Real-Time Communications Quick Start Guide

Table of Contents

1. Introduction
Independent and decentralized alternatives to federation
Private networks
Decentralized networks
Choosing between SIP and XMPP
Choice of operating system
Using a ready-to-run or turn-key solution
Using a generic GNU/Linux distribution
Use latest software versions
Using IPv6
Example network used in the documentation
2. Architecture overview
The big picture
TLS is essential
All SIP connectivity through a SIP proxy
SIP federation between two autonomous sites
Routing calls within a site
WebRTC peer-to-peer calling
WebRTC calling to call centers
3. User Experience
First time setup and provisioning
Usernames or phone numbers?
Dial plans
Dialing Internet addresses
4. Optimizing Connectivity
Codec selection
Media stream encryption compatibility
Supporting multiple schemes
Recommendations for maximizing connectivity
Recommendations for security
Use ICE and a TURN server
Use the TLS transport for SIP signalling
Getting through firewalls
5. DNS setup
Using non-standard ports
Sample DNS zone file
Testing the DNS settings
6. Firewall rules
Overview of firewall ports
NAT considerations
Setup with iptables on Linux
7. User and credential storage
Personal account names or extension numbers
Password encryption
HA1 in detail
SQL databases
Product-specific file formats
8. Server setup
9. TLS certificate creation
Certificate Common Name
Install the OpenSSL utility
Install the Let's Encrypt certbot utility
Install a TLS certificate using Let's Encrypt (certbot)
Install a TLS certificate manually
10. ICE/STUN/TURN server installation
Choosing a TURN server
reTurnServer from reSIProcate
Provisioning users
Testing the TURN server
11. SIP proxy server installation
Choose your SIP proxy
repro SIP proxy
Package installation
Testing with s_client
Login to web administration
User management
Adding a user
Adding routes for numeric dialing
Kamailio SIP proxy
Package installation
12. XMPP (Jabber) server installation
Choosing an XMPP server
Prosody XMPP server
Package installation
User management
Further reading
ejabberd XMPP server
Package installation
jabberd2 XMPP server
Package installation
Further reading
13. WebRTC
Technical overview
Media streaming capabilities
Signalling protocols
User privacy and security
Practical WebRTC deployment
WebRTC clients and firewalls
JsSIP and JSCommunicator
Content Management Systems and other frameworks
14. Client devices and softphones
IP desk phones
Smartphone apps
The Firefox Telify plugin
Mozilla Thunderbird and GNOME Evolution address books
Using sipdialer
Using Asterisk or FreeSWITCH
15. Adding ENUM to DNS
How ENUM works
Consuming ENUM data
Publishing ENUM data
Public ENUM
Private and third-party ENUM suffixes
Dynamic ENUM from LDAP with dlz-ldap-enum
16. Troubleshooting
Common problems and solutions
Google Talk/Hangouts users not receiving XMPP chat messages
Audio and video quality issues
Monitoring tools
Check the logs
Check the web interface
Operating system utilities
Packet sniffers
Debugging mode
WebRTC and WebSockets
17. PBX Setup
The all-in-one myth
Choosing between Asterisk and FreeSWITCH
Official packages
Contributing patches
Scalabiltiy and code quality
Using Asterisk with the repro SIP proxy
18. PSTN connectivity
Methods of PSTN connectivity
ingress call handling
egress call handling
Emergency calls
19. Frequently Asked Questions
20. Community support
Mailing lists
Major announcements
Strategy and advocacy
Collaboration between operators and service providers
Server support
Popular blogs and news sites
A. Building reSIProcate packages on Debian/Ubuntu
B. Building reSIProcate RPMs on RHEL and CentOS
C. Configuring Nagios to monitor SIP, XMPP and TURN
Nagios plugins
Nagios service checks
D. Mitigating VoIP fraud risk
Legal insurance
Trade body membership
Set a credit limit
Use a different phone company for inbound numbers

List of Figures

2.1. Overview
2.2. SIP federation between two sites
2.3. Four stages of call routing
2.4. WebRTC basic peer-to-peer
2.5. WebRTC from customer web browser to call center
4.1. Metcalfe's law
11.1. repro web administration: adding a domain
11.2. repro web administration: adding a user
11.3. repro web administration: listing users
11.4. repro web administration: adding a route
11.5. repro web administration: listing routes
11.6. repro web administration: routing test
13.1. DruCall/JSCommunicator/JsSIP software stack

List of Tables

4.1. Common codecs
5.1. DNS records for the example
5.2. Protocols using port 443
6.1. Firewall rules summary
6.2. Firewall rules summary (IPv6)
11.1. Comparison of SIP proxy servers
11.2. TLS client verification modes
17.1. repro route configuration

List of Examples

2.1. Splitting Asterisk extensions.conf
5.1. ISC Bind zone file entries
5.2. Inspecting DNS entries with dig
6.1. Firewall setup with iptables
7.1. Computing HA1
7.2. OpenLDAP ACL for protecting ha1Password
7.3. SQL table for repro users
7.4. SQL view presenting Asterisk users to repro
7.5. Install PostgreSQL on Debian or Ubuntu
7.6. Configure PostgreSQL and load schema
8.1. Adding IP addresses in /etc/network/interfaces
9.1. Installing openssl on Debian/Ubuntu
9.2. Installing openssl on Fedora/RHEL/CentOS
9.3. Installing certbot on Debian/Ubuntu
9.4. Installing certbot on Fedora/RHEL/CentOS
9.5. PKI directories (Debian/Ubuntu)
9.6. PKI directories (Fedora/RHEL/CentOS)
9.7. Creating RSA key pair and CSR
9.8. Installing the certificate
10.1. Installing reTurnServer on Debian/Ubuntu
10.2. Install reTurnServer on Fedora/RHEL/CentOS
10.3. reTurnServer.config entries
10.4. Restarting the reTurnServer daemon (systemd)
10.5. Using netstat to verify reTurnServer is running
10.6. crontab entry for psql-user-extract
10.7. Sample /etc/reTurn/psql-user-extract.config
10.8. Installing the stun client utility
10.9. Using the stun client utility
11.1. Installing repro on Debian/Ubuntu
11.2. Install repro on Fedora/RHEL/CentOS
11.3. Sample values for repro.config
11.4. Using PostgreSQL
11.5. Using MySQL
11.6. Using htdigest to set admin user password
11.7. Restarting the repro daemon (systemd)
11.8. Using s_client to test SIP ports (Debian/Ubuntu)
11.9. Using s_client to test SIP ports (Fedora/RHEL/CentOS)
11.10. Installing kamailio on Debian/Ubuntu
11.11. Install kamailio on Fedora/RHEL/CentOS
11.12. Restarting the kamailio daemon (systemd)
12.1. Installing Prosody on Debian/Ubuntu
12.2. Install Prosody on Fedora/RHEL/CentOS
12.3. Domain configuration file (Let's Encrypt / certbot)
12.4. Domain configuration file (manual)
12.5. Restarting the prosody daemon (systemd)
12.6. Using prosodyctl to add a user
12.7. prosody.cfg.lua settings for mod_auth_ldap
12.8. Installing ejabberd on Debian/Ubuntu
12.9. Install ejabberd on Fedora/RHEL/CentOS
12.10. ejabberd interface example
12.11. Installing jabberd2 on Debian/Ubuntu
12.12. Install jabberd2 on Fedora/RHEL/CentOS
12.13. jabberd2 c2s.xml example
12.14. jabberd2 sm.xml example
13.1. repro.config settings for cookie and URL parameter authentication
15.1. Using dig to perform ENUM queries
15.2. Installing dlz-ldap-enum on Debian/Ubuntu
15.3. Install dlz-ldap-enum on Fedora/RHEL/CentOS
15.4. Sample dlz_ldap_enum.conf
15.5. Additions to named.conf for Debian/Ubuntu
15.6. Additions to named.conf for Fedora/RHEL/CentOS
17.1. Asterisk sip.conf
17.2. Asterisk extensions.conf
18.1. Asterisk extensions.conf for specifying caller ID
A.1. Installing the debuild command
A.2. Installing the compiler and dependencies
A.3. Running the debuild command
A.4. Running the debuild command using code from Git
B.1. Installing the rpmbuild command
B.2. Installing the compiler and dependencies
B.3. Creating the rpmbuild directories
B.4. Running the rpmbuild command
C.1. Sample /etc/nagios-plugins/config/stun.cfg
C.2. Sample /etc/nagios-plugins/config/sip.cfg
C.3. Sample /etc/nagios-plugins/config/xmpp.cfg
C.4. Sample service check for STUN/TURN
C.5. Sample service check for SIP over TLS
C.6. Sample service check for SIP over TLS (port 443)
C.7. Sample service check for XMPP