FreePBX | Register | Issues | Wiki | Portal | Support

Cross-Client, Secured Video Calling via HOSTED LINODE FreePBX Deployment. **WORKING, TESTED**

asterisk
configuration
Tags: #<Tag:0x00007f749c204dc0> #<Tag:0x00007f749c204af0>

(Kevin Frost) #1

What’s Up??

It has been about a 3 year long process but I’ll try to compress what I’ve learned into this topic. My hope is to help someone out who’s trying to achieve similar results but keep in mind, my setup may not be like yours so your mileage may vary.

My linode started as a nano (cheapest) and ran fine but I went to the 2gb (next cheapest) after PoC (proof of concept) was completed because I’m greedy and want more memory/storage space and transfer. I first set this server up on ‘legacy’ linode manager not the new ‘cloud’ one so if you have a specific question I’ll guide you best I can.

This project began as an experiment just to see if I could get it running on a linode since my dev buddies were telling me it absolutely couldn’t/shouldn’t be done. So after assuring the dev buddies that we can still be friends and guiding them on how to kindly f^ck off, I got to work.

I noticed after a few months of tinkering with it that there is some proprietary ‘11 herbs and spices’ that linode uses for their virtualization platform which might make freepbx deployment difficult, mainly the block storage and their linode imaging/backup methods that don’t like to be run on a “RAW” (non-linode managed) filesystem, rather they seem to prefer handling kernel settings, block allocations, kernel helpers and so on. None of the stack scripts did any good, often not working properly so I built my FreePBX from scratch

So my server is running Sangoma 7 with FreePBX 14.0.11 (soon to be 15, god willing) plus a nice KDE X GUI on top of the CentOS7 core that looks pretty great while running GLISH (if i initiate GUI running startx in console). Everything is legit and activated thru Sangoma. Sysadmin and all commercial modules I use are also running flawlessly. Backups are done via direct FTP connection to a NAS at my home office server. Restore is done in reverse, essentially by inflating backups via the FreePBX GUI. I can reinstall a fresh FreePBX 14/15, run the restore function and be operational within minutes, not days.

MY END USER SETUP:
All my extensions use either GS (grandstream) Wave on Android (4.0+) or MicroSIP for Windows. Both programs can talk to each other thru either Video or Audio using Legacy SIP (Not pjsip). Outbound and Inbound PSTN calling works great thru SIPSTATION. For Video I use H.264 because it’s supported by all my client software packages. Audio uses uLaw then aLaw, gsm, and so on. When setting up your software clients, you need to make sure your bit rates match between client and server. I also recommend the use of Google’s STUN servers and NO NAT. I have two hardware clients. One is an ATA adapter linked to a chan_sip extension that terminates to a fax machine, the other is a refurb Cisco Telepresence system I was able to acquire for FREE99 from a client that was upgrading to latest/greatest. Only thing wrong was a bad/sticky tracking camera motor.

Enough of that, here’s the meat of her.

LINODE ASTERISK FREEPBX BASICS

To start, your linode has to be configured for Direct Disk Boot Kernel ONLY. Even if it does work for a while on a different kernel, it’ll kernel panic horribly eventually when you install modules (or insult it’s mother or whatever). Use ONLY FULL VIRTUALIZATION (not paravirt cause we’re doing weird things lol), NO INITRD and DEFAULT run level. Enable ALL kernel helpers EXCEPT ‘Auto-configure Networking’. This needs to be the only one that is disabled. Reason being is simple. FreePBX handles all routes you give it. No need for more bounces with the linode manager messing with the network stack. It does really weird things to the routes that asterisk don’t like at all.

For Block Device Assignments, SDA (boot) is my “FreePBX Server image” and SDB is my “512MB Swap”. Under Linode, it sees the filesystem as raw because FreePBX setup handles partitioning inside so-called ‘SDA disk’.

To install freepbx, I used finnix recovery to download and install the package via GLISH. At one point, I believe I was able to mount the full ISO from sangoma and boot eventually as well but as of this writing I cannot locate the guide I wrote to do it. Keep in mind: The version you run currently (Freepbx 11,12,13,14) needs to match one installed on the linode. If they don’t match, your restore (if it completes) will be a mess once it reboots.

Once it is installed and operational, you will be able to bind the linode ip to your DNS name thru your DNS manager. Next, you’ll want to login to sangoma management to remove the deployment id so you may obtain a new one. This will allow your to use Commercial Modules. The very first one I recommend buying is Sysadmin Pro which has the VPN server plus a whole bunch of little features that just make it so much easier to manage. Generate your certificates ONLY after activation and success with DNS testing, to minimize headaches. After enabling HTTPS, I recommend setting your HTTP to 8080 (leave Let’s Encrypt at 80) and leaving all HTTPS default, so as to auto connect to https management.


Current PBX Version:

14.0.11

Current System Version:

12.7.6-1904-1.sng7

Total Module Count:

107

Enabled:

104

The numbers below may be inaccurate if new modules have been released since the last check:

Last online check:

2019-06-02T09:29:26+00:00

Modules with Upgrades:

0

System Upgrades Available:

0


For testing the proof-of-concept we setup 2 Android smartphones with GSWave and a HP-ROG Edition running Windows 10 had MicroSIP loaded onto it.

When placing the call from the laptop to smartphone 1, the video events and attempted srtp streams were getting bounced by the built-in firewall that comes with FreePBX. After much prayer to the JFM gods and much bumblefuckery, intraspection and very obscene “WTF” moments, I managed to get video calling to work properly in this manner. Going from Smartphone 1 to the Laptop was a different ball of hash.

Going from Smartphone 1, GS Wave was sending SRTP keep-alive time (which is already pre-configured in the SIP settings) so the server drops these events, which was making the SRTP stream an instant crib death.
What I ended up doing was configuring the SRTP time to not be sent by GSWave and BAM, it worked.

Biggest takeaways:

When configuring your server for ‘public-internet’ reachability, shore up your firewall, ports and access rules. Use non-standard ports and VPN combos wherever possible. When using VPNs, set a jitter buffer time that is equal to half a round trip ping between you and your FreePBX server whilst logged into said VPN. This has served me well when testing 3G connection but may not be needed on LTE/CableWIFI.

Use only ONE video codec. H.264 is the only free one I could find supported by both platforms. Bouncing between different/multiple codecs makes the connection setup a nightmare

Use HTTPS wherever possible.

I’m also offering a live demo to anyone who wants… You can email me at supportATwolverinetechsDOTus for further assistance and to request a consult.

UPDATE: Upgraded to FreePBX 15. No issues so far!


(Tom Ray) #2

What platforms are being used here? Asterisk is a platform, softphone apps are clients. So what are the cross platforms this is working with?


(system) closed #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.