Posts tagged: sip phone

Meet the Goophone: It Walks Like a Duck and Quacks Like a Duck For Under $100

If you didn’t cheat and hover over the images above, then you’d be wrong if you guessed that you now can buy Apple’s shiny, new iPhone® 5c for less than $100. From first-hand experience, I can tell you that the price of the 32GB model without a contract remains $649. You can add another $50 for tax in most states. And you can add another $99 for AppleCare® and another $79 each time your daughter drops the phone on the pavement. No, my friends, this is not an iPhone 5c. It’s the Goophone i5c from DHgate.com and many others brought to you by some enterprising neighbors of the fine folks that manufacture phones for Apple® and Samsung® (among others) in China. As the back of the phone says: “Designed by Goophone in California. Assembled in China.” Sound familiar? Not sure Goophone spent much time in California, but the phones are most definitely “assembled” in China. Total delivered price from DHgate: $89.99. While we had little clue about the similarities when we ordered the phone, with the exception of the Goophone logo emblazoned on the back of the phone and the prominent Goophone boot logo, you’d be hard-pressed to distinguish one duck from the other. My daughter’s iPhone 5c happens to be pink. So that helped with telling them apart.

What’s wrong with this picture? Well, lots. Let’s see. The potential patent, trademark, and copyright issues look like something a sadistic law professor might cook up for a bar exam. However, neither the International Trade Commission nor any American court has (yet) blocked the import of these phones so technically the manufacturer is entitled to the same presumptions as any other merchant. And proliferation of these phones in the United States is the least of Apple’s problems. Remember, Apple has been counting on the huge Chinese market as the Second Coming for iPhone sales. Considering the i5c was available before the iPhone 5c ever shipped, it seems fairly likely that there also may be a technology leak somewhere in someone’s pipeline. Let’s guess where that might be. What should be equally troubling to Apple is that someone could look at your $700 phone and build a perfectly functioning replica for under $40. Did we mention the build quality? It’s similar. Let’s leave it at that. In short, the Goophone knock off appears to be much what Apple claimed in court that Samsung was doing. It just didn’t happen to turn out that way in some of the Samsung litigation. But, as the old saying goes, be careful what you wish for. It turns out that the Goophone may actually be a better mousetrap than the iPhone especially when it comes to overall performance and battery life.

http://www.youtube.com/watch?v=F73sMmb6CS0


We’re not going to get into the morality or legality of buying stuff like this especially with Festivus just around the corner. So sort that out for yourself. Start with this New York Times article and then do some reading on the Freakonomics web site if you’re really curious. Suffice it to say there’s a major difference between a counterfeit and a knockoff. Counterfeit goods are those with someone else’s brand name splattered across the item. Think pocketbooks hidden in the blankets on the street corners around Times Square in New York. Most of these phones are clearly labeled with their own unique brand names. Examining the devices up close or after turning them on would explicitly tell any buyer that Goophones aren’t made or designed by Apple. All of the hardware and most of the software on the inside of the phone is different as well. So we believe the phones rise to the level of a knockoff which keeps buyers out of hot water. Keep in mind we’re talking about buying a phone, not selling one. Don’t even think about reselling them!

To borrow an expression from NASA: “Cupertino. We’ve got a problem.” Before you get too mad at the Chinese, keep in mind that there’s plenty of blame to go around. Apple, for one, chose to make their phones in China to save money. While we were writing this article, Google® ads were popping up all over the place for these phones. And, of course, AT&T® and T-Mobile® are perfectly willing to sell you a nano SIM to use in your Goophone even though they could easily block the devices. The parcel delivery companies are more than happy to bring these phones into the U.S. by the boatload. And finally there’s this little tidbit in the New York Times article referenced above: “Customs in the United States will allow travelers to bring [in] one counterfeit good per category.” Think of it as the “One-Bite Rule” for humans. We’re confident that Apple can muster adequate legal talent to attempt to shut down the import of these phones if they chose to do so. But, so far, that hasn’t happened. There may be a reason. Ironically, Ubergizmo reports that Goophone actually owns the patent in China and is threatening to sue Apple if the iPhone 5 is released in that country. It seems Goophone beat Apple to the Chinese patent office. So this could get interesting.

We actually ordered the i5c and paid a little more to see if the entire operation was fraudulent. From the photos on the web site, the phone looked similar to both the iPhone and a number of Android® phones. But that could be said of hundreds of phones now on the market. A price point of under $100 was our primary consideration since performance and feature set now are fairly standard on many of the Android phones. This phone just happened to be the cheapest.

The good news is the merchant we chose was legitimate albeit a little slow on delivery (but this particular phone had just been released). Of course, you have no idea what is hidden under the covers, and that applies to the hardware and software. There is no guarantee that the phone won’t explode from a sub-par battery. In fact, there is no guarantee, period. The New York Times reports that the typical manufacturing cost for one of these phones is under $40. If you like the NSA snooping on you, then consider the possibilities where all the software in these phones is produced in China. Our takeaway from the experiment was this. The Goophone certainly proves just how inexpensive it is to manufacture a high-quality phone in China when some of the design work appears to have been done elsewhere. :wink:

Since we had the phone, a quick review of its capabilities seemed to be in order. Hardware-wise, it appears to be an excellent phone. We would hasten to add that we would never, ever put our trusted credentials for any account in a knockoff phone from China. Nor would we plug it in without being in the room to monitor its condition. At least on the unit we received, the phone easily lasted all day with moderate use, and it never displayed any signs of overheating. After 8 hours, the Goophone showed 85% battery remaining. As delivered, none of the Google apps were available. Nor could they be loaded. That included the Play Store®, Gmail®, and Google Maps®. There also was plenty of Chinese sprinkled throughout the menus just to keep things interesting. GizmoChina reported that a new ROM supporting Google apps and English has been released, and we’ll get to that in a minute. But the screenshots of the phone above demonstrate what was possible even with the Chinese model and no Play Store.

As you can see below, the Goophone takes magnificent photos even in panorama mode. The side of our neighbor’s home is one of my favorite places to test new cameras because of the difficult morning light situation. With a little cropping and applying a touch of saturation in Photoshop® Elements (about a 10-second task), the end result is pretty spectacular. The displayed image is roughly 20% of the original size of the photograph.

While the phone’s icons may look familiar, this is a pure Android Jelly Bean OS running on a 1.2GHz dual-core MediaTek MT6572 processor with 512MB RAM, 4GB ROM (only about 1GB available), and an 8GB internal SD card. It has an 8 megapixel back camera and a 2 megapixel front camera and supports WiFi and 2G/3G GSM cellular connections. Bluetooth® worked reliably and paired easily with a Jambox®. Both AT&T/StraightTalk® and T-Mobile GSM SIMs were plug-and-play although StraightTalk would require modification of the proxy address just as it would on a standard iPhone or Android device. For experimenters, T-Mobile’s $2/day pay-as-you-go plan was just about right. It provided unlimited calling, texting, and 2G web access which is more than ample for most of the things you’d want to do with a phone like this. For teenagers on a tight budget, it’s pretty close to the best of all worlds. When coupled with a $45/month StraightTalk SIM on the AT&T network, you get a feature-packed phone that looks like a Mercedes® with a price tag like a Volkswagen®. And, for less than the cost of an AppleCare contract, you can buy a spare.


Rooting the device was easy. The YouTube® video above explains the procedure. And the necessary drivers for Windows® are included in the Samsung USB Drivers Collection for Windows. You also need the MT6577 USB VCOM Drivers to load new ROMs.

We apparently got an early release of the phone because much of the user interface was in Chinese and, as we noted, none of the Google apps worked. So the most difficult part for us was finding the .apk Android apps since Google’s Play Store wasn’t available. If you have another rooted Android phone, the simple solution is to grab them from a Titanium Backup. HINT: The filenames end in .apk. Be careful downloading .apk files from strange web sites. That’s about as safe as loading your bank credentials into a Chinese knockoff. All of the apps pictured in the screenshot above work as you would expect. After all, it’s an Android phone. POP3 and IMAP email accounts work fine. The cameras are great including movies and HDR. Skype® video works fine. Zoiper® IAX connections are terrific when linked back to an Asterisk® or VoIP.ms account. Music collections can be loaded using a USB connection to any Mac or Windows machine. Or plug in some earplugs and listen to your favorite FM radio station just like in the old days. For diehard music, sports, and talk radio fans, SiriusXM® Internet Radio works as well. The .apk is available in this thread.

As you might expect, communication with the manufacturer was difficult, but they were responsive. After considerable back and forth, we did manage to secure the newer ROM with Play Store support. Presumably, it is now shipping in phones destined for the United States. To actually load the new ROM, you need version 3.1312 of the Smart Phone Flash Tool. Once that’s installed on your Windows desktop, you can follow along with this tutorial to get the new ROM loaded into the phone. The sequence of events in using SP_Flash_Tool matters. Unzip the new ROM into a new folder on your desktop. Turn off your i5c and unplug it from the USB cable if it is connected to your Windows machine. Then run Flash_tool.exe from the SP_Flash_Tool folder on your desktop. Choose File -> Open Scatter-loading File and select MT6572_Android_scatter.txt from the folder with the unzipped new ROM. Click the Download button. Now plug in your phone using a USB cable connected to your PC. Do NOT turn on the phone. If you’ve properly loaded the MT6577 USB VCOM Drivers from above, the update should proceed within a few seconds, and you’ll see the progress bar changing colors in the flash tool application. It takes about 2 minutes to load the new ROM. Once you get the Download OK dialog box, unplug the phone and close the flash tool app. Before turning on the phone, be sure you’ve inserted a SIM card from either T-Mobile or AT&T/StraightTalk, or the phone will boot into Chinese (permanently) when you turn it on. Guess how we know? Now hold down the Power and Home buttons simultaneously for 10 seconds. Release the buttons and power on the phone in the usual way by pressing the Power button for a few seconds.

Just a couple more gotchas, and you should be good to go. First, DO NOT USE GOOGLE CREDENTIALS IN THIS PHONE THAT MATTER TO YOU! Based upon the performance of the browser using a very fast WiFi connection, our testing suggests that all browser activity and perhaps other activity (WiFi and GSM) may be routed through a proxy. Guess where? Second, do not use a Google account with two-factor authentication. It won’t work. Third, we’ve had excellent results with Zoiper IAX connections to an Asterisk server, but the setup is problematic. The Zoiper keyboard for data entry doesn’t have a period on it. Keyboards shown for other apps include the period so this is a Zoiper-specific problem, not an inherent limitation of the phone. To enter the IP address or FQDN of a host with Zoiper, you’ll need to send an email to the phone with the information. Open Gmail or your other mail client and copy the text to the phone’s clipboard. Then set up your Zoiper account. A long press on the host field will let you paste in the appropriate data. If you experience compatibility errors that prevent loading certain apps from the Play Store (Instagram is one example), then you’ll need to root your phone and load App Override from the Play Store. Then tell the app to override Play Store install restrictions. Finally, wade through the notification settings for the apps and reset them. After that, notifications worked as expected. GPS still no worky.

We did a quick-and-dirty video on YouTube to show off our CallWho™ Speech-to-Text Dialer coupled with SMS messaging and GoIP to test the message capabilities of the iPhone 5c and the i5c. CallWho is included as a standard feature using Incredible PBX 11™ with PBX in a Flash™. Enjoy!


 



iGoogle Added to Google Graveyard. Google has added (yet another) corpse to the Google Graveyard. This time it’s iGoogle, the need for which (according to Google) “has eroded over time.” The iGoogle demise also means that Nerd Vittles TTS Google News Feed bit the dust. As much as we’re troubled to admit it, it would appear that Microsoft got it just about right in their spoof:


For the complete list of Google carnage, see last week’s Nerd Vittles article. Just in TTS applications for Asterisk, we’ve lost phone directories, sports scores, weather reports, and now news feeds. Can stock listings be far behind? And, coming next week, Google’s JavaScript Maps API gets put out to pasture. Then, of course, there are the text-to-speech and speech-to-text tools themselves. Wouldn’t make any long term plans using those platforms or any other Google platform for that matter. For those (formerly) enjoying the Nerd Vittles text-to-speech Google apps or Incredible PBX, this means that dialing 951 now returns “From, from, from” as the latest news headlines. There’s a simple fix that now is available. We’ve replaced Google News with Yahoo News! To replace the news app, simply run this update script.



Banner Day at Nerd Vittles. Today we’re delighted to announce that we’ve logged over 200,000 unique visitors from the United States this year alone! And we’re especially pleased to now have fans visiting from 216 countries. Thank you!

Originally published: Monday, November 11, 2013




Need help with Asterisk? Visit the PBX in a Flash Forum.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

The Future of VoIP Telephony in an Asterisk World

If you don’t think there’s a telephony revolution underway, then take a look at this year’s crop of new VoIP telephones. No doubt that Alexander Graham Bell would be a happy camper. We’ve picked three of our favorites to take for a spin this week. Pictured above (left to right) are the Mocet Communicator, Grandstream’s GXP2200, and Yealink’s T46G. These three devices offer three dramatically different, but equally effective, approaches to the future of VoIP telephony.


The Mocet Communicator is what we’d call a BYOI (bring-your-own-iPad) device. With it, you get a full-featured HD telephony platform plus all the feature comforts of a full-fledged iPad including Skype, a variety of free messaging apps such as iMessage and FaceTime, Google Voice featuring GV Connect, and any other app of any type you choose to install on your iPad. After installing the free IP Commander app from the App Store, the phone interconnects with iOS and your iPad seamlessly. It’s a one-minute operation to set up a SIP connection with PBX in a Flash™, Incredible PBX™, and Asterisk®. For the ultimate in ease of use, the FreePBX™ (commercial) EndPoint Manager fully supports all the Mocet devices. EPM is the best $25 you could ever spend on your server. The phone itself worked flawlessly inside a private LAN as well as from a remote site with either a direct IP connection or VPN connection to home base. For the ultimate in flexibility, you can add an inexpensive WiFi adapter. HD Voice quality with even an entry level DSL connection was spectacular. And, if the wow factor of causing your nerdy friends to wet their pants is a consideration, then this is the hands-down winner. Click this link for a rundown of the impressive feature set. Incidentally, you can still receive calls and make emergency calls even without the iPad connected.

Now let’s turn to what PBX in a Flash, Incredible PBX, and Nerd Vittles bring to the table with this new phone. We actually configured the “Red Hotline Button” a little differently than President Obama. Ours dials the Nerd Vittles CallWho™ application. The app is included in all Incredible PBX bundles as well. CallWho lets you place hands-free calls from your AsteriDex phonebook using simple voice commands. You can click on the YouTube video above for a one-minute demo.

If the Mocet Communicator has a drawback, it’s probably price, but hopefully that will improve in the next few months. The device itself retails for $229.95 with free 2-day Prime shipping using our Amazon link.1 Adding an iPad will set you back another $300+, but we love this phone. Its novel approach to hybrid VoIP technology is clearly the future direction of VoIP telephony, and the Mocet software will only get better with time.

Grandstream’s GXP2200 is proof positive that these hybrid VoIP phones are the wave of the future. Nerd Vittles reviewed this phone last November, and the feature set continues to improve. The GXP2200 is another approach to hybrid VoIP technology with Android serving as the base operating system for the phone itself. This brings you the best of all worlds for under $200 with no additional tablet to purchase. And you still get a terrific HD Voice platform with all the comforts of Android under the hood. See the Amazon link in our sidebar for the latest pricing. As with the Mocet Communicator’s iOS integration, Android brings a wealth of applications to the GXP2200 desktop including Skype, Facebook and Facebook Messenger, GrooVe IP for Google Voice, OBiON for free calling through any OBi device, dozens of additional messaging apps, and your choice of literally thousands of apps from the Google Play Store and Grandstream’s GS Market which features applications specifically tailored for the GXP2200. Since our original article appeared, Grandstream has released the expansion module for this phone. The addition of the 40-button sidecar with full BLF support for under $100 makes this a near perfect desktop phone for use with Asterisk. It’s one of a select few phones that we personally use all day, every day. It supports six SIP connections, and we use it to connect to several PBX in a Flash, RentPBX, and Incredible Pi servers scattered across the U.S. as well as a few SIP subaccounts hosted at Vitelity, VoIP.ms, and les.net. Performance is nearly flawless!

Yealink’s T46G Executive IP Phone may still be our top pick even with the new generation of hybrid phones. See the Nerd Vittles sidebar for an incredible deal on this phone with a show-stopping feature set: HD Voice, dual-port gigabit Ethernet connections, USB support for Bluetooth and WiFi (soon), integrated POE support plus included power adapter, multiple phonebook options with up to 1,000 entries, VLAN and OpenVPN integration, 10 line keys with 27 programmable buttons, SRTP encrypted communications, and a stunning color display. Two years ago this would have been a $500 phone, and now it’s a lunch tab away from the price of Digium’s entry-level SIP phone. Pretty amazing. For the latest tips and tricks in getting the T46G properly configured, come join the PIAF Forum discussion.

UPDATE: Having now used the T46G for a few days, our first impression is that this phone is an industrial-grade, feature-rich, state-of-the-art SIP device with all of the feature comforts a large organization would want in rolling out a new company-wide phone system. Sophisticated server redundancy is built into the phones to support automatic failover to a backup VoIP server in the event of a catastrophic system failure. Encrypted SRTP communications as well as OpenVPN support is integrated into each phone. The T46G also includes the XML programming functionality available in the Aastra and Digium phones. You can try out our demo XML apps by visiting the PIAF Forum. In addition, basic web server interaction is provided through event triggers on the phone that can generate Action URIs to receive and process HTTP GET requests and Action URLs to send HTTP GET requests when a specified telephone event occurs.

The phonebook implementation is exactly what a large organization would want: three phone numbers plus a phone, ring tone, and group entry per person plus customizable accounts and groups. Import and export of XML or CSV data through a web interface is a snap. In fact, the CSV format even supports export of images linked to every phonebook entry. For a large organization, it means the HR department could maintain a single phonebook database of up to 1,000 records with photos of every employee. That database then could be pushed to every phone in the organization by one HR employee using a web browser without ever touching or rebooting a single telephone. LDAP directories are also supported for the purists. Enjoy!




Deals of the Week. There are a couple of amazing deals still on the street, but you’d better hurry. First, for new customers, Sangoma is offering a board of your choice from a very impressive list at 75% off. For details, see this thread on the PIAF Forum. Second, a new company called Copy.com is offering 20GB of free cloud storage with no restrictions on file size uploads (which are all too common with other free offers). Copy.com has free sync apps for Windows, Macs, and Linux systems. To take advantage of the offer, just click on our referral link here. We get 5GB of extra storage, too, which will help avoid another PIAF Forum disaster.

Originally published: Tuesday, July 9, 2013




Need help with Asterisk? Visit the PBX in a Flash Forum.


 

Don’t miss the first-ever FreePBX World on August 27-28 at the Mandalay Bay in Las Vegas. For complete details, see this post on the FreePBX blog.


 

We are pleased to once again be able to offer Nerd Vittles’ readers a 20% discount on registration to attend this year’s 10th Anniversary AstriCon in Atlanta. And, if you hurry, you also can take advantage of the early bird registration discount. Here’s the Nerd Vittles Discount Code: AC13NERD.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. Many of our purchase links refer users to Amazon when we find their prices are competitive for the recommended products. Nerd Vittles receives a small referral fee from Amazon to help cover the costs of our blog. We never recommend particular products solely to generate Amazon commissions. However, when pricing is comparable or availability is favorable, we support Amazon because Amazon supports us. []

Google Nexus 7 Review: State-of-the-Art Features, Performance & Price

What a difference a Jelly Bean can make! Home runs don’t come easy in the technology arena especially in the tablet market with a third-generation, 800-pound gorilla named iPad® already sitting in the room and an upstart Kindle Fire® threatening to burn the house down. But, if you’ve been disappointed by the fit and finish of previous Android releases, then it’s time to have another look. Whether you’re a road warrior or a couch potato, you’re gonna love the new Nexus 7 quad-core tablet from Asus. Open the case and look into your Nexus 7’s eyes. Blink once1 and boom. Your desktop appears. Incredible features. Stunning performance. And unbelievable price.

We like to start with the bad news. There’s not much: no rear-facing camera, no microSD expansion slot, and no HDMI port. Don’t make the mistake of buying the 8GB tablet. While $199 is appealing, you’ll quickly wish you’d spent the additional $50 to purchase the 16GB flavor. Remember, the storage is not expandable. But, if you hurry, you’ll get a $25 gift card to Google Play. So go for broke and splurge. You’ll want to fill all 16 gigs with lightening fast Android apps. And there’s no longer a shortage of choices. Almost anything that you’d find on an iPad is available for the Nexus 7… and then some. The one missing feature in Jelly Bean is Flash support. That’s Adobe’s doing, not Google’s. But there’s an easy fix. Load the Firefox Beta browser and side load the Adobe Flash Play 11.1 apk, and you’re back in business.

If you follow our musings on Nerd Vittles, you know that we eat our own dog food. So our Nexus 7 has both a PPTP VPN and NeoRouter VPN activated. We connect back to our PBX in a Flash server through one of the VPN connections and log in as an extension on the home Asterisk® server using Bria for Android. We activate a Google Voice account using GrooVe IP. And we connect back to an OBi device in the home office using OBiON. That makes three active phones for inbound and outbound calls right on the Nexus 7 desktop. Incoming calls to our home office pop up using Gtalk with the new Nerd Vittles’ GV Call Notifier.

As you can see from the above screenshot (actual screen size), our most recent Gmail messages, Google Calendar, and today’s weather forecast for our current location are displayed whenever the tablet is opened for use. The PIAF Forums are one click away with Tapatalk as is access to your favorite dozen apps and 20,000 of your favorite songs.

Drooling for Apple’s Siri? You’ll love the new, voice-activated Google Search which puts Siri to shame. Watch the video above and decide for yourself. And then there’s Google Now:

It tells you today’s weather before you start your day, how much traffic to expect before you leave for work, when the next train will arrive as you’re standing on the platform, or your favorite team’s score while they’re playing. And the best part? All of this happens automatically. Cards appear throughout the day at the moment you need them.

The Nexus 7 also sports a gyroscope, accelerometer, magnetometer, NFC, Bluetooth 4.0, and a GPS chip that can take advantage of Google Maps new off-line mode when WiFi isn’t available. Want to take a high-res screenshot? Just hold down the Power and Vol/Down buttons at the same time, and presto, your screenshot is saved. Video conferencing also is a breeze using either Google Talk or Skype. File transfers are equally easy thanks to NFC. Just tap two Jelly Bean devices together and the file transfer is on its way wirelessly. And then there’s Google Wallet which lets you pay for purchases with the tap of your Nexus 7. In a revolutionary move, there’s also a well-written, real User’s Guide (as in book) at your fingertips. Just click the Book icon to access your entire book collection including the User’s Guide. We could go on, but you get the idea. It’s revolutionary as is the price!

We can’t really show the near instantaneous response that a quad-core processor provides. Suffice it to say, this isn’t a Kindle Fire brimming with compromises to save on production costs. It’s a fast, no-compromise, state-of-the-art tablet with battery life that rivals any iPad. Because of web constraints, the above screenshots really don’t provide an accurate rendering of the actual screen resolution. Simply put, the 1280×800 WXGA screen leaves the Kindle Fire in the dust. Watching 720p videos of the Summer Olympics is nothing short of amazing with images literally jumping off the screen. For those of you that still wear suits to work, the Nexus 7 will fit comfortably in your inside suit pocket. Weighing in at just 12 ounces, you won’t be listing to one side from carrying the Nexus 7 in your pocket. In fact, it’s about 20% lighter than a Kindle Fire which makes a huge difference with the form factor of this device.

Last but not least, the setup process is now as smooth as silk. In about 5 minutes, everything is configured, your Gmail, Google Calendar, and Google Music and photo collections are all synced and ready for use. Run, don’t walk, and buy this tablet. It’s that good. And it’s less than half the cost of the cheapest, entry level New iPad. Does it replace a desktop PC or Mac? No. Could it replace an iPad? In a heartbeat.

Originally published: Monday, July 30, 2012



Astricon 2012. Astricon 2012 will be in Atlanta at the Sheraton beginning October 23 through October 25. We hope to see many of you there. We called Atlanta home for over 25 years so we’d love to show you around. Be sure to tug on my sleeve and mention you’d like a free PIAF Thumb Drive. We’ll have a bunch of them to pass out to our loyal supporters. Nerd Vittles readers also can save 20% on your registration by using coupon code: AC12VIT.




Need help with Asterisk? Visit the PBX in a Flash Forum.
Or Try the New, Free PBX in a Flash Conference Bridge.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

  1. In case you’ve forgotten, one of the criticisms of the original face recognition device security was the fact that you could hold up a photo of the person with another device and walk right into the tablet. Forcing the person to blink once pretty much solves that. Most photos don’t blink. :-) []

5-Minute VoIP: Deploying a SIP to Google Voice Gateway

We’ve been big fans of Google Voice since the outset. But, with the exception of one brief week, the piece Google has always refused to put in place is a SIP gateway to make connections from VoIP devices a no-brainer. You’d think they’d do it for no other reason than economics. SIP calls are free. PSTN calls are not. Well, never mind Google. Bill Simon has done it for you, and he leveraged the same Yate toolkit that Google originally deployed. Today, we’ll show you how to spend five minutes and take advantage of the Simon Telephonics gateway to interconnect a dedicated Google Voice account with any SIP device you’d like, whether it’s an Asterisk® server, a smartphone with a free SIP client from GrooVe IP or Zoiper, a free softphone from Zoiper or X-Lite 4, or any SIP telephone. Once we’re finished today, you can use any SIP client to call your 10-digit Google Voice number through the Simon Telephonics gateway: SIP/9991234567@gvgw1.simonics.com. And you can make and receive calls throughout the U.S. and Canada using your new Google Voice number the old fashioned way, using a Plain Old Telephone. Did we mention that everything is free: the Google Voice number, the Simon Telephonics gateway connection, all of the inbound calls, and outbound calls throughout the U.S. and Canada… at least in 2012. If you take advantage of Bill’s gateway, we would encourage you to at least donate one day’s lunch money to Bill’s site to help pay the light bill.

Getting Started. The drill for today goes like this. First, you’ll create a new Google Voice account with a new phone number at google.com/voice. Next, you’ll make a test call from that number using the Gmail account associated with that same account. Then, you’ll register the Google Voice number on the Simon Telephonics gateway. Next, we’ll set up a SIP trunk on your Asterisk server for this new DID. Finally, configure any SIP client with an extension number from your Asterisk PBX, and you can start making and receiving calls using your new Google Voice number.

A Word About Security. Google doesn’t (yet) support OAuth authentication for Google Voice accounts. What this means is that you’ll have to use your actual Google Voice credentials to set up your account on the Simon Telephonics gateway. Could Bill steal your credentials? Absolutely. Will he? Absolutely not. Why? First, there’s no money in your Google Voice account so all he could do is make free calls on Google’s nickel, the same thing he could do using his own Google Voice accounts. Second, Bill is better off setting up his own accounts where you don’t share his password and the Google Voice call logs won’t tell you who he’s calling. If you’re paranoid, don’t put money in your calling account, make the account name something that could not be associated with you, and then check your call logs several times every day. Better yet, spend $50 and use an OBi110 device to set up your own private gateway where Obihai knows your credentials instead of Bill. :wink:

Configuring Google Voice. As we mentioned, you’ll need a dedicated Google Voice account for this. The more obscure the username (with some embedded numbers), the better off you will be. This will keep folks from bombarding you with unsolicited Gtalk chat messages, and who knows what nefarious scheme will be discovered using Google messaging six months from now.

We’ve tested this extensively using an existing Gmail account, and inbound calling is just not reliable. The reason seems to be that Google always chooses Gmail chat as the inbound call destination if there are multiple registrations from the same IP address. So, be reasonable. Do it our way! Set up a dedicated Gmail and Google Voice account, and use it exclusively for this new SIP gateway. Head over to the Google Voice site and register. If you’re living on another continent, see MisterQ’s posting for some tips on getting set up.

You must choose a telephone number (aka DID) for your new account, or Google Voice calling will not work… in either direction. You also have to tie your Google Voice account to at least one working phone number as part of the initial setup process. Your cellphone number will work just fine. Don’t skip this step either. Just enter the provided 2-digit confirmation code when you tell Google to place the test call to the phone number you entered. Once the number is registered, you can disable it if you’d like in Settings, Voice Setting, Phones. But…

IMPORTANT: Be sure to enable the Google Chat option as one of your phone destinations in Settings, Voice Setting, Phones. That’s the destination we need for the SIP gateway to work its magic! Otherwise, all inbound and outbound calls will fail. If you don’t see this option, you may need to call up Gmail and enable Google Chat there first. Then go back to the Google Voice Settings.

While you’re still in Google Voice Settings, click on the Calls tab. Make sure your settings match these:

  • Call ScreeningOFF
  • Call PresentationOFF
  • Caller ID (In)Display Caller’s Number
  • Caller ID (Out)Don’t Change Anything
  • Do Not DisturbOFF
  • Call Options (Enable Recording)OFF
  • Global Spam FilteringON

Click Save Changes once you adjust your settings. Under the Voicemail tab, plug in your email address so you get notified of new voicemails. Down the road, receipt of a Google Voice voicemail will be a big hint that something has come unglued.

Finally, go into Gmail for this same account and place a test call using your new Google Voice number. You’ll find the Call Phone icon in the Chat and SMS section of Gmail in the left column. Once you complete this step, be sure to log out of both Gmail and Google Voice for this account, or inbound calling will never work.

Registering on the Simon Telephonics Gateway. Now we’re ready to register your Google Voice account on the Simon Telephonics Gateway. Click on the link and fill in the blanks with your Google Voice account credentials and phone number. Be sure to include a 1 at the beginning of your Google Voice number! You’ll note that Google Apps email domains are supported as well as gmail.com addresses.

  • Google Voice Number19991234567
  • GV Usernamejoeschmo2468
  • GV Domaingmail.com
  • GV Passwordmightysecret
  • GV Password againmightysecret
  • Email Addressjoeschmo@yahoo.com

Check your entries carefully and then click the Add button. The only way to make changes if you screw things up is to delete the existing account by entering your original credentials to Delete the original account and then you Add a new one. So type carefully and check your work. Once your account is successfully registered, the Simon Telephonics Gateway will spit back your new SIP credentials. Write them down or take a screenshot and put them in a safe place. You’ll need them to set up your Asterisk SIP trunk. The Username will be your 11-digit Google Voice number with a GV prefix. The Secret will be a randomized string. The Registration String will be used in setting up your Asterisk SIP trunk and is in the proper format. The DID for your Inbound Route in FreePBX® will be your 11-digit Google Voice number.

  • Servergvgw1.simonics.com
  • UsernameGV19991234567
  • SecretXyzkk
  • Registration StringGV19991234567:Xyzkk@gvgw1.simonics.com/19991234567
  • Dialing FormatE.164 without + (for US calls, 11 digits starting with 1)

NOTE: Newer users may be provided an alternate gateway, e.g. gvgw2.simonics.com. You would obviously need to use whichever gateway FQDN is provided in all of the settings shown here.

Creating FreePBX SIP Trunk. Now we’re ready to create your new SIP trunk in FreePBX. Choose Add SIP Trunk and fill in the blanks as shown below with your new credentials. The Trunk Name can be any name you like. Don’t forget the 1 in Prepend for the Dialed Number Manipulation Rules! Leave the Incoming Settings blank. Be sure to add your Registration String from the credentials that were provided as part of the Simon Telephonics registration. Then Save Your Settings.

Creating FreePBX Inbound Route. Now you’ll need to add an Inbound Route to process incoming calls from the Simon Telephonics Gateway. The DID entry will be your 11-digit Google Voice number. The Destination for the incoming calls can be whatever you like: an extension, a ring group, an IVR, or any of the other available options on your server.

Creating FreePBX Outbound Route. If you want to send outbound calls out through your new Google Voice trunk, then you’ll need to add the SIP trunk to your outbound dialing rules. Just add the SIP Trunk Name you’ve defined to the Trunk Sequence for calls with the NXXNXXXXXX Dial Pattern, and you’re all set. Enjoy!

Originally published: Monday, June 11, 2012




Need help with Asterisk? Visit the PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage. And, of course, any balance is fully refundable if you decide to discontinue your service.
 


Some Recent Nerd Vittles Articles of Interest…

Introducing PPTP VPNs: The Travelin’ Man’s Best Friend

It’s been almost three years since we introduced VoIP Over VPN to securely interconnect Asterisk® servers. As LogMeIn® continues to squeeze the free Hamachi® VPN into oblivion, we’ll have a new, Really Free™ matrix VPN solution for you in coming weeks. This will let you interconnect up to 256 PBX in a Flash™ servers in minutes, not months, with no muss, no fuss, no fees, and no licensing worries. But today we want to begin VPN Month by turning our attention to those that need a virtual private network to connect back to a home office network or a home for that matter. This includes the traveling businessman or woman, the physician or lawyer with multiple remote offices, and any hub-and-spoke business such as a bank that has small branch offices that need to transparently link back to the mothership for network and communications services. The hidden beauty of PPTP VPNs is that all data (including phone calls) travels through an encrypted tunnel between the satellite office and home base. If you travel for a living and rely on other people’s WiFi networks for Internet access, a layer of network security will be a welcome addition.

Believe it or not, Microsoft introduced the Point-to-Point-Tunneling-Protocol (PPTP) with Windows 95. Back then we knew it as Dial-Up Networking. Suffice it to say that, in those days, PPTP was anything but secure. Unfortunately, the bad name kinda stuck. For the most part, the security issues have been addressed with the possible exception of man-in-the-middle attacks which are incredibly difficult to pull off unless you are a service provider or have access to the wiring closets of your employer. You can read the long history of PPTP VPNs on Wikipedia for more background. If you’re traveling to China or other democracy-challenged destinations, you probably shouldn’t rely upon PPTP for network security. If these security considerations aren’t applicable in your situation, keep reading because PPTP VPNs are incredibly useful and extremely easy to deploy for an extra layer of VoIP and network security in most countries that have severe wiretapping penalties in place.

PPTP VPNs also provide home-away-from-home transparency to home office network services. Simply stated, with a PPTP VPN, you get a private IP address on the home office LAN that lets you do almost anything you could have done sitting at a desk in the home office. There’s more good news. Fifteen years ago, we paid Cisco thousands of dollars for hardware boxes known as PPTP VPN Concentrators. You can still find some of them on eBay. For history buffs, a little company in California originally built these boxes. I think we paid about $3,000 for them. One year later Cisco bought the company and promptly doubled the price. Today, you can Do It For Free™ using your existing PIAF2 server platform. And, trust me, today’s 2-minute setup runs circles around the hoops we jumped through 15 years ago to install PPTP VPNs. Once deployed, they revolutionized mobile computing.

If you’re already running one or more PIAF2™ servers, then adding a PPTP VPN server to an existing system is a job for a Fifth Grader. Remember, you only need to do this on one server at your home base even if you have a dozen. The other good news is there are PPTP VPN clients for almost any platform you can name. Linux, Windows, Macs, Android, as well as iPhones, iPads, and iPod Touch devices all have free PPTP VPN clients that can be activated in less than a minute giving you instant, secure home base access.

Getting Started. We’re assuming you already have a PBX in a Flash 2 server set up behind a hardware-based firewall. If not, start there. Next, we’ll need to download and run the installer for your PPTP VPN Server. Just log into your server as root and issue the following commands:

wget http://incrediblepbx.com/install-pptp
chmod +x install-pptp
./install-pptp

UPDATE: For those of you still running a PBX in a Flash 1.7.x server under CentOS 5, we have a separate install script for you thanks to the great work of scurry7:

wget http://incrediblepbx.com/install-pptp-centos5
chmod +x install-pptp-centos5
./install-pptp-centos5

The Server Install: Five Easy Pieces. The installer will walk you through these five installation steps, but we’ll repeat them here so you have a ready reference down the road.

First, on your hardware-based firewall, map TCP port 1723 to the private IP address of your PIAF2 server. This tells the router to send all PPTP VPN traffic to your PIAF2 server when it hits your firewall. If you forget this step, your PPTP VPN will never work!

Second, you’re going to need a dedicated IP address on your private LAN to assign to the PPTP VPN server. Make sure it’s not an IP address from your router’s DHCP pool of addresses, and make sure it’s not one of the addresses from Step #3 below.

Third, you’re going to need two or more sequential IP addresses on your private LAN to assign to PPTP VPN clients that connect to your server. Remember, the PPTP design makes every remote client a node on your local area network so each client needs a private IP address on your LAN. Figure out how many client devices will be simultaneously connecting to your server and add one to it. Make sure the addresses you choose are in sequential order and not part of your router’s DHCP pool of addresses. Don’t use the address reserved for your PPTP server in Step #2 above. The address range should look something like this entry: 192.168.0.41-49. If you get the syntax wrong, guess what happens? If you screw it up, you can edit your localip and remoteip entries in /etc/pptpd.conf.

Fourth, each user is going to need a username to access your PPTP server. We’re going to set up credentials for one user as part of the install. You can add extra ones by adding entries to /etc/ppp/chap-secrets. For an extra layer of security, make the username as obscure as a password. Just don’t use any special characters. Upper and lowercase letters sprinkled with numbers are perfect. We recommend a length of at least 8 alphanumeric characters.

Fifth, make up an equally secure password to access your PPTP server. Same rules apply as in Step #4.

You’re done. Review your entries very carefully. If all is well, press Enter. If you blink, you may miss the completion of the install process. It’s that quick.

Configuring PPTP Client Devices. As we mentioned, there are available PPTP clients for Linux and Windows machines and Macs as well as Android and Apple smartphones and tablets. We’ve documented the steps for the various client setups on the PBX in a Flash Forum. Come visit! You’ll also discover some great tips from our resident gurus. We also would encourage you to post any questions that arise in your use of PPTP VPNs in that thread. You’ll get a quick and courteous response.

Secure VoIP Calling. The collateral benefit of implementing a PPTP VPN on your PIAF server is that all calls between remote extensions and home base can now be transmitted through a secure VPN tunnel. The only adjustment necessary using a SIP client on either an Android or Apple device is to replace the public server IP address with the server’s LAN IP address, and all of the communications traffic will flow through the VPN tunnel. The way we set up our Android phone with the Bria SIP client is to allocate an extension from the home office PIAF server to the SIP client and then enter the private IP address of the PIAF server in the Bria configuration. Then, when you’re at home base with WiFi, the client just works. And, when you’re on the road, just turn on the PPTP VPN, and Bria will register through the VPN tunnel using the exact same settings. It’s that easy, and it works great with WiFi or 3G/4G.

Checking for Connected Clients. If you get curious about who is logged into your PPTP server, here’s the command that’ll let you know: last | grep ppp.

GPL2 License. The install-pptp application is open source software licensed under GPL2. It has been specifically tailored for use on PBX in a Flash 2 (and now PIAF 1.7.x) servers, but it can easily be adjusted to work with virtually any Linux-based Asterisk system. If you make additions or changes, we hope you’ll share them on our forums for the benefit of the entire VoIP community. Enjoy!

What’s Next? For a more traditional client-server VPN which still relies upon a central server but uses a star topology to connect remote nodes, see this new Nerd Vittles article on the NeoRouter VPN.

Originally published: Monday, April 9, 2012




Need help with Asterisk? Visit the NEW PBX in a Flash Forum.


whos.amung.us If you’re wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what’s happening. It’s a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you’re seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity’s DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here’s a deal you can’t (and shouldn’t) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won’t get the special pricing! Vitelity’s rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest…

Travelin’ Man 3: Securing a PBX in a Flash or VoIP in the Cloud Server

UPDATE: Be sure to read about the latest enhancement to Travelin' Man 3 here.

We're big fans of playing with our own VoIP hardware. It has the advantage of allowing the installation of everything behind a secure, hardware-based firewall thereby eliminating almost all of the security issues associated with VoIP telephony. With PBX in a Flash™ and its Zero Internet Footprint™, you can run a secure VoIP server in your home or office with no port exposure to the Internet. This setup, of course, assumes that you have the necessary bandwidth to support Internet telephony and that you possess the necessary skill set to maintain your own Linux® server running Asterisk®, FreePBX®, Apache®, SendMail®, PHP®, and on and on. Not everyone does. And, of course, there are thousands of organizations in which employees and their phones are not colocated with the home office VoIP communications server. And, believe it or not, there are folks that run their VoIP server on the public Internet without any firewall protection. For all of you, today's your lucky day.

Lest you think that we've bitten off more than we can chew, we want to acknowledge the dozens of thought-provoking comments on the PIAF Forums that ultimately led to today's new release. That is the hidden beauty of open source development. So, thank you dad311, atsak, tbrummell, Hyksos, markieb, Ramblin, darmock, lowno, blanchae, bmore, vcallaway, jroper, mag, briankelly63, mbellot, phonebuff, The Deacon, Astrosmurfer, frontline, ou812, LostTrunk, lgaetz, kh40s, rossiv, and all of our other gurus that make the PIAF Forums a great place to learn something new every day.

Thanks to our good friends at RentPBX, who provide terrific technical and financial support to both Nerd Vittles and the PBX in a Flash project, you don't have to roll your own. And your phones can be anywhere because your communications server sits on the public Internet. If cost is a factor or for those outside the United States that need a U.S. presence to take advantage of services such as Google Voice, the $15 a month price point using the PIAF2012 coupon code makes RentPBX more than competitive with what it would cost you in electricity, Internet bandwidth, and hardware resources to do it yourself... minus the headaches. You get a stable PBX in a Flash or Incredible PBX platform from the git-go. In addition, issues of jitter and latency all but disappear from the VoIP equation because you can choose the site of your hosted PBX from a worldwide list of Internet POPs including five regions in the U.S. as well as Canada and Europe. Many sit within a few milliseconds of the Internet backbone.

What you don't have with a hosted PBX solution is a hardware-based firewall sitting between your server and the Big, Bad Internet. With PBX in a Flash, the risk is lessened because the IPtables Linux Firewall is baked into the fabric of PBX in a Flash. For a comprehensive overview of how IPtables works, read this article. It explains IPtables better than any book you could buy.

Today we're pleased to introduce Travelin' Man 3™, a completely new security methodology based upon FQDN Whitelists and DDNS. In a nutshell, you get set-it-and-forget-it convenience and rock-solid VoIP security for your Cloud-based PBX or any PBX in a Flash server that's lacking a hardware-based firewall and you get both transparent connectivity and security for your mobile or remote workforce. We'll quickly cover the mechanics of this new IPtables methodology that allows you to secure your hosted PBX without compromising flexibility. The nitty gritty details of IPtables and firewalls we'll leave for you to explore at your leisure.

And, speaking of leisure, we always get the question: "Have you tested it?" For frequent readers of Nerd Vittles, you already know the answer. We eat our own dog food! In the case of Travelin' Man 3, we gave it a healthy workout just last week from the deck of the Carnival Fantasy as we passed by Cape Canaveral and in Key West with 4G service, and finally in several ports with WiFi access in the Bahamas. The beauty of the new design is you'll know instantly if it's not working because you'll never get your VoIP SIP phone to connect back to your VoIP server. We had zero problems using nothing more than an Android phone for both DynDNS updates and Bria SIP phone service. Being a pioneer isn't always easy, but... Somebody's gotta do it™. :wink:

Unlike previous iterations of Travelin' Man, version 3 lets you configure remote phone access from the server and keep one or hundreds of phones in sync even with changing IP addresses using dynamic DNS update software at the sites of the remote phones. Whether the site is a remote office or a floating hotel room, any PC or Mac whether it's a desktop or netbook can automatically manage the dynamic DNS updates while keeping all of the local phones securely connected to the VoIP Cloud. And any jail-broken iPhone can manage the updates as well. With Android phones, it's even better. You have your pick of several great apps: DynDNS Client, Dynamic DNS Client, or Dynamic DNS Updater. We've found the DynDNS Client to be nearly perfect. As we'll explain in a minute, this version of Travelin' Man is not compatible with prior versions so you'll need to choose either the manual methodology of previous iterations or version 3 which does it automagically.

A New Approach to WhiteLists. Our new approach to IPtables is to lock down your server using a WhiteList of safe IP addresses and fully-qualified domain names (FQDNs) that should be given access to your hosted VoIP server. Then we'll periodically check to see if the IP addresses associated with the FQDNs have changed and make the necessary adjustments automatically. If any intruder attempts to access any port on your PBX, their packets are simply discarded by IPtables so the bad guys never know your server exists.

We've experimented with BlackLists for VoIP security, and the bottom line is they just don't work because of inherent problems with reliability and completeness. You spend your entire day updating lists of the bad guys only to discover that they've morphed to thousands of new IP addresses. Think Whack-A-Mole. IP addresses can easily be changed, and zombies have made attacks from third-party PCs a daily occurrence. Earlier this month, Nerd Vittles was hit with a denial of service attack from 30,000+ zombie PCs. This was in spite of the fact that we already block well over 100,000 IP addresses with the world's finest blacklists. Now it's 130,000. :roll: Of course, none of the owners of these PCs had any idea how their computers were being used. I'm reminded of a famous judge's secretary who received a knock at her door one Sunday morning from the FBI. They informed her that she was using her computer to host porno movie downloads. I won't offend your tender sensibilities by repeating what she actually told those "young men."

There's also the problem of dynamic IP addresses which means an address that was used by a bad guy yesterday may be handed out by the same ISP to your grandma tomorrow. And it didn't take the bad guys long to poison blacklists with IP addresses that you actually need for services such as DNS or network time services. If you've ever had an IP address that ended up on one of the major blacklists, you know what a hassle it is to get your IP address unBlacklisted. The Soup Nazi has nothing on these folks.

Bottom Line: Public web sites are pretty much forced to use BlackLists because they want their sites to be generally accessible. With a VoIP server, we have the luxury of choice, and WhiteLists are much more effective for server security.

Overview. Our recommended design works like this. Block everything. Then permit packets from known hosts and non-routable IP addresses only, and limit known hosts to only the services they actually need. For example, a VoIP provider such as Vitelity that is providing a DID for your inbound calls doesn't need web access to your server. They need SIP and RTP access. Nothing more. The same goes for a remote user: SIP and RTP access so their SIP phone works. Nothing more. You, as Administrator, need complete access to the server but only from a specific, defined IP address. We, of course, don't want IPtables to have to inspect and filter every single packet flowing into and out of your server because that would bog things down. And we don't want users on your private LAN and remote users with dynamic IP addresses to have to wrestle with updating their phones just to stay connected. So, we've opened up all non-routable IP addresses and, once we've verified that a remote site is authorized access, then subsequent packets flowing into and out of the server for that IP address will be passed along without additional packet inspection. And once we set up the FQDN for a remote user, local dynamic DNS update clients can be used to automate the process of keeping IP addresses current. Then, every few minutes, we'll let your server check whether there's been a change in any users' dynamic IP addresses. If so, we'll simply refresh the IP addresses of all FQDNs using an IPtables restart to bring the phones back to life. To end users, The Phones Just Work™.

Finally, a word about security for VoIP in the Cloud servers. If you run a virtual machine from any hosting provider with wide open access to SIP, IAX, and web services, it's just a matter of time before your server is going to be compromised, period! If you foolishly use credit card auto-replenishment for one or more of your hosting providers then you might as well mail a blank check to the bad guys and wait for them to cash it. Today's tools will take you less than a minute to permanently lock down your server. So... JUST DO IT™.

To give you some idea of how far the Android platform has come, here are a couple screenshots of our Samsung 4G Skyrocket smartphone running three simultaneous VoIP apps all day, every day: Bria SIP extension to our PIAF2 server in Charleston, CSipSimple extension to our RentPBX VM in California, and GrooveIP session with Google Voice. Try that on your 3G iPhone 4S. :wink:

We're officially releasing this for RentPBX users running PBX in a Flash or Incredible PBX 3™. These folks have been our pioneers for a very long time, and we like to take care of them first. Properly installed, Travelin' Man 3 should work fine on any PIAF™ or Incredible PBX system. We'll make a backup of /etc/sysconfig/iptables before replacing your IPtables setup with the PIAF default setup. It assumes ALL of your traffic is flowing on eth0. If that's not the case, don't use it without major modifications! We would hasten to add that Travelin' Man 3 is licensed as GPL2 open source software. So it's available NOW to everyone to use or to embellish as they see fit. We hope every provider of VoIP services offering virtual machines in the cloud as well as those without a hardware-based firewall to protect your Asterisk server will take advantage of the opportunity to customize and deploy this code for their particular IPtables environment. To paraphrase Bill Clinton: "It's your phone bill, stupid!"

Deploying Travelin' Man 3. Here's how to deploy Travelin' Man 3 on your server. In Step #1, we run secure-iptables. This locks down virtually all IP ports and services in the original IPtables configuration for PBX in a Flash to either the IP address or the FQDN of the administrator. Be advised that this setup uses the default ports for all PIAF services, e.g. SSH, WebMin, HTTP, etc. If you use custom ports, you'll need to modify the script accordingly. If the administrator is on the move or has a dynamic IP address on his or her desktop or notebook PC/Mac that will be used to administer the cloud server, then use an FQDN, not a static IP address, when you run secure-iptables.

Step #2 is automatic and is part of secure-iptables. It opens SIP and IAX port access for "trusted providers" such as Google, Vitelity, etc. This is covered in detail below. We also open accessibility from non-routable IP addresses. You obviously can close or limit private LAN access, if desired. We included it for the benefit of those running and administering PBX in a Flash on private LANs where internal security is not a concern.

In Step #3, we'll let you set up additional access for other providers, users, and phones. You get your choice of up to 9 separate services in addition to the whole enchilada, and each account gets a name and a file to keep track of the latest IP address entry: somename.iptables. These are stored in /root. Don't delete them! New accounts can be added using either a static IP address (add-ip) or an FQDN (add-fqdn). These accounts also can be deleted whenever necessary (del-acct). You can rerun secure-iptables whenever you like, but it automatically deletes all custom user accounts. Here's the list of services from which to choose. Mix and match as desired to meet your own requirements.

0 - All Services
1 - SIP (UDP)
2 - SIP (TCP)
3 - IAX
4 - Web
5 - WebMin
6 - FTP
7 - TFTP
8 - SSH
9 - FOP

Just a word of caution. IPtables stores its setup in /etc/sysconfig/iptables, but it actually runs from an image in memory on your Linux server. As part of the load process, IPtables converts all FQDNs stored on disk to static IP addresses. This speeds up firewall processing enormously. While it's possible to add IPtables rules in memory without writing them to disk (as in the original Travelin' Man design), don't do it with Travelin' Man 3! You will lose these settings whenever IPtables is restarted by running any of the above scripts or whenever a refresh of FQDN IP addresses becomes necessary. Whatever you do, never ever run the command: service iptables save. This command is used to write the IPtables entries in memory to disk. In doing so it writes only static IP addresses to disk. This will erase (a.k.a. ruin) your Travelin' Man 3 FQDN setup and force you to start over with Step #1. Otherwise, none of your FQDN's would ever get refreshed because they've all disappeared and become static IP addresses.

IPtables also has a major shortcoming IMHO. We support FQDNs in IPtables to make it more flexible. However, a failed FQDN during an IPtables restart will cause IPtables not to load at all. We have worked around this by adding our own restart command which you should always use: iptables-restart. You've been warned.

Locking Down Your Server. While there's still time, let's spend a minute and lock down your server to the public IP address of the PC that you use to administer the system. If you don't know the public IP address of the desktop machine you use to manage your server, then click on this link using a browser on that machine, and our web site will tell you the IP address.

Now log into your virtual machine as root using SSH and issue the following commands:

cd /root
wget http://incrediblepbx.com/travelinman3.tar.gz
tar zxvf travelinman3.tar.gz
yum -y install bind-utils
./secure-iptables

When prompted for the FQDN or IP address of your Administrator PC, use the FQDN if you have one. Otherwise, type in the IP address and press the Enter key. Agree to the terms of service and license agreement by pressing Enter. When the IPtables file displays, verify that you have typed your FQDN or IP address correctly, or you will lock yourself out of your own server. Press Ctrl-X to exit the editor, and then press Enter to update IPtables and save your new configuration.

NOTE: If you are running PBX in a Flash in a cloud environment, be sure to add an entry to Travelin' Man 3 with the IP address of your cloud server. ifconfig will tell you what the IP address is. To add the entry, issue the command: /root/add-ip cloud 12.34.56.78 using your actual cloud IP address.

WARNING: If you use an FQDN for your Administrator PC and it points to a dynamic IP address, be sure to also add this same FQDN using add-fqdn. Otherwise, IP address changes will not be detected, and you may lock yourself out of your own server.

Nobody can access your server except someone seated at your PC or on your private LAN with your login credentials. You can repeat this process as often as you like because each time the script is run, it automatically restores your original IPtables configuration. Now let's grant access to your SIP providers and those using remote SIP or IAX phones.

Using DynDNS to Manage FQDNs. The key ingredient with Travelin' Man 3 is automatic management of dynamic IP addresses. When a user or even the administrator moves to a different location or IP address, we don't want to have to manually adjust anything. So what you'll first need is a DynDNS account. For $20 a year, you can set up 30 FQDNs and keep the IP addresses for these hostnames current 24-7. For $30 a year, you can manage 75 hostnames using your own domain and execute up to 600,000 queries a month. That's more than ample for almost any small business but, if you need more horsepower, DynDNS.com can handle it. What we recommend is setting up a separate FQDN for each phone on your system that uses a dynamic IP address. This can include the administrator account if desired because it works in exactly the same way. When the administrator extension drops off the radar, a refresh of IPtables will bring all FQDNs back to life including the administrator's account. Sounds simple? It is.

Preparation. Before we make further modifications to IPtables in Step #3, let's make a list of all the folks that will need access to your VoIP Server in the Cloud. For each entry, write down the name of the person, server, or phone as well as the type of entity which needs server access. Then provide either the static IP address or FQDN for each entry. If one or more of your IP addresses are dynamic (meaning the ISP changes them from time to time), we'll cover managing dynamic IP addresses in a minute. For now, just make up a fully-qualified domain name (FQDN) for each dynamic IP address using one of the available DynDNS domains. For static IP addresses, use the FQDN or the IP address. HINT: FQDNs make it easy to remember which entry goes with which provider.

Make a list of your providers NOT in this list: Vitelity (outbound1.vitelity.net and inbound1.vitelity.net), Google Voice (talk.google.com), VoIP.ms (city.voip.ms), DIDforsale (209.216.2.211), CallCentric (callcentric.com), and also VoIPStreet.com (chi-out.voipstreet.com plus chi-in.voipstreet.com), Les.net (did.voip.les.net), Future-Nine, AxVoice (magnum.axvoice.com), SIP2SIP (proxy.sipthor.net), VoIPMyWay (sip.voipwelcome.com), Obivoice/Vestalink (sms.intelafone.com), Teliax, and IPkall. The providers listed above are already enabled in the secure-iptables setup script. We call them Trusted Providers only because we trust them and have personally used all of them. We consider them reliable folks with whom to do business. It doesn't mean others aren't. It simply means these are ones we have tested with good results over the years. The only providers you'll need to add are ones we haven't provided. Also be sure to check whether the FQDNs of the providers above cover the server for your account. If not, you'll need to manually add those FQDNs as well. Keep in mind that trusted providers will have full SIP and IAX access to your server so stick with tried-and-true providers for your own safety. The PBX in a Flash Forum and DSL Reports are good sources of information on The Good, The Bad, and The Ugly.

Finally, list with a name each phone that will be connected to an extension on your server. If you have 10 traveling salesmen, then you might want to name them all by last name and also provide FQDNs with their last names, e.g. smith.dyndns.org and jones.dyndns.org. No spaces or punctuation in names or FQDNs! We strongly recommend using FQDNs wherever you can because it means zero work for you when a provider changes an IP address. Here's the table we use:

Name
Type: Person, Provider, Server, Phone
IP Address Type: Static or Dynamic
FQDN or IP Address
Services Desired: SIP, IAX, Web, FTP, SSH, etc.

Step #3: Adding Authorized Users. Now take your list and add each account to your server while logged in as root and positioned in the /root directory. For static IP addresses, use add-ip. For dynamic IP addresses and FQDNs, run add-fqdn and plug in the FQDN for each account. When one of your accounts needs to be removed, just run del-acct from the /root folder on your server and plug in the name of the account to delete. If a user changes from a static IP address to a dynamic IP address or vice versa, just delete the user and then add them again with the new IP address or FQDN. All of the accounts are stored in /root and have names like this: name.iptables.

Step #4: Setting Up DynDNS Client Updates. There are actually two pieces in the Dynamic DNS update puzzle. At the end-user side, you need to deploy a DynDNS update client on the same subnet as the phone of your user. See the links above to download the update software you prefer. In the case of cellphones with SIP phone capability, this could be as simple as installing the DynDNS update client directly on the phone itself. Plug in your DynDNS credentials as well as the FQDN associated with the particular phone, and the rest is automatic.

Step #5: Setting Up IPtables Auto-Refresh. Finally, we need a way for your server to discover when a refresh of FQDNs becomes necessary because someone's IP address has changed. The simplest way to do this is to automatically run a simple script (ipchecker) that polls the DNS authoritative server to determine whether the dynamic IP address associated with an FQDN has changed. If so, we'll update the account.iptables file to reflect the new IP address and then restart IPtables. This will refresh all IP addresses associated with FQDNs. If all or most of your users spend time sleeping each day, you may wish to run the script only during certain (waking) hours of the day so your server has less of a load. The other consideration is how often to check. The guideline here is how long can any user live without their SIP phone being connected to your server. 10 minutes may be reasonable for some. 60 minutes may suffice for others. For us, it's 3 minutes. It's your choice. The way Travelin' Man 3 works is, whenever at least one account has an IP address change, it will trigger a restart of IPtables to do an IP address refresh for all of the FQDNs.

The top of the ipchecker script in /root looks like this:

#!/bin/bash

# Insert the account filenames to be checked below
# Remember to increment the account[#] for new entries

account[0]=larry.iptables
account[1]=curly.iptables
account[2]=moe.iptables

# ipchecker (c) Copyright 2012, Ward Mundy & Associates LLC.

You'll need to edit the script (nano -w /root/ipchecker) and modify the section in bold to reflect the actual FQDN account names you've created on your server that are associated with dynamic IP addresses only. You don't want to monitor accounts with static IP addresses or FQDNs that never get updated. When those extensions are off-line, it's not because their IP address changed, and restarting IPtables won't really help to improve the situation. Be sure to increment the account[n] array for each new account that you want to monitor and use the exact format shown in the example above. Before you enter an account in the script, display the contents of the file using cat /root/accountname.iptables. Make certain that the file includes BOTH an FQDN, then a space, and then an IP address. If not, delete the account (del-acct) and add it again using add-fqdn.

Once you've entered all of your accounts with dynamic IP addresses, save the script: Ctl-X, Y, then Enter. Run the script manually now to be sure it works as you intended: /root/ipchecker. Be advised that typos that list accounts that don't exist will cause problems. Error checking consumes processing cycles by requiring additional queries so we've left it out. That means it's solely up to you to check your account names for accuracy. And, remember, only include accounts that have dynamic IP addresses with FQDNs.

Step #6: Automating FQDN Refreshes with Cron. Finally, you'll need to add an entry to the bottom of /etc/crontab using nano. If you wanted the script to run 24 hours a day at 10 minute intervals, here's the command:

*/10 * * * * root /root/ipchecker > /dev/null

If you wanted the script to only run between the hours of 8 a.m. and 9 p.m. (server time zone) at 10 minute intervals, then you'd use something like this:

*/10 8-21 * * * root /root/ipchecker > /dev/null

On our RentPBX complimentary account which we use while traveling, we actually set the interval to 3 minutes. Since the DNS lookups use dig, changes on Android phones using the DynDNS client are almost instantaneous even with automatic switching between WiFi and cellular service. Finally, be sure to type date on your server and verify which time zone your cloud server thinks it's in! Adjust the times in /etc/crontab accordingly.

Be sure to check back here periodically for updates and follow the latest happenings about Travelin' Man 3 in this thread on the PIAF Forums. Enjoy!

Originally published: Thursday, March 29, 2012   Updated: April 19, 2014

UNLESS YOU DISCONTINUE USING FQDN'S WITH IPTABLES, IT IS ABSOLUTELY ESSENTIAL THAT YOU MONITOR YOUR SERVER DAILY IF YOU ARE RELYING EXCLUSIVELY UPON IPTABLES AS YOUR FIREWALL PROTECTION MECHANISM AND YOU ARE USING FQDN'S AS PART OF YOUR CENTOS SECURITY METHODOLOGY!




Need help with Asterisk? Visit the NEW PBX in a Flash Forum.


whos.amung.us If you're wondering what your fellow man is reading on Nerd Vittles these days, wonder no more. Visit our new whos.amung.us statistical web site and check out what's happening. It's a terrific resource both for us and for you.


 
New Vitelity Special. Vitelity has generously offered a new discount for PBX in a Flash users. You now can get an almost half-price DID from our special Vitelity sign-up link. If you're seeking the best flexibility in choosing an area code and phone number plus the lowest entry level pricing plus high quality calls, then Vitelity is the hands-down winner. Vitelity provides Tier A DID inbound service in over 3,000 rate centers throughout the US and Canada. And, when you use our special link to sign up, the Nerd Vittles and PBX in a Flash projects get a few shekels down the road while you get an incredible signup deal as well. The going rate for Vitelity's DID service is $7.95 a month which includes up to 4,000 incoming minutes on two simultaneous channels with terminations priced at 1.45¢ per minute. Not any more! For PBX in a Flash users, here's a deal you can't (and shouldn't) refuse! Sign up now, and you can purchase a Tier A DID with unlimited incoming calls for just $3.99 a month. To check availability of local numbers and tiers of service from Vitelity, click here. Do not use this link to order your DIDs, or you won't get the special pricing! Vitelity's rate is just 1.44¢ per minute for outbound calls in the U.S. There is a $35 prepay when you sign up. This covers future usage and any balance is fully refundable if you decide to discontinue service with Vitelity.
 


Some Recent Nerd Vittles Articles of Interest...

Ringbinder theme by Themocracy