[asterisk-users] WiFi SIP phone w/VPN?

Thu Feb 12 13:10:28 CST 2009

> Hi, all.  My subject line says it all: is there a WiFi SIP phone with VPN
> abilities?  Failing that, a WiFi phone that runs Linux?  I already know
> one phone that does meet my requirements -- the iPhone.  The new software
> comes with a Cisco VPN client, and a SIP client can be had from
> third-party vendors for jailbroken phones.  And, while I'm not averse to
> the idea,
> a) it ain't cheap, and
> b) it's a bit hack.
> 
> I've googled my heart out, but haven't found anything else that (I'm sure)
> meets all three requirements.

The Nokia N810 "internet tablet" might fit your requirements.

It runs Linux, much of the software kit is open-source, it has WiFi, it has a
built-in SIP phone application, and it has an OpenVPN client available.
The SIP phone app will support multiple SIP accounts.

I use mine fairly regularly to connect with my home Asterisk server
when in restaurants and stores that have WiFi access for their
customers.  The use of the OpenVPN connection makes life *much*
simpler, as the VPN can successfully create a tunnel through most
NAT routers, and doesn't require STUN support.  I have two different
account definitions on my N810 - one for my own Asterisk server
(via the tunnel) and another which registers directly with my
telco origination provider.  The latter will establish a more direct
connection when I dial out onto the PSTN (since the traffic doesn't
go through my home-DSL line twice) but is somewhat less certain to
work at any given wireless site (since it's dependent on STUN and
on the settings of that site's firewall/router).

Getting the OpenVPN/SIP setup working requires a bit of fiddling,
as it's not straightforward:

-  You must add one or two additional Maemo software repositories
    to the Application Manager,

-  You must use the "blue pill" mode of the installer to add
    OpenVPN to the system (install the OpenSSH or Dropbear SSH
    client and server at the same time)

-  You must create your OpenVPN certs on your OpenVPN server and
    then download them to the N810 and install them in the right
    directories.

-  Accessing the Asterisk server via the OpenVPN tunnel requires
    changing the SIP-phone account definition via a shell command
    line tool, to force the SIP phone to use the tunnel's IP address
    rather than that of whatever WiFi connection you are using at
    the time.  Fortunately, this can be done automagically when the
    tunnel starts up, via some "up" and "down" shell scripts... I can
    provide samples upon request.

-  If your OpenVPN tunnel doesn't terminate on the same machine that
    runs your Asterisk server, you may need a SIP proxy running on
    the tunnel-termination server.

I wouldn't have bought the N810 for use solely as a WiFi phone,
but having this feature added to an otherwise-very-useful
lightweight Internet access device / GPS is extremely handy.