[HacktionLab] Open Source / federated VOIP? (johnc)
acesabe at acesabe.net
Thu Jan 1 12:17:39 UTC 2015
> Message: 1
> Date: Wed, 31 Dec 2014 16:24:33 +0000
> From: johnc <johnc at aktivix.org>
> To: hacktionlab at lists.aktivix.org
> Subject: Re: [HacktionLab] Open Source / federated VOIP?
> Message-ID: <54A42341.3020606 at aktivix.org>
> Content-Type: text/plain; charset=ISO-8859-1
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> The Ostel project is probably the best attempt at doing this so far.
> I demoed a very similar system a couple of years ago at barn camp:
> both borrow heavily from:
> Some of the nice things about this approach:
> - - Easy federation, i.e. alice at domain1.com can call bob at domain2.com with
> no additional configuration required.
> - - You can do ZRTP end to end encryption so you don't have to trust the
> server or the people running it.
> - - Easy configuration, ostel have managed to get their config included
> with the csipsimple SIP app which may be downloaded from the play store
> etc. You just enter someuser at ostel.co and your password and you are
> basically done.
> - -Far end NAT traversal solution. Kamailio fixes up the SIP signalling
> (rewrites IP's and ports for contact headers etc) and RTPproxy takes
> care of media so that each sip end-point talks to public IP addresses of
> the media/signalling proxy rather than NATed clients speaking directly
> to each other, (which is a nightmare for various reasons).
> Some Problems:
> - -Mobile phone specific:
> - -- mobile phones vary greatly in their ability to run sip clients using
> crypto. I've seen sip clients use 100%CPU with awful audio quality on a
> few phones including high end samsung models.
> - -- The latency on 3G is typically around 1 second. Expect horrible lag
> etc. Using WiFi is the only way to go unless you are lucky enough to be
> on 4G.
> Non mobile phone specific:
> - - ostel's only server is in the US, latency is about 120ms. Not so good
> if you are in Europe. We could build our own :-).
> - - If you are going to build an ostel system I suggest you include the
> topology hiding setup from my wiki or elsewhere in your Kamailio config.
> SIP leaks IP/location information unless you make an effort to obfuscate
> - - The above solutions don't have a media mixer + we're using end to end
> encryption so things get a bit complicated if you want to have more than
> two people in a conference. I can think of two solutions:
> 1) Use a SIP client with mixing capabilities (e.g. jitsi ) to initiate
> conversations with each of the people you want to conference in. I tried
> this a couple of years ago it was buggy, CPU hogging and the quality was
> a bit hit and miss for more than 4 users in a conference. Also, because
> of the topology a lot of bandwidth is used on the mixing leg. You can't
> get around the last issue but they may have fixed some of the other ones:
> 2) Use a Freeswitch server hosted at a data centre to do the mixing:
> This solution should work OK but adds a fair bit of complexity. The
> advantage of hosting at at a DC is that no single user has to
> send/receive a large number of unmixed audio/video streams. N.B.
> Freeswitch acts as trusted man in the middle. If the freeswitch server
> is not physically secure then it can be used to tap calls :-(
> Hope some of this is useful.
Seems a bit of a 'holy grail' this fully encrypted, federated, open-source
VoIP, as in my experience (medium+ level techie), at best you may get
reasonable/good call quality using standard apps and protocols, but that
tends not to be easy to get working in the first place and mileage varies
wildly with different software/hardware clients. Basically, unless you
really know what you are doing, there is no 'off the shelf' solution that
is readily accessible to all who wish to use it. But maybe that is about to
change! The infamous Kim Dotcom of Mega* fame has in recent times been
making a big noise about all this data encryption, and freedom to keep you
online data secure, he has now just announced that Mega will soon release a:
"fully encrypted and browser based video call & chat service"
to rival Skype:
There seems on the surface to be pretty compelling reasons to 'trust' him
(his NZ mansion home spectacularly raided, fortune frozen by the US
government/Hollywood corp and servers seized etc.), apart from the obvious
fact that *he is a businessman* so looking for a return. So I wonder what
people here think about this? I mean, if it works well out the box (that
I'd like to see!) and is end to end encrypted, it's gotta be better than
using Skype for the masses who have no hope of setting up their own secure
VoIP solution right?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the HacktionLab