Category: Wi-Fi

The New VoIP Frontier: Meet the iPad Mini with Retina Display

Last week was interesting if for no other reason because Apple released an amazing new product without tooting a single trumpet. In fact, the iPad Mini with Retina display was quietly made available on Apple’s web site in the middle of the night. Most believe that the rationale was that the devices were in such short supply that Apple couldn’t afford the PR nightmare of releasing a new product that very few could buy. Guess what? It’s still available. You have to order on the web. Then you can either pick up the device at your local Apple Store, or have it shipped directly to you… from China. We ordered on Tuesday and received the unit on Friday. What struck us about the new iPad Mini is the striking resemblance to the old iPad Mini. One suspects that Apple is running out of magic bunnies to pull from the hat so we’re getting down to one new gee whiz feature per year. In fairness, the new iPad Mini not only has a Retina display, but also has the new A7 chip with 64-bit architecture. The CPU is up to four times faster while graphics performance saw an 800% improvement without sacrificing battery life. To be completely honest, Apple needed the extra horsepower to drive the retina display, and the battery life has been preserved by increasing its size considerably. Almost half of the inside of an iPad Mini is now nothing but battery. Hop over to iFixIt for all the details.

If the new hardware were the only addition, we probably would have had little interest in the new iPad Mini. But we learned a couple of years ago that there’s a dramatic difference in reading on a 7 inch tablet vs. an 8 inch tablet. And, when you add the retina display with 2048-by-1536 resolution and a staggering 326 pixels per inch, the iPad Mini becomes an almost perfect traveling companion for those that do a lot of reading. Apple also bundles an impressive list of business and productivity applications including Siri at no additional cost. For those that work on the Mac platform, the most important enhancement to these apps is that what you see on the Mac desktop using Pages, Numbers, or Keynote is exactly what you’ll see when the document is moved to either the iPad Air or iPad Mini with Retina display. For traveling business folks, that’s a huge improvement!

There have been some equally impressive additions on the communications front for those that enjoy Voice over IP technology. If you’re using PBX in a Flash™ or Asterisk®, we’re pleased to report that the Zoiper IAX client for iOS 7 works flawlessly. Simply set up an IAX extension on your server and enter your credentials in the Zoiper client on your iPad. Screwy as it sounds, Google has released Hangouts on the iOS 7 platform (only) with the added capability to place and receive PSTN phone calls anywhere in the world using a Google Voice PSTN phone number. And calls within the U.S. and Canada are free! Will it disappear? Will Google ever support it on their own Android devices? Who knows? We’ve given up trying to predict what Google will do next, but this addition will probably remain so long as Hangouts continues to be a viable platform. And Google seems to be staking their VoIP fortunes on Hangouts just as Apple has done with FaceTime and Microsoft with Skype. Of course, PSTN calls aren’t possible with FaceTime and, with Skype, PSTN calls are never free. So there is that important difference, and Hangouts fills that niche.

The other major software news is that Google Play Music now is available for iOS 7 as well. In addition to unlimited streaming of almost any music on the planet for $9.95 a month (to a single device at a time), you also can move 20,000 of your favorite songs to the Google Cloud and stream them for free. Apple offers free music alternatives as well including iTunes Radio which now is rolled into the iPad Music app.

There used to be a big reason for buying the cellular addition to the iPads. It made the GPS functionality work. Our Wi-Fi only unit had no problem pinpointing our location with nothing but a WiFi signal. Of course, if you have one of the new Verizon or AT&T bundled data plans, adding an iPad is just $10 a month. That alone would warrant purchase of the unlocked cellular model which now works with all cellular carriers. What a concept!

As you might expect, there are no deals to be had on the iPad Mini with Retina display. But, if you’re looking to buy a new iPad for Christmas, you should probably pay a visit to WalMart or Target on Black Friday. Both retailers are throwing in a $100 gift card with your purchase of the new iPad Air. Nobody other than Apple is yet selling the iPad Mini with Retina display. For another great review, see today’s coverage on The Verge. Enjoy!



Just Released: AstriCon 2013 Videos. Digium has just released all of the videos from AstriCon 2013 on the new YouTube Asterisk Channel.



Originally published: Monday, November 18, 2013




Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

The Ultimate Android Tablet: Meet the Microsoft Surface Pro

We were fully prepared to hate the Microsoft Surface Pro. After all, it was designed and produced by Microsoft, and we haven’t seen many flashes of brilliance from Redmond since the XBox. That was more than eleven years ago! Yes, Microsoft has new smartphones, but they’re too little, too late in our opinion. So why is the Surface Pro different? For openers, it runs pure Windows 8, not the Windows RT crippleware. While we’re not much of a Windows cheerleader any more (we were for the first 25 years), it is worth noting that Apple has one operating system for desktops and notebooks and a different (crippled) one for smartphones and tablets. And Google has one operating system for its notebooks and a very different one for its smartphones and tablets. Microsoft, on the other hand, had a better idea. The same operating system runs on both its desktop computers, its notebooks, and its latest tablet, the Surface Pro. What that means is the same application that runs on your desktop computer can now perform equally well on a tablet. And it can do it with or without the Surface’s revolutionary, portable keyboard. Application portability is huge especially if your company happens to still be a pure Microsoft shop. And it’s especially important if you or your employees happen to travel for a living.

It Just Works. So much for the theory. The bottom line for us was whether our existing PBX in a Flash, Incredible PBX, and Android platforms could live and breathe on the Surface Pro. The short answer is a resounding YES. This is not the crippled, proprietary Windows RT platform found in the original (klunky) Surface. This is a fully functional Windows 8 machine with an Intel processor, blazing performance, and both microSD and USB 3.0 slots, nice additions that you won’t find on a lot of tablets. If an app will run with Windows 7 or Windows XP, it works just as well or better on the Surface Pro. And with BlueStacks, you can run 750,000 Android apps on your Surface Pro as well. We quickly downloaded our favorite Android VoIP app, Groove IP, from Google’s Play Store using BlueStacks. Then we performed a couple of quick calls using a Google Voice account. The calls were flawless even with our shaky DSL connection on a very snowy day in the mountains. Adding BlueStack’s Cloud Connect will let you push existing apps from your Android phone or tablet to your Surface Pro. Pretty cool.

For a complete technical review of the Surface Pro, visit ZDnet or TechRadar. Just pray you never need repairs.

The only thing we’ve found missing hardware-wise on the Surface Pro is a PrintScreen key on the awesome keyboard which is a must-have, by the way. To print screens, you’ll need to use the tablet trick: VolDown + Home. But, as you can see from the screenshot above, it works fine. Because of the high resolution screen however, you lose something shrinking the images down to 650 pixels. On the software front, there were few surprises. WiFi is rock solid, and links to MiFi devices make the Surface Pro truly portable. If ass-backwards scrolling with the touchpad drives you crazy, use RegEdit and search for the mouse entry for FlipFlopHScroll. Change the decimal value from 0 to 1. The Chrome browser works fine with the keyboard and mousepad, but you’ll be using Internet Explorer to work with the touchscreen in tablet mode. Hopefully, that will get fixed shortly.

SAMBA connections work fine after the usual tweaks to the Windows Registry and a reboot. NeoRouter as a VPN client or server functions just as you would expect after telling Windows 8 to run the main programs as Administrator. Windows 8 is a bit more picky about this even when you’re logged in as an Administrator. Oracle’s VirtualBox as a virtual machine platform for Linux appliances works swimmingly, and performance is AMAZING. We built an Incredible PBX server using the latest .ova template in under 5 minutes, and we were making free calls and sending out faxes through Google Voice in under 10 minutes. Amazing!

Family Feud. There’s only one major shortcoming worth noting. Microsoft has taken their feud with Google to a whole new level with Windows 8. It’s not so much the Bingification of every Windows utility that bothers us. It’s what appears to be a conscious effort to banish Google from the Windows platform entirely. Think Apple! Those using two-step authentication for Google services are S.O.L. when it comes to Gmail. You’re left having to deploy Gmail as an IMAP mail service to get your mail at all. Giving Microsoft the benefit of the doubt, you could give them a pass on this if it had just been the initial Windows 8 release. But there have been plenty of patches and updates since Day One, and two-step authentication for Google services remains MIA. If the United States is going to retain its lead in the software development arena, Microsoft and Google and Apple had best bury the hatchet and learn how to work together to make their offerings complimentary. Consumers aren’t going to tolerate this kind of seventh grader nonsense in this day and age. So, wake up, Microsoft. Ruining an otherwise promising platform while trying to shaft Google is a lousy business decision, and it’s going to backfire. Consumers will simply move exclusively to their platform of choice, and guess what? That platform isn’t going to be Microsoft. More importantly, this article is a testament to what actually can be accomplished in Googlifying a Surface Pro with a little Yankee ingenuity. For all practical purposes, our Surface Pro is the best Android tablet we’ve ever owned, and we’ve owned a few. So here’s a little tip for Microsoft: Remember what made Windows a hit! Ubiquity, not exclusivity!

Originally published: Monday, February 18, 2013



Need help with Asterisk? Visit the PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new and improved discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls, free SMS messaging, free 911 alerts, and free in-network calling for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Introducing PBX in a Phone: Grandstream GXP2200 featuring Incredible PBX

One of the long-term goals of the PBX in a Flash™ Project has always been the desire to integrate a full-featured PBX directly into a desktop phone. For those that travel or support small branch offices, this would be the best of all possible worlds. We never quite achieved it with PBX in a Flash, but thanks to the Raspberry Pi™, Grandstream’s new GXP2200, a couple of screws, and a power drill, we’ve found the perfect couple. Imagine managing a virtual private network with your branch office PBX whirring away beneath your desktop phone and nothing more than a touchscreen browser built into your phone. And now you can appreciate what a milestone this is for the VoIP telephony community.

We introduced the GXP2200 in our Black Friday roundup last week, but here are the highlights for those of you that may have missed it. While there have been other VoIP phones built around Android, this is the first affordable unit (under $200)1 that also includes access to Google’s Play Store thanks to Grandstream’s firmware update released last week. This is significant because proprietary app stores mean the phone manufacturer keeps total control of what you can install on your phone while access to Google’s Play Store makes available virtually all of the Android software in the commercial (and free) marketplace.

Why Android Matters with a VoIP Phone

Using Android as the underlying operating system for a VoIP phone provides the best of all worlds with SIP access to your favorite Asterisk® server or Incredible PBX™ for the Raspberry Pi plus Skype, Google Voice, Microsoft Lync, YouTube, Pandora, Facebook, Twitter, and Angry Birds without leaving your chair. The GXP2200 supports six SIP lines, five-way conference calls, HD audio, Bluetooth, integrated PoE, and VPNs of many flavors. You also can add four 20-button sidecar expansion modules. GrooVe IP can be installed from the Google Play Store for plug-and-play Google Voice calling. That gives you the “VoIP Big Three” on a single desktop phone: SIP, Skype, and Google Voice. Plug in an SD card with your favorite tunes and videos, and they’ll play back flawlessly on the GXP2200. The PBX in a Flash RSS Security Feed can also be installed on the desktop of this phone. With the $5 IP Cam Viewer app, you can use your phone to monitor dozens of IP cameras in your organization or anyone else anywhere in the world. AsteriDex also can be used from the phone’s browser to provide click-to-dial calling with any SIP trunk you’ve set up on the phone. And, as we noted, the touchscreen browser lets you access FreePBX® to configure and manage Incredible PBX and your Asterisk server directly from your phone. Did we mention the 1,000-client phone directory and Google Calendar plus dedicated voicemail, call transfer, and conferencing buttons right on the phone? All of them work flawlessly with Asterisk as well as PBX in a Flash and Incredible PBX. While the version of Android is a bit long in the tooth, we haven’t found that to be a distraction when paired with a desktop phone. One of the consultants on the PIAF Forum mentioned that he had taken this phone to a customer site last week. The employees were so impressed with the GXP2200 that they told the boss they would subsidize the cost of the phones if he would purchase them for the office. When is the last time you had that conversation with your boss?

Hooking Up the Raspberry Pi with a GXP2200

The Raspberry Pi integration is accomplished easily because of the new design of the 512MB Raspberry Pi boards with two mounting holes (covered by the two brass-colored nuts above) plus the unique phone stand that is provided with Grandstream’s GXP2200. A quick trip to the hardware store for two one-inch screws and a couple minutes with a power drill, and it was easy enough for any fifth grader to mount the Raspberry Pi on the inner side of the plastic phone stand. Once you slide the stand into place on the phone, the Raspberry Pi is completely hidden inside the phone stand with plenty of ventilation to operate unobtrusively for years. A 6-inch CAT5 cable will let you take advantage of the spare network jack on the back of the phone to add network connectivity for the Raspberry Pi. Insert your SD card with Incredible PBX, power up the Raspberry Pi with a 5-volt adapter, and your branch office PBX comes to life. Fire up your phone’s browser, log in to http://incrediblepbx.local, and your entire PBX is quite literally at your fingertips:

By the time your GXP2200 is delivered, Incredible PBX 3.6 for the Raspberry Pi will be on the street featuring Incredible Fax.2 Then you’ll have everything any remote office could ever ask for, and it’ll all be neatly tucked away beneath your telephone with management convenience like you’ve never experienced. Enjoy!

Originally published: Monday, November 26, 2012




Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. Some of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. []
  2. If you have that pioneering spirit, you can take the Preview Edition of Incredible PBX 3.6 for a spin today. []

VPN in a Flash Reborn: Meet the Dedicated Server Edition in PIAF 2.0.6.2.4

We’re dusting off our favorite old trademark to introduce the all-new VPN in a Flash™ featuring NeoRouter™ 1.7 Free Server Edition. Last month we showed how to install NeoRouter as an add-on for existing PBX in a Flash™ servers. In sites with 10 or fewer machines to interconnect, this works extremely well. However, for those with major collections of servers and PCs scattered across the universe (up to 256!), you’re going to want dedicated hardware to manage your virtual private network. Thanks to the terrific work of Tom King, you’ve got that choice. Meet VPN in a Flash.

As with PBX in a Flash, the Dedicated Server Edition of VPN in a Flash is offered in 32-bit or 64-bit flavors. How do you get it? It’s now an option in the PBX in a Flash 2.0.6.2.4 ISO featuring the CentOS 6.2 platform for the ultimate in reliability. Just download the new 2.0.6.2.4 ISO from SourceForge, burn it to a CD or DVD or, better yet, make yourself a bootable flash drive, and find some hardware to dedicate to the task of managing your virtual private network. Set up the server behind a dedicated firewall on any private LAN other than the 10.0.0.x network. Answer a few prompts to choose your timezone and set up your NeoRouter credentials. Then configure your hardware firewall to lock down the assigned DHCP address of your VPN in a Flash server and map TCP 32976 to the IP address of your VPN server, and you’re done. In 30 minutes, you get a rock-solid, preconfigured VPN. Not only is it SECURE, it’s also FREE!

After your VPN in a Flash server is installed, you can optionally go to the NeoRouter web site and register your new VPN by clicking Create Standalone Domain. Make up a name you can easily remember with no periods or spaces. You’ll be prompted for the IP address of your server in the second screen. FQDNs are NOT permitted.

When a VPN client attempts to login to your server, the server address is always checked against this NeoRouter database first before any attempt is made to resolve an IP address or FQDN using DNS. If no matching entry is found, it will register directly to your server using a DNS lookup of the FQDN. Whether to register your VPN is totally up to you. Logins obviously occur quicker using this registered VPN name, but logins won’t happen at all if your server’s dynamic IP address changes and you’ve hard-coded a different IP address into your registration at neorouter.com.

Setting Up a NeoRouter Client. There are NeoRouter clients available for almost every platform imaginable, except iPhones and iPads. Hopefully, they’re in the works. So Step #1 is to download whatever clients are appropriate to meet your requirements. The VPN in a Flash install automatically loads the Linux clients into the /usr/src/neorouter directory and installs the NeoRouter client for you. Here’s the NeoRouter Download Link for the other clients. Make sure you choose a client for the Free version of NeoRouter. And make sure it is a version 1.7 client! Obviously, the computing platform needs to match your client device. The clients can be installed in the traditional way with Windows machines, Macs, etc.

CentOS NeoRouter Client. As part of the installation above, we have automatically installed the NeoRouter client for your particular flavor of CentOS 6, 32-bit or 64-bit. In order to access resources on your NeoRouter server from other clients, you will need to activate the client on your server as well. This gets the server a private IP address in the 10.0.0.0 network.

To activate the client, type: nrclientcmd. You’ll be prompted for your Domain, Username, and Password. You can use the registered domain name from neorouter.com if you completed the optional registration step above. Or you can use the private IP address of your server. If your router supports hairpin NAT, you can use the public IP address or server’s FQDN, if you have one. After you complete the entries, you’ll get a display that looks something like this:

To exit from NeoRouter Explorer, type: quit. The NeoRouter client will continue to run so you can use the displayed private IP addresses to connect to any other online devices in your NeoRouter VPN. All traffic from connections to devices in the 10.0.0.0 network will flow through NeoRouter’s encrypted VPN tunnel. This includes inter-office SIP and IAX communications between Asterisk® endpoints.

Admin Tools for NeoRouter. Here are a few helpful commands for monitoring and managing your NeoRouter VPN.

Browser access to NeoRouter Configuration Explorer (requires user with Admin privileges)

Browser access to NeoRouter Network Explorer (user with Admin or User privileges)

To access your NeoRouter Linux client: nrclientcmd

To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart

To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart

To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword

For a list of client devices: nrserver -showcomputers

For a list of existing user accounts: nrserver -showusers

For the settings of your NeoRouter VPN: nrserver -showsettings

To add a user account: nrserver -adduser username password user

To add admin account: nrserver -adduser username password admin

Test VPN access: http://www.neorouter.com/checkport.php

For a complete list of commands: nrserver –help

To change client name from default pbx.local1:

  • Edit /etc/hosts
  • Edit /etc/sysconfig/network
  • Edit /etc/sysconfig/network-scripts/ifcfg-eth0
  • reboot

For the latest NeoRouter happenings, follow the NeoRouter blog on WordPress.com.

Eating Our Own Bear Food. We’ve actually been at our SOHO cabin this month “testing” VPN in a Flash. It’s provided instant access both to our desktop machines and servers in Charleston as well as Tom King’s Proxmox server in Florida where we’ve been developing Yate in a Flash™, a new, dedicated SIP to Google Voice Gateway for Asterisk. We’ll have more to say about it next week, or you can follow the link and get a head start. The bottom line on VPN in a Flash: It Just Works! VPN in a Flash frees you from ever having to stay in your home or office to get work done. And it’s been rock-solid reliable. Enjoy!

Originally published: Wednesday, June 20, 2012




Need help with Asterisk? Visit the NEW PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. We’ve built a script to rename your VPN in a Flash server in all the right places. You can download it here. []

Introducing NeoRouter VPN: A Star Is Born

In our last article, we introduced PPTP VPNs for interconnecting remote users and branch offices to a central network hub. Known as a hub-and-spoke VPN, the advantage of this design is it lets remote users participate as peers in an existing home office LAN. It’s simple to set up and easy to maintain. The drawback is vulnerability to man-in-the-middle attacks.

Today, we want to turn our attention to the more traditional client-server VPN which still relies upon a central server but uses a star topology to connect remote nodes. The major difference is that only registered devices participate in the virtual private network so there is no direct access to other machines on the LANs of the registered devices. If you have servers scattered all over the countryside, this is an excellent way to manage and interconnect them. All data and communications between the nodes can then be routed through the encrypted VPN tunnel for rock-solid security.

With NeoRouter’s free software, you can set up your VPN server using a PC, a Mac, a Linux or FreeBSD machine, OpenWrt Backfire, and Tomato. VPN clients are available for PCs, Macs, Linux and FreeBSD PCs, OpenWrt, Tomato as well as Android phones and tablets. There’s even an HTML5 web application in addition to a Chrome browser plug-in. With the OpenWrt and Tomato devices or if you’re an extreme techie, you can broaden your NeoRouter star configuration to include bridging of remote LANs. See pp. 47-50 of the NeoRouter User’s Manual. And you can interconnect up to 256 devices at no cost. For $999, you can enlarge your VPN to support 1,000 devices. Screen sharing, remote desktop connections, HTTP, and SSH access all work transparently using private IP addresses of the VPN nodes which are automatically assigned to the 10.0.0.0 private network.

You may be wondering why we’ve moved on from Hamachi. Suffice it to say, LogMeIn has put the squeeze on the free version to the point that it’s now next to worthless. In fact, you’d be hard-pressed to find any mention of a free version of Hamachi (other than a trial edition) on LogMeIn’s current web site. Here’s a feature comparison which says it better than we could:

Today we are introducing the first of two NeoRouter VPN solutions. First, we have a simple installation script that works with any PBX in a Flash 2™ server. See also our more recent column for the dedicated server edition of NeoRouter VPN known as VPN in a Flash. It’s suitable for use on a dedicated server or running as a virtual machine. For smaller VPNs, we prefer the add-on module for PBX in a Flash. For larger deployments, you probably should opt for the dedicated machine. It also isolates your VPN server from your PBX which generally is the better network strategy. Regardless of the installation scenario you choose, keep in mind that neither option requires exposure of your entire server to the Internet. Only a single TCP port needs to be opened in your hardware-based firewall and IPtables Linux firewall.

NeoRouter Setup with PIAF2™. We’re assuming you already have a PBX in a Flash 2 server set up behind a hardware-based firewall. If not, start there. Next, we’ll need to download and run the installer for your new NeoRouter Server. It also installs the client. Just log into your server as root and issue the following commands:

wget http://incrediblepbx.com/install-neorouter
chmod +x install-neorouter
./install-neorouter

The installer will walk you through these five installation steps, but we’ll repeat them here so you have a ready reference down the road.

First, on your hardware-based firewall, map TCP port 32976 to the private IP address of your PIAF2 server. This tells the router to send all NeoRouter VPN traffic to your PIAF2 server when it hits your firewall. If you forget this step, your NeoRouter VPN will never work!

Second, we’re going to use your server’s public IP address as the destination for incoming traffic to your NeoRouter VPN. If this is a dynamic IP address, you’ll need an FQDN that’s kept current by a service such as DynDNS.com.

Third, each administrator and user is going to need a username to access your NeoRouter VPN. You can use the same credentials to log in from multiple client machines, something you may or may not want to do. We’re going to set up credentials for one administrator as part of the install. You can add extra ones by adding entries with one of the following commands using the keyword admin or user. Don’t use any special characters in the username and password!

nrserver -adduser username password admin
nrserver -adduser username password user

Fourth, make up a very secure password to access your NeoRouter VPN. No special characters.

You’re done. Review your entries very carefully. If all is well, press Enter. If you blink, you may miss the completion of the install process. It’s that quick.

Fifth, after your NeoRouter VPN is installed, you can optionally go to the NeoRouter web site and register your new VPN by clicking Create Standalone Domain. Make up a name you can easily remember with no periods or spaces. You’ll be prompted for the IP address of your server in the second screen. FQDNs are NOT permitted.

When a VPN client attempts to login to your server, the server address is always checked against this NeoRouter database first before any attempt is made to resolve an IP address or FQDN using DNS. If no matching entry is found, it will register directly to your server using a DNS lookup of the FQDN. Whether to register your VPN is totally up to you. Logins obviously occur quicker using this registered VPN name, but logins won’t happen at all if your server’s dynamic IP address changes and you’ve hard-coded a different IP address into your registration at neorouter.com.

Setting Up a NeoRouter Client. As mentioned previously, there are NeoRouter clients available for almost every platform imaginable, except iPhones and iPads. Hopefully, they’re in the works. So Step #1 is to download whatever clients are appropriate to meet your requirements. Here’s the NeoRouter Download Link. Make sure you choose a client for the Free version of NeoRouter. And make sure it is a version 1.7 client! Obviously, the computing platform needs to match your client device. The clients can be installed in the traditional way with Windows machines, Macs, etc.

CentOS NeoRouter Client. As part of the installation above, we have automatically installed the NeoRouter client for your particular flavor of CentOS 6, 32-bit or 64-bit. In order to access resources on your NeoRouter server from other clients, you will need to activate the client on your server as well. This gets the server a private IP address in the 10.0.0.0 network.

To activate the client, type: nrclientcmd. You’ll be prompted for your Domain, Username, and Password. You can use the registered domain name from neorouter.com if you completed step #5. Or you can use the private IP address of your server. If your router supports hairpin NAT, you can use the public IP address or server’s FQDN, if you have one. After you complete the entries, you’ll get a display that looks something like this:

To exit from NeoRouter Explorer, type: quit. The NeoRouter client will continue to run so you can use the displayed private IP addresses to connect to any other online devices in your NeoRouter VPN. All traffic from connections to devices in the 10.0.0.0 network will flow through NeoRouter’s encrypted VPN tunnel. This includes inter-office SIP and IAX communications between Asterisk® endpoints.

Admin Tools for NeoRouter. Here are a few helpful commands for monitoring and managing your NeoRouter VPN.

Browser access to NeoRouter Configuration Explorer (requires user with Admin privileges)

Browser access to NeoRouter Network Explorer (user with Admin or User privileges)

To access your NeoRouter Linux client: nrclientcmd

To restart NeoRouter Linux client: /etc/rc.d/init.d/nrservice.sh restart

To restart NeoRouter Linux server: /etc/rc.d/init.d/nrserver.sh restart

To set domain: nrserver -setdomain YOUR-VPN-NAME domainpassword

For a list of client devices: nrserver -showcomputers

For a list of existing user accounts: nrserver -showusers

For the settings of your NeoRouter VPN: nrserver -showsettings

To add a user account: nrserver -adduser username password user

To add admin account: nrserver -adduser username password admin

Test VPN access: http://www.neorouter.com/checkport.php

For a complete list of commands: nrserver –help

To change client name from default pbx.local1:

  • Edit /etc/hosts
  • Edit /etc/sysconfig/network
  • Edit /etc/sysconfig/network-scripts/ifcfg-eth0
  • Edit /etc/asterisk/vm_general.inc
  • reboot

For the latest NeoRouter happenings, follow the NeoRouter blog on WordPress.com.

GPL2 License. The install-neorouter application is open source software licensed under GPL2. The NeoRouter Server and Client software is freeware but not open source. This installer has been specifically tailored for use on PBX in a Flash 2 servers, but it can easily be adjusted to work with virtually any Linux-based Asterisk system. If you make additions or changes, we hope you’ll share them on our forums for the benefit of the entire VoIP community. Enjoy!

Originally published: Wednesday, April 18, 2012




Need help with Asterisk? Visit the NEW PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. We’ve built a script to rename your PIAF2 server in all the right places. You can download it here. []

Introducing PPTP VPNs: The Travelin’ Man’s Best Friend

It’s been almost three years since we introduced VoIP Over VPN to securely interconnect Asterisk® servers. As LogMeIn® continues to squeeze the free Hamachi® VPN into oblivion, we’ll have a new, Really Free™ matrix VPN solution for you in coming weeks. This will let you interconnect up to 256 PBX in a Flash™ servers in minutes, not months, with no muss, no fuss, no fees, and no licensing worries. But today we want to begin VPN Month by turning our attention to those that need a virtual private network to connect back to a home office network or a home for that matter. This includes the traveling businessman or woman, the physician or lawyer with multiple remote offices, and any hub-and-spoke business such as a bank that has small branch offices that need to transparently link back to the mothership for network and communications services. The hidden beauty of PPTP VPNs is that all data (including phone calls) travels through an encrypted tunnel between the satellite office and home base. If you travel for a living and rely on other people’s WiFi networks for Internet access, a layer of network security will be a welcome addition.

Believe it or not, Microsoft introduced the Point-to-Point-Tunneling-Protocol (PPTP) with Windows 95. Back then we knew it as Dial-Up Networking. Suffice it to say that, in those days, PPTP was anything but secure. Unfortunately, the bad name kinda stuck. For the most part, the security issues have been addressed with the possible exception of man-in-the-middle attacks which are incredibly difficult to pull off unless you are a service provider or have access to the wiring closets of your employer. You can read the long history of PPTP VPNs on Wikipedia for more background. If you’re traveling to China or other democracy-challenged destinations, you probably shouldn’t rely upon PPTP for network security. If these security considerations aren’t applicable in your situation, keep reading because PPTP VPNs are incredibly useful and extremely easy to deploy for an extra layer of VoIP and network security in most countries that have severe wiretapping penalties in place.

PPTP VPNs also provide home-away-from-home transparency to home office network services. Simply stated, with a PPTP VPN, you get a private IP address on the home office LAN that lets you do almost anything you could have done sitting at a desk in the home office. There’s more good news. Fifteen years ago, we paid Cisco thousands of dollars for hardware boxes known as PPTP VPN Concentrators. You can still find some of them on eBay. For history buffs, a little company in California originally built these boxes. I think we paid about $3,000 for them. One year later Cisco bought the company and promptly doubled the price. Today, you can Do It For Free™ using your existing PIAF2 server platform. And, trust me, today’s 2-minute setup runs circles around the hoops we jumped through 15 years ago to install PPTP VPNs. Once deployed, they revolutionized mobile computing.

If you’re already running one or more PIAF2™ servers, then adding a PPTP VPN server to an existing system is a job for a Fifth Grader. Remember, you only need to do this on one server at your home base even if you have a dozen. The other good news is there are PPTP VPN clients for almost any platform you can name. Linux, Windows, Macs, Android, as well as iPhones, iPads, and iPod Touch devices all have free PPTP VPN clients that can be activated in less than a minute giving you instant, secure home base access.

Getting Started. We’re assuming you already have a PBX in a Flash 2 server set up behind a hardware-based firewall. If not, start there. Next, we’ll need to download and run the installer for your PPTP VPN Server. Just log into your server as root and issue the following commands:

wget http://incrediblepbx.com/install-pptp
chmod +x install-pptp
./install-pptp

UPDATE: For those of you still running a PBX in a Flash 1.7.x server under CentOS 5, we have a separate install script for you thanks to the great work of scurry7:

wget http://incrediblepbx.com/install-pptp-centos5
chmod +x install-pptp-centos5
./install-pptp-centos5

The Server Install: Five Easy Pieces. The installer will walk you through these five installation steps, but we’ll repeat them here so you have a ready reference down the road.

First, on your hardware-based firewall, map TCP port 1723 to the private IP address of your PIAF2 server. This tells the router to send all PPTP VPN traffic to your PIAF2 server when it hits your firewall. If you forget this step, your PPTP VPN will never work!

Second, you’re going to need a dedicated IP address on your private LAN to assign to the PPTP VPN server. Make sure it’s not an IP address from your router’s DHCP pool of addresses, and make sure it’s not one of the addresses from Step #3 below.

Third, you’re going to need two or more sequential IP addresses on your private LAN to assign to PPTP VPN clients that connect to your server. Remember, the PPTP design makes every remote client a node on your local area network so each client needs a private IP address on your LAN. Figure out how many client devices will be simultaneously connecting to your server and add one to it. Make sure the addresses you choose are in sequential order and not part of your router’s DHCP pool of addresses. Don’t use the address reserved for your PPTP server in Step #2 above. The address range should look something like this entry: 192.168.0.41-49. If you get the syntax wrong, guess what happens? If you screw it up, you can edit your localip and remoteip entries in /etc/pptpd.conf.

Fourth, each user is going to need a username to access your PPTP server. We’re going to set up credentials for one user as part of the install. You can add extra ones by adding entries to /etc/ppp/chap-secrets. For an extra layer of security, make the username as obscure as a password. Just don’t use any special characters. Upper and lowercase letters sprinkled with numbers are perfect. We recommend a length of at least 8 alphanumeric characters.

Fifth, make up an equally secure password to access your PPTP server. Same rules apply as in Step #4.

You’re done. Review your entries very carefully. If all is well, press Enter. If you blink, you may miss the completion of the install process. It’s that quick.

Configuring PPTP Client Devices. As we mentioned, there are available PPTP clients for Linux and Windows machines and Macs as well as Android and Apple smartphones and tablets. We’ve documented the steps for the various client setups on the PBX in a Flash Forum. Come visit! You’ll also discover some great tips from our resident gurus. We also would encourage you to post any questions that arise in your use of PPTP VPNs in that thread. You’ll get a quick and courteous response.

Secure VoIP Calling. The collateral benefit of implementing a PPTP VPN on your PIAF server is that all calls between remote extensions and home base can now be transmitted through a secure VPN tunnel. The only adjustment necessary using a SIP client on either an Android or Apple device is to replace the public server IP address with the server’s LAN IP address, and all of the communications traffic will flow through the VPN tunnel. The way we set up our Android phone with the Bria SIP client is to allocate an extension from the home office PIAF server to the SIP client and then enter the private IP address of the PIAF server in the Bria configuration. Then, when you’re at home base with WiFi, the client just works. And, when you’re on the road, just turn on the PPTP VPN, and Bria will register through the VPN tunnel using the exact same settings. It’s that easy, and it works great with WiFi or 3G/4G.

Checking for Connected Clients. If you get curious about who is logged into your PPTP server, here’s the command that’ll let you know: last | grep ppp.

GPL2 License. The install-pptp application is open source software licensed under GPL2. It has been specifically tailored for use on PBX in a Flash 2 (and now PIAF 1.7.x) servers, but it can easily be adjusted to work with virtually any Linux-based Asterisk system. If you make additions or changes, we hope you’ll share them on our forums for the benefit of the entire VoIP community. Enjoy!

What’s Next? For a more traditional client-server VPN which still relies upon a central server but uses a star topology to connect remote nodes, see this new Nerd Vittles article on the NeoRouter VPN.

Originally published: Monday, April 9, 2012




Need help with Asterisk? Visit the NEW PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Ringbinder theme by Themocracy