RichardNeill.org
Personal Academic Thoughts Technical Various

A quick, personal guide to VOIP under Linux

Update

Please note: this guide was written in 2007. It's mostly still correct, but many of the applications have substantially improved. Also, FreeWorldDialup is no more; try iptel.org instead.

The best approach is now Jitsi, notably Video Bridge and meet.jit.si.

Introduction

Voice Over IP (Internet Telephony) is very clever, and useful. But there are no simple howtos! This guide tries to explain how I personally set up VOIP to actually make calls! I'm an individual (so I don't want to run something complex like Asterisk), using Linux, based in the UK. I've also chosen specific providers, but you don't have to uses these ones. I want to make all 3 types of calls:

  • PC -> PC
  • PC -> Phone
  • Phone -> PC (so I can receive calls made from a phone)
  • Phone -> Phone [but this is not relevant here!]

The end result, for me is that I have:

  • The ability to make and receive calls on my pc, whether to/from another pc or a phone.
  • A free (to me) UK telephone number which can be called from the PSTN (public switched telephone network - i.e. normal phones) at the UK national rate.
  • I can call any other telephone in the world from my pc cheaply.
  • No fiddling with firewalls (neither on the local machine, nor the NAT gateway).
  • Other services such as voicemail.
  • The choice of (almost) any SIP client, or a hardware sip-phone if I choose.

Important notes

Please note the following:

  • VOIP is not suitable for emergency calls. At any rate, do not rely upon it. The regular phone system (at least with BT in the UK) is self-powered. But your computer won't work if there is a power cut. Also, the emergency services may find it easier to locate you (or call you back) if you use a land-line, or a mobile phone.
  • VOIP is not encrypted by default. It is fairly easy to eavesdrop on.
  • I am not an expert. I just wrote this howto as a result of my own difficulties in figuring out what to do! So there may be mistakes. I'd welcome corrections.
The is more information on these points below. Anyway, enough with the introduction....

Protocols

There are 3 common VOIP protocols in use. These are: SIP, H.323, Skype

  • SIP - session initiation protocol is, I think, the best. It is Open Source, widely used, with support in hardware sipphones, Linux phones (kphone, linphone, ekiga), Mac, Windows XP (built into Windows Messenger (note, not MSN Messenger), and is the simpler, and more flexible protocol. This is what I have chosen.
  • H.323 is older, more complex, and less widely supported except by GnomeMeeting/Ekiga (and Microsoft NetMeeting)
  • Skype is proprietary, does not come with source, uses a gratuitously incompatible and undocumented protocol, and comes from the makers of Kazaa. There is a Linux client (binary only), [which I haven't tried], and it apparently easy to use, but Skype are trying to monopolise the market with their own protocol, and obtain vendor lock-in: a bad idea! Furthermore, one must use Skype's servers, and the EULA requires you to share your bandwidth (not, itself, necessarily a bad thing, but has caused my university to ban it.) Also, Skype's security is not as good as they claim, and the Linux version doesn't support ALSA.

There is more information at voip-info.org and iptel.org. Here is a detailed, but lucid tutorial about SIP.

SIP is peer2peer - so why is a server needed? (Important)

One SIP phone may directly call another. E.g. 2 kphone clients can directly call each other, provided that they can see each other over the network. This requires UDP connection to port 5060, and that both machines may address each other. E.g. on machine 192.168.0.1, start kphone and call sip://rjn@192.168.0.10. This will work! But, there are some problems with this, hence the need for the Session Initiation bit: the voice traffic always flows directly between the two "phones", but the call-initiation may use a different server.

  • What if one or both machines have a dynamic IP address? Then the SIP URL in your phonebook will never be up to date! So, we need a Registration Server, which both clients sign into, and which serves as a central point of contact. The registration server can also tell you whether someone is online, and may handle calling to multiple locations and voicemail.
  • What if you are running a firewall on your desktop machine? Under Mandrake, the default shorewall policy setup is to allow all outgoing connections, but block all incoming connections. [I usually allow ping and ssh, but that's another matter]. This means that you can only make outgoing calls! The solution is to use an outbound proxy: that way, you are always making an (outgoing) connection to the outbound proxy server; even when an incoming call arrives, your firewall thinks that it is just a response to a packet you sent the proxy, so allows it. Alternatively, you could just change the firewall rules to allow the incoming packets. [Likewise, because UDP (unlike TCP) is stateless, if both people call each other simultaneously, the firewalls will usually assume the incoming packet is a response to your own outgoing connection, and permit it.]
  • What if you are on a private network, behind a NAT (Network Address Translation) gateway/firewall? This is the common case for most home networks, including mine. It means that machines within the network do not have public IP addresses, so there is no way to address (or even ping) them from outside the network, even if the firewalls would permit the connection. There are two types of NAT: symmetric and asymmetric. The difference is complex (and irrelevant here). Anyway:
    • Most simple home router appliances use Asymmetric NAT. For asymmetric NAT, configure the client to use a STUN server. [STUN is 'Simple Traversal of UDP over NAT'].
    • If you use a Linux computer as a gateway server for NAT,firewalling,(and webserver, etc), this is Symmetric NAT. [In our case, we use Shorewall for IP masquerading ("Internet connection sharing" in Mandrake), and this is symmetric NAT.] STUN will not work with symmetric NAT. Instead, you need to use an Outbound Proxy: this is usually provided by the registration server. [more info.]
    The alternative is to use a proxy running on the firewall, such as siproxd. This gives you more control, but it is never necessary if you just want a "simple" setup.
[A clarification on terminology. An "Outbound proxy" is a server somewhere on the public internet which proxies your SIP traffic. It's called "outbound" because your client constantly "pings" it, thereby making an outgoing connection, which your firewall/NAT gateway will permit. Then when a call arrives at the proxy, it responds, and your NAT gateway forwards the response to the client that "originated" it, i.e. you. Otherwise, if an external machine tried to initiate the connection, your NAT gateway would block it. Siproxd does this more elegantly, but with considerably greater complexity. Note that an analogy with the web cache/proxy, squid would be very misleading. A more detailed explanation would require a better understanding of UDP than I actually have!]


Actually doing it...

Here are the steps I took, (with the stumbling omitted!). Many of the choices are personal, e.g the use of FWD, and I am only mentioning them (a)because they work for me and (b)because it's very helpful for a guide to have an actual example!

1. Test the hardware

Check that the headphones and microphone actually work! In particular, it's worth enabling the "20dB Mic Boost" that many soundcards have - using a mixer such as gnome-alsamixer. I'd recommend the purchase of a decent and comfortable headset-mic (costing about £15 ($25)). Remember that the Mic must be set as the default recording device, but should be muted (unless you want a megaphone!). Note that using loudspeakers and a microphone for VoIP may cause serious problems with echoing: experiment with this.

2. Download the software

You can use either linphone or kphone, or ekiga. Either will work well, although I personally prefer Linphone, since it has a better interface and documentation, although kphone has more features. I've covered them all below. Under Mandrake 10.1, you can install kphone-4.10 or linphone 0.12.2 by using urpmi, and it will just work. If you install linphone, you may find the diagnostic program, sipomatic useful. On Mandrake 10.2, you will get linphone-1.00-preX, but my recommendation is that you download the latest version (currently 1.0.1) of linphone and compile from source. For Mandriva 2006, Ekiga RPMS are available from SeerOfSouls.

To compile packages, use ./configure & & make && sudo checkinstall. use checkinstall instead of make install, since it will give you an RPM, allowing easy uninstallation if desired. Also, if you need to install a dependency (some missing library), use urpmf filename to find out which package contains a desired file.

[To compile linphone, you need libgai0-devel for the gnome-applet libraries. Otherwise, the GUI will not be built, and you will just get linphonec. To compile linphone 1.3.5, download libosip2 and linphone-1.3.5 from here and speex 1.1.2 from here. To compile libosip2 and speex, just use ./configure && make && checkinstall as usual; they will be build in /usr/local/lib. To inform linphone of the existence of the new speex library, it's necessary to export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig before running ./configure.]

3. Register with a provider of a SIP server

I selected FreeWorldDialup, who appear to be well-established, and provide a decent service, for free. You can sign up (at no cost) here for a username,password and SIP number. The SIP number is represented as NNNNNN below. [Remember to set the profile options to opt out of the marketing emails.]

4. Networking setup

Do you have a static or dynamic IP address? Do you have a public IP address, or are you behind a (separate) firewall/gateway? If behind a gateway, is it symmetric or asymmetric NAT? Do you have a firewall on your desktop machine itself? Unless you have a public, static, IP address, you need to use a some form of registration/proxy server. See the section on "why is a server needed" for more information.

5. Configure the client

Choose one (or more) of the 4 applications below: Kphone, or Linphone 0.12, or Linphone 1.0.1, or Ekiga. I'd recommend linphone >= 1.01, or ekiga.

5.1 Configure Kphone

[If you are using Kphone. Otherwise, skip this step.]
FWD provide a Configuration Guide, with the settings for kphone. This configuration varies slightly depending on whether you are on a public IP or behind NAT. Note that kphone needs to be restarted after changing the identity. Also, If you have multiple network interfaces on the computer, kphone will ask which one to use at startup - use the outward facing interface! Here are the settings needed; most of these are in File->Identity; STUN is configured in Preferences->SIP Preferences->Socket
Setting (Kphone) Value
Full Name Your Name (optional)
User Part of SIP URL FWD Number e.g. NNNNNN
Host Part of SIP URL fwd.pulver.com
Authentication Username FWD Number e.g. NNNNNN
Auto Register On
Outbound Proxy fwdnat.pulver.com:5082
STUN server stun.fwdnet.net:3478
Notes:
  • Public IP address: Neither STUN not Outbound proxy are needed.
  • Non-Symmetric NAT: Use STUN, not Outbound proxy.
  • Symmetric NAT: Use Outbound proxy, not STUN.
  • Leave the socket protocol set to UDP (always).
  • When logging in, Kphone will pop up a dialog box for Username,Password. The Username is the FWD Number, not your name.
  • In KPhone, the right-mouse-button is very useful!
  • The default Audio settings (G771U codec and 10ms sample) work fine.

5.2 And/Or, Configure Linphone 0.12

[If you are using Linphone. Otherwise, skip this step. Note: see update below about linphone 1.0.1.]
Linphone uses similar settings in most cases, although FWD do not provide a configuration guide. Here are the options I used (in the Connection->Preferences menu). They have slightly different names from the options in kphone. This post helped me to find the right settings.
Setting (Linphone 0.12) Value
Identity sip:NNNNNN@fwd.pulver.com
Use sip registrar checked
Server address sip:fwd.pulver.com OR sip:fwdnat.pulver.com:5082
Your password [password]
Address of record This is an output, not an input. No point editing it!
Use this registrar as outbound proxy checked
Number of bufferized milliseconds 200ms works well for me. Experiment.
NAT traversal enable checked, if required
Firewall IP address The public IP of the firewall/gateway.
RTP port used for audio Default (7078) is fine
Notes:
  • NAT traversal need only be enabled if there is a firewall/gateway. If so, use the public I.P. address of the firewall, not the private I.P. (!)
  • Linphone seems to assume that the registration server and the outbound proxy must be the same server. Fortunately, either sip:fwd.pulver.com OR sip:fwdnat.pulver.com:5082 work.
  • It is rather odd that the "address of record" looks like an input, when in fact it isn't.
  • Linphone's GUI is much more sane. There is also some reasonable documentation and sipomatic is useful for testing.
  • I find kdocker useful - to dock linphone into the system tray. Kdocker is easy to use, and will dock anything in KDE or GNOME. I created a desktop shortcut to run "kdocker -m /usr/bin/linphone".

5.3 Or Configure Linphone 1.0.1 - 1.3.5

Update: Linphone 1.0.1 is now available for download. This is much better than 0.12, and fixes some significant bugs (e.g. automatic registration) with 1.0.0. I'd strongly advise downloading it and compiling it. (Note: to compile on Mandrake, you need the libgai0-devel package installed.)

In 1.0.1, the GUI is slightly different: in particular, the proxy/registrar GUI has changed. Please read the section on linphone 0.12 first; these are the differences from 0.12:
Setting (Linphone 1.0.1) Value
Identity sip:NNNNNN@fwd.pulver.com
Automatically guess a valid hostname not checked
Add proxy/registrar click the button
Proxy/Registrar configuration: ->Send registration checked
Proxy/Registrar configuration: ->SIP Identity sip:NNNNNN@fwd.pulver.com
Proxy/Registrar configuration: ->SIP Proxy sip:fwd.pulver.com
Proxy/Registrar configuration: ->Route (optional) leave this blank
Proxy/Registrar configuration: Username/Password There's nowhere to type these; linphone will prompt for them if/when needed.
Sound device ALSA
Notes:
  • This version of Linphone can use multiple different proxy or registration servers. Only sip:fwd.pulver.com and NOT sip:fwdnat.pulver.com:5082 work.
  • If you have multiple proxy servers configured, you can select the 'Proxy to use' in the main interface (just above the 'Call or Answer' button). Make sure to select the right one!
  • When linphone prompts for a password for registration server, enter the following:
    Setting Value
    realm "fwd.pulver.com"
    username FWD Number, e.g. NNNNNN
    password [password]
    userid [blank]
  • Linphone's DTMF works fine in 1.0.1. (In 1.0.0, it functions, but there is no audible feedback.)
  • If you are behind a firewall or gateway machine, you must put in the external (public) address of the firewall. Otherwise, you won't be able to receive incoming calls.
  • Linphone also has a command-line interface, which is linphonec.
  • Update: Kaare Hviid suggests adding this setting in case of problems from behind a symmetric NAT:
    Proxy/Registrar configuration: ->Route (optional) sip:fwdnat.pulver.com:5082
    (which linphone seems to reformat as '<sip:fwdnat.pulver.com:5082;lr>')
This configuration and interface for linphone 1.10 (in Mandriva 2006) and linphone 1.3.5 (latest) is very similar.

5.4 Or Configure Ekiga

[If you are using Ekiga. Otherwise, skip this step]
Ekiga.org have a FAQ covering the ekiga setup. They also allow you to sign up for a sip account on ekiga.net, but I experienced some difficulties with this. Here is the set-up required to make it work with FWD:
In the Accounts configuration:
Setting (Ekiga 2.01: Accounts menu) Value
Account Name FreeWorldDialup
Registrar fwd.pulver.com
User FWD Number, e.g. NNNNNN
Password [password]
Authentication Login NNNNNN
Realm/Domain fwd.pulver.com
Registration Timeout 3600 (default is fine)
Checkbox, in the column unhelpfully marked 'A', next to the Account name Checked. This will make it register on the FWD registration server.

In the Preferences configuration:
Setting (Ekiga 2.01: Preferences menu) Value
Network Settings: -> Listen on eth0 (whatever your outward-facing network interface is)
NAT Settings: -> NAT Traversal Method STUN (experiment with 'IP translation' if necessary)
NAT Settings: -> STUN Server stun.fwdnet.net:3478
SIP Settings: -> Outbound Proxy fwdnat.pulver.com:5082
Audio Devices ALSA (if possible)

5.5 Or try Zap

Update: Zap, based on Mozilla is still in early development, but already worth trying. As yet, I haven't evaluated it.

6. Test it

First, check that you have successfully registered on the registration server (if you are using one). If you are using FWD, then go to: http://fwd.pulver.com/myicon.php?userid=NNNNNN (for whatever your userid is) and check that you appear online.

Now, try an echo test: "dial" 613 (in kphone) or sip:613@fwd.pulver.com (in linphone) for an echo service - you will hear your own voice repeated. There are many other useful service numbers for testing; these include '612' for a time service, and the rather fun '411' voice-activated "Tell Me" service.

By this point, we can call any person who has a SIP URL, and also many freephone numbers. To call me using SIP (pc->pc), use sip://NNNNNN@fwd.pulver.com.

7. Advanced

  • Voicemail can be configured here here, allowing one to receive incoming mail by email (as a .wav attachment). Dialling 8502 to access voicemail seems only to work with linphone (it doesn't accept my password with kphone, maybe DTMF related). Nevertheless, the emails do arrive, complete with .wav attachments! [Actually, the .wav attachments aren't as large as I expected, typically about 16K for a short message.]
  • Add an online status icon to your webpage! Here's mine: it says "Network member" when I am disconnected, and "Now Online" when kphone is signed in. The HTML code required is <a href="http://fwd.pulver.com/callme.php"><img src="http://fwd.pulver.com/myicon.php?userid=NNNNNN">, and it looks like this: callme icon

8. Incoming Phone Number

I registered an 0870 number so that people can call me from an ordinary phone. This can be done by CallUK and is FREE. They provide an 0870 number, which anyone can call, and it is charged at the standard BT UK National Rate. The process takes about 10 minutes to activate, and the number will remain mine provided that I use it at least every 3 months.

9. Outgoing phone calls (to other phones, including internationally)

This requires money, and signing up with a provider. There are two alternatives here:

  • Select a paid provider, and use them directly for everything, including all SIP calls.
  • Use a paid provider like a calling card, accessing them when required to make a SIP->PSTN call. If this is chosen, they must have an "access code" which is accessible from the SIP phone used.
I chose the latter, and picked IConnectHere.com, who are accessible from FreeWorldDialup using the access code **334. [There's a list of other providers, such as CallUk.com, who will handle the final-hop from SIP to the PSTN here.]

10. Outgoing Calls to Landlines: Setup of IConnectHere.com

I chose to use IConnectHere.com, and selected the "Pay as you go" tariff; then paid them $10 to obtain an account number and password. [Refer to these as AAAAAAAA and PPPP respectively]. To make a call from the PC to any phone, do this:

  1. In Kphone, dial the access code for iconnecthere.com: **334
  2. When prompted "enter your pin", enter userid and password: AAAAAAAA PPPP
  3. Enter the number, in international format, without the international access code. Eg to dial 01223 445566 in the U.K., enter 44 1223 445566
  4. To make an additional call, key **#
Don't worry if you don't hear all the DTMF tones.

11. Enjoy

All done - that's it! Update contacts, put your details on the web, and "reach out and touch someone".

Encryption with Zfone

Zfone is Phil Zimmermann's (of PGP fame) encryption for VOIP. It's important because VoIP is normally very easy to eavesdrop upon, and carriers are legally obligated to allow snooping. Zfone works as an inline "bump on the cord", so there is no need to modifiy the VOIP application. The Beta is not open source (GPL), but the source is available, and it is free (as in beer). It's very promising, but unfortunately, the version I tried on 2006-06-05 doesn't actually work (voipd exits with an error.)

Here's how to compile zfone:

  1. Download it from here. See also the FAQ.
  2. Install the necessary dependencies: I needed iptables-devel and automake1.6.
  3. First, compile and install the libzrtp-0.2.0 library: ./configure && make && sudo checkinstall; rpm -i
  4. Now, compile and install the libzrtphelper-0.2.0 library
  5. Lastly, compile and install the zfone-0.2.0 program

Here's how to use zfone:

  1. As root, start /usr/local/bin/voipd. This step failed, for me.
  2. As normal user, start /usr/local/bin/zfone_ctrl.
  3. When these are running, start the VOIP program (eg linphone) as usual.
  4. You should then be able to use the GUI, as depicted here.

To be continued...

Alternatives

There are some alternatives to doing it this way; this list is a very brief one.
  • Sipcall.co.uk. Look promising, but slightly more expensive than ICH.
  • Skype. Skype is actually more expensive than IConnectHere.com, and does not allow you to have an incoming PSTN number. There is also rather a lot of hype surrounding it. [Also, you have no control, whereas with SIP, you can run your own exchange if desired.]
  • Sipphone.com. This is run by Michael Robertson of Lindows and MP3.com fame. However, they charge $70/year for an incoming number, and phonegaim won't compile!
  • Gizmoproject.com. This could become a rather promising Skype-competitor, with easy to set up clients for Win/Mac/Linux, and being fully SIP compatible. It's open-standards, but it it isn't open-source.
  • zFone. This is Phil Zimmerman's encrypted VOIP. It's open source, but it isn't ready yet.
  • GPhone. GPhone is a very simple (but working, and GPL) application that basically pipes sound across a network. It does require a real IP address at both ends. Try calling localhost, and you'll get instant success!
  • Ekiga/Gnomemeeting. The original version of Gnomemeeting only used H.323. However, the newer version, renamed Ekiga can also do SIP.
  • Zap. A mozilla-based SIP client. A tarball can be downloaded from here: this is a Linux binary (just like the mozilla releases). So far, it's only at version 0.2.2, but it already works extremely well.
  • A long list of others at Wikipedia.

Important Notes

  • Do not use VOIP for Emergency Calls. At least, don't rely upon it. The regular phone system (at least with BT in the UK) is self-powered. But your computer won't work if there is a mains power failure. Also, the emergency services may find it easier to locate you (or call you back) if you use a land-line, or a mobile phone. For example, this is a problem in the USA.
  • Note: VOIP is not encrypted. Unless you do something about it, a VOIP call is less secure than a regular phone or GSM, and is easier to eavesdrop on. For example, there is the Voice over Misconfigured IP program which reconstructs packets captured with tcpdump.
  • If Encryption is desired, SIP can be tunnelled. However, don't try to tunnel it over SSH: this would effectively tunnel it over TCP/IP. Since TCP/IP is a reliable tansport, the packets are guaranteed to arrive, and in the correct order, but may be very late, especially if retransmission is required. But for VOIP, packet loss doesn't matter; low latency is important! It's necessary to tunnel over a secure UDP layer, e.g. IPSec. [Or, try zFone.]
  • To use SIP on Windows, only certain versions of Messenger will work. Otherwise, one might try X-Lite.
  • If one has a NAT gateway/firewall, the alternative to using an external outbound proxy server is to run siproxd on the firewall. Siproxd is a proxy/masquerading daemon for the SIP protocol; a diagram may be found here. The advantage of this is that you can have full control of your own system, and have a sip address in your own domain. (I haven't yet done this.)
  • Trying to make various applications play nicely and use the soundcard simultaneously under Linux doesn't seem entirely straightforward. Using artsdsp will work in most cases (e.g. you can run multiple instances of 'artsdsp play file.wav'), but it doesn't help in the case of linphone. [The result is very blocky, broken-up sound.] Another possible solution may be to use the dmix or dsnoop features of ALSA. (Mandriva 2006 will enable this by default).

Other Resources

The End

Written by Richard Neill, 2005-01-07. Last updated 2006-06-04 Please feel free to copy, link, modify, redistribute etc.

Please do also send me feedback.

Top | Home | Contact Valid HTML 5!