In Part 1 of our series “Build your own VoIP System” we learned about the very basics of how VoIP and SIP in particular works.
This is Part 2, describing the process of setting up a Skype-like service using the sip:providerCE.
In Part 3 you will learn how to protect existing VoIP deployments with the sip:provider acting as a Session Border Controller (SBC).
Since version 2.6 of our sip:provider platform, we got everything in our hands to build a secure and self-hosted Skype-like communication service solely based on open source software.
In this post, we attempt to build a free, secure, SIP based communication system to provide encrypted voice and video communication, buddy lists, instant messaging, presence and remote desktop sharing/control on a self-hosted system.
Once you’re done with that, adding skype-in/skype-out features to receive and place calls from/to the traditional telephony/mobile network is fairly easy, but will be covered in a separate post.
The whole process will take around 30 minutes up to an hour for an initial setup, so grab a coffee and clear your head.
For our system to work, we need a communication server and a proper client for our end users.
As a communication server, we will use sip:providerCE v2.6. The easiest way to get started with it is to download the VMware or Virtualbox image and fire it up on a suitable machine. If you get more serious, you want to install the system from scratch on a dedicated server with a public static IP. If you’re new to VoIP and SIP, do NOT try to install it on an Amazon EC2 instance, as they’re using destination NAT, which is a big pain for SIP and needs some experience with the SPCE to tweak it properly for that scenario.
Note that the SPCE is a 64bit system, so in order to run the VM images, you need to turn on 64bit CPU virtualization in your BIOS if VMware or Virtualbox warns you about it.
Like with Skype, your users will need a Client software to leverage the full potential of the server. The good thing about a SIP based system is that you can hook up pretty much every SIP client (IP phone, ISDN adapter, Desktop client, Mobile client) to the SPCE. This usually works fine with just voice/video communication, but with advanced features like presence, diversity leads to interoperability issues, so the SPCE server is optimized for Jitsi, a Java based multi-platform client providing all the features we require for this tutorial.
Install the Server
In our setup, we will use Virtualbox to boot the Virtualbox VM image of the SPCE. Follow these steps to get started:
- If you don’t have Virtualbox 4.x installed yet, download it from here and install it, or upgrade your older version.
- Download the Virtualbox VM image of the SPCE from here.
- Start Virtualbox. On Linux, you can start it like this:
$ virtualbox sip_provider_CE_2.6_virtualbox.ova
You will be prompted to import the new VM, which will look similar to this:
Once the import is finished, double-check if the network interface is the correct one providing access to the Internet:
In this case, it shows eth1, where I really want to use wlan0 because this is the interface into my LAN network I use for testing. To change it, click Settings on the top and change it in the Network section, like this:
Use the proper interface suitable for you, wlan0 will most likely not work for you!
IMPORTANT: Keep the mode to Bridged Adapter to avoid any NAT on the server side!
- Start the sip_provider_CE VM instance.
- Once the login screen is shown, log in with user root and password sipwise.
- Check your network settings. The VM instance is set to use DHCP by default. If this is fine with you, execute
ifconfig eth0and remember the IP address of this interface, and continue to the next step.
However if you want to configure a static IP address, you need to edit /etc/network/interfaces, e.g. like this:
iface lo inet loopback
iface eth0 inet static
dns-nameservers 18.104.22.168 22.214.171.124
Then execute ifdown eth0; ifup eth0 to bring up the interface with the proper configuration. Then edit /etc/ngcp-config/config.yml, search for eaddress and and change the option to the IP address you statically set above, like this:
- The last step on the command line is to execute the command ngcpcfg apply to generate the platform configuration files and reboot the server (only needed for the first time for simplicity reasons to make sure all services are started correctly).
Configure the Domain and Users
Now that the SPCE system is up and running, point your browser to the Administrative Web Panel located at HTTPS port 1443 of your IP you configured or got via DHCP above, like this:
The username is administrator and the password is administrator.
There are a couple of steps to get your first users online:
- Create a Domain for your users. Your users will have subscribers identified by a so-called SIP URI like sip:email@example.com, and similar to virtual hosts on a web server, you can create as many domains as you like in order to partition your users. Just make sure that the domain name you define here is pointing to the IP address of the system. You can also directly use your IP address for testing purposes, so a user would be firstname.lastname@example.org in my case, and I’ll use that throughout the rest of the post.
To create the domain, go to System Administration → Domains, enter your Domain name or IP address and press the Add button.
- Create an Account for your user. On the SPCE, accounts are billing containers for one or more subscribers. Usually one user will have one account with one subscriber in it.
To create an account, go to Accounts → Create new account and press the Add button. You will be presented with the Billing Settings, which we just keep at its defaults for now, so we press the Save button.
- Create a Subscriber within the new account. At the bottom of the Account page is the Subscribers section. Click the Create button to configure a new Subscriber.
The only mandatory information is the SIP URI and the SIP password fields. If you set the Web User and Web Password as well, the user is able to log into the Customer Self Care Web Interface running at HTTPS port 443, e.g.
- Repeat steps 2 and 3 for all the users you want to create.
That’s it on the server side. There is a lot more you can configure and tweak for Domains and for Subscribers, but it’s not important for your first tests. There is the SPCE Handbook providing all the detailed information, which you should check to learn about advanced configuration options.
Install and configure the Client
Your users need to download and install the Jitsi Client. Make sure to use the v1.1 latest Nightly Build. All the cool features won’t work otherwise (e.g. with the stable 1.0 version line).
The setup process is still quite bumpy compared to setting up a Skype client, because there are some manual steps involved. We’re working on that part providing an SPCE-optimized version of Jitsi, but up until now it works like this:
When starting Jitsi for the first time, you will be presented with a Sign In page. Choose the Use online provisioning link at the very bottom of this window.
Check the Enable provisioning check box, select Manually specify a provisioning URI and put the following URL there, with only the IP address part changed to reflect your IP or domain name (make sure to leave the rest intact exactly as shown here):
In case Jitsi was already installed, make sure to click the Forget Password! button as well.
Then exit Jitsi and start it again!
During the next startup, Jitsi will pop up an authentication window asking for your username and password. Enter your SIP URI and your SIP password here.
If you’re asked for a Certificate Verification, click Show Certificate, select the Always trust the certificate check-box and click Continue anyway.
To avoid this warning, you have to upload a properly signed SSL certificate to the server and configure it. Check the chapter in the Handbook to learn how to do.
That’s it. Jitsi will download the configuration via an SSL encrypted HTTP connection, should register successfully to the server (might take some seconds) via a TLS encrypted SIP connection, and will fetch the buddy list (empty for a new user) also via an SSL encrypted HTTP connection.
You can now add other contacts to the buddy list like you know it with other services like Skype. You can place a voice or video call by calling the username (e.g. bob) if the other party is within the same doman, or username@domain (e.g. email@example.com) if the other party is within another domain.
Please consult the SPCE Handbook to learn how to configure phone numbers for your subscribers, how to configure subscriber features like call-forwards, call-blockings etc, and how to add SIP Peerings to connect to the traditional phone network in order to place and receive calls to/from landlines and mobile phones.
Feedback, Questions and Support
If you need help for you setup process, please subscribe to our SPCE Mailing List where our Engineers and other community members are happy to answer your questions.