Free Ekiga.net SIP acct + Twinkle + ZRTP = Free, SECURE VOIP - Raspberry Pi Forums
how can done on raspberry pi? with:
- twinkle, lightweight, open source sip client, installable on raspberry pi, on many other linux distros, ubuntu.
- zrtp, open standard encrypting sip calls, twinkle supports.
- free ekiga.net sip account. you'll able make secure sip voice-only calls other ekiga.net user who's online, as other computer on lan, twinkle configured same way (in "office intercom"-like fashion. on james bond, when q or m presses intercom button on desk talk moneypenny). ;]
hardware needed:
- usb webcam microphone. our purposes here, need microphone.
- headphones, or amplified speakers.
- might want usb audio dongle. use onboard bcm2835, had nasty-loud static popping heard during calls. when used "turtle beach audio advantage micro" usb sound dongle instead, had no popping, though using same amplified speakers, same audio codecs in twinkle, , calling same "echo test" number. here's how blacklisted bcm2835 module, turtle beach became "soundcard".
prerequisite configuration:
- raspbian wheezy
- should overclock 1000 mhz. @ speed, sip call takes 50% cpu steadily, encrypted or not.
procedure:
1) sign free ekiga.net sip account. in our example, let's pretend sip account created called "your_username@ekiga.net".
2) install twinkle: launch it, click ok create profile. click "profile editor". call "your_username@ekiga.net". click "ok".
user name: your_username
domain: ekiga.net
password: your_password
point, there alot of possible settings fiddled with, , recommend follow minimalistic advice closely start with, , fiddle around later if necessary. on left, click "rtp audio". on codecs tab, re-arrange "active codecs:" thusly (which ordering work best me, i'm on hughesnet satellite internet): g.711 u-law, g.711 a-law, gsm, speex-wb, speex-nb. in "preprocessing" tab, check "acoustic echo cancellation". click "ok" @ bottom, , "ok" again bring "system settings". click "audio" on left. "ring tone", "speaker", , "microphone", set alsa default. none of these work. pull down each one, selecting alsa choice mentioning "plughw", along specific name of corresponding devices (such bcm2835). click "ok".
3) time make "echo test" sip call, verify hardware , network connection works well. provide username again: "your_username", , hit enter. after pause, should see "registration succeeded", meaning you've logged sip account successfully. type "500" "call:" box , hit enter. lady's voice should explain echo test, , should able talk , hear back. once successful, click "bye" button in upper right hang up.
4) have geek friend same twinkle sip setup (up point) can call (to try zrtp-encrypted call with)? if not, can simulate one, installing same twinkle setup on second gnu/linux machine on lan (in same subnet). on second machine, "domain", use ip address of machine, , use whatever username like. that's right: though neither computer has sort of sip server running, twinkle clients can talk directly each other, long each endpoint knows username, , ip address of other computer! "poor man's office intercom". if go route, you'll need set second sip account in twinkle on raspberry pi, use within lan. here's how: pull down "file" menu -> change user -> in "create profile" area on right, click "editor" button. name "me_on_raspi", set username "me_on_raspi", , domain ip address of raspberry pi. you'll unfortunately need re-enter few settings earlier: on left, click "rtp audio". on codecs tab, re-arrange "active codecs:" thusly (which ordering work best me, i'm on hughesnet satellite internet): g.711 u-law, g.711 a-law, gsm, speex-wb, speex-nb. in "preprocessing" tab, check "acoustic echo cancellation". click "ok" @ bottom. ensure new profile "me_on_raspi" has checkmark beside it, , click ok. you're logged both sip accounts simultaneously (and correct sip account used, based on sip address's domain, when enter sip address call). test making sip call other computer, calling "other_user@<other_ip_address>". once call established, should speak , hear audio coming out of both computers before proceeding.
once you've found geek friend, or set second gnu/linux computer on lan accordingly, proceed next step.
5) time try out zrtp encryption. pull down "edit" menu, , choose "user profile". click "security" in lower left. check "enable zrtp/srtp encryption", , "only encrypt audio if remote party indicated zrtp support in sdp". if made second sip account in previous step, pull down "user profile" @ top of window, , select other sip account, repeating enable zrtp similarly. click "ok" button @ bottom. enter sip address of callee, has twinkle online, , has zrtp enabled same way. when call shown "established", right beside it, there's golden padlock, , 4-character password right of padlock. once both users confirm password same, each user must click padlock, such green checkmark appears on padlock. in "display" area of twinkle, message appears, saying "sas confirmed". having encrypted conversation!
6) feel free discuss "sensitive" subject matter wish, being cool cucumber in bowl of hot sauce. ;]
final notes:
- imho extremely cool if ekiga.net free sip accounts became "lowest common denominator" raspberry pi users judiciously make free, encrypted voice calls each other, wether they're using raspberry pi's, or more powerful machines. proposal raspberry pi community.
- forum allows users edit user profiles, , specify "jabber address" (which equivalent xmpp account name), unfortunately there's no "sip address". forum admins, forgive nagging, please add field "sip address"?
- twinkle, lightweight, open source sip client, installable on raspberry pi, on many other linux distros, ubuntu.
- zrtp, open standard encrypting sip calls, twinkle supports.
- free ekiga.net sip account. you'll able make secure sip voice-only calls other ekiga.net user who's online, as other computer on lan, twinkle configured same way (in "office intercom"-like fashion. on james bond, when q or m presses intercom button on desk talk moneypenny). ;]
hardware needed:
- usb webcam microphone. our purposes here, need microphone.
- headphones, or amplified speakers.
- might want usb audio dongle. use onboard bcm2835, had nasty-loud static popping heard during calls. when used "turtle beach audio advantage micro" usb sound dongle instead, had no popping, though using same amplified speakers, same audio codecs in twinkle, , calling same "echo test" number. here's how blacklisted bcm2835 module, turtle beach became "soundcard".
prerequisite configuration:
- raspbian wheezy
- should overclock 1000 mhz. @ speed, sip call takes 50% cpu steadily, encrypted or not.
procedure:
1) sign free ekiga.net sip account. in our example, let's pretend sip account created called "your_username@ekiga.net".
2) install twinkle:
code: select all
sudo apt-get install twinkleuser name: your_username
domain: ekiga.net
password: your_password
point, there alot of possible settings fiddled with, , recommend follow minimalistic advice closely start with, , fiddle around later if necessary. on left, click "rtp audio". on codecs tab, re-arrange "active codecs:" thusly (which ordering work best me, i'm on hughesnet satellite internet): g.711 u-law, g.711 a-law, gsm, speex-wb, speex-nb. in "preprocessing" tab, check "acoustic echo cancellation". click "ok" @ bottom, , "ok" again bring "system settings". click "audio" on left. "ring tone", "speaker", , "microphone", set alsa default. none of these work. pull down each one, selecting alsa choice mentioning "plughw", along specific name of corresponding devices (such bcm2835). click "ok".
3) time make "echo test" sip call, verify hardware , network connection works well. provide username again: "your_username", , hit enter. after pause, should see "registration succeeded", meaning you've logged sip account successfully. type "500" "call:" box , hit enter. lady's voice should explain echo test, , should able talk , hear back. once successful, click "bye" button in upper right hang up.
4) have geek friend same twinkle sip setup (up point) can call (to try zrtp-encrypted call with)? if not, can simulate one, installing same twinkle setup on second gnu/linux machine on lan (in same subnet). on second machine, "domain", use ip address of machine, , use whatever username like. that's right: though neither computer has sort of sip server running, twinkle clients can talk directly each other, long each endpoint knows username, , ip address of other computer! "poor man's office intercom". if go route, you'll need set second sip account in twinkle on raspberry pi, use within lan. here's how: pull down "file" menu -> change user -> in "create profile" area on right, click "editor" button. name "me_on_raspi", set username "me_on_raspi", , domain ip address of raspberry pi. you'll unfortunately need re-enter few settings earlier: on left, click "rtp audio". on codecs tab, re-arrange "active codecs:" thusly (which ordering work best me, i'm on hughesnet satellite internet): g.711 u-law, g.711 a-law, gsm, speex-wb, speex-nb. in "preprocessing" tab, check "acoustic echo cancellation". click "ok" @ bottom. ensure new profile "me_on_raspi" has checkmark beside it, , click ok. you're logged both sip accounts simultaneously (and correct sip account used, based on sip address's domain, when enter sip address call). test making sip call other computer, calling "other_user@<other_ip_address>". once call established, should speak , hear audio coming out of both computers before proceeding.
once you've found geek friend, or set second gnu/linux computer on lan accordingly, proceed next step.
5) time try out zrtp encryption. pull down "edit" menu, , choose "user profile". click "security" in lower left. check "enable zrtp/srtp encryption", , "only encrypt audio if remote party indicated zrtp support in sdp". if made second sip account in previous step, pull down "user profile" @ top of window, , select other sip account, repeating enable zrtp similarly. click "ok" button @ bottom. enter sip address of callee, has twinkle online, , has zrtp enabled same way. when call shown "established", right beside it, there's golden padlock, , 4-character password right of padlock. once both users confirm password same, each user must click padlock, such green checkmark appears on padlock. in "display" area of twinkle, message appears, saying "sas confirmed". having encrypted conversation!
6) feel free discuss "sensitive" subject matter wish, being cool cucumber in bowl of hot sauce. ;]
final notes:
- imho extremely cool if ekiga.net free sip accounts became "lowest common denominator" raspberry pi users judiciously make free, encrypted voice calls each other, wether they're using raspberry pi's, or more powerful machines. proposal raspberry pi community.
- forum allows users edit user profiles, , specify "jabber address" (which equivalent xmpp account name), unfortunately there's no "sip address". forum admins, forgive nagging, please add field "sip address"?
addendum step 4 above: if choose call geek friend (on ekiga.net), , you're nat'ted behind firewall, you'll need specify stun server in twinkle's settings.
how know if you're nat'ted? if ip address of raspberry pi starts 192.168., or 10., or 172.16., that's telltale evidence. these private lan addresses, , cannot directly connected computers out on internet-at-large. that's stun servers for: allowing others connect (i.e. initiate sip calls you), overcoming "nat'tedness".
here's specify stun server in twinkle: pull down "edit" menu -> user profile -> ensure sip account (that connects beyond lan) selected in "user profile" dropdown @ top (like ekiga.net account) -> click "transport/nat" on left -> under nat traversal, click "use stun (does not work incoming tcp)" radio button -> could enter "stunserver.org" (which free stun server public use, hint, hint) onto "stun server:" textbox -> click "ok" button @ bottom. change take effect: pull down "registration" menu -> "deregister all" (to log out of changed sip accounts), pull down "registration" menu -> "register".
if friend you're wanting connect nat'ted, they'll have procedure, or won't able initiate sip calls them.
how know if you're nat'ted? if ip address of raspberry pi starts 192.168., or 10., or 172.16., that's telltale evidence. these private lan addresses, , cannot directly connected computers out on internet-at-large. that's stun servers for: allowing others connect (i.e. initiate sip calls you), overcoming "nat'tedness".
here's specify stun server in twinkle: pull down "edit" menu -> user profile -> ensure sip account (that connects beyond lan) selected in "user profile" dropdown @ top (like ekiga.net account) -> click "transport/nat" on left -> under nat traversal, click "use stun (does not work incoming tcp)" radio button -> could enter "stunserver.org" (which free stun server public use, hint, hint) onto "stun server:" textbox -> click "ok" button @ bottom. change take effect: pull down "registration" menu -> "deregister all" (to log out of changed sip accounts), pull down "registration" menu -> "register".
if friend you're wanting connect nat'ted, they'll have procedure, or won't able initiate sip calls them.
raspberrypi
Comments
Post a Comment