FORUMS
Remove All Ads from XDA

[GUIDE] PBX in a Flash (PIAF) on Amazon EC2 with Free GV calling + SILK codec

761 posts
Thanks Meter: 221
 
By acegolfer, Senior Member on 25th January 2013, 02:53 PM
Post Reply Email Thread
PIAF (PBX in a flash) + AWS (Amazon Web Service) EC2

If you are making free GV calls using data, then you probably know that setting up an asterisk server is the best but also quite complicated. Thankfully, it just got a little easier because the PIAF team made the PIAF image available on AWS EC2 (a cloud based virtual machine).

Advantages over other asterisk/pbxes methods:
1. very small audio lag. Amazon servers have less latency than any other servers.
2. Since Amazon hosts your server, you don't pay any electricity cost. FYI, a PC running 24/7 costs about $15-20 a month.
3. The PIAF image (AMI) is already optimized: 1000MHZ + pre-installed asterisk and others. If you have used PIAF before, the whole setup process will take less than 30 minutes to complete.
4. You can create a backup image at any time and restore it later.

Disadvantages:
1. EC2 is only free for the 1st year. See the terms carefully to understand what is truly free. Use http://mikekhristo.com/ec2-ondemand-...gs-calculator/ to estimate the cost after the 1st year. After the 1st free year is up, you can port the image to another AWS account.
2. Added security risk. Since EC2 is not in your network, it needs to open 22 (SSH), 80 (WEB) ports for you to access the server to configure. To overcome this issue, restrict who can gain access by known IP addresses from AWS.
3. In addition to some linux knowledge (PIAF runs on CentOS), you also need to learn how AWS works. Personally, I consider this as a plus.


Instructions (estimated minutes to complete in parenthesis, if you have used PIAF before):

1. Launch PIAF image in AWS EC2. (10 minutes)
Detailed instruction: http://nerdvittles.com/?p=5060
updated: there are 2 versions of PIAF: purple uses asterisk 1.8 and green uses asterisk 11 (beta). I am using PIAF-Green which supports silk codec.

2. Configure PIAF using Web GUI. (10 minutes)
Once PIAF is up and running, from your web browser, enter the Elastic IP address (given by AWS) to access web GUI.

2.1. Settings>Asterisk SIP settings>NAT settings. Click "Auto Configure" It will fill out the IP addresses. If you reboot, localnet address may change. You may use "10.0.0.0/8" instead.
* Whenever you make a change in Web GUI, scroll down and click submit. Then "Apply Config" red button will appear at the top. Click it occasionally to reload newly submitted configurations.
2.2. Settings>Asterisk SIP settings>Audio codecs. Select the codecs and reorder. (SILK codec will not show up here.)
2.3. Applications>Extensions. Add new SIP extensions. User extension and the secret are the username and the password you will use in your sip client to register with PIAF. Select nat=yes.
2.4. Other>Google Voice. Fill out your GV information. Asterisk must be restarted to take it into effect. In Web GUI, Admin>Asterisk CLI, execute "core restart gracefully" Once restarted, you can start making outbound GV calls from a registered phone. (Alternatively, you can use "simonics GVGW" service and add it as a sip trunk.)
2.5. Connectivity>Inbound routes. Add your GV number as DID number. Scroll down and set destination as your extension you created in #2.3.
2.6. From Google Voice webpage, confirm that Google Voice forwards all the incoming calls to gchat.
2.7. Register your sip client (such as csipsimple) with your PIAF server. The server address is the "elastic IP" address assigned by AWS.

Test in/out calls before going to the next step.

3. (optional) Add G729 codec. (5 minutes) (See post #2 for adding silk codec, which I'm now using for both wifi/3g.)
G729 codec is one of the best codecs for mobile connection. SSH to your PIAF EC2. In linux CLI, execute

Code:
cd /usr/lib/asterisk/modules
wget http://asterisk.hosting.lv/bin/codec_g729-ast18-icc-glibc-x86_64-core2.so 
amportal restart
To check whether you added G729 properly, execute in asterisk CLI

Code:
core show translation recalc 100
Look for G729 line and check they are not blanks.
Source: http://asterisk.hosting.lv/

4. (optional) Enable TCP transport to save phone battery. (5 minutes)
In my informal testing, TCP battery consumption is half of UDP's.

From Web GUI, asterisk SIP settings>Other SIP settings, add the following 2 lines.

Code:
tcpenable = yes
tcpbindaddr = 0.0.0.0
Go Applications>Extensions and change transport to "TCP."

Next, you need to open TCP port 5060 in both EC2 and linux. For EC2, modify the security group. For linux, SSH to your PIAF

Code:
nano /etc/sysconfig/iptables
add the following line and save (ctrl-o) and exit (ctrl-x).

Code:
iptables -A INPUT -p tcp -m tcp --dport 5060 -j ACCEPT
restart iptables in linux CLI
Code:
service iptables restart
Use TCP transport in your sip client to connect to PIAF.



Tips/Tricks and Troubleshooting will be in the next posts.

If you couldn't understand the installation steps, check out a fellow's post. He provided several installation tips. http://forum.xda-developers.com/show...&postcount=184
The Following 15 Users Say Thank You to acegolfer For This Useful Post: [ View ] Gift acegolfer Ad-Free
 
 
25th January 2013, 02:53 PM |#2  
OP Senior Member
Thanks Meter: 221
 
More
Tips/Tricks
Tips/Tricks

1. Use ring group to ring all the extensions, if you have multiple sip phones.

2. Add more GV numbers
My family have 3 GV numbers + 6 phones. I added all 3 gtalk trunks to PIAF. OTOH, pbxes doesn't allow you to add more than 1 gtalk trunk. Since all 6 phones are in the same PBX, I can call my wife's phone by her extension number (or her ring group) instead of her GV number. If you do this, you need to modify outbound routes such that certain extensions use specific GV trunk. Otherwise, all the phones will use the first GV trunk to make outgoing calls and display the same CID.

3. Call forward to external phones.
In the ring group, you can have PIAF call regular phone number such as your cell phone. Just list the phone number followed by #. One problem is gtalk trunk doesn't allow CID spoofing so the external phone will show your GV# as CID.

4. Delayed call forwarding
Create 2 ring groups and put the number for delay in the 2nd group. Set 1st ring group's destination if no answer as the 2nd group and specify the ring time. I do this for my office phone because it goes to voicemail in 20 seconds (before GV voicemail answers). Now my office phone starts ringing after 7 seconds so it will never answer before GV voicemail does. You can also use this strategy with your cell phone such that your cell number rings after you have a chance to answer internet calls.

5. Secure your PIAF
If you followed pbxinaflash.com guide, then you opened port 80 and 22 to the world. Hackers can brute force using username = root. You should limit who can access these ports by IP address. Additionally, you can disable root SSH login and create a sudoer.
http://www.howtogeek.com/howto/linux...ogin-on-linux/
http://wiki.centos.org/TipsAndTricks/BecomingRoot

6. Add SILK codec
If you are on PIAF-green (asterisk 11), then you can add SILK codec. This is the codec that Skype uses so you may get the same excellent quality as Skype. From linux CLI,

Code:
wget http://downloads.digium.com/pub/telephony/codec_silk/asterisk-11.0/x86-64/codec_silk-11.0_1.0.0-core2_64.tar.gz
tar -zxvf codec_silk-11.0_1.0.0-core2_64.tar.gz
cd codec_silk-11.0_1.0.0-core2_64
cp codec_silk.so /usr/lib/asterisk/modules/codec_silk.so
Restart asterisk and from asterisk CLI, core show codecs and confirm that 4 silk codecs (silk8, silk12, silk16, silk24) are added. If not, read http://forum.xda-developers.com/show...7&postcount=71.
To use SILK codec, From extension, set

disallow=all
allow=silk12

7. Eliminate echo
ryuker has posted a method to eliminate the echo.
http://forum.xda-developers.com/show...&postcount=306

Troubleshooting

There are many many reasons why GV calling fails. This means you will probably not get any help, unless you provide more information such as asterisk log. If you want to troubleshoot by yourself, try these first.

1. csip / piaf registration: Try a different sip client or use UDP connection.
2. GV: See whether you can make GV calls using GrooveIP. GV calling may not work for new accounts until you initiate a call from gmail.
3. Restart asterisk. If you add a GV trunk, it must be restarted to take into effect.
2. piaf / GV link: Add simonics GVGW as a sip trunk. https://simonics.com/gvgw/
The Following 4 Users Say Thank You to acegolfer For This Useful Post: [ View ] Gift acegolfer Ad-Free
25th January 2013, 03:06 PM |#3  
OP Senior Member
Thanks Meter: 221
 
More
If you have been following my iLBC thread, then here's a comparison between the 2 methods (PIAF vs iLBC, hereafter).

1. PIAF supports more codecs such as G722 and G729.
2. Less latency issue because of less call routing. PIAF route: caller>GV>PIAF>phone. iLBC method involves caller>GV>callcentric>pbxes>phone.
3. You can add more than 1 GV trunk w/ PIAF. pbxes only allows 1. This is handy, if your family use several GV numbers.
The Following 2 Users Say Thank You to acegolfer For This Useful Post: [ View ] Gift acegolfer Ad-Free
25th January 2013, 05:18 PM |#4  
Senior Member
Thanks Meter: 43
 
More
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
Good discussion, I was running it on my raspberry pi until I repurposed it for a media center. I may have to look at it again, please post your setup once you have things working....


Thanks

Sent from my Nexus 7 using Tapatalk HD
26th January 2013, 01:54 AM |#5  
whahn1983's Avatar
Member
Flag Houston
Thanks Meter: 12
 
Donate to Me
More
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
Quote:
Originally Posted by acegolfer

Here's basically what I did so far.

1. Follow nerdvittle's guide (link in OP) to install IncrediblePBX on my home PC.
2. Enable TCP and changed TCP signaling port from default 5060.
3. In router, forward signaling port and RTP ports (10000-20000) to PBX.
4. Use csipsimple as Android sip client.

I understand it's too brief. Once I am completely satisfied with my setup, I'll write a detailed instruction.

If you have 0 clue about what these mean, then I'm afraid you should look for an alternative setup such as GrooveIP or http://forum.xda-developers.com/show....php?t=2057887

If you have been following my iLBC thread, then here's a comparison between the 2 methods (PIAF vs iLBC, hereafter).

1. PIAF gives you more codec options such as G722 and G729.
2. Less latency issue because of less call routing. If you are at home, it's caller>GV>PBX=phone. iLBC method involves caller>GV>callcentric>pbxes>phone.
3. Hangup issues when ending a call with csip/TCP/3g/SPI firewall combination. If I change one of these 4, I can end a call normally.

I had tried a setup and got through all the nerdvittles guides setting up piaf purple with travelinman 3. Everything worked great with csipsimple when I was on WiFi. As soon as I disconnected from wifi and got on the cell network I could not connect. I ensured my phone ip was in the iptables and all the proper ports were forwarded through the router. I used dyndns for both my router and phone to ensure that ip tables had the right ip addresses. Never figured out the problem. If anyone has any ideas for what the problem could be I'll give it another try.

Sent from my Nexus 4 using xda premium
26th January 2013, 02:08 AM |#6  
OP Senior Member
Thanks Meter: 221
 
More
Quote:
Originally Posted by whahn1983

I had tried a setup and got through all the nerdvittles guides setting up piaf purple with travelinman 3. Everything worked great with csipsimple when I was on WiFi. As soon as I disconnected from wifi and got on the cell network I could not connect. I ensured my phone ip was in the iptables and all the proper ports were forwarded through the router. I used dyndns for both my router and phone to ensure that ip tables had the right ip addresses. Never figured out the problem. If anyone has any ideas for what the problem could be I'll give it another try.

Sent from my Nexus 4 using xda premium

I think using dyndns for your phone is pointless and can actually pose a great security risk. If you are on Tmobile 3g, your phone is behind NAT. This means the IP of your phone actually belongs to the Tmo's router and not unique to your phone.

So including that IP address in iptables is a huge security risk. All the Tmo phones sharing the same IP address with your phone will have full access to your PBX.

The biggest challenge that you are facing is the fact that both your PBX and your phone are behind 2 different NATs. I know it's crazy. My guess is NAT settings. In nerdvittle's guide, there's an instruction on how to give access to remote clients. In addition, here is another good guide: http://www.freepbx.org/support/docum...-sip-extension
26th January 2013, 02:21 AM |#7  
OP Senior Member
Thanks Meter: 221
 
More
Here are the instructions on how to enable TCP and change TCP port from default 5060 to something other such as 5055.

1. Settings>Asterisk SIP settings>Other SIP settings
tcpenable = yes
tcpbindaddr = 0.0.0.0:5055
2. Applications>Extensions>your extension, transport = TCP only.
3. From your router, port forward 5055 to PBX machine.
4. From PBX linux command, adjust firewall settings
iptables -A INPUT -p tcp -m tcp –dport 5055 -j ACCEPT
(You can also do this from PIAF linux webmin.)
5. From sip clients, server/proxy = your IP:5055.
The Following User Says Thank You to acegolfer For This Useful Post: [ View ] Gift acegolfer Ad-Free
26th January 2013, 02:32 AM |#8  
whahn1983's Avatar
Member
Flag Houston
Thanks Meter: 12
 
Donate to Me
More
Re: [DISCUSSION] Asterisk/FreePBX/PIAF
Quote:
Originally Posted by acegolfer

I think using dyndns for your phone is pointless and can actually pose a great security risk. If you are on Tmobile 3g, your phone is behind NAT. This means the IP of your phone actually belongs to the Tmo's router and not unique to your phone.

So including that IP address in iptables is a huge security risk. All the Tmo phones sharing the same IP address with your phone will have full access to your PBX.

The biggest challenge that you need to solve is both your PBX and your phones are behind 2 different NATs. I know it's crazy.

Yea that sounds like a big problem. The sad thing is when I am on my piaf network the voice quality is pristine. It actually works great but most of my calling is done away from home. I ended up switching off of the tmo $30 plan and onto straight talk tmo until I figure out a better solution. I've tried everything out there from pbxes to groove, almost every available codec and app combo. Just too many complaints from callers about quality and 100 minutes is not enough lol.

Sent from my Nexus 4 using xda premium
26th January 2013, 03:21 AM |#9  
Senior Member
Thanks Meter: 118
 
More
You can eliminate almost all risks by using Travelin' man; which is basically an IP whitelist. You can read about it over at nerdvittles. That being said, I've been lucky, and I haven't had any attacks on my personal PIAF server. I have banned all of Asia, and Russia using IP tables, and I'm sure that's helped. All ports are closed behind my firewall except for 5060, and a few for RTP. It is also a good idea to run "update-programs" and then "update-fixes" via the CLI periodically. This will install crucial patches.
The Following User Says Thank You to osi13 For This Useful Post: [ View ] Gift osi13 Ad-Free
26th January 2013, 05:59 PM |#10  
OP Senior Member
Thanks Meter: 221
 
More
Another issue that I found.

Can't use G722 codec over TCP when registered remotely. G722 works if UDP or within LAN.

Not sure whether this is a csip specific issue because I don't know other free sip clients with G722 codec.
The Following User Says Thank You to acegolfer For This Useful Post: [ View ] Gift acegolfer Ad-Free
28th January 2013, 01:09 AM |#11  
Senior Member
Thanks Meter: 118
 
More
Quote:
Originally Posted by acegolfer

Another issue that I found.

Can't use G722 codec over TCP when registered remotely. G722 works if UDP or within LAN.

Not sure whether this is a csip specific issue because I don't know other free sip clients with G722 codec.

Post your issue on the CSipSimple Google Code page. The dev is normally very helpful. Also, I would look through the Asterisk log to see exactly what's going on. You can do this via FreePBX or you can go to to your server's CLI, and type "asterisk -rvvv" This will give you a debug CLI. Then try to place a call using G722, and view the results. If you post over at the PIAF forums, you will probably need a log, or you may be ignored.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes