Category: Wi-Fi

Mobile WiFi Shootout: Torture Testing the Best WiFi HotSpots for Your Vehicle

What a difference a few years make. Bringing Internet connectivity to those in a vehicle who need Internet access but lack cellular data connectivity now is at the top of virtually every Road Warrior’s Wish List. Today we embark on our first major road trip of 2016 to test mobile WiFi hotspots from the four major carriers in the United States: AT&T, Verizon, Sprint, and T-Mobile. We’ve decided to use a variety of devices with the carriers in order to give you a good picture of what’s now available in the marketplace. One reason we decided to mix apples and oranges was because few providers actually manufacture their own devices, and the actual manufacturers (Netgear and Novatel among others) tend to produce almost identical devices for every carrier.

You’ve got a number of options to set up a WiFi Hotspot in your vehicle. Here are the main ones:

  • Tethering through an existing Smartphone
  • Connecting through a dedicated MiFi device
  • Connecting through a 4G LTE router
  • Connecting through a vehicle’s 4G LTE service

As long as you’re paying by the byte, virtually all of the cellphone providers now support tethering on a wide variety of smartphones. The major drawbacks are you’ll want a high performance smartphone if you plan to use it for tethering. And tethering eats through battery life in a hurry. Unless your phone is connected to a charger or wireless charging pad in the vehicle, this can be problematic on a long trip.

Virtually all of the car manufacturers, domestic and foreign, now offer some sort of WiFi connectivity in their higher end vehicles. But you’ll typically pay a fee for their middleware plus the cost of your actual Internet usage using either your existing smartphone plan or a dedicated 4G connection in the vehicle. If you remember the price gouging on cellular calling directly from your vehicle, you’re going to love Mobile HotSpot pricing. It’s worse.

With the Audi Mobile Internet Plan, we can sum it up in five words: Hold On to Your Wallet!

Ford takes a different approach and uses your existing smartphone via Bluetooth as a Mobile HotSpot with SYNC® and MyFord Touch® (for a fee).

Chrysler’s UConnect® takes the Ford approach and is offered on about two dozen new vehicles including the popular Jeep Cherokee and Grand Cherokee.

Choosing WiFi Hotspot Platforms for Our Road Test

For AT&T, we’ve chosen the integrated hotspot that is featured in many of the latest GM vehicles from Chevy, Buick, GMC, and Cadillac. For the complete 2015 and 2016 vehicle list, visit this GM site. Yes, trucks are included. On a monthly hotspot plan through GM’s OnStar service, 5 gigs of data runs $50 whether you subscribe to OnStar or not. Another option is to purchase a bucket of data which must be used within a year (which won’t be difficult). That runs $150 for 10 gigs of data with OnStar, or $200 without an OnStar subscription. A third option is the daily plan which costs $5 for each 250MB of data. Luckily, there is a more sane option for those that already have an AT&T Value Plan for one or more phones. You can add the hotspot in your vehicle for $10 a month, and it uses your existing bucket of data from your plan. The AT&T unlimited data plans for those with DirecTV service are not available for vehicle hotspots or any other hotspots or tethering for that matter. The two main advantages of the GM approach over many of the competitors are you’re not dependent upon a smartphone for your hotspot and there is a cellular antenna mounted on your roof which will generally provide better performance.

StraightTalk’s Mobile HotSpot which also uses the AT&T network flunked on the basis of cost. $75 buys you 7GB of service for up to 60 days.

For Verizon, we’ll be using the Verizon 4G LTE Mobile Hotspot MiFi® 5510L (aka JetPack) from Novatel Wireless. An excellent review of the device is available at PC Mag. For those that travel internationally, you may prefer the 4620LE which reportedly has double the battery life. We leave ours plugged into a USB port in the car so battery life is not really a concern. We’ve previously written about Verizon’s grandfathered unlimited 4G data plans and, if you’re lucky enough to have one, this option can’t be beat. Otherwise, like all things Verizon, data plans are expensive. $100 gets you 10GB which must be used within two months. $60 gets you 5GB for use within the same period. Although pricey, it’s half the cost of the GM plan without OnStar. And, trust us, Road Warriors won’t have to worry about not using up their bucket of data in two months.

We’ve previously tested Verizon’s Tasman T1114 Verizon Wireless 4G LTE Broadband Router with Voice which is manufactured by Novatel. The main drawback of this device was that it required a 110 volt connection using a beefy 3 amp power brick. Our testing and that of PC Mag suggests it isn’t the best choice on the basis of performance either. Preliminary testing suggests the 5510L provides almost triple the data performance under identical conditions. And we found that to be true even after we added dual external antennas to the T1114. Don’t waste your money.

For Sprint, we initially chose one of their MVNOs, Karma Go. And we were looking forward to giving it a workout on the highway. But it was not meant to be. If you follow the trade rags, you know that they originally promised unlimited data with their WiFi hotspot for $50 a month. That lasted about 45 days, and they cut the data rate from 5 Mbit to 1.5 claiming that some folks were using too much data. Duh! That approach lasted about two more weeks, and they implemented a 15GB cap on 4G service with throttled service thereafter that would have you yearning for your old 28.8 modem. Generally speaking, Sprint’s network isn’t that bad from a performance standpoint IF you have service at all. But, in light of all the bad karma surrounding this service, we wouldn’t recommend it to anyone at this juncture. We returned our device within the 45 day trial period for a refund. We’d suggest you do the same. In its place, we’ll be trying out the RingPlus phone that we wrote about last week and that also uses the Sprint network. Unfortunately, our phone lacks tethering capability.

Boost Mobile’s MiFi offering which also uses the Sprint network didn’t make the cut either. It only supports 4G LTE which means you’re dead in the water once you’re out of range of a 4G LTE tower.

An unlimited* 4G LTE data service on the T-Mobile network which we first considered was MetroPCS at $60/month ($55/month on a Family Plan). However, MetroPCS pulls the same stunt as AT&T in the fine print of their so-called “unlimited” plan. It indicates that your service will be “deprioritized” after reaching 23GB of LTE data usage. That’s the new word for crippled and throttled which these providers just can’t quite bring themselves to say.

We saved the best for last. If you do have T-Mobile 4G service in your area (and most folks do as of the 2015 expansion), here’s a deal you can’t refuse. For $35 a month on the Simple Choice (post-paid) Plan, you get 6GB of data at 4G speeds and unlimited (throttled) data for the balance of the month. But there’s a silver lining with a 6GB or greater post-paid plan, you also get unlimited video streaming at DVD quality without additional cost for a couple dozen services including Netflix, Amazon Prime Video, ESPN, HBO, and numerous other providers. If you have kids and travel, this is a no-brainer! The complete list of BingeOn providers is available here. For our WiFi device, we chose the ZTE Z915 4G LTE Hotspot (above).

HINT: Use our referral link and we both get $25 when you sign up. 🙂

Data Usage in a Nutshell

Before we hit the road, let’s provide some points of reference on data usage. The simplest to understand is NetFlix. At their lowest streaming video rate, you will burn through .3GB per hour. At the medium SD rate, it’s .7GB per hour. At the best video HD rate, you’ll burn through 3GB per hour. And Ultra HD gobbles up 7GB per hour. You can set the playback rate in your account under Profile -> Playback Settings. At the very lowest data rate, you’ll get about 11 movies out of 5GB of data. With a 4G connection and the NetFlix automatic data settings, you’re unlikely to make it through 2 movies with a 5GB plan. So you’re well advised to hard-code your playback rate before you hit the road if your family is into movies… unless you choose the BingeOn option with T-Mobile.

A Few Words About T-Mobile’s Binge On Service

The reported Gotchas with the Binge On feature are that it’s a lower quality video stream and once you use up your 4G data allowance for the month, the Binge On feature ceases to function. So you’d want to carefully choose your plan and monitor your data usage to avoid any surprises. As for the quality of the video stream, we’ve read the complaints about this. But it’s a red herring in our testing. Video playback is at DVD quality, and we’re having a hard time believing most folks need something better for a ride in the car, particularly on smartphones and tablets. And we noticed no appreciable degradation even on a 13″ notebook. There’s also been some squealing that BingeOn violates the FCC’s Network Neutrality rule. Our reading of the rule suggests otherwise. First and foremost, BingeOn is an optional service. Any consumer that doesn’t want it can turn it off. Second, for anyone that has ever managed a network with limited bandwidth, the first thing you come to appreciate is the need to control streaming media content. T-Mobile is well within the network neutrality guidelines in doing so, and they’ve done it in a vendor-neutral manner by applying a throttling mechanism to all streaming content that can be identified as such. For those that use encrypted communications for streaming, T-Mobile has offered to work with them to find a way to identify their streaming content so that they, too, can be included in the BingeOn program. Others have suggested that providing video streaming for free while charging for data associated with web browsing also violates network neutrality. We believe the clear intent of the rule was to outlaw discrimination in favor of particular vendors with regard to similar types of Internet content. Any other interpretation would mean that services such as free calling and free text messaging would also violate network neutrality. While this might thrill the Bell Sisters (Verizon and AT&T), it’s difficult to see how this benefits any consumer using the Internet.

Ready, Set, Go: Let the Journey Begin

For our 300-mile trip today, we’ve chosen a travel path that provides a good mix of interstate highways and less traveled state highways. The topography ranges from flat terrain to sparsely populated mountain areas where cellphone towers are few and far between. In between, there are a few metropolitan areas including Charleston, Columbia, Spartanburg, and Asheville. These are mixed with tiny towns including Waynesville and Sylva, North Carolina near our destination. Interestingly, these small towns reportedly boast some of the best cellular data performance in the country. We shall see.

At the Nerd Vittles home base in Charleston, South Carolina, the data performance of the four major carriers is fairly consistent depending upon the time of day and day of the week. During business hours, a typical 4G LTE speed test looks something like this, not great but not that bad either. It’s certainly adequate for any type of activity one would typically need while traveling in a vehicle:

We’ll be heading up I-26 from Charleston for over three hours before making a left turn in Asheville, North Carolina to head west via the Great Smoky Mountain Expressway. During the 300 mile journey, we’ll have non-stop movies playing with our T-Mobile BingeOn account in the back seat while the other cellular services are used for more mundane (and less costly) tasks such as checking email and surfing the net. From point A to point B, it’s all four-lane highways or better, quite a change from 30 years ago. In fact, you can even make the trip in a Tesla with a one-hour free charging detour:

We’re big Spotify fans so most of our AT&T testing will involve listening to the latest Spotify playlists using Apple CarPlay. If the music hiccups, we’ll know we have an AT&T problem. From time to time, we’ll activate a WiFi network connection on our iPhone to check out performance of the Verizon and T-Mobile HotSpots. One of our travelers is a big Facebook gaming enthusiast and, to support that endeavor, we’ll configure her tablet to use the AT&T WiFi HotSpot built into the vehicle.

Mobile Internet Scorecard

Well, the results were pretty much what we expected. Sprint calling and T-Mobile streaming worked well along the interstates and went from bad to worse once we hit the state highways. AT&T and Verizon didn’t miss a beat door to door.

T-Mobile remains the best bargain for streaming unless you have an unlimited data plan without throttling. Even then, the cost difference is staggering. Our unlimited Verizon plan now runs over $100 a month while T-Mobile is a flat $35. There were some random hiccups in the T-Mobile streaming from time to time which we never experienced with Verizon. But you can’t beat the price! Both AT&T and Verizon have dramatically improved their “mountain coverage” in the past year. In the past, Verizon coverage at our cabin was non-existent and AT&T only worked by strategically placing your smartphone on the outdoor fireplace mantle. Now both have reliable 4G service. Our Verizon HotSpot provides consistent 10Mb download and 5 Mb upload speeds, about 5 times the performance of the DSL connection provided by the local telephone company.

Originally published: Monday, February 15, 2016






 
Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    I Have A Dream: Free Cellular Service with Integrated Remote SIP Connectivity

    As part of our Mobile Internet adventure this year, we’ve been scouring the countryside with two requirements in mind. First, we wanted a smartphone on which we could activate some type of free cellular service for making calls and sending text messages. Second, we wanted to integrate remote SIP connectivity using the same provider and phone number so that we could make and receive calls transparently using any SIP phone or Asterisk® server anywhere in the world. Sounds like a tall order, you say? Well, if you’ve enjoyed your Cloud@Cost Sandbox, you’re gonna love RingPlus!

    Yes, you’ll have to buy a compatible cellphone, but there are thousands to choose from. And, yes, you’ll need Sprint service in your neighborhood. Then you’ll have to cough up $10 to activate your cellular account. RingPlus offers dozens of plans.1 We recommend the Michelangelo plan which best meets what we’re trying to accomplish today, but the choice is all yours.2 With the Michelangelo plan, you can make and receive 1,000 minutes of free calls a month to anywhere in the U.S. (calls to Canada are 3¢ a minute), you can send and receive 1,000 free text messages a month, and you can use 500MB of free data service every month. You also can use your same account credentials with any SIP phone, softphone, or Asterisk server anywhere in the world to make and receive phone calls transparently using the same phone number as your smartphone. In other words, you can travel anywhere and make and receive phone calls just as if you were sitting in Atlanta, Georgia dialing from your smartphone. The SIP calls are deducted from your free minutes. No cellular service required at all. Meet RingPlus!


    So what’s the catch? How does RingPlus make money? Well, of course, they would prefer that you sign up for a plan with monthly fees. For those on the free plans, the only difference you will notice is an occasional ad which plays instead of a ring tone when you place outbound calls. This only occurs until the other party answers the call, and it can be all but eliminated by choosing a music selection in the RingPlus Radio feature in your RingPlus Dashboard.

    Who are the ones most likely to use something like this? Well, for openers, all of your kids unless you like springing for a $500 phone and spending $40+ dollars a month for cellular service for each of them. One of the other real beauties of RingPlus is you can set up a whitelist of numbers that can be called from the phone. Blacklists are supported as well. It’s perfect for kids just getting started with a cellphone. A second potential user group would be those who travel outside the United States and prefer not to pay exorbitant roaming rates for calls. Using a SIP phone connected to your RingPlus account, all of the international calls suddenly are free. And the calls are delivered with the same CallerID number as calls placed from your actual smartphone. In fact, your smartphone doesn’t have to be in service at all. A third and perhaps most important use for us was to serve as a failover trunk on one or more Asterisk servers. When all else fails, you can route outbound calls to your RingPlus SIP trunk for free calling using your RingPlus account. Doesn’t get any better than that.

    Official RingPlus WARNING: Starting April 17, 2016, per our carrier partner Sprint, Members and potential Members will no longer be able to activate prepaid devices which are not eligible under Sprint’s FED policies [Requires activation of prepaid phone on original Sprint MVNO network for at least one year!]. Such prepaid devices will no longer pass FED until actual eligibility date is met.

    There are probably numerous ways to put all these pieces in place so that things function just as we’ve described. Today we’ll share with you the solution that actually worked for us. You can take it from there and avoid the thousands of horror stories about incompatible smartphones. Be advised that acquiring used cellphones or even incompatible cellphones is a very dangerous and expensive business. If you buy one that happens to be stolen, or that has a balance due on the account, or that is incompatible with RingPlus, then you’ve bought a tiny boat anchor and not much else. So, our best advice is buy one from the provider. That’s the one and only RingPlus, and the smartphones start at just under $100. Many Sprint post-paid phones also work, such as the new iPhone SE (Sprint Model) from any Apple Store.

    If store employees will let you, find the Sprint postpaid phone that you like and look on the bottom of the box. There you will find the decimal value of the MEID. Log into http://nerd.bz/nvringplus and plug in the MEID to see if it is RingPlus compatible. If it passes, buy it. If it flunks, try another one. Whatever you do, DON’T BUY A PHONE IN AN OPENED BOX, AND DON’T OPEN THE BOX YET! Make certain there is a return policy in case things don’t work out as expected!

    Funny story. The Radio Shack employees at our local store were very savvy and refused to let me look at the MEID claiming it was a security issue. Fair enough. Of course, they were also curious why I wanted a phone without letting them configure it. Once I told them the deal, they all wanted one, too. They asked for the link to the MEID verification site and said they’d do it for me. Once it worked, excitement broke out in the room with all the staff reading an early copy of this article. While Radio Shack typically charges a $35 restocking fee on cell phones, that fee is waived if you return the phone in an unopened box. So the only thing you’re wasting if they insist that you purchase the phone is a little bit of your time and a lot of Radio Shack employee time if, in fact, the MEID flunks the verification test.

    Configuring Your Phone for RingPlus Service

    Now sign up for a RingPlus free plan using the MEID and ICC ID you previously verified. Michelangelo is probably the best bet if you missed our Twitter tip this past weekend. Deposit $10 in your new account, and activate it. Log into your RingPlus Dashboard, click on your phone in the upper right frame, and choose Manage Device. Write down your MSID, your phone number, and MSL. Once your account is active, then and only then unbox and turn on your phone. Go through the minimal setup steps by choosing your Language and choosing an available WiFi network. During this setup, RingPlus should push a PRL update to your new phone, and it will reboot. Check in Settings -> General -> About Phone -> Status and see if you have a phone number. If so, you’re good to go. If not, open the Phone Dialer application and dial ##72786# which should force another PRL update to your phone with another reboot. When it finishes, check again for a phone number and place an outbound call.

    Using a browser on your desktop computer, go back into the RingPlus Dashboard and sign in. Your phone device should show Active in the upper right corner of the screen. Click there and you’ll get a display like this:

    While still in the Device Settings Menu, click on the WiFi FluidCall option to decipher your SIP credentials. You’ll need these to set up your SIP phone or a SIP trunk on your Asterisk server. Your username is your 10-digit phone number, the domain name is sip.ringplus.net, and the password is a system-generated entry which you can recreate whenever you like. That’s probably a very good idea whenever you use public WiFi services to make calls with your SIP phone or a softphone.

    By the way, this isn’t some kludgy SIP-GSM gateway where the calls actually are routed out through your cellphone device. The RingPlus SIP gateway connects your SIP device directly to the Internet and simply uses your existing RingPlus CallerID to identify the calls. In short, you get the best of both worlds: a dirt cheap or free cellphone service plus a dirt cheap or free SIP trunk for use anywhere in the world.

    Configuring a RingPlus SIP Trunk with Asterisk

    If you’d like to set up your RingPlus number as a failover trunk on your Asterisk server, here is the setup that worked for us with Incredible PBX using your assigned 10-digit phone number for your username and fromuser settings and your assigned password for your secret. If you include a registration string and configure an inbound route using your RingPlus DID, then inbound calling will work as well. If you skip the registration step, then you can use the same RingPlus trunk on multiple Asterisk servers for emergency outbound calling. No firewall adjustments should be necessary.

    There are all sorts of other magic tricks you can implement using the RingPlus API, but you probably won’t need any of the features in light of the robust SIP connectivity RingPlus provides to an existing Asterisk server where the feature set is virtually unlimited. Be advised that you must make a call out at least once every 60 days to keep your account active. The simple way to do this is to set up a monthly reminder using your RingPlus trunk. Schedule the reminder to call out once every month using Telephone Reminders in Incredible PBX.

    RingPlus Gotcha Checklist

    Free service wouldn’t be free without a few land mines. So here’s a checklist to keep things running smoothly without any problems down the road. First, link your account to one of the social media options (Twitter, Facebook, or LinkedIn) when you sign up for service. You’ll find the link on your Dashboard under the Your Social Networks icon. Second, make at least one outbound call a month on every line you activate. As noted, this can be accomplished automatically using the Telephone Reminders application in Incredible PBX. Third, keep a valid credit card on file in your account at all times. Fourth, keep a positive balance in your account for each phone that you activate to avoid automatic replenishment at the original rate when you signed up for your plan. Fifth, be mindful of the Domino Effect. With some plans, if you allow a related plan to end (for example, Queen of Hearts when you also have an Ace of Hearts plan), then your better plan will be demoted in its feature set. Enjoy the Free Ride!

    Originally published: Monday, February 8, 2016





    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. Be advised that future upgrades of these “free” plans may go away after February 15 unless you join the Member+ program, the cost of which changes almost weekly. This will not affect those that already are participating in the program according to RingPlus. []
    2. In case you’re curious, a plan equivalent to the free Michelangelo plan at RingPlus would run you $41.00 per month at Ting. Ouch! []

    Mobile Internet: The 2016 Road Warrior’s Guide to Choosing New Wheels


    OK. We’re not going to bring Mobile Computing down to the teepee level, but we have decided to dedicate a column regularly to Mobile Internet developments in the marketplace. Of course, our major focus will remain the impact on unified communications and especially Asterisk®, FreeSWITCH™, PBX in a Flash™, and Incredible PBX™. The idea here is to document a design that lets road warriors travel with the same communications dexterity that they have at home or in the home office. In other words, our vision is a mobile computing environment that makes travel status transparent. Things that worked a certain way in the office should work similarly on the road or in the comfort of your Motel 6 suite. 🙂

    To get 2016 started on the right foot, we want to lay out some of the technology that’s available to the road warrior who spends a significant amount of time in an automobile. Our objective today is to help you choose that next set of wheels, the proverbial perfect vehicle. We began documenting some of what we’re looking for in our December Mobile Internet column. Today we’ll follow up with more details and some real-world feedback. What we’ll be covering in coming months applies equally to those that travel for pleasure as well as those that do it for a living. Unless you prefer hiding in your Man Cave, we hope you’ll find something useful that makes travel away from your home office amenities easier and less intimidating.

    Let’s begin by documenting some of our inexpensive must-haves. These can round out your vehicle shopping list without much impact on the cost of a vehicle: cup holders (lots of them), cigarette lighter connections (lots of them), USB ports (lots of them), and compartments especially those with access to power or USB ports. Another must have for us was a fold down table for the back seat. These come standard in Mercedes S Class sedans as well as the Jaguar XJ. For other vehicles, you’ll need to consider aftermarket options which is a little surprising when you consider that every airline seat has had fold down tables FOREVER. In their haste to roll out the latest gee whiz features, many car manufacturers have forgotten the basic essentials that make all of this technology useful. But there’s hope. General Motors is among those that have finally awakened to the 21st century. Our best advice is this. Before you get swept away by the self-parking car, take a quick look inside the cabin and consider whether the vehicle has the road warrior essentials.

    Now for the fun stuff. Take a quick look at this AutoBytel article which ticks off some of the more interesting high tech features that are available in the marketplace today: GPS-linked temperature control, a sensor that provides a text alert if someone is hiding in your car, a collection of audio and visual alerts if the car senses that you are distracted or falling asleep at the wheel, self-parking vehicles, night vision with pedestrian detection, adaptive cruise control that adjusts your speed based upon the speed of the vehicle in front of you, blind spot detection that provides visual warnings on your side view mirrors when a vehicle is cruising along beside you at 70+ mph, lane departure warnings which include console alerts, buzzing your seat, or adjusting your steering wheel to guide you back into your lane. And, last but not least, the latest Tesla which can drive itself under certain highway conditions. In case you haven’t guessed, none of this technology comes cheap. Typically, the features first appear in the high end cars and require the purchase of even higher priced, factory-installed options. Then they trickle down to less costly vehicles as the price of the technology drops.

    Here’s our two cents worth of advice on some of these features. We happen to live in the southeastern United States so we really don’t need a GPS to tell us to turn on the air conditioner. Almost any road warrior’s dream machine will have automatic temperature control. That’s as much technology as you need to stay cool in the summer and warm in the winter.

    A sensor to tell us someone is hiding inside our car is another clever idea, but we much prefer a vehicle that can lock itself when you leave the vehicle or when you place the vehicle in motion. Newer GM vehicles can also sound an alarm if someone sticks a hand into your window while you’re stopped at a traffic light. Works great unless people are passing you things while parked in a carpool line.

    If you’re a road warrior that does a lot of night driving, all of the high tech features you can find that help you drive and stay awake at the wheel are terrific additions. Not mentioned in the AutoBytel article is one of our favorites that’s actually been around for decades. The head-up display (HUD) appears on the lower part of the driver’s windshield. It shows information such as your speed and the speed limit without taking your eyes off the road. For the science behind it, see this article.

    If you’re a road warrior that spends considerable time commuting in heavy traffic or driving on interstates, adaptive cruise control is the best invention since sliced bread. It doesn’t completely drive the car for you, but it reduces your need to stay 99.9% focused on what’s in front of you every second of the trip. You simply set the separation distance between your vehicle and the vehicle in front of you, and radar in your vehicle does the rest, adjusting your speed to keep you at or below the cruise control speed you set for your vehicle while preserving the spacing you predefined. Newer versions of adaptive cruise control include support for bringing your vehicle to a complete stop at traffic signals. The best testimonial we can provide is this. Once you have a vehicle with adaptive cruise control, you’ll never buy another vehicle without it. It’s that good!

    Blind spot detection is another radar-based feature. Visual side view mirror alerts are provided whenever something is hiding in your vehicle’s blind spot. Of course, you can accomplish much the same thing by adding supplemental wide-view (blindspot) mirrors to your existing side view mirrors at considerably less cost. However, the radar-enhanced version typically is bundled with features such as adaptive cruise control and lane departure alerts so there is no additional cost for the convenience. Just be sure to test them for accuracy before dispensing with turning your head to check for vehicles. We’ve actually had a vehicle in which the sensors were incorrectly positioned. Merging into traffic without any visual warning of what’s beside you is a quick ticket to the body shop, both for the car and for you.

    Lane departure alerts and autocorrection are equally important for those that spend endless hours on long stretches of boring highway. The other essential ingredient for every road warrior is the smartphone app, Waze. Between hazard alerts, speed trap notifications, and directions, it’s the single-most important traveling enhancement that’s come along in a very long time. Think of it as you free copilot. It can watch for things up ahead and alert you to problems before you actually encounter them. Because its data is based upon real-time data and feedback from thousands of road warriors, it has no equal in terms of accuracy. See our first article in this series for more details.

    Wireless charging is another feature that has been touted by many of the Android device manufacturers. In the case of Samsung, the technology was available in the Galaxy Note 4 except for the back cover which can be replaced easily. Surprisingly, Apple has completely ignored it thus far. There are, of course, aftermarket cases that will bring wireless charging to any smartphone including the iPhones. Beginning with some 2014 models, General Motors, Chrysler, and Toyota began integrating wireless charging stations into the center consoles of some of their vehicles. By 2017, most car manufacturers probably will support it either as an included or add-on accessory.

    No review of automotive technology would be complete without mention of Apple CarPlay and Android Auto, the two smartphone integration systems from America’s finest software development companies. One can only hope that the car manufacturers see the light and drop their insistence upon their own proprietary consoles. Both Apple CarPlay and Android Auto provide navigation, messaging, and numerous music platforms including Spotify, Pandora, Google Play Music, and Apple Music. Many newer vehicles offer one or the other, and some offer both. The systems also are available as aftermarket add-ons. For an excellent review of the two competing systems, take a look at this CNET review. Our only complaint with Apple CarPlay at the moment is the inability to add applications other than those that Apple has chosen for you. That means no Google Maps and no Waze, at least for now. For an excellent interview with the man behind both technologies at General Motors, see this article from The Verge.

    So which vehicle did we choose for our Mobile Internet Lab? Well, come back next month and we’ll take you for a ride as we review the best WiFi Hotspots to complement that new set of wheels. We’ll consider offerings from Sprint, T-Mobile, Verizon, and AT&T so there will be something for almost everybody with a smartphone.

    Originally published: Monday, January 18, 2016





    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    A Firsthand Look at Disaster Recovery: Tethering and IAX with Asterisk

    One of the exciting challenges of building a swimming pool is knowing that it’s just a matter of time until your Internet connection dies. As you might imagine, swimming pools are major construction and involve a lot of digging. And digging usually means some oops moments when cables get cut. In our case, we had watched the folks digging the trenches for all of the pool plumbing to be sure they didn’t accidentally whack one of three coax cables coming into our house. And, when it came time to cover up the trenches, we pointed out the orange cables to the Bobcat driver knowing we were finally home free. Not so fast! Two minutes later, Mario had driven the Bobcat right over the primary Internet cable leaving the shredded remains sticking up through the dirt. Oops. Sorry. Shit happens!

    Looking on the positive side, we chuckled, “What a perfect opportunity to test our backup Asterisk® system!” Our backup system is pretty clever if we do say so. It relies upon a Verizon WiFi HotSpot running on our Galaxy smartphone and a duplicate of our Asterisk-based PBX in a Flash™ server running as a virtual machine under VirtualBox on an iMac desktop. The entire setup takes less than a minute to activate. Well, that was the plan anyway.

    It turns out that Verizon does SIP a little differently with a SIP ALG in the path so Asterisk couldn’t register with all but one of our dozen SIP providers. Congratulations, CallCentric! The workaround is to enable STUN. That is now possible with Asterisk 11. Short of that, you’re left with CallCentric. Unfortunately for us, we don’t do much SIP trunking with CallCentric, and none of our primary DIDs are connected through them. The other option is to add port=5080 to your trunk setup with any SIP trunks you register with VoIP.ms using a username and password. Our attention span was too short to tackle STUN in the middle of this crisis. But there’s good news. Verizon doesn’t mess with IAX network traffic at all. Since a couple of our primary DIDs are registered with VoIP.ms using IAX trunks, restoring these IAX trunks to full functionality took less than a minute. That is step one of a three-step process. You need inbound trunks, phones, and outbound trunks to get your redundant VoIP server back in business.

    Getting phones to function on what is now a purely WiFi network (through the Verizon HotSpot) can be problematic unless you’ve done your homework and sprinkled a few WiFi-capable SIP phones around your home or office. In our case, we still have Grandstream’s GXP2200 Android phones scattered everywhere so it was just a matter of plugging in the WiFI adapters and rebooting. The newer GXV3240 would work just as well.1

    All that remained was enabling several trunks for outbound calls. Since VoIP.ms IAX trunks support both incoming and outgoing calls, we were home free. And, with Google Voice trunks, it was simply a matter of jumping through Google’s security hoops to reenable the connections on a new IP address.

    Lessons Learned. Here’s a quick checklist for those of you that think about disaster recovery for your home or for clients and businesses. Nothing beats some advance planning. If money is no object, then WiFi tethering from a smartphone with one of the major providers whose service works well in your home or office environment is the way to go. 4G is a must!

    In our case, money was an object so we had the foresight to acquire a Verizon SIM card from eBay that included an unlimited data plan. With this setup, it costs only $1 a day extra to add WiFi tethering, and you can turn it off and on as often as you like without any additional fees or surcharges. There also are no additional charges for using boatloads of data! We’re actually writing this column with a tethered connection from a hotel in Washington (results above). To give you some idea of why an unlimited data plan is important, our home operation burned through 4 gigs of data in less than 24 hours once we activated WiFi tethering. Of course, there were people doing things other than making phones calls, but tethering enables 5 connections to function just about like the cable modem service you originally had in place. So expect the data usage to be substantial. Everybody likes 24/7 Internet service.

    Loss of phone calls through a PBX is more of an annoyance than a crisis these days because almost everyone also has a smartphone. Even so, the SIP gotcha with Verizon Wireless was a surprise because we hadn’t really tested our super-duper emergency system in advance. That wasn’t too smart obviously. The old adage applies. Do as we say, not as we do. Unplug your cable modem or DSL connection and actually test your backup system before D-Day arrives.

    On the VoIP provider end, now is the time to set up an account with a provider that offers both SIP and IAX connectivity. Step 2 is to actually configure an IAX trunk (as a subaccount to use VoIP.ms parlance) and test it. IAX trunks actually have fewer headaches with NAT, but there are only a handful of providers that still provide the service. Find one now and make certain that your primary DIDs will roll over to the IAX trunk in case of an outage. I’m always reminded that we have Mark Spencer to thank for IAX. It was his brainchild. Thank you, Mark! With VoIP.ms, you also can spoof your CallerID so that calls will still appear to originate from your primary Asterisk PBX.

    Keep in mind that a VirtualBox-based Asterisk virtual machine and a Desktop computer both need an IP address and will have to be started on WLAN0 rather than ETH0. Remember, your wired connection is now dead.

    You’re also going to want to acquire at least a couple of WiFi-capable SIP phones that can be connected with your Asterisk server using your WiFi HotSpot. Also make certain that you have a preconfigured IPtables firewall on your backup system. Remember, your hardware-based firewall connected to your cable modem won’t provide any protection once you switch to HotSpot operation. Lucky for you, Incredible PBX™ servers come preconfigured with a locked-down IPtables firewall and a WhiteList. Just add the new IP addresses of your server and phones, and you’re secure on the public Internet.

    Finally, let’s do the HotSpot connection math. You’ll need an IP address for your desktop computer running VirtualBox. You’ll need a second IP address for the Asterisk virtual machine. Then you’ll need an IP address for every WiFi-enabled SIP phone. If the maximum number of connections is five on your HotSpot, that means you’ve got the necessary capacity for at most 3 WiFi SIP phones assuming you don’t enable a WiFi printer and if nobody else wants to use a computer during the outage. The other option is to add an inexpensive travel router with bridge mode to your mix of 5 devices. We always keep one handy for extended trips. A properly configured travel router provides an additional WiFi network with some extra WiFi connections. Good luck!



    Security Alerts. Serious SSL and FreePBX security vulnerabilities have been discovered AND patched during the past week. If you have not patched your server and Asterisk, FreePBX, Apache, and/or WebMin are exposed to the public Internet, you have a serious problem on your hands. See this thread for details on the FreePBX vulnerability. And see this thread for the steps necessary to patch SSL in Asterisk, Apache, and Webmin. While Incredible PBX servers were automatically patched for the FreePBX vulnerability, the SSL issues require manual patching and an Asterisk upgrade. A script for upgrading Asterisk 11 servers is included in the message thread linked above. ALWAYS run your VoIP server behind a firewall with no Internet port exposure to Asterisk, FreePBX, SSH, or the Apache and Webmin web servers! And, if you think all of this security stuff is just a silly waste of your time, then read about the latest lucky recipient of a $166,000 phone bill.

    Originally published: Monday, October 20, 2014



    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. Some of our links refer users to Amazon or other service providers when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from these providers to help cover the costs of our blog. We never recommend particular products solely to generate commissions. However, when pricing is comparable or availability is favorable, we support these providers because they support us. []

    The Disappointing iPhone 6: Eight Generations of iOS and Bluetooth Still Sucks

    Our technology reviews are a little different than the dozens of reviews you’ve probably already seen that read more like Apple press releases. First of all, we typically buy products to actually use. And second, we base our smartphone evaluations on real-world requirements rather than best case scenarios that you’re unlikely to ever experience in the real world.

    So we begin our review of the iPhone 6 with the simple question: “Can it make calls?” Funny as this sounds, it’s been a huge problem with previous iPhone models if you planned to use a reasonably priced provider such as StraightTalk instead of one of America’s “Big Four.” To Apple’s credit, they finally got it right in the AT&T model of the iPhone 6. StraightTalk works out of the box, something Android mastered years ago. You still cannot manually configure the cellphone provider specs, but at least it now works.

    We’re not going to spend a lot of time on Apple’s continuing push to lock users into the Apple universe. Suffice it to say, the lock in marches on with each new release. To some it’s a good thing. To others, it’s not. If you’re going to fork over $1,0001 for an iPhone 6 in order to use StraightTalk for $45 a month, then you’re probably committed to and comfortable with Apple’s ways of doing things. We’re pretty much an observer of the iPhone cosmos except to assure that our VoIP products still work reliably on the platform. On the other hand, our teenager and all of her teenage friends have iPhones, period. Just the mention of Android conjures up visions of nerds hanging from trees to hear them tell it. In other words, lock in is a good thing in their view. All of their apps work exactly the same on every person’s smartphone. All of their emojis are compatible for texting. And messaging is pure Apple with no worries whether SMS and MMS work or not. By the way, messaging is still a mess if you switch between Apple and Android with your SIM card without first disabling iMessage on the iPhone. It’s almost as if Apple likes it this way. 😉

    Did we mention that the iPhone 6 is gorgeous? Hands down, it is the best looking smartphone ever. We won’t get into whether it bends or not. Ours didn’t, and we carry it in our pocket like every other guy on the planet. Not sure I’d do it if I rode on a tractor all day but in typical everyday use, it holds it’s own.

    We were especially curious about the camera given the numerous reviews documenting that the iPhone 6 is not the megapixel wonder you’ve come to expect with Android phones. We’ve typically been able to take much better real-world photos using Samsung’s Galaxy S4. So we’re including two marsh photos taken with a Galaxy S4 as well as iPhone 5c and iPhone 6 portrait shots to let you judge the quality for yourself. Keep in mind that all four of the images below are screen captures rather than the actual photographs. We came away from the experiment very impressed that the newer iPhones can hold their own against the Android devices with far better technical specs. While it’s still a bit of a knuckle drill to export a photo from your photo stream to iPhoto to email to a download to your desktop, it’s at least intuitive. Bottom Line: We no longer worry about photo quality when we don’t have an Android phone along for a trip.

    With the camera testing behind us, that left us with two burning questions: how’s the WiFI and how’s the Bluetooth connectivity with cars?

    Not to beat a dead horse, but WiFi typically hasn’t been Apple’s strong suit unless you happen to be using their access points. That seems to be resolved with iOS 8. 5G WiFi connectivity worked great with download and upload speeds matching the limits of our broadband service. That’s the good news.

    The bad news is that Bluetooth is still a mess after years and years of problem reports. If anything, iOS 8 is a step backwards judging from the reports on Apple’s own support forum. Our results with one of the latest General Motors vehicles were terrible. While the iPhone 6 could be paired with the vehicle, nothing worked afterwards. No calls, no Pandora, nothing! When every $100 Android smartphone can pair with almost any vehicle and work, we get back to our initial question: “Can it make calls?” Unfortunately, unless you want to step back in time and hold your shiny, new iPhone 6 next to your ear, the answer is a resounding NO. And, yes, we jumped through all of the Apple hoops attempting to resolve the Bluetooth problems even though nobody should ever have to endure that! For $1,000, one would expect all of the basics on a smartphone to function correctly just as you expect your brakes and windshield wipers to work when you buy a new car. The fact that Apple has dropped the ball on Bluetooth for years is yet another reason we won’t be switching from Android anytime soon. In fact, the Bluetooth problem is a deal breaker for us so we’re returning the phone.

    Finally, a word to the Apple fanboys. Don’t post comments. We won’t publish them. We are not Apple haters. Quite the contrary, we have more Apple hardware under our roof than any other brand. What Apple has done in the educational arena and to foster the image of technical support as a good thing is legendary. But you can’t drop the ball on the basics and expect people that depend upon technology to be impressed. Drop everything that deals with the shiny new watch for a few days and fix Bluetooth. It’s that important!

    Originally published: Monday, October 13, 2014



    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…

    1. Actually, the sales price for the 128GB iPhone 6 with AppleCare+ and sales tax came to a whopping $1,028.59 []

    Knock Three Times: Pain-Free Remote Access to Your Asterisk or Linux Server

    No. We’re not going to make you relive the 1970’s with us today although now you can listen to this Number 1 Hit and a million others for free with Amazon’s new Prime Music. No, we don’t get a commission if you sign up for Amazon Prime. Yes, we make millions when you buy something from Amazon using our links. Thank you! What we have for you today is a Number 1 Utility, and it works on virtually any Linux platform. If your fraternity or sorority had a secret knock to gain access, then you already know the basic concept. Port Knocker (aka knockd) from Judd Vinet is a terrific utility that runs as a daemon on your server and does just what you’d expect. It listens for knocks. When it detects three knocks on the correct three ports in the proper sequence and from the same IP address, it opens the IPtables Linux Firewall for remote access from that IP address to your server for a predefined period of time. This would allow you to log into your server with SSH or make SIP phone calls using a softphone registered to your remote Asterisk® server. What makes Port Knocker especially useful is the existence of knocking clients for virtually any smartphone, tablet, or desktop computer. For the Travelin’ Man, it’s another must have utility.

    We introduced a turnkey implementation of Port Knocker in Incredible PBX for Ubuntu 14 late last week. If you were a pioneer earlier in the week, go back and install it again to take advantage of Port Knocker. Or better yet, follow along and we’ll show you how to install it on your own RedHat/CentOS or Ubuntu/Debian server in just a couple of minutes.

    Prerequisites. We’ve built open source installation scripts for both the RedHat/CentOS platform as well as the Ubuntu/Debian operating systems. These knockd installers assume that you have a fully functional and locked down IPtables firewall with an existing WhiteList of authorized users. We’d recommend Travelin’ Man 3 if you need to deploy this technology and haven’t done so already. Last week’s Incredible PBX for Ubuntu 14 already includes Travelin’ Man 3 whitelisting technology. Read the article for full details.

    Today’s knockd installers are fairly generic but, if you’re running a version of CentOS earlier than 6.x or Ubuntu earlier than 14 or Debian.anything, be advised that we haven’t tested these installers on those platforms so you’re on your own. Finally, if your server is sitting behind a hardware-based firewall (as we ALWAYS recommend), then you’ll also need to map the service you wish to access (e.g. UDP 5060 for SIP or TCP 22 for SSH) plus the three TCP ports from your hardware-based firewall to your server so that legitimate “knocks” can find their way to your server. The “knock” ports themselves do not need to be opened in your IPtables firewall configuration! We’re just knocking, not entering. 🙂

    Overview. As configured, today’s installation scripts will install and preconfigure knockd to load automatically when you boot up your server. Three random TCP ports will be assigned for your server, and this port sequence is what remote users will need to have in order to gain access. Yes, you can change almost everything. How secure is it? Well, we’re randomizing the 3-port knock sequence using over 3,900 ports so you can do the math to figure out the odds of a bad guy guessing the correct sequence. HINT: 3900 x 3900 x 3900. Keep in mind that these “knocks” must all be received from the same IP address within a 15-second window. So sleep well but treat the port sequence just as if it were a password. It is! Once a successful knock sequence has been received, the default Port Knocker configuration will open all ports on your server for remote access from the knocking IP address for a period of one hour. During this time, “The Knocker” can log in using SSH or make SIP calls using trunks or extensions on the server. Port Knocker does not alleviate the need to have legitimate credentials to log into your server. It merely opens the door so that you can use them. At the bewitching (end of the) hour, all ports will be closed for this IP address unless “The Knocker” adds a whitelist entry for the IP address to IPtables during the open period. Yes, all of this can be modified to meet your individual requirements. For example, the setup could limit the range of ports available to “The Knocker.” Or the setup could leave the ports open indefinitely until another series of knocks were received telling knockd to close the IPtables connection. Or perhaps you would want to leave the ports open for a full day or a week instead of an hour. We’ll show you how to modify all of the settings.

    Server Installation. To get started, log into your server as root and download and run the appropriate installer for your operating system platform.

    For RedHat/Fedora/CentOS/ScientificLinux servers, issue the following commands:

    cd /root
    wget http://nerdvittles.com/wp-content/knock-R.tar.gz
    tar zxvf knock*
    rm knock-R.tar.gz
    ./knock*
    

    For Ubuntu/Debian servers, issue the following commands:

    cd /root
    wget http://nerdvittles.com/wp-content/knock-U.tar.gz
    tar zxvf knock*
    rm knock-U.tar.gz
    ./knock*
    

    For ARM-based servers, issue the following commands:

    cd /root
    wget http://nerdvittles.com/wp-content/knock-ARM.tar.gz
    tar zxvf knock*
    rm knock-ARM.tar.gz
    ./knock*
    

    Server Navigation Guide. On both the RedHat/CentOS/Fedora and Ubuntu/Debian platforms, the knockd configuration is managed in /etc/knockd.conf. Before making changes, always shutdown knockd. Then make your changes. Then restart knockd. On RedHat systems, use service knockd stop and start. On Ubuntu, use /etc/init.d/knockd stop and start. By default, knockd monitors activity on eth0. If your setup is different, on Ubuntu, you’ll need to change the port in /etc/default/knockd: KNOCKD_OPTS="-i wlan0". On RedHat, the config file to modify is /etc/sysconfig/knockd and the syntax: OPTIONS="-i venet0:0".

    In /etc/knockd.conf, create an additional context to either start or stop an activity. It can also be used do both as shown in the example code above. More examples here. There’s no reason these activities have to be limited to opening and closing the IPtables firewall ports. You could also use a knock sequence to turn on home lighting or a sprinkler system with the proper software on your server.

    To change the knock ports, edit sequence. Both tcp and udp ports are supported. seq_timeout is the number of seconds knockd waits for the complete knock sequence before discarding what it’s already received. We’ve had better luck on more servers setting tcpflags=syn. start_command is the command to be executed when the sequence matches. cmd_timeout and stop_command tell knockd what to do after a certain number of seconds have elapsed since the start_command was initiated. If you’re only starting or stopping some activity (rather than both), use command instead of start_command and stop_command to specify the activity.

    IPtables 101. The default setup gives complete server access to anyone that gets the knock right. That doesn’t mean they get in. In the PIAF World, it means they get rights equivalent to what someone else on your LAN would have, i.e. they can attempt to log in or they can use a browser to access FreePBX® provided they know the server’s root or FreePBX credentials.

    If you would prefer to limit access to a single port or just a few ports, you can modify command or start_command and stop_command. Here are a few examples to get you started.

    To open SSH access (TCP port 22):

    /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

    To close SSH access (TCP port 22):

    /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT

    To open a range of SIP ports (UDP 5060 to 5069):

    /sbin/iptables -A INPUT -s %IP% -p udp --dport 5060:5069 -j ACCEPT

    To close a range of SIP ports (UDP 5060 to 5069):

    /sbin/iptables -D INPUT -s %IP% -p udp --dport 5060:5069 -j ACCEPT

    Here’s a gotcha to be aware of. If you’re using the Travelin’ Man 3 WhiteList setup on your server, be especially careful in crafting your IPtables rules so that you don’t accidentally remove an existing Travelin’ Man 3 rule in closing some port with knockd. You will note that the syntax of the knockd commands is intentionally a bit different than what you will find in your Travelin’ Man 3 setup. This avoids clobbering something accidentally.

    Monitoring Activity. Here are the two best tools to monitor knockd activity to make certain your setup is performing as expected. The knockd log (/var/log/knockd.log) will tell you when a knocking attempt has occurred and whether it was successful:
    [2014-07-06 14:44] starting up, listening on eth0
    [2014-07-06 15:29] 79.299.148.11: opencloseSSH: Stage 1
    [2014-07-06 15:29] 79.299.148.11: opencloseSSH: Stage 2
    [2014-07-06 15:29] 79.299.148.11: opencloseSSH: Stage 3
    [2014-07-06 15:29] 79.299.148.11: opencloseSSH: OPEN SESAME
    [2014-07-06 15:29] opencloseSSH: running command: /sbin/iptables -A INPUT -s 79.299.148.11 -p tcp --dport 22 -j ACCEPT

    Next, verify that the IPtables command did what it was supposed to do. iptables -nL will tell you whether port 22 access was, in fact, enabled for 79.299.148.11. The entry will appear just above the closing Chain entries in the listing:

    ACCEPT     tcp  --  79.299.148.11         0.0.0.0/0           tcp dpt:22

    Two things typically can go wrong. Either the knock from a client computer or cellphone wasn’t successful (knockd.log will tell you that) or IPtables didn’t open the port(s) requested in your knockd command (the iptables -nL query will show you that). In the latter case, it’s usually a syntax error in your knockd command. Or it could be the timing of the knocks. See /var/log/knockd.log.

    Port Knocker Clients. The idea behind Port Knocker is to make remote access easy both for system administrators and end-users. From the end-user perspective, the simplest way to do that is to load an app on the end-user’s smartphone so that even a monkey could push a button to gain remote access to a server. If the end-user’s cellphone has WiFi connectivity sitting behind a firewall in a hotel somewhere, then executing a port knock from the smartphone should open up connectivity for any other devices in the hotel room including any notebook computers and tablets. All the devices typically will have the same public IP address, and this is the IP address that will be enabled with a successful knock from the smartphone.

    Gotta love Apple’s search engine. Google, they’re not…

    There actually are numerous port knocking clients for both Android and iOS devices. Here are two that we’ve tested that work: PortKnock for the iPhone and iPad is 99¢ and PortKnocker for Android is free. Some clients work better than others, and some don’t work at all or work only once. DroidKnocker always worked great the first time. Then it wouldn’t work again until the smartphone was restarted. KnockOnD for the iPhone, which is free, worked fine with our office-based server but wouldn’t work at all with a cloud-based server at RentPBX. With all the clients, we had better results particularly with cloud-based servers by changing the timing between knocks to 200 or 500 milliseconds. How and when the three knocks are sent seems to matter! Of all the clients on all the platforms, PortKnocker was the least temperamental and offered the most consistent results. And you can’t beat the price. A typical setup is to specify the address of the server and the 3 ports to be knocked. Make sure you have set the correct UDP/TCP option for each of the three knocks (the default setup uses 3 TCP ports), and make sure the IP address or FQDN for your server is correct.

    Another alternative is to use nmap to send the knocks from a remote computer. The knock.FAQ file in your server’s /root directory will tell you the proper commands to send to successfully execute a connection with your server’s default Port Knocker setup. Enjoy!

    Originally published: Monday, July 7, 2014


    Support Issues. With any application as sophisticated as this one, you’re bound to have questions. Blog comments are a terrible place to handle support issues although we welcome general comments about our articles and software. If you have particular support issues, we encourage you to get actively involved in the PBX in a Flash Forums. It’s the best Asterisk tech support site in the business, and it’s all free! Please have a look and post your support questions there. Unlike some forums, ours is extremely friendly and is supported by literally hundreds of Asterisk gurus and thousands of users just like you. You won’t have to wait long for an answer to your question.



    Need help with Asterisk? Visit the PBX in a Flash Forum.


     
    Awesome Vitelity Special. Vitelity has generously offered a terrific discount for Nerd Vittles readers. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. When you use our special link to sign up, Nerd Vittles gets a few shekels down the road to support our open source development efforts while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For our users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls and four simultaneous channels for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. NOTE: You can only use the Nerd Vittles sign-up link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. Any balance is refundable if you decide to discontinue service with Vitelity.


    ​​3CX is a software PBX that’s easy to install & manage. It includes integrated softphones, WebRTC conferencing and essential add-ons out of the box, at no additional cost. Try the free edition at www.3cx.com.

  • Run on Premise or in the Cloud, on Windows and soon Linux
  • Softphones for iOS, Android, Win & Mac
  • Easy install, backup & restore, version upgrades
  • Automatically configures IP Phones, SIP Trunks & Gateways

  • Some Recent Nerd Vittles Articles of Interest…