Archive for category Communications
Grandstream HandyTone 286 Review
Posted by dwright in Communications, Hardware, Technology on February 27, 2009
After my Digium AIXy 101 suddenly died I was left to find another ATA (Analog Telephone Adapter) for my home PBX. After doing some research I settled on the cheapest solution, the Grandstream HandyTone 286. Its a terrific little device which required very little effort to setup.
The web interface leaves a lot to be desired, but giving the price-point I believe its an outstanding value. The device was easy to locate in my routers DHCP and ARP tables. After upgrading I’ve found the calls sound better and connect faster.
The only pitfall is the device only uses SIP rather then my preferred method of IAX2. IAX2 has the benefit of transversing NAT / PAT without much trouble. SIP on the other hand is a major pain. Luckily the SIP server was on the same LAN so this was not an issue for me. The device does support STUN to allow proxying of SIP connections if you need to traverse NAT.
I would recommend this device to anyone looking to connect analog phones to a PBX using SIP. I have not tried the rest of their line of HandyTone products but look forward to giving them a chance.
Routing public IP addresses across via virtual tunnel
Posted by dwright in Communications, Software, Technology on May 2, 2007
A recent situation came up which required that I move a group of servers off-site without changing their public IP address. The off-site location is behind my cable modem at my house. To solve the problem I enlisted the help of an open source application called vtun or Virtual Tunnel and IP tables on a standard CentOS 4.4 installation. Below is a outline of the steps I took to solve the problem.
-> Build two CentOS 4.4 Linux routers. Minimal installation plus development tools. In my situation I used a dual 350Mhz PII and tunnel router #2 was an old Pentium Pro 200Mhz. The dual 350Mhz is located at the main data center and the older Linux box is located at my house.
-> Download and configure vtund from www.vtund.info. There are a number of example configurations available on their website. Below is what I have used.
# IP Tunnel Server Configuration
cobra {
passwd XXXXXXX; # Password
type tun; # IP tunnel
proto udp; # UDP protocol
compress lzo:9; # LZO compression level 9
encrypt no; # Encryption
keepalive yes; # Keep connection alive
up {
# Connection is Up
# XXX.XXX.XXX.XXX – local, XXX.XXX.XXX.XXX – remote
ifconfig “%% XXX.XXX.XXX.XXX pointopoint XXX.XXX.XXX.XXX mtu 1450″;
};
down {
# Connection is Down
# Shutdown interface
ifconfig “%% down”;
};
}
# IP Tunnel Client Configuration
cobra {
passwd XXXXXXX; # Password
device tun0; # Device tun0
persist yes; # Persist mode
up {
# Connection is Up
# Assign IP addresses.
ifconfig “%% XXX.XXX.XXX.XXX pointopoint XXX.XXX.XXX.XXX mtu 1450″;
};
}
The configuration above is very simlar to the example configurations provided by vtund. There is more you can do here to make this connection more robust but for the purpose of this blog entry I’ll show it works in more detail. To make the connection between to the two servers you run the following command on the client machine.
vtund cobra
This should create a new network interface called tun0 on both servers. This will allow you to connect across the tunnel. To test this i recommend using the following commands.
On the client
tcpdump -i tun0
On the server
ping
You should see packets come across the interface and reply back. Once you have established the tunnel connection there is a bit more required to route public IP address both in and out of the tunnel interface. For the sake of this example we’ll use 10.10.10.0/24 as the network block your routing. You’ll want to be using a public IP block for this to work correctly not the interal block from the example!
-> Assuming 10.10.10.0/24 is already routed to the tunnel server you’ll now need to route to packets from the tunnel server to the client. To do this you simply type:
ip route add 10.10.10.0/24 dev tun0
This will push packets from the server -> client. Once the packets are on the client end of the tunnel however they do not have a correct route back to the sender. In my situation the tunnel client is located on a cable modem with a default gateway on a different network. My block of 10.10.10.0/24 cannot be routed across someone elses network. The solution is to flag packets as they enter into the tunnel client router. Once the packets get flagged we can apply an alternate route table to them. The alternate route cable is identical to the standard table except the default gateway is tun0 rather then the cable modem interface. Below is a simple script to generate a duplicate route table and add the make the default gateway the tunnel server:
ip route show table main | grep -Ev ^default | while read ROUTE ; do
ip route add table 200 $ROUTE
done
ip route add default via XXX.XXX.XXX.XXX table 200
Now that the alternate table has been created you can verify it works by typing:
ip route list table 200
This should be a simlar table to your main route table except the default gateway should be the IP address of the server-side of the tunnel interface. Now that this table is in place we need to start flagging packets. In order to do this we need to make some special rules in ip tables. Below are the commands to create the flagging rules:
iptables -t mangle -A PREROUTING -i eth2 -j MARK --set-mark=200
iptables -t mangle -A PREROUTING -s 10.10.10.0/24 -j MARK --set-mark=200
iptables -t mangle -A OUTPUT -s 10.10.10.0/24 -j MARK --set-mark=200
Once the iptable rules are in place you can check them by issuing the ‘iptables -nvL -t mangle’ command. In the output you should see packets hitting your new iptable rules. Once you have active hits you’ll need to add a rule that all packets with a flag need to use the alternate table. To create this rule you need the following
ip rule add fwmark 200 table 200
To verify the rule was added you can issue the ‘ip rule list’ command.
Once you have does this your ready to route packets in and out of the tunnel. In my situation I added a third network interface card running NAT for my home computers.
Password Unification
Posted by Administrator in Communications, Education, Technology on November 4, 2005
Premise
“Just because you’re big doesn’t mean you have to be dumb.�
First let me point out I’m one of those life-long students. Not because if love college, but because I can never make up my mind on what I want to do. After making some big life changes I decided to take a full year away from school. Yesterday I attempted to register for this coming spring semester to get back on track. Interestingly enough my account has been disabled… sort of… This is where the fun starts.
I expected my account to be disabled, that isn’t the issue here. The problem is how it was disabled, and the messages which I received back from the University. First my account still worked to access class registration, and the University portal but my E-Mail had been completely locked out. This is the main point of my concern. If the university had a unified technology structure the login / password information would be centralized. An account disabled one place should be disabled across campus. Instead some departments disabled my account, and other left it running while I was gone. Worst some parts of the university left it partially running, but unusable.
Strange isn’t it? Why not completely disable my account rather then just PRETEND it works only to give me a nasty permissions error when I attempt to USE the portal which I am already logged into.
Rule #1
“Never let the user see the nasty error.�
Building an application or networked system on any level requires more then just getting the job done. A developer should take the additional time to build functionality for the unexpected. In my case there should have been two things.
1.) A friendly message explaining why my account was disabled.
2.) Directions on how to re-enable my account.
Rule #2
“Avoid the circle of death; take personal responsibility for the problem.�
First I talked to my counselor who said I should talk to computer services. Computer services told me to talk to the registration office. The registration office told me to talk to my counselor. FAIL, never ending loops are bad, not just in programming but in the real world.
This could have been avoided at each step, but instead the problem was passed onto someone else. All someone had to do was research the problem, and they would have known the problem has come up in the past. The eventually solution was to force someone to register my classes over the phone rather then using my account on the Internet.
Rule #3
“Record problems and make proactive steps to resolve known issues.�
I work in IT and I know how incredibility complicated things can get. But it’s important to always take steps to prevent the situation from coming up again. I am sure that I am not the first person to have their account disabled, and because no one is following rule three; I will likely not be the last. A few simple changes to the application would easily fix the problem, but no one cares enough to do anything about it. This means me, THE CUSTOMER, THE STUDENT, THE IDOIT, to run around trying to convenience people to do their job.
Thanks for the warm welcome back akron,
Asterisk + VoicePulse – Part 1
Posted by Administrator in Communications, Technology on November 1, 2005
WARNING
This can get complicated! Although a basic configuration using Asterisk is easy to copy, once you start developing your own PBX extensions you’ll find it can get tricky quick. I’d recommend everyone read: A guide to VoIP and Asterisk for more details on the language and concepts.
The other day, I helped one of our clients setup a Vonage VoIP phone. The process was so simple, and the quality / service seemed terrific. I’ve always been interested in VoIP, but I wanted more functionality then a just another phone line. Since I already have a cell phone it didn’t make much sense to buy another phone for my home. After doing some research I found Asterisk an open-source PBX application which lets you do just about anything with an incoming / outgoing phone call. From my initial investigation it sounded like this was exactly the application I was looking for. Cell phones are a way of life now, but a traditional home phone is still very convenient.
Voice Pulse offers a special service called CONNECT! They allow you to connect your PBX to the PSTN (Publicly Switched Telephone Network) without much hassle. They also offer a set of Asterisk configuration samples to work from. Their website admin tool is very helpful as well; you can create new phone numbers instantly, all for just $11 per month!
The setup process has been fairly easy. I’ve setup the configuration using a soft phone, and I can route incoming / outgoing calls perfectly. Although I have not finished configuring additional services like voicemail / 3-way calling / etc all of these seem to be build into Asterisk.
The next setup is to connect my normal phones into the PBX. A soft phone is neat, but the point of this process is to setup a traditional home phone as well. Asterisk has a close relationship with the hardware vender Digium. I decided to test my initial setup using an IAXy, which is a little blue box that connects to the PBX automatically. This is very similar to the Vonage phone solutions you would buy at the store, except much more cut down.
So far so good, although I have much more testing to do, this is a prefect combination! Asterisk is for any tech-savvy uber-geek who is looking to get more out of VoIP.