In fact, we were giving a course at INSA and wanted to make a phone call to Belgium and it was an adventure in itself…
As I must admit that I love configuring networks, I had fun with our SI@Home by passing the phone stream through several servers and inside other streams.
So, since we like to share, here is a little feedback.
The first problem is network coverage. We are already being told about the deployment of 5G, but if we look at reality, as soon as you move away from urban areas, it is already good if you pick up something.
Even if the areas vary slightly from one operator to another, each leaves aside, for mobile telephony, nearly 10% of the population. In 4G, things are supposed to be better since at most 1% of the population would not be covered at all. But if you go for a walk in the countryside, it’s not always rosy.
In our case, there are also the possibilities of our mobile phone plans. We can call from Belgium, but not to Belgium. We should have, for that, activated the option which works well but a) we did not think about it and b) it costs 1€/month.
If we were at home, we could easily connect to our personal infrastructure. But to prevent anyone from messing with it, the servers are not accessible from the outside.
To work around this limitation, we can then set up a VPN connection. The same kind as those offered by operators to avoid some network monitoring, with the difference that here, we are our own VPN provider.
As we are already using pfSense, so we have configured the module already installed, adapting slightly to our configuration (adding routing to join the rest of the infra and other specific parameters).
On the smartphone side, we installed the OpenVN APK to which we integrated the exported configuration file in pfSense .
When we launch the application on our smartphone, it then negotiates a secure communication channel through the Internet with our pfSense server. Once this channel is in place, the application simulates a virtual network card that appears to be connected to our internal network; the flows passing through this card are in fact encapsulated in the secure channel.
Actually, we had to fix some little problems.
- We had only generated one client certificate that we shared on the equipment we had with us. Since PfSense was configured to only accept one connection per certificate, we were logging out of each other. Once the restriction was lifted, connections became more stable.
- We also had to manage IP address conflicts because the WiFi network of the cottage when rented used the same addresses as at home. As we didn’t want to change our personal addresses remotely, nor modify the cottage’s network, we used a few static routes pushed by the server to the client so that it knew how to reach certain specific machines (our NAS to retrieve the children’s films, and the IPBX for the rest).
Whether for servers or clients, everything then happens as if all were connected to the same router.
Now that we are connected like at home, we still need to be able to use the telephone network.
If we could share this VPN connection with one of our IP8815 we wouldn’t have to do anything but power it on, but since we didn’t take one with us (to be noted for later), we had to be tricky…
As the world is well done, nice developers have developed SIP clients to transform smartphones into SIP-phones and use an IPBX to make calls (which is exactly our case).
For the record, the applications and the IPBX use codecs to encode the audio stream and are not always compatible with each other…
After several unsuccessful attempts, we finally got the Sipdroid APK to work. The others were either incompatible, full of ads, or asked for unrelated permissions.
Once our application is connected to our IPBX, it can then transfer the calls made by the application to our analog gateway which will translate it into analog for the internet access box which can make a call to Belgium :-)
In truth, it sounded busy…