Setting Up Our Voice-Over-IP Phone System

As I mentioned recently on Google+, I’ve recently installed a telephone system for Meshed Insights using a Raspberry Pi. Here’s a description of the system I’ve put together.

Raspberry PI PBX

The brains live in a model B Raspberry Pi. I installed the GNU/Linux distribution Raspbian using the easy NOOBS on an SD card, then installed RasPBX — FreePBX and Asterisk — using the Pi Store via the desktop as that was easiest. I enabled sshd so I can log in from the office (using a private key so it’s less hackable), set the unit to have a fixed IP on our internal network and then disconnected the keyboard, mouse and screen. The system now runs headless in our server room.

Devices

In terms of hardware, we have several useful devices letting us connect equipment to the PBX. We have a fax machine (actually a Samsung multi-function laser printer) and a DECT phone (so we can roam the grounds on conference calls!). These are connected via a LinkSys PAP2T phone interface, which has two FXO ports (allowing connection of a phone). In FreePBX we have them set up as generic SIP extensions. The PAP2T has to be configured to register with Asterisk, achieved by pointing a web browser at it (or using OSS PBX End Point Manager, see below). Worth noting: you need to use separate port numbers for the two lines; 5060 and 5061 are normal.

We also have a landline we use for outgoing calls only. We use a Linksys SPA3102 voice gateway for this, which has one FXS (allowing connection of a landline) and one FXO port. Again these are configured using a web browser or the End Point Manager so they log in to the PBX. Since the landline master socket is in a room far, far away from the server room, I installed an old analogue handset in the FXO port so it’s possible to call the server room or office while doing maintenance.

Here’s the PEER configuration for the phone line:

disallow=all
allow=ulaw
canreinvite=no
context=from-trunk
dtmfmode=rfc2833
host=dynamic
incominglimit=1
nat=never
port=5061
qualify=yes
secret=<password>
type=friend
username=<username>

In the server room, there is another PAP2T providing an analogue phone for whoever is in the warm darkness over there.

On the desks we have the Polycom Soundpoint 330 VoIP phone. These can also be configured using a web browser or End Point Manager so they log in to the PBX. They have two lines that can be configured separately as well as two ethernet jacks on the back so we can plug in a laptop and only need one ethernet cable to each desk.

It’s worth using the End Point Manager to configure the devices. It uses nmap (which you’ll need to configure on the PBX — sudo apt-get install nmap) to detect all your VoIP devices and then uploads configurations and even new firmware.

Services

In addition to the landline, we also have several cloud services in use. Our inbound UK office phone numbers are provided by SipGate. To make that work, we created a Trunk that registers with SipGate and an Inbound Route that routes calls to phones.

SipGate Trunk PEER details:

type=friend
insecure=invite
nat=yes
username=<username>
fromuser=<username>
fromdomain=sipgate.co.uk
secret=<password>
host=sipgate.co.uk
qualify=yes
canreinvite=no
dtmfmode=rfc2833
context=from-sipgate

SipGate Trunk USER details:

type=friend
username=<username>
secret=<password>
host=sipgate.co.uk
fromuser=<username>
fromdomain=sipgate.co.uk
nat=yes
authuser=<username>
dtmfmode=info
insecure=very
canreinvite=no
disallow=all
allow=ulaw&alaw

Our inbound US number is provided by IPKall, which makes a SIP call to us whenever anyone calls. Since we don’t allow anonymous SIP calls (we see thousands of attempted unauthorised connections each day), we also have a Trunk and an Inbound Route set up for IPKall.

For outbound calls, UK calls are routed through the landline. In addition we use two services. IPKall provides a free SIP service to connect US 800 numbers and we have an Outbound Route that sends calls there. All other outbound US calls go to Google Voice via the Chan Motif module.

IPKall Trunk PEER details:

host=voiper.ipkall.com
type=peer
insecure=very
port=5060
nat=no
dtmfmode=rfc2833
disallow=all
allow=ulaw&alaw&g729&gsm

We also communicate with some clients using IPTel, a free network of VoIP phones. This allows direct six-digit dialling via their service.

IPTel Trunk PEER details:

type=peer
host=sip.iptel.org
outboundproxy=sip.iptel.org
port=5060
defaultuser=<username>
fromuser=<username>
fromdomain=sip.iptel.org
secret=<password>
dtmfmode=rfc2833
insecure=port,invite
canreinvite=no
registertimeout=600
disallow=all
allow=alaw&ulaw
qualify=yes

Hope that helps – feel free to ask questions about any of the details as this is all very much trial-and-error and there are plenty of places — especially in the regular expressions in the Routes and Dial Plans — where things can go wrong. I’m no expert so there may well be errors or imperfections in that configuration above – please let me know if you see anything I could improve.

6 thoughts on “Setting Up Our Voice-Over-IP Phone System

  1. Hi. I’m trying to set up IPKall on my own FreePBX installation (am also based in the uk). But I’m also worried about keeping it secure. Did you set up an additional extension for IPKall to dial, or is the trunk/routing sufficient?

    • I have IPKall dial a specific extension, with an inbound route set up to accept it and all other SIP calls banned. I get many, many attempts to hack the system every day, so this is definitely necessary.

      • That’s helpful, thanks. So you haven’t had to enable anonymous sip calls? That was what I was worried I might have to do! I tried routing the call through one of my other SIP trunks, but that seems backwards and it meant I lost the DID and wasn’t able to route so well. I’ll give this a go and hope for the best!

        Thanks for blogging your project!

      • No, permitting anonymous SIP opens the floodgates for all the hackers with Russian and middle-eastern IP addresses trying to find a route to our trunk; I would never enable that. We have all our SIP traffic connected through IPTel (and Google Hangouts).

Comments are closed.