows activesync connectivity and has IMAP backend, which means you can use it to ‘sync’ your phones using the Nokia Mail for Exchange client.
3. You need Apache web server with php5 and php5-imap support where z-push would be setup.
4. You download and configure z-push.
5. You configure your phone settings, and then use Nokia Mfe client to connect to your IMAP server and thus have “push” functionality.

 

Assumptions

1. An IMAP server is running with SSL support with self-signed certificates (I used dovecot), which has usernames as ‘user@domain.com‘ format.
2. You have Apache with PHP5 and php-imap support. On ubuntu/debian you can install it using apt-get install php5-imap.
3. Nokia Mail For Exchange supports only a single account on a phone. So if you have multiple email accounts to be synced, bad luck.
4. It was tested on a Nokia E6 running Symbian Anna. Your setup may vary or could be different.

 

Server side setup

1. Download z-push from Source Forge http://z-push.sf.net ; I used version z-push-1.5.4RC-705.tar.gz.
2. Extract it in a suitable location, for example, /var/www/z-push
3. You can refer to the INSTALL document too for more information inside the z-push extracted files.
4. Make the ‘state’ directory web server user writable. So do chown www-data.www-data state or chmod 777 state.
5. Configure z-push. We will modify the following

   $BACKEND_PROVIDER = "BackendIMAP";
   
   // ************************
   //  BackendIMAP settings
   // ************************
   
   define('IMAP_SERVER', 'localhost');
   define('IMAP_PORT', 993);
   define('IMAP_OPTIONS', '/ssl/novalidate-cert');
   define('IMAP_DEFAULTFROM', 'domain');
   define('IMAP_SENTFOLDER', 'Sent');
   define('IMAP_USE_IMAPMAIL', false);

6. So that the “Sender Name” when sending out email works well, there’s a IMAP_DEFAULTFROM setting, which didn’t work too well in my case, so I modified the backend file to display the “Sender’s Name” correctly in the format Firstname Lastname <user@domain.com>. The following changes were done in backend/imap.php

   # Added the following lines in the section below
   # $v = "$this->_domain <$this->_username>";
   # $envelopefrom = "-f$this->_username";
   
               if ($k == "from") {
                   if (trim($v)) {
                       $changedfrom = true;
                       $v = "$this->_domain <$this->_username>";
                       $envelopefrom = "-f$this->_username";
                   } elseif (! trim($v) && IMAP_DEFAULTFROM) {

7. In Apache configuration, I have SSL setup. So in the configuration file for the SSL, I specified an alias as under

           Alias /Microsoft-Server-ActiveSync "/var/www/z-push/index.php"

8. Restart Apache and your z-push is ready.

 

Client side/phone setup

1. Now that the server side setup is ready, we’ll configure the phone.
2. You can enter the settings as per the requirements while configuring the Mail For Exchange client.
3. The “domain” would be your full name (as you wish to display when you send someone an email).
4. That’s all. Sync it and you’re ready to go!

 

Troubleshooting

1. To enable debug logs, create a file debug.txt in the z-push directory and assign it web server user writeable privileges. For example:

   cd /var/www/z-push
   touch debug.txt
   chown www-data.www-data debug.txt # or; chmod 777 debug.txt

2. You may want to experiment with the IMAP_OPTIONS by referring to http://php.net/imap_open
3. Your ‘Sent’ items folder could be different. You may want to keep it blank (the default).

Making a WiFi Hotspot / Access Point using Linux & wifi lan card/USB adapter

If you have a wifi LAN card / USB adapter, then you can use it as an access point so that other machines can connect to the internet via your machine using Wifi. The process is fairly simple, but requires you to have a compatible set of drivers which allow a wifi lan card to come into “Master” mode.

It didn’t work well for

• Linksys WUSB54GC v3 USB adapter. Till Ubuntu 10.04, there were no good drivers for use with hostapd (supporting mac80211 / nl80211). In Ubuntu 10.10, though the drivers were working, but the connection was highly unstable – in fact unusable. The drivers that I tried were rt2800usb (which allowed the adapter to come into Master mode), and rt2870sta which didn’t allow the adapter to come into “Master” mode. It always remained “Auto” or “Managed” (checked via iwconfig). Need to test in 11.04 when it arrives.

What worked pretty well

• 02:00.0 Ethernet controller: Atheros Communications Inc. AR5001 Wireless Network Adapter (rev 01), using ath5k drivers. hostapd didn’t complain at all and all was smooth. This was in Ubuntu 10.04.

Concept

1. There’s an application called hostapd which allows converting a wifi adapter into an access point and provide privileges such as WPA authentication and ssid name definition etc. I used it and it worked well.
2. When a client connects to the access point, apart from authentication it’ll require IP addresses to be assigned. For that a DHCP server is used.
3. You need to have 2 interfaces, one which accesses the net (e.g. eth0), and other which provides the access point services (e.g. wlan0).
4. You start the wlan interface, assign it an IP address, start the dhcp server, setup firewall/nat and start hostapd. That’s all to it. Your devices would be able to use the wifi adapter as the access point.

Procedure

apt-get install dhcp3-server hostapd

Modify /etc/hostapd/hostapd.conf and put the following

interface=wlan0
driver=nl80211
ssid=MyAP
hw_mode=g
channel=11
wpa=1
wpa_passphrase=MyPasswordHere
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
wpa_ptk_rekey=600

The dhcpd.conf section in /etc/dhcp3/dhcpd.conf would have something like the following

subnet 10.10.0.0 netmask 255.255.255.0 {
        range 10.10.0.25 10.10.0.50;
        option domain-name-servers 8.8.4.4, 208.67.222.222;
        option routers 10.10.0.1;
}

Modify /etc/default/dhcp3-server

INTERFACES="wlan0"

Check what name your adapter got via iwconfig. You can change the name also and make it persistent via /etc/udev/rules.d/70-persistent-net.rules so that it always gets a single type of name. In our example we’re assuming wlan0, but it could be changed. Make necessary changes in your configuration too.

Configure the new interface

ifconfig wlan0 10.10.0.1

The above could also be done in a better way via the /etc/network/interfaces file, but didn’t try it out. In any case if you shutdown hostapd, the network interface (wlan0) loses its address, so need to put a script which assigns it again before hostapd is started. An example could be

iface wlan0 inet static
 address 10.10.0.1
 netmask 255.255.255.0

Restart the dhcp3-server. It should now be ready to serve addresses and is also bound to the network interface too.

Allow ip masquerading

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Now start hostapd and see the messages that it shows

hostapd -dd /etc/hostapd/hostapd.conf

Wait for a few seconds, it should show some probes being done by other wifi devices. If it shows, then probably you’re in good luck.

Now try to connect via your device to this access point. It should work.

To make this work on boot, can put the relevant config in /etc/default/hostapd

RUN_DAEMON="yes"
DAEMON_CONF="/etc/hostapd/hostapd.conf"
DAEMON_OPTS="-dd"

and also put the firewall rules in /etc/rc.local (make sure its executable).

Remember – if you shutdown your hostapd, the network card would lose its address. So you have to assign that again before starting hostapd. The usual practice would be

• Stop hostapd
• Stop dhcp server
• Restart network (or rather ifup wlan0 / ifconfig wlan0 10.10.0.1 would do)
• Restart dhcp server
• Start hostapd

Miscellaneous

1. You can check the wifi interfaces via

   iwconfig

2. To set a wifi adapter into master mode, try the following. If it doesn’t work and shows an error that it’s not possible or something, fret not – use hostapd as that’ll do that in any case.

   iwconfig wlan0 mode Master

3. Network Manager could create issues, though in my test environment – instead of using an ethernet interface, I used two wlan interfaces, one being controlled by Network Manager for internet access, and other for making it an access point.
4. modprobe -r ath5k / modprobe -r rt2800usb etc. is to be used for unloading the modules.
5. If you wish to proceed without using authentication so that you can test it easy, then put the following in /etc/hostapd/hostapd.conf

   interface=wlan0
   driver=nl80211
   ssid=MyAP
   hw_mode=g
   channel=11

Recovering contacts from Backup.arc on Nokia Series 60 3rd edition devices

I have a Nokia E61 (Symbian Series 60 3rd Edition – v9.1). I usually take backups on my memory card in the phone (I’ve three of them) and restore them in case it’s necessary. However, today when I tried to do it, it wouldn’t restore and always ask for a “Restart” after flashing “Restoring…” screen for a split second. I tried all my other backups made during last 1 year and it just won’t work. I even hard-reset/formatted the phone by pressing *,3 and call key and then starting the phone, assuming that maybe there’s some issue with the firmware. It just didn’t work. I’d my latest backup available on my memory card and I couldn’t use it. After spending more than a few hours, I managed to retrieve information, more importantly my contacts.

Credit goes to

• Michael Montey from http://groups.google.com/group/noki-sms/browse_thread/thread/1012e376016ca2ba
• petrusek – who created NbuExplorer (http://nbuexplorer.sourceforge.net)

Here’s how I retrieved all the Contacts. It assumes you have a Backup.arc with you. If you’ve taken backup on the memory card and view the contents of the memory card on computer, you’ll see a Backup/ folder in which the Backup.arc would be there. If not, tough luck.

1. It works only on Windows. I used Windows XP.
2. Install NbuExplorer from http://nbuexplorer.sourceforge.net – it requires .Net Framework 2.0 which I downloaded from Microsoft website, so install the framework prior to opening NbuExplorer.
3. Install Java 1.4.2 and Symbian SDK. As of now I’m not too sure that Java 1.4.2 would be necessary at all. For Symbian SDK, you need to be a member of Nokia Forum – the version that I downloaded was S60-SDK-0548-3.0-f.3.215f.zip
4. Now open NbuExplorer and point it to the Backup.arc file. It should show the contents in it including pictures, sounds etc.
5. You need to locate the file having the name Contacts and ending with the extension .cdb. In my case the name was DBS_100065FF_Contacts.cdb and it was under C: -> private -> 100012a5 within the NbuExplorer interface. Once you locate it, right-click on the file name and select ‘Export selected file(s)’. It’ll ask you for a location – you may select “Desktop”. Keep that file safe – it has all your contacts.
6. Now close NbuExplorer and start Symbian Emulator. It would open a Symbian interface – you need to add a new contact in there. You can add anything. We just want it to build a contact database of its own which we’ll eventually replace with our own contact database. Once done, close the Emulator.
7. Next step is to replace the contact database created by the emulator by our actual database which has our contacts. In my case I went to C:\Symbian\9.1\S60_3rd\Epoc32\winscw\c\private\100012a5. The file DBS_100065FF_Contacts.cdb was already present. I replaced it with my actual file which I’d retrieved via NbuExplorer.
8. We’ll add a memory card to our Symbian Emulator. For that edit the file epoc.iniwhich is located in C:\Symbian\9.1\S60_3rd\Epoc32\Data and modify the following values so that they look like the following
   _EPOC_DRIVE_E \epoc32\winscw\e
   _EPOC_LocDrv_1 E: FAT
9. Let’s start the Emulator now. If you go to contacts, if all goes well you should be seeing all your contact listing. Hurray! Step 1 done.
10. Now we’ll need to transfer the contacts to the memory card. Mark all contacts and then select “Copy to memory card” from within the emulator interface. It should say that it has copied them to the memory card.
11. Now go to the “e” drive created via epoc.ini, that is, in C:\Symbian\9.1\S60_3rd\Epoc32\winscw\e. There would be a folder called “Others” inside which there’d be “Contacts”. If all goes well, you should see a lot of .vcf entries inside it. Those are your contacts. Copy them to an actual memory card of the phone – in the same directory (Others\Contacts). Now put the memory card in your phone.
12. In your phone, open “Contacts”, and then select the option Copy -> From memory card. The contacts would be copied. For me it retrieved all information with precision.

I had evaluated Nokisoft.com’s Noki Explorer application. There were two things I wasn’t sure of, (a) it retrieved 30 contacts in the trial version, but the data that was retrieved was not complete; and (b) it seemed to be a tad expensive for one time use. Nokisoft’s explorer may be easier to retrieve contacts – that you can decide.

Asterisk Basics, and Load Balancing via DUNDi

IMPORTANT: The configurations, that is, the code sections underneath are not wrapped. However, if you want to copy paste them, you can just select them and despite they being not visible to you, they’ll get copied into the clipboard. Otherwise you may want to refer to the PDF version.

Prepared by : Vivek Kapoor http://exain.com
Prepared on : 01 July 2010
PDF Version : Asterisk_Basics_Load_Balancing_DUNDi_Vivek_Kapoor

Purpose of this document

Asterisk is an open source PBX. Which means, you can setup your own little telephone exchange in your home/office environment. On a much larger usage, you may look forward to setting up a redundant phone setup wherein multiple boxes are interconnected with each other and provide some sort of failover capability and easier management, which is possible through something called DUNDi. This document aims to provide such a solution with a possibility of horizontal scaling instead of vertical scaling. So, this may mean that by using low-end commodity hardware, you can setup a strong telephone infrastructure which can cater to thousands of users.

Read the document carefully. Read it fully before you start implementing it. It is intentionally detailed so that you know what you’re doing.

Acknowledgements

All credit of this document goes to JR Richardson. I’m afraid I’ve not been able to find a suitable link for him, but his whitepapers and presentations are the ones which helped me move forward. And of course, Mark Spencer – the guy behind Asterisk. Without him this document wouldn’t have existed.

The writings by JR Richardson

• http://www.voip-info.org/storage/users/813/47813/images/1654/DUNDi_So_Easy.pdf
• http://atlaug.com/stuff/Presentations/Astricon06/JR_Richardson_Whitepaper.pdf

Continue reading →

Board800 now on Twitter!

Now also get updates of Board800 on Twitter