SIPWISE CE - NEWS

back to all Sipwise CE - News

Build your own VoIP System – Part 2: An open Skype Replacement

In Part 1 of our series “Build your own VoIP System” we learned about the very basics of how VoIP and SIP in particular works.
This is Part 2, describing the process of setting up a Skype-like service using the sip:providerCE.
In Part 3 you will learn how to protect existing VoIP deployments with the sip:provider acting as a Session Border Controller (SBC).

Since version 2.6 of our sip:provider platform, we got everything in our hands to build a secure and self-hosted Skype-like communication service solely based on open source software.

The Goal

In this post, we attempt to build a free, secure, SIP based communication system to provide encrypted voice and video communication, buddy lists, instant messaging, presence and remote desktop sharing/control on a self-hosted system.

Once you’re done with that, adding skype-in/skype-out features to receive and place calls from/to the traditional telephony/mobile network is fairly easy, but will be covered in a separate post.

The whole process will take around 30 minutes up to an hour for an initial setup, so grab a coffee and clear your head.

The Ingredients

For our system to work, we need a communication server and a proper client for our end users.

The Server

As a communication server, we will use sip:providerCE v2.6. The easiest way to get started with it is to download the VMware or Virtualbox image and fire it up on a suitable machine. If you get more serious, you want to install the system from scratch on a dedicated server with a public static IP. If you’re new to VoIP and SIP, do NOT try to install it on an Amazon EC2 instance, as they’re using destination NAT, which is a big pain for SIP and needs some experience with the SPCE to tweak it properly for that scenario.

Note that the SPCE is a 64bit system, so in order to run the VM images, you need to turn on 64bit CPU virtualization in your BIOS if VMware or Virtualbox warns you about it.

The Client

Like with Skype, your users will need a Client software to leverage the full potential of the server. The good thing about a SIP based system is that you can hook up pretty much every SIP client (IP phone, ISDN adapter, Desktop client, Mobile client) to the SPCE. This usually works fine with just voice/video communication, but with advanced features like presence, diversity leads to interoperability issues, so the SPCE server is optimized for Jitsi, a Java based multi-platform client providing all the features we require for this tutorial.

Install the Server

In our setup, we will use Virtualbox to boot the Virtualbox VM image of the SPCE. Follow these steps to get started:

  1. If you don’t have Virtualbox 4.x installed yet, download it from here and install it, or upgrade your older version.
  2. Download the Virtualbox VM image of the SPCE from here.
  3. Start Virtualbox. On Linux, you can start it like this:
    $ virtualbox sip_provider_CE_2.6_virtualbox.ova
    You will be prompted to import the new VM, which will look similar to this:
    Import VM into Virtualbox
    Once the import is finished, double-check if the network interface is the correct one providing access to the Internet:
    Check network interface
    In this case, it shows eth1, where I really want to use wlan0 because this is the interface into my LAN network I use for testing. To change it, click Settings on the top and change it in the Network section, like this:
    Change network settings

    Use the proper interface suitable for you, wlan0 will most likely not work for you!

    IMPORTANT: Keep the mode to Bridged Adapter to avoid any NAT on the server side!

  4. Start the sip_provider_CE VM instance.
  5. Once the login screen is shown, log in with user root and password sipwise.
  6. Check your network settings. The VM instance is set to use DHCP by default. If this is fine with you, execute ifconfig eth0 and remember the IP address of this interface, and continue to the next step.

    However if you want to configure a static IP address, you need to edit /etc/network/interfaces, e.g. like this:

    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet static
    address 192.168.0.122
    netmask 255.255.255.0
    gateway 192.168.0.1
    dns-nameservers 8.8.8.8 8.8.4.4

    Then execute ifdown eth0; ifup eth0 to bring up the interface with the proper configuration. Then edit /etc/ngcp-config/config.yml, search for eaddress and and change the option to the IP address you statically set above, like this:

    eaddress: 192.168.0.122

  7. The last step on the command line is to execute the command ngcpcfg apply to generate the platform configuration files and reboot the server (only needed for the first time for simplicity reasons to make sure all services are started correctly).

Configure the Domain and Users

Now that the SPCE system is up and running, point your browser to the Administrative Web Panel located at HTTPS port 1443 of your IP you configured or got via DHCP above, like this:

https://192.168.0.122:1443

The username is administrator and the password is administrator.

There are a couple of steps to get your first users online:

  1. Create a Domain for your users. Your users will have subscribers identified by a so-called SIP URI like sip:alice@example.org, and similar to virtual hosts on a web server, you can create as many domains as you like in order to partition your users. Just make sure that the domain name you define here is pointing to the IP address of the system. You can also directly use your IP address for testing purposes, so a user would be alice@192.168.0.122 in my case, and I’ll use that throughout the rest of the post.

    To create the domain, go to System AdministrationDomains, enter your Domain name or IP address and press the Add button.

    Add new Domain

  2. Create an Account for your user. On the SPCE, accounts are billing containers for one or more subscribers. Usually one user will have one account with one subscriber in it.

    To create an account, go to AccountsCreate new account and press the Add button. You will be presented with the Billing Settings, which we just keep at its defaults for now, so we press the Save button.

    Create a new Account

  3. Create a Subscriber within the new account. At the bottom of the Account page is the Subscribers section. Click the Create button to configure a new Subscriber.

    Create new Subscriber

    The only mandatory information is the SIP URI and the SIP password fields. If you set the Web User and Web Password as well, the user is able to log into the Customer Self Care Web Interface running at HTTPS port 443, e.g. https://192.168.0.122.

  4. Repeat steps 2 and 3 for all the users you want to create.

That’s it on the server side. There is a lot more you can configure and tweak for Domains and for Subscribers, but it’s not important for your first tests. There is the SPCE Handbook providing all the detailed information, which you should check to learn about advanced configuration options.

Install and configure the Client

Your users need to download and install the Jitsi Client. Make sure to use the v1.1 latest Nightly Build. All the cool features won’t work otherwise (e.g. with the stable 1.0 version line).

The setup process is still quite bumpy compared to setting up a Skype client, because there are some manual steps involved. We’re working on that part providing an SPCE-optimized version of Jitsi, but up until now it works like this:

When starting Jitsi for the first time, you will be presented with a Sign In page. Choose the Use online provisioning link at the very bottom of this window.

Jitsi Sign In window

Check the Enable provisioning check box, select Manually specify a provisioning URI and put the following URL there, with only the IP address part changed to reflect your IP or domain name (make sure to leave the rest intact exactly as shown here):

https://192.168.0.122/jitsi?user=${username}&pass=${password}&uuid=${uuid}

Enable Jitis autoprovisioning

In case Jitsi was already installed, make sure to click the Forget Password! button as well.

Then exit Jitsi and start it again!

During the next startup, Jitsi will pop up an authentication window asking for your username and password. Enter your SIP URI and your SIP password here.

Jitsi Authentication Popup.

If you’re asked for a Certificate Verification, click Show Certificate, select the Always trust the certificate check-box and click Continue anyway.

Jitis verify Server Certificate

To avoid this warning, you have to upload a properly signed SSL certificate to the server and configure it. Check the chapter in the Handbook to learn how to do.

That’s it. Jitsi will download the configuration via an SSL encrypted HTTP connection, should register successfully to the server (might take some seconds) via a TLS encrypted SIP connection, and will fetch the buddy list (empty for a new user) also via an SSL encrypted HTTP connection.

You can now add other contacts to the buddy list like you know it with other services like Skype. You can place a voice or video call by calling the username (e.g. bob) if the other party is within the same doman, or username@domain (e.g. bob@example.org) if the other party is within another domain.

Jitsi Screen Sharing

Jitis encrypted Video call

Next Steps

Please consult the SPCE Handbook to learn how to configure phone numbers for your subscribers, how to configure subscriber features like call-forwards, call-blockings etc, and how to add SIP Peerings to connect to the traditional phone network in order to place and receive calls to/from landlines and mobile phones.

Feedback, Questions and Support

Please leave your feedback here, on Twitter or on Facebook.

If you need help for you setup process, please subscribe to our SPCE Mailing List where our Engineers and other community members are happy to answer your questions.

47 responses to “Build your own VoIP System – Part 2: An open Skype Replacement”

  1. Mike Telahun says:

    I spent a day and a half banging my head against these two issues:

    1. When doing the manual provisioning in the jitsi client in the URI field pass=${pass} should read pass=${password}. Otherwise, when you restart jitsi it will not bring up the username/password dialog.

    2. After I got past the first issue I could make and receive calls fine, but my contacts in the contact-list were showing as off-line. For some reason jitsi was not passing my sip credentials on to the presence server. To fix this:
    a. Tools -> Options
    b. In the Accounts tab select the SIP account it created for you and click the Edit button at the bottom
    c. In the Presence tab un-check the “Use SIP Credentials” check box and manually enter your username and password.

    Other than that, Great Work!

  2. Mike Telahun says:

    I spent a day and a half banging my head against these two issues:

    1. When doing the manual provisioning in the jitsi client in the URI field pass=${pass} should read pass=${password}. Otherwise, when you restart jitsi it will not bring up the username/password dialog.

    2. After I got past the first issue I could make and receive calls fine, but my contacts in the contact-list were showing as off-line. For some reason jitsi was not passing my sip credentials on to the presence server. To fix this:
    a. Tools -> Options
    b. In the Accounts tab select the SIP account it created for you and click the Edit button at the bottom
    c. In the Presence tab un-check the “Use SIP Credentials” check box and manually enter your username and password.

    Other than that, Great Work!

  3. hi!,I love your writing very a lot! share we keep up a correspondence more about your article on AOL? I require a specialist in this house to solve my problem. Maybe that’s you! Having a look ahead to look you.

  4. alex says:

    I love the tutorial and was able to set up my server, but I am wondering how i can port forward this in my router to access this off my LAN. what port does this go through? 1443?

  5. alex says:

    I love the tutorial and was able to set up my server, but I am wondering how i can port forward this in my router to access this off my LAN. what port does this go through? 1443?

  6. Jon Bonilla says:

    Please, for technical questions, refer to our mailing list.

    http://lists.sipwise.com/listinfo/spce-user

  7. Ismail says:

    Great post, is there a way to make an installation on the ec2 or rackspace cloud?

  8. Ismail says:

    Great post, is there a way to make an installation on the ec2 or rackspace cloud?

  9. Ismail says:

    Great post, is there a way to make an installation on the ec2 or rackspace cloud?

    • sipwise says:

      Rackspace should be straight forward, just follow the handbook how to set up a CE on an ordinary server. Maybe you can even import the vmware image. EC2 is a bit more tricky, check our mailing list how to use the aaddress setting.

  10. peer zone says:

    Well, I need to know whether the internet provider can track us if we use this technique of voip.. if yes, hw can we bar them to do so.. Thanks

    • andrew pogrebennyk says:

      With the above described jitsi configuration, the signaling is
      encrypted but the actual voice is not. You can play with SRTP options
      for voice encryption. We will follow up on this in coming articles as we
      are developing the ICE and SRTP support!

  11. Henry says:

    I read your column
    all the time and find the information and comments very informative.I just want to inform everyone to a new web site
    called VoIP Spear (www.voipspear.com)
    to measure your QoS

  12. I wanted to let you know that i followed this tutorial and just setup the server for a client using http://www.switch2voip.us Voip provider

  13. BTR Naidu says:

    I see the below error

    Aug 5 16:50:04 spce /usr/sbin/apache2: ***Login::do_login username: >>administrator<>administrator<<

    Aug 5 16:50:04 spce /usr/sbin/apache2: ***Provisioning::login called, authenticating…

    Aug 5 16:50:04 spce /usr/sbin/apache2: ***Provisioning::_get_user failed to get user 'administrator@sip.yourdomain.tld' from DB: subscriber with ID '' does not exist

    Aug 5 16:50:04 spce /usr/sbin/apache2: ***Provisioning::login authentication failed for 'administrator@sip.yourdomain.tld', unknown user.

  14. dasmond says:

    Hey SipWise..
    The SPCE image doesnot exist on your servers..Please upload it…

    • Daniel Tiefnig says:

      The VM image location has moved. We’ve updated the web server configuration, and the old URLs should work again.

      You can find all VM images at http://deb.sipwise.com/spce/images/ now. The post is btw. referring to an old version of the SPCE documentation, which is again referring to the according old VM image. I’d recommend using the latest image provided at the URL above and refer to the handbook currently at http://www.sipwise.org/doc/3.0/spce/

  15. disquit says:

    Possible to make VoIP calls from PC to Phone?

  16. dasmond says:

    When I boot the system using the image,no thing such as log in or password(as said in the tutorial) appears,instead the a blank screen comes where nothing can be typed like this:
    Please help me,i am badly stuck!!!

  17. dasmond says:

    Hi,
    The tutorial says that
    “execute ifconfig eth0 and remember the IP address of this interface”

    While I execute ifconfig eth0 no Ip address is shown…
    Please help me

  18. Mehul says:

    Everything went well….not connecting to server yet….jitsi nt askin for authentication as well….

    • Max Zwiebel says:

      Do you know some good and secure VOIP Systems? Which can be also used for business communication? regards

  19. Max Zwiebel says:

    Does anyone know a good and a SECURE VOIP program, which can be use for business communication?

  20. billy bill says:

    hi i nice tut i download vm but my system only allows me to devote 954mb of ram to virtual machine. the virtual machine doesint boot do you think the ram is the problem? it aint to short of 1024mb. i tryed redownloading and importing it so it aint a corrupt file. it get past bios and then stops. any ideas thanks

  21. Guest says:

    test

  22. Ila says:

    I have no Idea what am doing on the sipwise webpage, I never did this befor. Also The webpage and the pictures you show look different now in 2014, all is different and can not find to configure what you showed on pictures, please help.

  23. Horace Miles says:

    I followed your tutorial and everything appeared to go as you have said. However, I am unable to get Simple Presence to work i.e. no status updates to UAC’s. Where might I start looking for a solution?

  24. sba stuff says:

    i have vm ware 8 installed on my windows with trixbox installed in it. how to configure it? any body knows?

  25. Ben says:

    how can we call to mobile? Is there any furher integration required or ?

  26. B Nekkers says:

    i would like to know what im doing wrong.

    the vm starts but i’m not getting a log in screen talked about in stem 5 of The instruction jsut a black screen with a cursor in the top

  27. How can we register users through my app? currently i am able to add new user through browser admin panel but i want to add these users through app when a user request for registration then he will be able to make calls etc.

    thanks

  28. […] Build your own VoIP System – Part 2: … – In Part 1 of our series “Build your own VoIP System” we learned about the very basics of how VoIP and SIP in particular works. This is Part 2 … […]

  29. wang says:

    great, maybe i’ll try it sometime, just for fun

  30. SC says:

    Hi – I installed the latest ami on EC2, following the instructions, and my instance is in running state. I am also able to connect by ssh using my private key. But I am unable to access the webpage https://:1443 PLEASE help, what could be the reason? Thanks!

  31. wow sir great post.
    i want to know more about this topic.

  32. It is great that wireless communication has made everyone easy to engage. There is no distance in the world. Company trend is going to set up their phone system to VoIP with cloud telephone, It gives freedom to work from anywhere. Your employees will no longer be bound to office. Now your staff can work from their other offices, home or any other setting.

  33. PBX System says:

    I usually thought that building my own VoIP pbx system is not a simple task but after learning some of it basic knowledge it is a simple task. Now, I’m working in my small business with my own built system and working as a stable communication network connecting the employees by taking pbx system of VoIP Business.

Leave a Reply

Your email address will not be published. Required fields are marked *