[HacktionLab] Open Source / federated VOIP?

[Tim Dobson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 31/12/14 16:24, johnc wrote:
> Some Problems: -Mobile phone specific: -- mobile phones vary
> greatly in their ability to run sip clients using crypto. I've seen
> sip clients use 100%CPU with awful audio quality on a few phones
> including high end samsung models. -- The latency on 3G is
> typically around 1 second. Expect horrible lag etc. Using WiFi is
> the only way to go unless you are lucky enough to be on 4G.
> 
> Non mobile phone specific: - ostel's only server is in the US,
> latency is about 120ms. Not so good if you are in Europe. We could
> build our own :-). - If you are going to build an ostel system I
> suggest you include the topology hiding setup from my wiki or
> elsewhere in your Kamailio config. SIP leaks IP/location
> information unless you make an effort to obfuscate it.

One solution I quite like, which works *if* you:
a) trust the clients to a degree
b) are happy with non-federated, centralised phone system, with the
PBX as a single point of failure

is:

Your favourite SIP-based PBX system over OpenVPN.

So, your phone connects to OpenVPN, and then the sip clients connects
to the PBX via SIP, over a VPN.

Pros:
a) as secure as your deployment of OpenVPN
b) removes NAT issues - there aren't any - the SIP/RTP goes via OpenVPN
c) It mostly 'just works' (tested with .bg client connected to .uk
server with no issues)
d) possible on mobile [android], desktop and in modern Snom firmwares

Cons:
a) nontrival to setup
b) centralised [not federated, and not designed to be]
c) requires the giving out of VPN certificates to each client in advance
d) SPOF [or compromise] on PBX system
e) not really possible to 'just leave on' on mobile without emptying
your battery
f) only known to be *super reliable* on Snom desk phones, connected to
an uncongested network
g) certainly not without points of weakness

- ---

It's not foolproof. It's not bombproof. But it is a nice architecture
that works for some scenarios. :)

- -Tim
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJUpoB6AAoJENxU32RXPSC8QLIP/0bgXkdjKKKuCBSM4010ODu1
HociGdDn83JtTdIvG10ZSZpn8hYA/vTIlSz1m3GySGx4WuHsamc+ScqEgNcTdUhX
0TPmroDIzjtESiY9+o1e7iT6rCfvkCntmqu5IE5tj6P1aXE9dp0A0e6Y/NYnw6dE
47yj0atbzVYOZ5tXqW9HPY6WPiCV4khy9ZPzMmUghBfK3a6EeAww0dpOeV9HT2eN
fWVFOkzXDaszHaOXNHr6jq+bs8YTjtJwgEKHgdZI3Flc/pVHorOuLNdU3UV3nM1M
K1kQ4F8Be8aMaQFvbflZDzP0RH2L4iWXv7+Jse4oA3GiCl+guz4680+Z8zLXEpu/
SV8+TMIBAXEZZ8agCJynU1k1g5FJicd7OvfXxxCpzOWu0iDlugR3ffOKL79muBJu
LlJBV/k9rTRR6/0CtSJ+tC75UM6KqMHK/crZKqRmJ0LqgKMo7p1FzvHGmLd/h6fL
0VCjZFB/fDs77XFInKAwt1MeKPWf2rhDKK+v6/bdVSc7Jslr8xkbidKxj7zMTbwj
et1OSwEIW+IOxTM0kTQKU8S2Otp64hH8iBPku/ZJHlg2TA7pv4o0ShNcZREeQUnM
89IewE5F5EVE0GsamwbYtUV2sYJIp3o+G4Zq8dILj4H/zxXMaDSuZJ9ycFm+KkaD
NDPtX6DtJQUVuypjVLXe
=Z26q
-----END PGP SIGNATURE-----