EDIT: THIS SETUP IS FOR PEOPLE WHO WANT A RELIABLE ALTERNATE TO USING MAIN STREAM SERVICES. THIS IS YOUR OWN SERVER -- AND YOU WILL BE THE ONLY ONE USING IT AS OPPOSED TO HUNDREDS OR THOUSANDS OF OTHER USERS. I'VE BEEN USING THIS FOR SIX MONTHS WITH NO ISSUES. BEFORE THIS I WAS USING PBXES.ORG AND THE SERVICE WAS 'OK' AND I MISSED SOME CALLS. I'VE HAD ZERO ISSUES WITH THIS SETUP.
A few people have asked me for a guide on howto setup Asterisk on an Amazon EC2 micro instance for their Nexus 4. Amazon offers a free micro instance for one year (new signups). Even after your first year it's pretty cheap to keep it running. Amazon's bandwidth will be faster than setting up Asterisk on your own home server (in most cases).
Once you have the server up and running you can easily configure your favorite SIP client on your Nexus 4 to enjoy free calling with your Google Voice account. This is particularly useful for people such as myself who are on the $30 T-Mobile plan.
As a bonus, I've also included the steps to setup a PPTP VPN.
This guide assumes that you've already setup your AWS account and figured out how to set the security group. You will need to open some ports (TCP: 22, 1723, 5060. UDP: 5060, 10000-20000)
Step 1. Goto: http://uec-images.ubuntu.com/releases/10.04/release/ and pick the t1.micro instance (ebs 64 bit) for the region that you setup in AWS. Launch this instance (there is a button) and get it working with the security group that you configured. After it's launched you need to setup an Elastic IP and associate it with the instance. After that go ahead and log into your new micro instance server. Once you get to this point, then you can continue with the guide. There are TONS of resources (including youtube videos) on how to get to this point. It's not rocket science.
Step 2. Setup firewall settings for pptpd and asterisk. Lucid also has firewall settings that need to be adjusted.
Code:
#Uncomplicated Firewall
sudo ufw enable
sudo ufw allow 22/tcp
sudo ufw allow 1723/tcp
sudo ufw allow 5060/tcp
sudo ufw allow 5060/udp
sudo ufw allow 10000:20000/udp
#check status
sudo ufw status
#edit /etc/default/ufw and enable forward policy
DEFAULT_FORWARD_POLICY="ACCEPT"
#edit /etc/ufw/sysctl.conf and uncomment
net/ipv4/ip_forward=1
#edit /etc/ufw/before.rules and add this after the header comments
---<BEGIN>--- (DON'T COPY THIS LINE)
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic through eth0.
-A POSTROUTING -o eth0 -j MASQUERADE
# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT
---<END>--- (DON'T COPY THIS LINE)
#disable and enable to apply changes
sudo ufw disable && sudo ufw enable
Step 3. Recompile Kernel. The default kernel is set at 100HZ timing, this will give you HORRIBLE VOIP quality. The kernel needs to be recompiled to 1000HZ timing.
Code:
# Make yourself root
sudo su
# Update source list:
aptitude update
# Upgrade everything:
aptitude upgrade
# Install dependencies:
apt-get build-dep linux-image-$(uname -r)
apt-get build-dep linux
apt-get install fakeroot build-essential
apt-get install crash kexec-tools makedumpfile kernel-wedge
apt-get install libncurses5 libncurses5-dev
apt-get install libelf-dev asciidoc binutils-dev kernel-package
apt-get install git-core
cd /usr/src
git clone git://kernel.ubuntu.com/ubuntu/ubuntu-lucid.git
cd ubuntu*
git checkout --track -b ec2 origin/ec2
fakeroot debian/rules clean
fakeroot debian/rules editconfigs
# Configuration window should now appear, do the following:
Select YES
# Navigate to:
Processor type and features -> Timer frequency
# Select the 1000HZ frequency
Exit
Exit
Yes (Save)
#After saving and returning to prompt it may ask you to do it again for i386, select yes and repeat!
This next command will take about 7 hours to recompile the kernel. But, there is a shortcut. Amazon charges by the minute for each instance type that you use. I recommend shutting down your instance at this point and changing it to a m1 extra large instance type (this will cost you about 70 cents). This will increase your micro instance from:
613 MiB memory
Up to 2 EC2 Compute Units (for short periodic bursts)
EBS storage only
32-bit or 64-bit platform
I/O Performance: Low
EBS-Optimized Available: No
API name: t1.micro
to:
15 GiB memory
8 EC2 Compute Units (4 virtual cores with 2 EC2 Compute Units each)
1,690 GB instance storage
64-bit platform
I/O Performance: High
EBS-Optimized Available: 1000 Mbps
API name: m1.xlarge
The compiling time will be reduced to about 25 minutes.Once you got the instance backup with the m1.xlarge instance, continue like so:
Code:
sudo su
cd /usr/src/ubuntu*
fakeroot debian/rules binary
#Check if your deb files were created
cd ..
ls *.deb
#install new kernel
#IF A GRUB MENU POPS UP PICK PACKAGE VERSION
sudo dpkg -i linux-*.deb
Then shutdown your system again and change it back to a micro instance. Then boot it back up.
#Check your new Kernel version
Code:
uname -r
#Check if Kernel HZ value change persisted:
cat /boot/config-`uname -r` | grep HZ
#If value 1000HZ=yes then you did it right!
Step 4. Install Asterisk 11
Code:
#become root
sudo su
# Install dependencies:
apt-get install libiksemel-dev libsqlite3-dev libssl-dev libnewt-dev libxml2-dev
#get source
#note: dahdi needs to be installed to compile and install libpri -- we don't really need it for any other reason
cd /usr/src/
wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-1.4-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11-current.tar.gz
#extract source
tar zxvf dahdi-*
tar zxvf libpri-*
tar zxvf asterisk-11*
#resolve error for compiling dahdi
ln -nsf /usr/src/linux-headers-`uname -r`/include/asm-x86 /usr/src/linux-headers-`uname -r`/include/asm
#install dahdi
cd /usr/src/dahdi*
make && make install && make config
#install libpri
cd /usr/src/libpri-1.4*
make && make install
#install asterisk
#note: once the menu pops up check and make sure you have chan_motif and xmpp (should have a * next to them)
cd /usr/src/asterisk*
./configure && make menuselect && make && make install && make config && make samples
Step 5. Configure Google Voice
Backup original conf files (you should still be root)
Code:
cd /etc/asterisk
cp extensions.conf extensions.conf.orig
cp motif.conf motif.conf.orig
cp sip.conf sip.conf.orig
cp xmpp.conf xmpp.conf.orig
New Config files compiled by jhax01 - GO TO POST #85 FOR MORE DETAILS. Now you will want to replace the following files with these (change USERNAME to whatever you want and make sure you google account info is correct):
#extensions.conf - Don't forget the USERNAME on the last line
Code:
[general]
autofallthrough=yes
; If an unauthenticated request some how gets through, send them to free 411.
[default]
exten => 411,1,Answer()
same => n,Dial(Motif/google/[email protected])
[local]
exten => _1XXXXXXXXXX,1,Dial(Motif/google/${EXTEN}@voice.google.com,,r)
exten => _XXXXXXXXXX,1,Dial(Motif/google/${EXTEN}@voice.google.com,,r)
exten => _+1XXXXXXXXXX,1,Dial(Motif/google/${EXTEN}@voice.google.com,,r)
[incoming-motif]
exten => s,1,NoOp()
same => n,Set(crazygooglecid=${CALLERID(name)})
same => n,Set(stripcrazysuffix=${CUT(crazygooglecid,@,1)})
same => n,Set(CALLERID(all)=${stripcrazysuffix})
same => n,Dial(SIP/USERNAME,20,D(:1))
#motif.conf
Code:
[google]
context=incoming-motif
disallow=all
allow=ulaw
connection=google
#sip.conf - Pay attention to externhost, secret, and USERNAME
Code:
[general]
allow=all
allowguest=no
nat=force_rport,comedia
tcpbindaddr=0.0.0.0
tcpenable=yes
externhost=ELASTICIP
localnet=10.0.0.0/8
[USERNAME]
type=peer
secret=PASSWORDYOUGENERATE
host=dynamic
context=local
transport=udp,tcp
#xmpp.conf
Code:
[general]
[google]
type=client
serverhost=talk.google.com
[email protected]
secret=GMAILPASSWORD
priority=100
port=5222
usetls=yes
usesasl=yes
status=available
statusmessage="VOIP"
timeout=5
Code:
#
# Stop/Start asterisk
#
sudo /etc/init.d/asterisk stop
sudo /etc/init.d/asterisk start
If everything went at planned your Asterisk Server with Google voice should be working, you can now login with your SIP client utilizing the extension username and password that you chose in sip.conf.
BONUS STEP. PPTPD VPN
install (make sure you are still root)
Code:
apt-get install pptpd
Now take the following code and copy it into a script and execute as root:
Code:
echo "localip 10.40.1.1" >> /etc/pptpd.conf
echo "remoteip 10.40.1.20-50" >> /etc/pptpd.conf
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 8.8.4.4" >> /etc/ppp/options.pptpd
echo "ms-dns 172.16.0.23" >> /etc/ppp/options.pptpd
pass=`openssl rand 8 -base64`
if [ "$1" != "" ]
then pass=$1
fi
echo "VPN pptpd ${pass} *" >> /etc/ppp/chap-secrets
echo -e "VPN service is installed, your VPN username is \033[1mVPN\033[0m, VPN password is \033[1m${pass}\033[1m"
Done. Just a reminder, do not upgrade the system to Ubuntu 12.04 or you will lose the recompiled Kernel. If you update the kernel you will need to recompile...
Eh? Understood none of that. What even is Asterisk?
CrazyPeter said:
Eh? Understood none of that. What even is Asterisk?
Click to expand...
Click to collapse
https://www.asterisk.org/
1. What is the advantage of this method over centos 6.3 + PIAF on EC2?
2. It seems you are using UDP transport on sip port 5060. How's the battery life when you are on 3g?
acegolfer said:
1. What is the advantage of this method over centos 6.3 + PIAF on EC2?
2. It seems you are using UDP transport on sip port 5060. How's the battery life when you are on 3g?
Click to expand...
Click to collapse
1. No advantage really, other than less resource are used. This is just using Asterisk 11 -- does centos/piaf combo use Asterisk 11?
2. Yes, I do use UDP because my SIP client is not running all the time. I mostly only use it for outgoing calls. The above steps could be easily adjusted for TCP use.
Or you can download the obi app from play store and use that with Google voice to make WiFi calls.
Much easier to setup all you need is your login info.
Sent from my Nexus 4 using xda premium
errorcod3 said:
1. No advantage really, other than less resource are used. This is just using Asterisk 11 -- does centos/piaf combo use Asterisk 11?
2. Yes, I do use UDP because my SIP client is not running all the time. I mostly only use it for outgoing calls. The above steps could be easily adjusted for TCP use.
Click to expand...
Click to collapse
1. I just managed to install centos + PIAF on EC2. It was a major struggle. It's using asterisk 1.8 but can add gtalk trunk with GV motif.
2. When csip uses TCP transport to connect to PIAF in EC2, I continue to experience the same hangup issue. I guess it will happen to your setup as well if you use TCP.
kthejoker20 said:
Or you can download the obi app from play store and use that with Google voice to make WiFi calls.
Much easier to setup all you need is your login info.
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
No offense, but there is a reason this thread was made. It was spawned by the efforts of TWO other threads as an alternative solution to making VOIP work RELIABLY over 3G.
OP, you should add a blurb at the very beginning of the post that notes why this thread was made so we can curb responses like this in advance.
Is there any advantage to doing this as opposed to getting service from a reputable VOIP provider (voip.ms, callcentric, etc) and just connecting to their servers? Surely their connection/service is going to be pretty reliable and call rates are more than reasonable (like 0.01 per minute).
These providers support G.729 so you could connect with csipsimple and have pretty good quality over 3G I think.
Are you guys doing this to avoid paying 0.01 a minute or to try to get more reliable service? I don't understand...
cmaxwe said:
Is there any advantage to doing this as opposed to getting service from a reputable VOIP provider (voip.ms, callcentric, etc) and just connecting to their servers? Surely their connection/service is going to be pretty reliable and call rates are more than reasonable (like 0.01 per minute).
These providers support G.729 so you could connect with csipsimple and have pretty good quality over 3G I think.
Are you guys doing this to avoid paying 0.01 a minute or to try to get more reliable service? I don't understand...
Click to expand...
Click to collapse
Yeah, we REALLY need that blurb about this in the OP.
We are trying to avoid any very small cost by doing this, although that was AceGolfer's original intent. The problem is that, so far, will all the previous setups using VOIP providers + GV + SIP client, there is always one thing eluding us: RELIABILITY. Really, the problem seems to stem from the fact that a single provider does not offer everything needed to make this work reliably on 3G. This stuff works great on WiFi. Even call out USUALLY work flawlessly. But INCOMING calls have been missed, traveling calls (in car) can be sketchy, and even 1 bad connection in 10 is just plain lousy.
Frankly, I can deal with some of those problems. Mine, and I'm sure many other posters', wives and business partner/clients, cannot. This is just another method to try to figure out the best and most reliable way to get VOIP on our phones.
cmaxwe said:
Is there any advantage to doing this as opposed to getting service from a reputable VOIP provider (voip.ms, callcentric, etc) and just connecting to their servers? Surely their connection/service is going to be pretty reliable and call rates are more than reasonable (like 0.01 per minute).
These providers support G.729 so you could connect with csipsimple and have pretty good quality over 3G I think.
Are you guys doing this to avoid paying 0.01 a minute or to try to get more reliable service? I don't understand...
Click to expand...
Click to collapse
Here's what we (smartphone users over 3g) want: G729 (or iLBC) and TCP.
The 2 VoIP providers that you mentioned only offer UDP connection, which will kill smartphone batteries. I have heard that some people even use pbxes as the gateway for voip.ms so that they can use TCP connection.
Fortunately, there are several methods we have found that don't cost anything.
acegolfer said:
1. I just managed to install centos + PIAF on EC2. It was a major struggle. It's using asterisk 1.8 but can add gtalk trunk with GV motif.
2. When csip uses TCP transport to connect to PIAF in EC2, I continue to experience the same hangup issue. I guess it will happen to your setup as well if you use TCP.
Click to expand...
Click to collapse
What's the hang up issue that you are experiencing? I can switch my configuration over to TCP and see if I get the same issue.
bluespire said:
Yeah, we REALLY need that blurb about this in the OP.
We are trying to avoid any very small cost by doing this, although that was AceGolfer's original intent. The problem is that, so far, will all the previous setups using VOIP providers + GV + SIP client, there is always one thing eluding us: RELIABILITY. Really, the problem seems to stem from the fact that a single provider does not offer everything needed to make this work reliably on 3G. This stuff works great on WiFi. Even call out USUALLY work flawlessly. But INCOMING calls have been missed, traveling calls (in car) can be sketchy, and even 1 bad connection in 10 is just plain lousy.
Frankly, I can deal with some of those problems. Mine, and I'm sure many other posters', wives and business partner/clients, cannot. This is just another method to try to figure out the best and most reliable way to get VOIP on our phones.
Click to expand...
Click to collapse
I have been using this setup for about 6 months. It's incredibly reliable. I'm the only one using this server as opposed to more main stream options where hundreds or thousands of people are using the service. Plus, I can use it for other things such as a VPN server when I need it.
ADD TCP SUPPORT
On your security group settings for the Amazo EC2 open port 5060/tcp.
login and execute:
Code:
sudo ufw allow 5060/tcp
Edit sip.conf and add the following under the [general] section:
Code:
tcpbindaddr = 0.0.0.0
tcpenable = yes
Under your [USERNAME] in sip.conf add the following:
Code:
transport=udp,tcp
restart asterisk
ADDED TO OP.
It looks like you're only using G711u/a, and GSM for codecs. Have you tried installing G729? Or allowing G722?
errorcod3 said:
What's the hang up issue that you are experiencing? I can switch my configuration over to TCP and see if I get the same issue.
Click to expand...
Click to collapse
When Csipsimple is registered remotely (obviously is the case for EC2) using TCP, it takes 30 seconds to hangup after pressing the "end" call button. The voice gets transmitted during these 30 seconds.
OTOH, the call hangs up normally, if CSS uses UDP or I use a different client which costs to use G729.
osi13 said:
It looks like you're only using G711u/a, and GSM for codecs. Have you tried installing G729? Or allowing G722?
Click to expand...
Click to collapse
No, I haven't tried it. Asterisk 11 supports G722. If anyone is interested in using it just add an allow=g722 to the sip.conf file under [general].
Does Google Voice support G729?
acegolfer said:
When Csipsimple is registered remotely (obviously is the case for EC2) using TCP, it takes 30 seconds to hangup after pressing the "end" call button. The voice gets transmitted during these 30 seconds.
OTOH, the call hangs up normally, if CSS uses UDP or I use a different client which costs to use G729.
Click to expand...
Click to collapse
I just changed my configuration to TCP and I could not reproduce your problem. My calls terminate normally..
errorcod3 said:
No, I haven't tried it. Asterisk 11 supports G722. If anyone is interested in using it just add an allow=g722 to the sip.conf file under [general].
Does Google Voice support G729?
Click to expand...
Click to collapse
gtalk trunk only supports PCMU (g711 ulaw), which is used at PSTN. asterisk will transcode PCMU to other codecs such as G729.
errorcod3 said:
I just changed my configuration to TCP and I could not reproduce your problem. My calls terminate normally..
Click to expand...
Click to collapse
Forgot to mention, I'm also using CSS.
Related
rDesktop 1.7.0
What is rDesktop?
rDesktop is a terminal services client for Linux - it will allow you to connect to a terminal services session of any Windows machine with Remote Desktop enabled.
This is a newer release of rDesktop than is available in the Debian repos.
Prerequisites
Access to a terminal from WebTop
A small amount of Linux shell knowledge
Usage
Copy the attached binary to somewhere on your device (I suggest /usr/bin, or somewhere else on your PATH)
Open a terminal
Enter the following:
Code:
rdesktop -g workarea -a16 -z -xm -P -0 <server>
You can use the following switches:
-g workarea - sets the window size to the desktop size
-f - makes the session fullscreen (ie. on top of all current chrome)
-a16 - sets 16bit colour depth (valid values are 8, 15, 16 and 24)
-z - enables compression (leave this enabled!)
-xm - sets the 'experience' level to 'modem' (valid values are modem, broadband or LAN)
-0 - causes you to be logged in to the console session (same as the /admin switch for mstsc)
I've found this to be invaluable for getting onto my desktop and servers at work. Now to see if I can get rid of that bloody awful Avant Window Manager and just use FluxBox
I don't have a lapdock, but its compiled for arm/tegra?
Sent from my Motorola Atrix 4G on the network with the most backhaul, whatever that is. This post might have errors as I hate touchscreen keyboards.
GUI support?
I know rdesktop is only terminal based, but is there a sort of add-on to it that allows for a graphical representation of the screen, much like rdp clients in the Android market? that would be far more useful for my purposes, although this is a great step in that direction.
paravorheim said:
I know rdesktop is only terminal based, but is there a sort of add-on to it that allows for a graphical representation of the screen, much like rdp clients in the Android market? that would be far more useful for my purposes, although this is a great step in that direction.
Click to expand...
Click to collapse
An easy solution is to simply create a shell script and then specify the server.
EG: ./rdp.sh <server>
Much prettier than having to type all the strings.
paravorheim said:
I know rdesktop is only terminal based, but is there a sort of add-on to it that allows for a graphical representation of the screen
Click to expand...
Click to collapse
grdesktop is a graphical front end. It works on hacked webtops such as webtop2sd or the debian chroot mod.
krkeegan said:
grdesktop is a graphical front end. It works on hacked webtops such as webtop2sd or the debian chroot mod.
Click to expand...
Click to collapse
Thanks! you just saved me $1000!
If I couldn't run some programs like matlab and mathematica, I would have had to but a laptop for classes.
Sent from my MB860 using XDA Premium App
Mgamerz said:
I don't have a lapdock, but its compiled for arm/tegra?
Click to expand...
Click to collapse
Yes, it was compiled on the Atrix itself (that took a while...).
I use the chroot method on my atrix (I like keeping things seperate!), so this is probably only useful for those of us based on Debian (don't know what version is currently in the ubuntu repos)
The grdesktop package from the debian repos will work just fine with this binary.
I might even start a repo just for webtop... anyone think that would be useful?
YES
FallenAngelUK said:
Yes, it was compiled on the Atrix itself (that took a while...).
I use the chroot method on my atrix (I like keeping things seperate!), so this is probably only useful for those of us based on Debian (don't know what version is currently in the ubuntu repos)
The grdesktop package from the debian repos will work just fine with this binary.
I might even start a repo just for webtop... anyone think that would be useful?
Click to expand...
Click to collapse
That would be very useful, actually. Although I'm terrible at using Unix OSes and terminals in general haha.
this is awesome..almost as good as citrix xendesktop...who needs that though when this works so very well...one question did you get your sound working on the lapdock? when i try to enable sound via -r sound:local it says driver not found or smething like that..basically no matter what settings i use even via the gui tools or the cli..i get the same error and no sound....is there any way to get the sound to work?
If you're using the chroot method, it may be that you need to add some packages.
I haven't tried it myself, but I remember seeing a thread somewhere related to getting RythmBox working - this involved sorting out some missing audio-related stuff.
How is this better than the free 2X client for Android?
Well it runs in the webtop, so you get a much larger screen. Sure you could expand the android in window screen, but that doesn't increase the pixel count.
full-screen resolution grdesktop
Thanks for getting this working FallenAngel!
How would one use the xterm session to set grdesktop to represent the desktop as full screen on the laptop dock? 640 x 480 ( I think? ) just isn't cutting it.
add in -f
into your command line
paravorheim said:
Thanks for getting this working FallenAngel!
How would one use the xterm session to set grdesktop to represent the desktop as full screen on the laptop dock? 640 x 480 ( I think? ) just isn't cutting it.
Click to expand...
Click to collapse
any input on getting the sound to work?
humzat said:
this is awesome..almost as good as citrix xendesktop...who needs that though when this works so very well...one question did you get your sound working on the lapdock? when i try to enable sound via -r sound:local it says driver not found or smething like that..basically no matter what settings i use even via the gui tools or the cli..i get the same error and no sound....is there any way to get the sound to work?
Click to expand...
Click to collapse
humzat said:
add in -f
into your command line
Click to expand...
Click to collapse
I think I tried that, but it didn't work. Ill try again when I get home. Is the command grdesktop -f or after running grdesktop then do -f?
Sent from my MB860 using XDA Premium App
To connect to a server and run it fullscreen, try:
Code:
rdesktop -f -a16 -z -xm -P -0 <server>
To connect to a server and run it fullscreen, try:
Code:
rdesktop -f -a16 -z -xm -P -0 <server>
refer to the first post for command line args
i get an error:
"ERROR: Failed to open keymap en-us
ERROR: Connection refused"
i set all the remote desktop ok and all the settings ok, what was my mistake?
First, thanks for compiling this. I can't imagine how long it took on the Atrix.
Second, I am using this with the lapdock and the arrow keys, home, insert, page up, and the like are not working. I am assuming this is a keymap issue?? Any one else having these issues? Does anyone have the keymap that I need?
PIAF (PBX in a flash) + AWS (Amazon Web Service) EC2
If you are making free GV calls using data, then you probably know that setting up an asterisk server is the best but also quite complicated. Thankfully, it just got a little easier because the PIAF team made the PIAF image available on AWS EC2 (a cloud based virtual machine).
Advantages over other asterisk/pbxes methods:
1. very small audio lag. Amazon servers have less latency than any other servers.
2. Since Amazon hosts your server, you don't pay any electricity cost. FYI, a PC running 24/7 costs about $15-20 a month.
3. The PIAF image (AMI) is already optimized: 1000MHZ + pre-installed asterisk and others. If you have used PIAF before, the whole setup process will take less than 30 minutes to complete.
4. You can create a backup image at any time and restore it later.
Disadvantages:
1. EC2 is only free for the 1st year. See the terms carefully to understand what is truly free. Use http://mikekhristo.com/ec2-ondemand-vs-reserved-instance-savings-calculator/ to estimate the cost after the 1st year. After the 1st free year is up, you can port the image to another AWS account.
2. Added security risk. Since EC2 is not in your network, it needs to open 22 (SSH), 80 (WEB) ports for you to access the server to configure. To overcome this issue, restrict who can gain access by known IP addresses from AWS.
3. In addition to some linux knowledge (PIAF runs on CentOS), you also need to learn how AWS works. Personally, I consider this as a plus.
Instructions (estimated minutes to complete in parenthesis, if you have used PIAF before):
1. Launch PIAF image in AWS EC2. (10 minutes)
Detailed instruction: http://nerdvittles.com/?p=5060
updated: there are 2 versions of PIAF: purple uses asterisk 1.8 and green uses asterisk 11 (beta). I am using PIAF-Green which supports silk codec.
2. Configure PIAF using Web GUI. (10 minutes)
Once PIAF is up and running, from your web browser, enter the Elastic IP address (given by AWS) to access web GUI.
2.1. Settings>Asterisk SIP settings>NAT settings. Click "Auto Configure" It will fill out the IP addresses. If you reboot, localnet address may change. You may use "10.0.0.0/8" instead.
* Whenever you make a change in Web GUI, scroll down and click submit. Then "Apply Config" red button will appear at the top. Click it occasionally to reload newly submitted configurations.
2.2. Settings>Asterisk SIP settings>Audio codecs. Select the codecs and reorder. (SILK codec will not show up here.)
2.3. Applications>Extensions. Add new SIP extensions. User extension and the secret are the username and the password you will use in your sip client to register with PIAF. Select nat=yes.
2.4. Other>Google Voice. Fill out your GV information. Asterisk must be restarted to take it into effect. In Web GUI, Admin>Asterisk CLI, execute "core restart gracefully" Once restarted, you can start making outbound GV calls from a registered phone. (Alternatively, you can use "simonics GVGW" service and add it as a sip trunk.)
2.5. Connectivity>Inbound routes. Add your GV number as DID number. Scroll down and set destination as your extension you created in #2.3.
2.6. From Google Voice webpage, confirm that Google Voice forwards all the incoming calls to gchat.
2.7. Register your sip client (such as csipsimple) with your PIAF server. The server address is the "elastic IP" address assigned by AWS.
Test in/out calls before going to the next step.
3. (optional) Add G729 codec. (5 minutes) (See post #2 for adding silk codec, which I'm now using for both wifi/3g.)
G729 codec is one of the best codecs for mobile connection. SSH to your PIAF EC2. In linux CLI, execute
Code:
cd /usr/lib/asterisk/modules
wget http://asterisk.hosting.lv/bin/codec_g729-ast18-icc-glibc-x86_64-core2.so
amportal restart
To check whether you added G729 properly, execute in asterisk CLI
Code:
core show translation recalc 100
Look for G729 line and check they are not blanks.
Source: http://asterisk.hosting.lv/
4. (optional) Enable TCP transport to save phone battery. (5 minutes)
In my informal testing, TCP battery consumption is half of UDP's.
From Web GUI, asterisk SIP settings>Other SIP settings, add the following 2 lines.
Code:
tcpenable = yes
tcpbindaddr = 0.0.0.0
Go Applications>Extensions and change transport to "TCP."
Next, you need to open TCP port 5060 in both EC2 and linux. For EC2, modify the security group. For linux, SSH to your PIAF
Code:
nano /etc/sysconfig/iptables
add the following line and save (ctrl-o) and exit (ctrl-x).
Code:
iptables -A INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
restart iptables in linux CLI
Code:
service iptables restart
Use TCP transport in your sip client to connect to PIAF.
Tips/Tricks and Troubleshooting will be in the next posts.
If you couldn't understand the installation steps, check out a fellow's post. He provided several installation tips. http://forum.xda-developers.com/showpost.php?p=41412908&postcount=184
Tips/Tricks
Tips/Tricks
1. Use ring group to ring all the extensions, if you have multiple sip phones.
2. Add more GV numbers
My family have 3 GV numbers + 6 phones. I added all 3 gtalk trunks to PIAF. OTOH, pbxes doesn't allow you to add more than 1 gtalk trunk. Since all 6 phones are in the same PBX, I can call my wife's phone by her extension number (or her ring group) instead of her GV number. If you do this, you need to modify outbound routes such that certain extensions use specific GV trunk. Otherwise, all the phones will use the first GV trunk to make outgoing calls and display the same CID.
3. Call forward to external phones.
In the ring group, you can have PIAF call regular phone number such as your cell phone. Just list the phone number followed by #. One problem is gtalk trunk doesn't allow CID spoofing so the external phone will show your GV# as CID.
4. Delayed call forwarding
Create 2 ring groups and put the number for delay in the 2nd group. Set 1st ring group's destination if no answer as the 2nd group and specify the ring time. I do this for my office phone because it goes to voicemail in 20 seconds (before GV voicemail answers). Now my office phone starts ringing after 7 seconds so it will never answer before GV voicemail does. You can also use this strategy with your cell phone such that your cell number rings after you have a chance to answer internet calls.
5. Secure your PIAF
If you followed pbxinaflash.com guide, then you opened port 80 and 22 to the world. Hackers can brute force using username = root. You should limit who can access these ports by IP address. Additionally, you can disable root SSH login and create a sudoer.
http://www.howtogeek.com/howto/linux/security-tip-disable-root-ssh-login-on-linux/
http://wiki.centos.org/TipsAndTricks/BecomingRoot
6. Add SILK codec
If you are on PIAF-green (asterisk 11), then you can add SILK codec. This is the codec that Skype uses so you may get the same excellent quality as Skype. From linux CLI,
Code:
wget http://downloads.digium.com/pub/telephony/codec_silk/asterisk-11.0/x86-64/codec_silk-11.0_1.0.0-core2_64.tar.gz
tar -zxvf codec_silk-11.0_1.0.0-core2_64.tar.gz
cd codec_silk-11.0_1.0.0-core2_64
cp codec_silk.so /usr/lib/asterisk/modules/codec_silk.so
Restart asterisk and from asterisk CLI, core show codecs and confirm that 4 silk codecs (silk8, silk12, silk16, silk24) are added. If not, read http://forum.xda-developers.com/showpost.php?p=38398737&postcount=71.
To use SILK codec, From extension, set
disallow=all
allow=silk12
7. Eliminate echo
ryuker has posted a method to eliminate the echo.
http://forum.xda-developers.com/showpost.php?p=42740388&postcount=306
Troubleshooting
There are many many reasons why GV calling fails. This means you will probably not get any help, unless you provide more information such as asterisk log. If you want to troubleshoot by yourself, try these first.
1. csip / piaf registration: Try a different sip client or use UDP connection.
2. GV: See whether you can make GV calls using GrooveIP. GV calling may not work for new accounts until you initiate a call from gmail.
3. Restart asterisk. If you add a GV trunk, it must be restarted to take into effect.
2. piaf / GV link: Add simonics GVGW as a sip trunk. https://simonics.com/gvgw/
If you have been following my iLBC thread, then here's a comparison between the 2 methods (PIAF vs iLBC, hereafter).
1. PIAF supports more codecs such as G722 and G729.
2. Less latency issue because of less call routing. PIAF route: caller>GV>PIAF>phone. iLBC method involves caller>GV>callcentric>pbxes>phone.
3. You can add more than 1 GV trunk w/ PIAF. pbxes only allows 1. This is handy, if your family use several GV numbers.
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
Good discussion, I was running it on my raspberry pi until I repurposed it for a media center. I may have to look at it again, please post your setup once you have things working....
Thanks
Sent from my Nexus 7 using Tapatalk HD
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
acegolfer said:
Here's basically what I did so far.
1. Follow nerdvittle's guide (link in OP) to install IncrediblePBX on my home PC.
2. Enable TCP and changed TCP signaling port from default 5060.
3. In router, forward signaling port and RTP ports (10000-20000) to PBX.
4. Use csipsimple as Android sip client.
I understand it's too brief. Once I am completely satisfied with my setup, I'll write a detailed instruction.
If you have 0 clue about what these mean, then I'm afraid you should look for an alternative setup such as GrooveIP or http://forum.xda-developers.com/showthread.php?t=2057887
If you have been following my iLBC thread, then here's a comparison between the 2 methods (PIAF vs iLBC, hereafter).
1. PIAF gives you more codec options such as G722 and G729.
2. Less latency issue because of less call routing. If you are at home, it's caller>GV>PBX=phone. iLBC method involves caller>GV>callcentric>pbxes>phone.
3. Hangup issues when ending a call with csip/TCP/3g/SPI firewall combination. If I change one of these 4, I can end a call normally.
Click to expand...
Click to collapse
I had tried a setup and got through all the nerdvittles guides setting up piaf purple with travelinman 3. Everything worked great with csipsimple when I was on WiFi. As soon as I disconnected from wifi and got on the cell network I could not connect. I ensured my phone ip was in the iptables and all the proper ports were forwarded through the router. I used dyndns for both my router and phone to ensure that ip tables had the right ip addresses. Never figured out the problem. If anyone has any ideas for what the problem could be I'll give it another try.
Sent from my Nexus 4 using xda premium
whahn1983 said:
I had tried a setup and got through all the nerdvittles guides setting up piaf purple with travelinman 3. Everything worked great with csipsimple when I was on WiFi. As soon as I disconnected from wifi and got on the cell network I could not connect. I ensured my phone ip was in the iptables and all the proper ports were forwarded through the router. I used dyndns for both my router and phone to ensure that ip tables had the right ip addresses. Never figured out the problem. If anyone has any ideas for what the problem could be I'll give it another try.
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
I think using dyndns for your phone is pointless and can actually pose a great security risk. If you are on Tmobile 3g, your phone is behind NAT. This means the IP of your phone actually belongs to the Tmo's router and not unique to your phone.
So including that IP address in iptables is a huge security risk. All the Tmo phones sharing the same IP address with your phone will have full access to your PBX.
The biggest challenge that you are facing is the fact that both your PBX and your phone are behind 2 different NATs. I know it's crazy. My guess is NAT settings. In nerdvittle's guide, there's an instruction on how to give access to remote clients. In addition, here is another good guide: http://www.freepbx.org/support/documentation/howtos/howto-setup-a-remote-sip-extension
Here are the instructions on how to enable TCP and change TCP port from default 5060 to something other such as 5055.
1. Settings>Asterisk SIP settings>Other SIP settings
tcpenable = yes
tcpbindaddr = 0.0.0.0:5055
2. Applications>Extensions>your extension, transport = TCP only.
3. From your router, port forward 5055 to PBX machine.
4. From PBX linux command, adjust firewall settings
iptables -A INPUT -p tcp -m tcp –dport 5055 -j ACCEPT
(You can also do this from PIAF linux webmin.)
5. From sip clients, server/proxy = your IP:5055.
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
acegolfer said:
I think using dyndns for your phone is pointless and can actually pose a great security risk. If you are on Tmobile 3g, your phone is behind NAT. This means the IP of your phone actually belongs to the Tmo's router and not unique to your phone.
So including that IP address in iptables is a huge security risk. All the Tmo phones sharing the same IP address with your phone will have full access to your PBX.
The biggest challenge that you need to solve is both your PBX and your phones are behind 2 different NATs. I know it's crazy.
Click to expand...
Click to collapse
Yea that sounds like a big problem. The sad thing is when I am on my piaf network the voice quality is pristine. It actually works great but most of my calling is done away from home. I ended up switching off of the tmo $30 plan and onto straight talk tmo until I figure out a better solution. I've tried everything out there from pbxes to groove, almost every available codec and app combo. Just too many complaints from callers about quality and 100 minutes is not enough lol.
Sent from my Nexus 4 using xda premium
You can eliminate almost all risks by using Travelin' man; which is basically an IP whitelist. You can read about it over at nerdvittles. That being said, I've been lucky, and I haven't had any attacks on my personal PIAF server. I have banned all of Asia, and Russia using IP tables, and I'm sure that's helped. All ports are closed behind my firewall except for 5060, and a few for RTP. It is also a good idea to run "update-programs" and then "update-fixes" via the CLI periodically. This will install crucial patches.
Another issue that I found.
Can't use G722 codec over TCP when registered remotely. G722 works if UDP or within LAN.
Not sure whether this is a csip specific issue because I don't know other free sip clients with G722 codec.
acegolfer said:
Another issue that I found.
Can't use G722 codec over TCP when registered remotely. G722 works if UDP or within LAN.
Not sure whether this is a csip specific issue because I don't know other free sip clients with G722 codec.
Click to expand...
Click to collapse
Post your issue on the CSipSimple Google Code page. The dev is normally very helpful. Also, I would look through the Asterisk log to see exactly what's going on. You can do this via FreePBX or you can go to to your server's CLI, and type "asterisk -rvvv" This will give you a debug CLI. Then try to place a call using G722, and view the results. If you post over at the PIAF forums, you will probably need a log, or you may be ignored.
Why not just use a TCP VPN (like Open VPN) to get back to your house, and then run this like you are on your LAN with UDP?
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
bluespire said:
Why not just use a TCP VPN (like Open VPN) to get back to your house, and then run this like you are on your LAN with UDP?
Click to expand...
Click to collapse
That is an interesting approach. Provided there is no data lag it may work.
Sent from my Nexus 4 using xda premium
whahn1983 said:
That is an interesting approach. Provided there is no data lag it may work.
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
Yeah, I always kept wondering why no one mentioned it as a solution. I don't know if it will solve the battery problem, as that may still be problem with using UDP itself. I suppose changing the timeout on UDP to something really high would work, since the VPN will maintain the TCP connection. On the other hand, you could also run the VPN on UDP, and I would bet that it would be better at staying connected than trusting CSS to keep its connection.
What the VPN does do really well, is eliminate all issue of allowing the PBX to face the internet. Just force it to accept connection only on its VPN port, and require a key file. Done.
You should update the thread. TCP can be used on Asterisk 1.8, and PIAF on 1.8 is very stable.
osi13 said:
You should update the thread. TCP can be used on Asterisk 1.8, and PIAF on 1.8 is very stable.
Click to expand...
Click to collapse
I didn't say TCP cannot be used in 1.8 in OP. In fact, I have no doubt asterisk 1.8 supports TCP.
I was stating your guide wasn't written for TCP. Let me know if you have updated your guide with TCP.
If there's no hangup issues and G722 works with 1.8 when TCP/remote, then I'll ditch 11 in a heartbeat.
bluespire said:
Yeah, I always kept wondering why no one mentioned it as a solution. I don't know if it will solve the battery problem, as that may still be problem with using UDP itself. I suppose changing the timeout on UDP to something really high would work, since the VPN will maintain the TCP connection. On the other hand, you could also run the VPN on UDP, and I would bet that it would be better at staying connected than trusting CSS to keep its connection.
What the VPN does do really well, is eliminate all issue of allowing the PBX to face the internet. Just force it to accept connection only on its VPN port, and require a key file. Done.
Click to expand...
Click to collapse
I haven't had time to test this. But if my understanding of sip technology is correct, VPN will not solve UDP battery drain issue. For example, even if I use UDP within LAN, I have to set KA interval = 40 or qualifyfreq = 60. Otherwise, my phone will lose connection to the sip server until the next registration (which is less frequent than KA intervals).
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
I was using my rpi for awhile on my home net. I switched to an amazon ec2 micro instance. much better speeds, reliability, and quality.
errorcod3 said:
I was using my rpi for awhile on my home net. I switched to an amazon ec2 micro instance. much better speeds, reliability, and quality.
Click to expand...
Click to collapse
1. Is AWS EC2 behind NAT?
2. Anyone has an updated guide for installing asterisk 1.8 or 11 on EC2.
errorcod3 said:
I was using my rpi for awhile on my home net. I switched to an amazon ec2 micro instance. much better speeds, reliability, and quality.
Click to expand...
Click to collapse
That is an awesome idea, but how much does it cost to keep it up 24/7?
After a few evenings of searching, reading and testing, I finally found a solution for setting up a reverse-tether connection between my Droid 3 and my Ubuntu box over a USB cable, which I can use to download apps and app updates from Google Play without eating up my mobile data credit. And since it seems to me that complete and clear explanations of how to do this with USB and Ubuntu are not available anywhere, I want to detail here all the steps of my connection setup process, in a way that will hopefully be accessible to most users of Android and Ubuntu. So here goes:
Prerequisites:
- a PC that is connected to the Internet and running Ubuntu, where you have root access and a free USB port
- a rooted Android device (in my case the Motorola Droid 3) with a SIM and an active mobile subscription
- a USB cable (I have the one that came with the phone).
Setup:
#1. Disconnect your Android device's data connection from your mobile carrier by touching the corresponding icon in the notifications tray (2 parallel vertical arrows pointing in opposite directions) or by switching your phone to Airplane Mode.
#2. Launch the Terminal emulator app on your Android device and enter this command:
ifconfig
You should get a response that shows only one network interface, named "lo" or "lo0" or something like that, with an information field that says "inet addr:127.0.0.1". This is the local loopback connection. We will not be using it - just know that it's always there in responses to "ifconfig" and ignore it from now on.
#3. Re-enable your Android device's data connection by reversing what you did at #1. Go back to the Terminal and do another
ifconfig
This time, in addition to the "lo" interface, you should see another interface that is used to communicate with the Internet through your mobile carrier. For me this interface is called "ppp0"; you may have something else, but just remember what it is because you will have to use it later wherever you see me use ppp0 in the commands below.
#4. Now connect your Android device to your Ubuntu PC using the USB cable. Access the USB connection notification in your Android notifications tray and select "PC Mode" as your USB Mode. (If you don't have this option, then I don't know what to say, you will probably have to try them all, but in that case I wouldn't start with the "Mass storage" option - that's the least likely one to work for this.)
#5. Still on the Android, open Settings -> Wireless & networks -> Tethering & Mobile Hotspot and enable "USB tethering". You should get a second, green USB icon on your status bar after tethering is enabled.
#6. Go back to the Terminal app on your Android device and do yet another
ifconfig
This time you should receive information for 3 network interfaces: in addition to "lo" and "ppp0" you should now see a new interface that corresponds to your USB. For me it's called "gether0"; remember what yours is and use it wherever I use gether0 in the commands below.
Also, look at the "inet addr:" specification of your gether0 interface and remember this IP address because we will need it later. (My USB tether interface always gets the same IP address - 192.168.42.129 - so this is what I will be using in my example commands below.)
#7. Now let's look at the PC's network interfaces. Open a terminal emulator (I use Ctrl-Alt-T to do this; depending on what launchers, shortcuts or desktop environments you have, you may need to find it in a menu or do something else to get to it) and type
ifconfig
This response depends a lot on how your PC is set up, but generally I'd expect to see at least a "lo" (local loopback) interface, a "usb0" interface, one or more "eth0", "eth1" etc. interfaces and maybe a "ppp0" interface. The "ppp0" and "eth0" type interfaces will be for your PC's Internet connection and the "usb0" interface will correspond to the USB cable connecting you to the Android device. If you have a "ppp0", that's probably the one you should use in all setup commands to be run on the PC where I will use ppp0. Otherwise if you only have "lo", "usb0" and "eth0", your PC's Internet is probably on "eth0", so use that one in place of my ppp0 in commands run on the PC. (If you have any other combinations without a "ppp0", I don't know what to suggest except try them all one by one, everything you have besides "lo" and "usb0".)
#8. Back to the Android device. What we want here is for the ppp0 interface to remain enabled - because that's the only way the app store will agree to download any apps - but all our Internet communication to actually go through the gether0 interface, i.e. through the USB tether. To do this, we need to change the default route Android apps use to send data, namely to delete the default route that points to ppp0 and add a new default route that points to gether0 and that uses as a gateway the IP address of the Ubuntu PC (an address we will set up on the PC at the end of this process). So run these commands in the Terminal on the Android:
su
route del default
route add default gw 192.168.42.1 dev gether0
setprop net.dns1 8.8.8.8
Notice that the gateway IP address we will be using is made up of the first 3 numbers from our USB tether interface's IP from step #6, followed by a ".1" instead of whatever the 4th group was in the original IP.
#9. On the PC we want to set up standard Internet connection sharing between usb0 and ppp0 according to the instructions from the Ubuntu manual, so we will run these commands in the terminal window:
sudo su -
(enter your password here to get root access and then do 5 more lines)
iptables -A FORWARD -o ppp0 -i usb0 -s 192.168.42.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
Here again you can see we're using the first 3 numbers from the USB tether interface's IP, but adding a ".0" and a "/24" at the end to specify an entire class of IPs we're going to accept packets from over the USB, a class that includes our Android's actual IP, 192.168.42.129. (We could probably just use that single IP without a "/24", but whatever, this class stuff is usually the way it's done.)
#10. Finally, we will set our PC's usb0 interface IP to the gateway IP we already told the Android to send everything to, i.e. 192.168.42.1, after which we need to quickly check that the connection is working and jump right into Google Play to download some apps. I say "quickly" because in my case, for whatever reason, after I set the gateway IP on the PC I can only leave the connection unused for about 1 minute before it drops on its own. So don't wait too much after #10.1 to do the rest:
#10.1. Enter this into your PC's terminal:
ip addr add 192.168.42.1/24 dev usb0
#10.2. Check that the connection is up by entering this into your Android's terminal first:
ping -c 3 google.com
If you get 3 responses from Google, you're all set to launch Google Play and download some apps:victory:. If there's no response, go back to #10.1 and try again.
Another indication that the PC has dropped the connection is that you get a notification popup on the PC that says "Wired network/ Disconnected". That tells you you need to jump back to #10.1 to get the USB link working again.
Also, you will know you need to do this again if you find Google Play is suddenly refusing to load apps or pages even though it was loading them before - you probably waited too long between clicks and allowed the connection to drop.
#11. To reset all the connections to normal when you're done, make sure to
#11.A. Go to Settings -> Wireless & networks -> Tethering & Mobile Hotspot and disable "USB tethering" before you unplug the USB cable from either device, otherwise the gether0 interface may remain active and interfere with your ability to get back your data link to your mobile carrier.
#11.B. Do steps #1 and #3 again to get your Android to automatically re-establish the proper settings for the link to your mobile carrier.
Final remarks:
- In order to streamline this process, especially steps #8-#10, you should probably put these commands and your specific interface names and IP addresses in some scripts - one on the PC, one on the Android device - that you can then launch more easily. I'm a newbie at both Ubuntu and Android, so I have to do some more searching to figure out how to do this properly.
- Keeping the connection up even if you're idle - e.g. while reading app descriptions and deciding what to download - is probably a matter of sending some dummy packets periodically through the USB, which would probably involve another script running in the background - again something I haven't taken the time to figure out how to set up yet.
- Anytime you get paranoid about whether the apps are being downloaded through the USB cable or your mobile data plan, go to your Android terminal and check whether your default network route is still pointing to your gateway PC by running:
route
This will show you all the routes that are configured on your Android. The last line in the table should say "default", then "192.168.42.1" and end with "gether0". This means the data is still going through the USB and not eating up your mobile data credit.
Enjoy!
It seems to work, but I'm still not sure whether my phone uses my computer's internet connection or my 3G. Upon executing:
Code:
busybox route
I get a lot of lines instead of just "192.168.42.1" ended with "rndis0" (this is how its named on my device) though this "192.168.42.1" exists.
leledumbo said:
It seems to work, but I'm still not sure whether my phone uses my computer's internet connection or my 3G.
Click to expand...
Click to collapse
The simple way I confirm it is by looking at the 3G icon at the top: during normal usage the two arrows in the icon light up depending on whether I'm transmitting or receiving or both; when I'm reverse-tethered they never light up at all.
I get a lot of lines instead of just "192.168.42.1" ended with "rndis0" (this is how its named on my device) though this "192.168.42.1" exists.
Click to expand...
Click to collapse
Well, in principle you should only need to care about the "default" line, but if by any chance you have some rule in that table that specifies a non-default route for exactly the websites you're trying to access in all this and that rule happens to specify a different interface than "rndis0", then yes - you might be using your mobile data plan after all. But I wouldn't bet on it. I have a few routes on there, but I think they're just related to services my carrier is offering at some specific IPs it has.
If you can't confirm the 3G is being bypassed by looking at the icon and if you can't spare the traffic to do a direct consumption test (query how much traffic is left/spent, use some more traffic through this setup, query again and compare), then the only other way to make sure that I can think of is to clean up the whole routing table ("route del" everything) and leave only the "default" rule from the instructions above. Then there really won't be any other path for your network packets to take but through the USB. But then you have to hope the routing table will get rebuilt as it was after you reset everything. Or you could just write down all the rules you had before so you can reconfigure them if they don't get re-created automatically at reset.
In fact - what am I talking about? - there's another way you can make sure your Android is really trying to go through the USB to get to the Internet: when you do step #10.1 on the PC just set up a wrong gateway IP, for example 192.1.1.1. If your Android fails to open any webpages or the app store and then if you do #10.1 properly it starts working (again), then it's clear that it's trying to go through the USB cable and isn't using any alternate route.
Weird, the method doesn't work anymore for the subsequent trials. I'll try rebooting the phone.
Works for Windows too
I mixed the instructions found in this thread with another thread here in xda and it worked well under Windows 7.
Thank you for the excelent guide!
donjoe0 said:
After a few evenings of searching, reading and testing, I finally found a solution for setting up a reverse-tether connection between my Droid 3 and my Ubuntu box over a USB cable, which I can use to download apps and app updates from Google Play without eating up my mobile data credit. And since it seems to me that complete and clear explanations of how to do this with USB and Ubuntu are not available anywhere, I want to detail here all the steps of my connection setup process, in a way that will hopefully be accessible to most users of Android and Ubuntu. So here goes:
[guide goes here, edited quote]
Enjoy!
Click to expand...
Click to collapse
So I tried everything on a LG Phoenix running Kitkat and no go. All the commands go through except the ping command. Any suggestions?
AndrMatr said:
So I tried everything on a LG Phoenix running Kitkat and no go. All the commands go through except the ping command. Any suggestions?
Click to expand...
Click to collapse
All I can say is this method continued to work for me pretty much the same as described when I switched to KitKat on an ASUS Padfone 2 with two minor exceptions:
- busybox was no longer set up to be invoked automatically on this other custom ROM so I had to prefix some commands with "busybox " (e.g. the "route" commands)
- my USB tether connection is now named "rndis0" instead of "gether0"; I had to fiddle around a bit with the "netcfg" command to figure that out.
Ok so a while back I discovered that after you gain root access to the BIONIC (probably works with other too. idk...) you can make changes to iptables. For those who don't know what that is: It's a built in firewall that handles packets as they come in and leave your phone. This is pretty much the defacto standard for any Linux machine to date (please enlighten me if I'm wrong). Anyhow, after discovering this I came up with an idea to see if I could pipe my hotspot directly into my openvpn tunnel. Well, after a bit of web research on how iptables works I was able to get it up and running. HOWEVER I'm not an expert at this yet, and my config definitely has a flaw in the fact that I leave the phone completely vulnerable on the "rmnetX" interface, as I completely flush the old tables to add mine, leavign the firewall WIDE OPEN. I'll post a fix as soon as I can come up with one. In the mean time here's the steps to take to get your phone to be a hotspot access point to your openvpn network!
**PHONE MUST HAVE ROOT!!!!***
1) Follow along and setup an OpenVPN server http://openvpn.net/howto.html
2) Install "OpenVPN Installer" and "OpenVPN settings" from Google Play marketplace (both are free)
3) Run OpenVPN Installer and install OpenVPN client to your phone. The defaults should be fine.
4) Create a folder called "openvpn" ont he root of your INTERNAL sdcard. IE "/sdcard/openvpn
5) Copy your client keys that you made during your OpenVPN setup to your phone into the /sdcard/openvpn directory (client.crt, client.key, ca.crt, and ta.key)
6) Copy over the client.conf file as well. You will need to tweek this a bit to call your certs from the /sdcard/openvpn file as well as putting in the public IP to connect to. Keep in mind if you are doing this at home you will need to PAT/NAT this connection accross your firewall on udp port 1194.
7)Ok, at this point you just want to make sure your OpenVPN connection works. So open up OpenVPN settings and try and connect to your VPN, if you can connect and brows to shares inside your network over the 4g connection EXCELENT! MOVE ON! If not refer to the OpenVPN HOW TO!!!
8) After that's done you neet to get the Verizon HotSpot Tether working, There's a hack for it on the web. Google "BIONIC Hotspot SQLite Editor"... in the mean time I'll try and walk you through it.
a) get SQLite Editor from Google Play
b) open it and scroll down to "Settings Storage" (the one with the hammer icon), open "settings.db", then click settings. You should see a long list of database entries. Click the magnifying glass and under "Filter Value" type "check".
c) you should then see 4 results, one being "entitlement_check". Long press on the "1" next to "entitlement_check". Click "Edit Field" and change the "1" to a "0".
d) Reboot and try running the stock "Hotspot" app, it should work now!
9) Run the Hotspot app and confirm it works properly and can connect clients.
10) After you have a working Hotspot and a work OpenVPN you can then start the iptables magic!!!
**This is fairly safe, no need to worry about bricking just reboot if you screw up!***
11) Download and install "Android Terminal Emulator" and run it.
12) at the prompt type in "su" to gain super user access
13) you should now be at a root shell ("#") NOT $
14) at the prompt(#) type this: iptables -S <-This shows you the entire iptables rules, as you can see it's crazy complicated!
15) Run OpenVPN and Hotspot and confirm both are connected and runnign before issuing rule changes in iptables. So run both applications now.
16) Confirm VPN is connected and Hotspot is runnign by issuing the command "busybox ifconfig". If your VPN is up you will have a "tun0" interface and if the Hotspot is up there should be a "wlan1" interface.
17) If both are up then all you need to do in order to give hotspot clients access to your VPN resources is this:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A FORWARD -i tun0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan1 -o tun0 -m state --state INVALID -j DROP
iptables -A FORWARD -i wlan1 -o tun0 -j ACCEPT
The first 10 commands flush your old iptables, and the last 3 commands masqarade your wlan1 interface to your tun0 interface, funneling your clients down the VPN. Keep in mind that you will have to allow this via your openvpn server.conf file. See HOWTO For OpenVPN.
Enjoy!!!
I am confused and would like to know why we want net on VPN if we have WiFi hack for a router
Could Could we link a com port on bochs emulated windows xp?
With the WiFi hack edit or tether for root user you can use this IP addr add like below to add router capabilities, or change wlan0 to your phone's 4g rmnet or tun0 to add router to any connection, can you tell us what we would use VPN for give an example
su
ip addr add 192.168.1.0/24 dev wlan0
http://www.filedropper.com/comgooglecodeandroidwifitether-1
I use this apk to wifi tether, same as wifi router, will probably need root to use it I am not sure, but you dont need to type: ip addr add 192168.1.0/24 dev wlan0, I do just because it helps make good connections for most wifi devices
This will make your WiFi capable of being used as a router, you still need root WiFi tether or the hotspot hack like you posted but this makes wlan0 a router
I mainly use this to share files that I have on my NAS at home with friends at work. First I create a hot spot, then I connect my VPN, then I masquerade the traffic. On the server side my openvpn configuration is set up so that it trusts a specific subnet coming from behind the openvpn host (IE my phone's hotspot subnet) This provides a nice and easy means of giving friends controlled access via your mobile hotspot without needing to generate RSA keys for each of your friends. Another thing I like to use it for is when I travel I just set it up in the corner and watch movies from home on my laptop over the VPN through the hotspot.
-Ed
DroidisLINUX said:
I am confused and would like to know why we want net on VPN if we have WiFi hack for a router
Could Could we link a com port on bochs emulated windows xp?
With the WiFi hack edit or tether for root user you can use this IP addr add like below to add router capabilities, or change wlan0 to your phone's 4g rmnet or tun0 to add router to any connection, can you tell us what we would use VPN for give an example
su
ip addr add 192.168.1.0/24 dev wlan0
http://www.filedropper.com/comgooglecodeandroidwifitether-1
I use this apk to wifi tether, same as wifi router, will probably need root to use it I am not sure, but you dont need to type: ip addr add 192168.1.0/24 dev wlan0, I do just because it helps make good connections for most wifi devices
This will make your WiFi capable of being used as a router, you still need root WiFi tether or the hotspot hack like you posted but this makes wlan0 a router
Click to expand...
Click to collapse
edw00rd said:
I mainly use this to share files that I have on my NAS at home with friends at work. First I create a hot spot, then I connect my VPN, then I masquerade the traffic. On the server side my openvpn configuration is set up so that it trusts a specific subnet coming from behind the openvpn host (IE my phone's hotspot subnet) This provides a nice and easy means of giving friends controlled access via your mobile hotspot without needing to generate RSA keys for each of your friends. Another thing I like to use it for is when I travel I just set it up in the corner and watch movies from home on my laptop over the VPN through the hotspot.
-Ed
Click to expand...
Click to collapse
Or you could get Qloud Media Server, and be able to assign access to different sets of folders in your home network using username/passwords. And it costs $3.00 or $0.00 if you have a getjar pass.
This is a really cool idea, thanks for sharing.
On a somewhat unrelated note, is the VirtualBox method still the preferred means of rooting a Bionic on 4.1.2 (98.72.22)? Trying to figure out how easily I can root a friend's phone but I can't really find any consolidated source of up-to-date information. =\
TweakerL said:
Or you could get Qloud Media Server, and be able to assign access to different sets of folders in your home network using username/passwords. And it costs $3.00 or $0.00 if you have a getjar pass.
Click to expand...
Click to collapse
I think you might be confusing folder access/authentication with network access/authentication. The VPN would give you access to your network remotely via 4g/3g and yes i suppose you could use the Qloud Media Server to provide access to folders. I'm not really sure what that is, never used it but it sounds like something that provides a service via 3rd party to get access to you remotely. The third party is avoided all together witht he VPN solution. You don't have to give any sort of ingress access to any third party app. You're phone will think it's part of your home network. Also someone asked about having network bridged when you have a wifi hack... it would be purely up to you weather or not you'd want your HTTP traffic to go through the VPN or not... that's different than what I'm providing here. This is strictly for using your phone as a WiFi hotspot router that forwards all of your traffic to your VPN connection (IE your house) so that connected wifi clients would be accessable via your home network and visa versa. You could also just make a VPN hotspot and generate RSA keys for each host connecting to the hotspot.... your choice. Mine works better in a way that I maintain constant view over every device including the phone that is acting as the VPN mifi hotspot.:silly:
how to undo this? i cant connect my hotspot.
If you're like me, a PdaNet customer running Linux who's sad that there's no build of PdaNet designed for Linux for hiding tether usage over USB Tethering, then fear not! After some research I've devised a plan to hide USB tethering usage from carriers that DOES NOT require PdaNet!. I've tested this myself on T-Mobile and Verizon, and on both of these carriers it looks like it works just fine. This does not mean that it will only work with these carriers, these are just the ones I've tested myself (with the exception of the appended notes below). If you have another carrier not mentioned here, please test this out and let me know if it works for you and I'll add it to the OP at the bottom
Here's a precaution I'd take on Android too, just to make sure the carrier really doesn't find anything out:
Go to Magisk Manager and get yourself the OpenDNS or DNSCrypt addon and install that. I think Verizon is catching on that I'm tethering somehow through DNS, even when I use VPN. By setting my DNS on my phone's LTE connection to something that's not-verizon, this should allow me to dodge that. I recommend you doing it too as a precaution
Here's what you have to do for Linux:
1) Hop over to your Linux machine, open a terminal emulator, and type the following commands (with root privileges):
sudo sysctl net.ipv4.ip_default_ttl=65
echo 65 | sudo tee /proc/sys/net/ipv4/ip_default_ttl
What this does is sets your PC's network packets to have a Time To Live of 65. This is to make it seem like the packets were originated from your phone instead of your PC. Android's default TTL for its packets is 64, so when the PC sends packets to your phone through tethering with a TTL of 65, they have a TTL of 64 by the time your phone sends them out to T-Mobile's towers (the internet).
2) If you want to have the PC's TTL set to 65 on every startup so you don't have to keep entering the two commands above again and again every time you reboot, add the following line to your PC's /etc/sysctl.conf file and save:
net.ipv4.ip_default_ttl=65
Here's what you have to do for Mac: (credits for the instructions and post going to @BrettB0727)
For those wondering how to do this on a Mac, it can be done temporarily using:
Code:
sudo sysctl -w net.inet.ip.ttl=65
Or permanently by creating or editing /etc/sysctl.conf to add
Code:
net.inet.ip.ttl=65
if you end up creating the file, you will need to be sure and do:
Code:
sudo chmod 0644 /etc/sysctl.conf
sudo chown root:wheel /etc/sysctl.conf
Here's what you have to do for Windows:
1) Open up regedit and go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
2) Make a new REG_DWORD entry in there called DefaultTTL and set it to 65
3) Reboot
NOTE: I've found that downloading files can be finicky. I was able to download an MP4 video before without it detecting I was using tethering data, but when I tried to get a .zip file from ModDB T-Mobile found out what I was doing. Just take warning that not all forms of network traffic will be hidden when tethering.
NOTE 2: Confirmed by @triggerlord to work with WiFi Hotspot, as well as with Simple Mobile
NOTE 3: If you're one of those people who have trouble hiding their data with this method, take @niry's advice and see if it helps: he said to remove `dun` type from pcweb.t-mobile.com APN and add it to the end of the fast.t-mobile.com one (if it's not already there)
Lol, this fixed my Simple Mobile (powered by T-Mobile) tethering issues. Nice! This works with the WiFi hotspot feature too BTW.
triggerlord said:
Lol, this fixed my Simple Mobile (powered by T-Mobile) tethering issues. Nice! This works with the WiFi hotspot feature too BTW.
Click to expand...
Click to collapse
Were you able to browse the web (hidden) without changing your browsers user agent? I find that if I don't set Chrome to look like Android its 50/50 if it gets hidden or not.
Sent from my Moto G Play using XDA-Developers Legacy app
jasonmerc said:
Were you able to browse the web (hidden) without changing your browsers user agent? I find that if I don't set Chrome to look like Android its 50/50 if it gets hidden or not.
Sent from my Moto G Play using XDA-Developers Legacy app
Click to expand...
Click to collapse
Everything works fine. I didn't need to change browser agents or anything. (I'm using chromium though.) I've only tried this via WiFi hotspot. EDIT: And I didn't need to change the APN setting either. Changing the TTL was enough to get it working.
is ma.t-mobile.com working for anyone? i keep getting sent to my.t-mobile.com even after doing what OP suggested. it used to work for me a few weeks back.
shawtydat said:
is ma.t-mobile.com working for anyone? i keep getting sent to my.t-mobile.com even after doing what OP suggested. it used to work for me a few weeks back.
Click to expand...
Click to collapse
Maybe they shut down the website. Haven't been on it myself in months
jasonmerc said:
Maybe they shut down the website. Haven't been on it myself in months
Click to expand...
Click to collapse
i'm afraid that to be the case, but is there another way to monitor tether vs mobile data?
shawtydat said:
i'm afraid that to be the case, but is there another way to monitor tether vs mobile data?
Click to expand...
Click to collapse
You might be able to in the T-Mobile app on your phone but other than that I think we're screwed now
jasonmerc said:
If you're like me, a PdaNet customer running Linux who's sad that there's no build of PdaNet designed for Linux for hiding tether usage over USB Tethering, then fear not! After some research I've devised a plan to hide USB tethering usage from T-Mobile. Tested and confirmed working with Ubuntu 16.10 and Mint 18.1, with the latest ResurrectionRemix on my XT1607.
Click to expand...
Click to collapse
When using this method, is the PdaNet app required on the phone?
MountainX said:
When using this method, is the PdaNet app required on the phone?
Click to expand...
Click to collapse
No, you don't need any apps
triggerlord said:
Lol, this fixed my Simple Mobile (powered by T-Mobile) tethering issues. Nice! This works with the WiFi hotspot feature too BTW.
Click to expand...
Click to collapse
Can you supply more information.
I'm looking at switching carriers due to my location(In the mountains with just about nothing for service providers) and want to know how much data you actually use.
What's the most data you have used with this TTL method?
Have they throttled you? and if so, how much?
Any information you can supply is extremely helpful. Thank you! =D
I've used 60gb no throttle.
That's awesome. Thank you for that information.
shawtydat said:
is ma.t-mobile.com working for anyone? i keep getting sent to my.t-mobile.com even after doing what OP suggested. it used to work for me a few weeks back.
Click to expand...
Click to collapse
Works for me.
jasonmerc said:
What this does is sets your PC's network packets to have a Time To Live of 65. This is to make it seem like the packets were originated from your phone instead of your PC. Android's default TTL for its packets is 64, so when the PC sends packets to your phone through tethering with a TTL of 65, they have a TTL of 64 by the time your phone sends them out to T-Mobile's towers (the internet).
Click to expand...
Click to collapse
Thanks, jasonmerc! This put me in the right direction to remove the need for PdaNet on my Mac and also to be able also use my phone as a Wi-Fi Hotspot at full speed on T-Mobile. I'll be looking for your tutorial to bypass T-Mobile's international speed limits!
For those wondering how to do this on a Mac, it can be done temporarily using:
Code:
sudo sysctl -w net.inet.ip.ttl=65
Or permanently by creating or editing /etc/sysctl.conf to add
Code:
net.inet.ip.ttl=65
if you end up creating the file, you will need to be sure and do:
Code:
sudo chmod 0644 /etc/sysctl.conf
sudo chown root:wheel /etc/sysctl.conf
BrettB0727 said:
Thanks, jasonmerc! This put me in the right direction to remove the need for PdaNet on my Mac and also to be able also use my phone as a Wi-Fi Hotspot at full speed on T-Mobile. I'll be looking for your tutorial to bypass T-Mobile's international speed limits!
For those wondering how to do this on a Mac, it can be done temporarily using:
Code:
sudo sysctl -w net.inet.ip.ttl=65
Or permanently by creating or editing /etc/sysctl.conf to add
Code:
net.inet.ip.ttl=65
if you end up creating the file, you will need to be sure and do:
Code:
sudo chmod 0644 /etc/sysctl.conf
sudo chown root:wheel /etc/sysctl.conf
Click to expand...
Click to collapse
I just noticed your reply right now, and I appreciate the steps for doing this on a Mac! I'm going to add these Mac steps to the first post and give you credit for it
As far as international data limits go, I'm not sure I can address that with a fix like this unfortunately.
Still working?
I haven't been able to get over 500kbps using this method. Is this approach still working for folks in 2018?
tatemz said:
I haven't been able to get over 500kbps using this method. Is this approach still working for folks in 2018?
Click to expand...
Click to collapse
I haven't used this in a while, but I'll give it a try soon to see if it still does
tatemz said:
I haven't been able to get over 500kbps using this method. Is this approach still working for folks in 2018?
Click to expand...
Click to collapse
It works in combination with altering the `type` string in the APNs: remove `dun` from pcweb.t-mobile.com one and add it to the fast.t-mobile.com one so it will read `default,supl,hipri,fota,dun`.
niry said:
It works in combination with altering the `type` string in the APNs: remove `dun` from pcweb.t-mobile.com one and add it to the fast.t-mobile.com one so it will read `default,supl,hipri,fota,dun`.
Click to expand...
Click to collapse
Thanks for letting me know about this. I was talking to some people about using this method and they said it was a hit or miss in terms of hiding their tethering usage. I'll update the OP to include what you said as a fix, for people to try out if it's not working