Hardware: multiple avm fritz!box router, isdn telephones attached to these routers
- normal internet connection: router can register sip numbers
– the router gets a public ip on the wan side - mobile data connection: router fails to register most voip providers
– mobile data modems/routers get a private ip (at least in my setup)
– private ip means listening for incoming traffic is not possible
– smartphone clients (e.g. bria) seem to be able to use push notifications to enable incoming calls (with optional codec g729 good voice quality and rather low data rates) - openvpn connection through mobile data to a server with public ip:
– router can register sip numbers and outgoing calls work
(until the firewall of the mobile provider gets active if voip by mobile data is forbidden)
– incoming calls are still a problem; maybe the vpn tunnel responds to slowly. - reliable incoming calls by usb gsm modem with voice sim card attached to the router
– fritzbox 7270v2 and higher of voice connections by voice capable usb gsm data sticks
Openvpn tunnel server side (official howto):
- apt-get install openvpn
- enable ipv4 forwarding
- set iptable rules (reference1, reference2)
– nat routing from tunnel interface to wan interface
– disable direct forwarding from wan to tunnel
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -j REJECT - create keys following this tutorial (and it’s openvpn sample config file) using easy-rsa
(which is part of the debian openvpn package); no passwords except for ca signing key
– inside easy-rsa directory, edit vars file and run
source vars; ./clean-all; ./build-ca; ./build-key-server your_server_name;
./build-key-pass client_name1;
(openssl rsa -in client_name1.key -des3 -out client_name11.3des.key for mobile clients)
./build-dh
openvpn –-genkey –-secret keys/ta.key
Openvpn tunnel client side:
- use freetz to modify the router firmware and add openvpn (plus dropbear server)
(might be tricky with older routers with only 4MB flash; needs squashfs 128kb block size
and many of the removal patches; be prepared to recover your router with rukerneltool) - detailed howto here; (64 bit linux needs sudo apt-get -y install libc6-dev-i386 lib32ncurses5-dev gcc-multilib lib32stdc++6);
- to fetch the current stable version:
svn co http://svn.freetz.org/branches/freetz-stable-2.0 freetz-2.0 - make menuconfig; make
- the freetz web interface allows to configure openvpn udp tunnel client
– use certificates and tls auth (ta.key goes into “static key” field)
– redirect client traffic - additional note: echo “clear_id 87” > /proc/tffs allows to remove the message
unsupported changes (reference); freetz has an option to do this from web interface.
Receiving calls with usb data modem in voice mode (e.g. with huawei e1552; at command configuration): ippf forum thread
- voice capability might have to be unlocked with dc_unlocker
(tool shows status of usb modem (free) and is able to unlock voice (paid)) - testing voice capability with huawei mobile partner software on windows might require editing of config\PluginsConfig.xml to enable (voice) call menu entry (reference)
- huawei sticks with newer firmware (“hilink”) act as router and not as modem; this seems to block voice modem usage (reference)
- alternative: raspberry pi with asterisk (RasPBX) with chan_dongle (openvpn tunnel described here)
- to make the option gsm voice telephony appear on a fritzbox router, attach the usb data stick, open menu Internet / Mobile Connection, enter SIM PIN number (if set) and press apply; press refresh until the data stick is booked into a mobile network; then press again apply; if the data stick has (enabled) voice capability and is supported by the fritzbox router, then the menu entry gsm voice calls should appear
- fritzbox routers with vendor branded firmware might disable gsm voice (which requires installation of generic avm firmware with rukerneltool)
- if the firmware of the fritzbox router is modified by freetz the program minicom can be installed to display sms messages (reference)
– ls -l /var/gsm/ displays which ttyUSBN (N=0,1,2…) is the data port (huawei e1552: USB0)
– stty -F /dev/ttyUSB0 displays the baudrate setting of this port (which is accessed by umtsd; in my setup baudrate 9600 is used)
– minicom -o -b 9600 -D /dev/ttyUSB0 allows to send at-commands (ctrl+a e enables local echo)
– at+cmgl=”all” displays all SMS stored on the SIM card
– at+cmgr=4 displays SMS with index 4 (described in detail here)
– the commands might fail and have to be repeated if umtsd gets active at the same time