Hardware: multiple avm fritz!box router, isdn telephones attached to these routers

  • normal internet connection: router can register sip numbers
    – the router gets a public ip on the wan side
  • mobile data connection: router fails to register most voip providers
    – mobile data modems/routers get a private ip (at least in my setup)
    – private ip means listening for incoming traffic is not possible
    – smartphone clients (e.g. bria) seem to be able to use push notifications to enable incoming calls (with optional codec g729 good voice quality and rather low data rates)
  • openvpn connection through mobile data to a server with public ip:
    – router can register sip numbers and outgoing calls work
    (until the firewall of the mobile provider gets active if voip by mobile data is forbidden)
    – incoming calls are still a problem; maybe the vpn tunnel responds to slowly.
  • reliable incoming calls by usb gsm modem with voice sim card attached to the router
    – fritzbox 7270v2 and higher of voice connections by voice capable usb gsm data sticks

Openvpn tunnel server side (official howto):

  • apt-get install openvpn
  • enable ipv4 forwarding
  • set iptable rules (reference1, reference2)
    – nat routing from tunnel interface to wan interface
    – disable direct forwarding from wan to tunnel
    iptables -A FORWARD -s -j ACCEPT
    iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
    iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
    iptables -A FORWARD -j REJECT
  • create keys following this tutorial (and it’s openvpn sample config file) using easy-rsa
    (which is part of the debian openvpn package); no passwords except for ca signing key
    – inside easy-rsa directory, edit vars file and run
    source vars; ./clean-all; ./build-ca; ./build-key-server your_server_name;
    ./build-key-pass client_name1;
    (openssl rsa -in client_name1.key -des3 -out client_name11.3des.key for mobile clients)
    openvpn –-genkey –-secret keys/ta.key

Openvpn tunnel client side:

  • use freetz to modify the router firmware and add openvpn (plus dropbear server)
    (might be tricky with older routers with only 4MB flash; needs squashfs 128kb block size
    and many of the removal patches; be prepared to recover your router with rukerneltool)
  • detailed howto here; (64 bit linux needs sudo apt-get -y install libc6-dev-i386 lib32ncurses5-dev gcc-multilib lib32stdc++6);
  • to fetch the current stable version:
    svn co http://svn.freetz.org/branches/freetz-stable-2.0 freetz-2.0
  • make menuconfig; make
  • the freetz web interface allows to configure openvpn udp tunnel client
    – use certificates and tls auth (ta.key goes into “static key” field)
    – redirect client traffic
  • additional note: echo “clear_id 87” > /proc/tffs allows to remove the message
    unsupported changes (reference); freetz has an option to do this from web interface.

Receiving calls with usb data modem in voice mode (e.g. with huawei e1552; at command configuration): ippf forum thread

  • voice capability might have to be unlocked with dc_unlocker
    (tool shows status of usb modem (free) and is able to unlock voice (paid))
  • testing voice capability with huawei mobile partner software on windows might require editing of config\PluginsConfig.xml to enable (voice) call menu entry (reference)
  • huawei sticks with newer firmware (“hilink”) act as router and not as modem; this seems to block voice modem usage (reference)
  • alternative: raspberry pi with asterisk (RasPBX) with chan_dongle (openvpn tunnel described here)
  • to make the option gsm voice telephony appear on a fritzbox router, attach the usb data stick, open menu Internet / Mobile Connection, enter SIM PIN number (if set) and press apply; press refresh until the data stick is booked into a mobile network; then press again apply; if the data stick has (enabled) voice capability and is supported by the fritzbox router, then the menu entry gsm voice calls should appear
  • fritzbox routers with vendor branded firmware might disable gsm voice (which requires installation of generic avm firmware with rukerneltool)
  • if the firmware of the fritzbox router is modified by freetz the program minicom can be installed to display sms messages (reference)
    – ls -l /var/gsm/ displays which ttyUSBN (N=0,1,2…) is the data port (huawei e1552: USB0)
    – stty -F /dev/ttyUSB0 displays the baudrate setting of this port (which is accessed by umtsd; in my setup baudrate 9600 is used)
    – minicom -o -b 9600 -D /dev/ttyUSB0 allows to send at-commands (ctrl+a e enables local echo)
    – at+cmgl=”all” displays all SMS stored on the SIM card
    – at+cmgr=4 displays SMS with index 4 (described in detail here)
    – the commands might fail and have to be repeated if umtsd gets active at the same time

Leave a Reply