gnegg: March 2005

Fun with VoIP

When I read for then n-th time about Asterisk, an Open Source PBX solution, I deceided to team up with Christoph and tame the beast.

I have actually two problems with asterisk as it stands now:

There’s not much really useful newbie-documentation or tutorials. There are some sample configurations, but they are not very useful because…
the tool has a incredibly intransparent and difficult to understand syntax for it’s main configuration file (extension.conf). I’t just like it’s with sendmail: Many extremely low-level things to care of for getting complex high-level results.

I thought, that teamed up with Christoph, we’ll more likely to see some results.

The first thing was defining the parameters of our experiment. Here’s what we wanted to do:

Act as a SIP-Proxy, so two softphones (we did not want to buy too much actual hardware yet) could talk to each other.
Provide a gateway to the ISDN-Network, so both SIP-Phones can dial out to the rest of the world.
The same gateway should be able to receive incoming calls and direct them to one of the Phones (just one for now).

In the next session, we want more advanced features, like voicemail and waiting music. A third session should provide us with a webbased frontend (I know there are some). But for now, we wanted to concentrate on the basics.

The next step was to get the required hardware. I already have Gentoo running on my Thinkpad, so that was a good base. Furthermore, we needed any ISDN-Solution being supported by Asterisk. As we had a plain old BRI interface and a very limited budget (it was just an experiment after all), we went with the Fritz Card USB by AVM which has Linux CAPI drivers, albeit only binary ones (we could also have used the PCMCIA-version, but this is three times as expensive as the USB one).

Said piece of hardware proved to be a real pearl: It’s very compact, does not need a power adaptor and was very easily installed under Linux. I would not be using this for a real-world solution (which most likely requires PRI support and absolutely would require open sourced drivers), but for our test, this was very, very nice.

Installing the needed software is where gentoo really shined as everything needed was already in the distribution: After hooking up all the stuff, we emerged net-dialup/fritzcapi, net-misc/asterisk and net-misc/asterisk-chan_capi which suked in some more dependencies.

The next step is to reconfigure the kernel for the CAPI-stuff to work. Just include everything you find under “Device Drivers / ISDN Support / CAPI” – even the one option marked as Experimental (as the CAPIFS is needed and only available when enabling “CAPI2.0 Middleware support”)

Then, we made sure that CAPI (a common ISDN access API) was running by issuing capiinit start.

Then we went on to asterisk.

The fist thing, you have to do is to set up the phones you’re using. As we worked with SIP-Phones, we used sip.conf:

[general]
port = 5060
bindaddr = 0.0.0.0
tos = none
realm = sen.work
srvlookup = yes

[12345]
context = theflintstones
dtmfmode = rfc2833
disallow = all
allow = gsm
callerid = "Fred Flintstone" <12345>
secret = blah
auth = md5
host = dynamic
reinvite = no
canreinvite = no
nat = no
qualify = 1000
type = friend

[12346]
accountcode = 12346
dmtfmode = rfc2833
host = dynamic
auth = md5
secret = blah
canreinvite = no
context = theflintstones
qualify = 2000
type = friend
disallow = all
allow = gsm

This worked with our two test-phones running X-Lite

Interesting are the following settings:

realm	The realm. I used our internal domain here. The default is asterisk. Your VoIP-Address will be identifier@[realm].
accountcode	This is the username you’re going to use on the phone
context	The context will be used when we create the dial plan in the feared `extension.conf`

Then, we configured CAPI in capi.conf

[general]
nationalprefix=0
internationalprefix=00
rxgain=0.8
txgain=0.8

[interfaces]
msn=44260XXXX
incomingmsn=*
controller=1
softdtmf=1
accountcode=
context=demo
devices=2

Those settings are said to work in Switzerland. Interesting is the setting for msn. This is where you enter the MSNs (phone numbers) assigned to your NT. I somewhat X-ed it out. Just don’t use any leading zeroes in most countries. You can enter up to five using commas as separator.

The next thing is to update modules.conf. In the [modules]-Section, add load => chan_capi.so, in the [global]-section, add chan_capi.so=yes.

Without those entries, asterisk will complain about unresolved symbols when loading the CAPI modules and will finally terminate with a “broken pipe”-Error. Thrust us. We tried. ;-)

The best thing now is that you can already test your setup so far. Launch asterisk with asterisk -vvvvvc (each v adds a bit of verbosity, while -c tells it not to detach from the console). If it works well, you’ll end up at a console. If not, make sure, that capiinit did not report any error and that you’ve really added those lines to module.conf.

Now for the fun of it, call one of your MSNs with any phone.

Asterisk should answer and provide you with a demo-menu

The next step is configuring extensions.conf. This is somewhat complex and I will go into more detail, as soon as I’ve figured out, what’s wrong with our test-configuration. We’ve added this to the end:

[ch-fest-netz]
exten => _0[1-9].,1,Dial(CAPI/44260XXXX:b${EXTEN},30)
exten => _0[1-9].,2,Hangup

[theflintstones]
include => ch-fest-netz

Just look that you enter one of the MSNs you have configured in capi.conf.

Now what this configuration should do is to allow those SIP-phones (recognize the “context” we used in sip.conf?) to dial out via CAPI.

You best learn how to configure this beast by calling the demo-voicebox and then comparing the log output of Asterisk with the entries in extension.conf. Basically, exten => defines a dial plan to execute. Then comes the pattern of numbers dialed to recognize. After that comes a (BASIC-like) sequence-number, followed by the action to execute.

The format of the number-pattern is explained in one of the comments in extension.conf

Now, this configuration does not work for us: When I dial on the SIP-Phone, Asterisk notices this, actually connects the ISDN-line (the target phone actually rings), but does not seem to notice when the target phone is answered.

If I answer the phone, it’s just silence in the line. The SIP-phone is still in the “trying to connect”-state.

This stays this way until I cancel the dial attempt in the SIP-phone. After that, asterisk prints more log entries – one of them the notice that the connection was successfully established.

A question in the malinglist was promptly answered: My configuration is correct, but maybe I’m running into a bug of Kernel 2.6.11. I was told to downgrade to 2.6.10, which is what I’m going to do next.

After this, I will extend the dial plan so I can call the internal SIP-phones both from another softphone or from a real phone over the ISDN

It’s hacky, it’s just somewhat working, but it’s a lot of fun!

I’ll keep you updated.

World Of Warcraft – A little Newbie-Guide

I just had three of the most pleasant hours I’ve ever had with gaming. As you can imagine, the game was World of Warcraft (I hereby promise not to post any more WoW-related stuff in the near future, but bear with me one last time ;-)

I’m playing as a human mage and I’ve now reached level 17 (looking forward to 18 to get more spells)

For some time, I had problems getting along, but it’s really better now, so I though I maybe give you some advice if you too play as a human mage:

When you’re first sent to westfall, you may be completely under-leveled. It began being fun for me about at level 15 or so, but when you get there, you’re usually at 9 to 11. You can do two things to remedy that:
- Join groups (use the /4 chat-command). As a group you’re so much more efficient
- Use the underground railroad (it’s in the dwarven destrict) in Stormwind to go to the dwarven capital city Ironforge and from there take some quests outside and in Loch Modan (east of the region around Ironforge). Those are easy to do for you and the scenery is much nicer than in Westfall
Never hesitate to talk to people. So far, I never had problems getting along with other players. Don’t be afraid and talk to them. You have so much better chance of accomplishing something if you work in groups.
Try to meet with people you’ve already met. Once you know them better, it becomes even more fun
As a mage, never… I repeat… never try to attack a group of enemies. Wait till they separate. Or Sheep them and attack just one.

I really think, the balance of difficulty is way off in westfall and maybe, the guys at Blizzard fix that in the future. Until then, you will have much fun in the dwarfen lands. Return to Westfall after reaching level 15 or so and do the easier quests first. Talk to people. You’ll see: It will get fun. Much fun..

World Of Warcraft Patch

Today, when I wanted to login with my somewhat tweaked installation of WoW, I was greeted with an error message telling me something about not being able to verify my version.

This was fixed by temporarily using the US login-servers so that the new patch could be installed.

During installation of said patch I found this note here:

– Reduced the respawn rate of the troggs on the islands in Loch Modan.

This is nice – just yesterday I’ve had some serious problems with those troggs there. Too bad, the patch was released only today when I don’t have to go back there.

QTek S100

I have been talking about mobile phones quite a lot on this blog.

I’ve always been on the lookout for the optimal phone for my needs, which I finally thought to have found in the combination of the SonyEricsson K700i and the iPAQ hx4700 by HP. I used the phone (good usability, small size) for communication and the iPAQ for emailing and the PIM applications. The combination beared the risk of not having the PIM-Data ready when I needed it, but all other smartphone offerings out there where either too heavy, too user-unfriendly, too large or just too limited in their feature-set.

However, last week, the joystick of my K700 completely stopped working (I’ve never met even one person not having a broken joystick after about a year or so), so I needed a replacement.

SonyEricsson does not have any new devices to offer (the next one being the K750i, released in Q2 – about june or july, I suppose), so I was on the lookout to something different.

Then I found the QTek S100 quite by accident. You may know the device produced by HTC where it’s called “Magician” under the name JAM by i-Mate (or as SPV if you’re a customer of Orange, or even MDA compact at T-Online – it’s always the same device).

Size-wise it’s a bit thinner than the K700, has the same height, but it’s a bit wider. It runs Windows Mobile 2003 Phone Edition, so it can naturally be natively integrated in our Exchange-Environement. All known PocketPC-Software runs on it and it’s even powerful enough for watching videos (only at 320×240 pixels – the device has no VGA-Screen). It has a SD-slot which is SDIO capable, so I could use that for WLAN which the device unfortunately does not have built-in.

It comes with Bluetooth-Support which I’ve already used both for dialing into the internet and synchronizing with the PC.

I’m told that the MS-Stack is a bit limited, but it fits my needs.

The sound quality isn’t as good as with the K700, but far better than what I feared it’d be.

Usability-wise, this is the first Smartphone that really works for me. I’m as fast with the QTek as I’m with my K700. As I’m already used to the letter-recognition of the PocketPC, I’m quite fast in writing SMS too, though the device does have a special input-panel with T9 support.

What surprises me the most (which actually led me to write this article) is the battery lifetime: It’s now 5 days since I last charged it and it’s still 45% full. This is already longer than what my K700 did when it was completely new. I did not think I’d last longer than 2 days at most….

Additionally, as it’s a real PocketPC, you will have the device connected to your PC when you are in your office. So it will automatically be charged during the day, so battery lifetime would not even be that an issue.

For me, the QTek is a great device. Nearly the optimal phone (which I still have not found). The only things I’m missing are (in no particular order):

A standard 3mm headphone connector. The S100 has a smaller 2.5mm connector which doesn’t allow me to plug my headphones and use the phone as an MP3 player. I know that adaptors exist, but it would have been nice if it thad the right connector in the first place.
A VGA screen. This is unrealistic for this small screen size, but whatever…
WLAN-Support. Public WLANs are getting more and more common here. It would have been nice to connect to those.
A real docking station. Currently they provide only a USB-cable. A real docking-station would have been a nice thing to have
A real keypad. While the soft-keyboard is nice, an exdendable real hardware-keypad has the advantage of being usable even when not looking at the device.

That’s all. Small things. Not nearly as annoying as the problems I found in the P800.

So if you ask me what phone you should buy: For now it’s clearly one of those HTC Magician based phones as it combines the power of the smartphone and the known user interface of the PocketPC with the small size and battery power of a regular cellphone.

Hacking Hiltl

The Hiltl is an excellent vegetarian restaurant in the middle of Zürich. I eat there quite often because the food’s great, the waitors are friendly and they always have space for you despite being constantly full of guests (others seem to think the same).

What’s interesting from a technical point of view is their ordering system: All waiters are equipped with a Windows CE device by Symbol and use WLAN to communicate with a central server (two actually, but see later) to process your order, send it to the citchen and finally print out the receipt for you.

What’s even more impressive is the seemingly perfect user interface: The waitors are actually faster with those things than they’d ever be using the old-fashioned paper-way. Even if you have special whishes, they can enter them in an efficient way.

The only time papers are involved is when they print your receipt. The system automatically selects the nearest printer.

This is one of the secrets behind the incredible efficiency of the Hiltl allowing for an incredible throughput of guests while still giving them all the time they need to eat and chat. Actually, a table is ready for the next guest only about one minute after the previous guests have left.

The restaurant is devided into two floors. Both have a master-waitor which has control over all the tables. They communicate via radio.

So you see: This is the restaurant for a geek to visit: Good food and good tech in one.

Now, the Zyxel access point they had mounted to the roof of the restaurant somewhat itched me. I mean: It’s WLAN after all. And I know the devices they are using – I wrote some lines for them too. So, maybe I can get some insight, I thought.

Armed with a notebook and the right software, me and Christoph took our meal in the Hiltl today.

The bad thing first: They don’t even use WEP for their network. They just created and empty SSID but don’t even hide it. So we did not have to use a WEP cracking equipment.

The devices communicate via SOAP over HTTP on a non-standard port. Additionally, the server often pings the known clients to check if they are still there. Then there’s a misconfigured router sending out IPv6 packets which are not used in any way. Oh and a Win9x-machine is there too, announcing itself as a network browser.

There are two servers: One for ordering, the other for printig.

Unfortunately, the SOAP messages (especially those to the ordering-system) contain much binary data, so there’s not much one can do there without isolating one device and doing some known steps on it.

Unfortunately, our equipement was not running until after our order was taken, so I don’t even have a reference point.

The printing though, uses some clear text XML-parameters. I think, I could be able to print some funny messages to all of those printers.

As I see it, no authentication whatsoever takes place – besides a hard-coded registration of the devices IP-adresses. ARP-spoofing could help about that though.

Now… what do I want to say with this? I’m certainly not going to attack them as I really, really like their food and want to return there often for my nutritial needs. Then, it’s a matter of honor: They are so progressive and efficient that I just can’t punish them for their (quite obvious) security problem.

Still, for educational purposes, this little experiment was very useful. Maybe, another day, I will even try to decode those binary parameters – just to know how it would work, not to hack me a cheaper meal or so ;-)

The last thing to do for me on this posting is one thing: I ask you kindly to do the same thing as I do: Don’t crack the network there, but go there to eat. It’s really worth it.