Free Ekiga.net SIP acct + Twinkle + ZRTP = Free, SECURE VOIP

[esbeeb]

How can this be done on a Raspberry Pi? With:

- Twinkle, a lightweight, Open Source SIP client, which is easily installable on the Raspberry Pi, as well as on many other Linux distros, like Ubuntu.

- ZRTP, an Open Standard for encrypting SIP calls, which Twinkle supports.

- A free Ekiga.net SIP account. You'll be able to make secure SIP voice-only calls to any other Ekiga.net user who's online, as well as any other computer on your LAN, with Twinkle configured the same way (in an "Office Intercom"-like fashion. Just like on James Bond, when Q or M presses the intercom button on their desk to talk to MoneyPenny). ;]


Hardware Needed:

- A USB Webcam with a microphone. For our purposes here, you only need the microphone.

- Headphones, or amplified speakers.

- You might also want a USB audio dongle. You could use the onboard bcm2835, but I had nasty-loud static popping heard during calls. When I used my "Turtle Beach Audio Advantage Micro" USB sound dongle instead, I had no popping, even though I was using the same amplified speakers, the same audio codecs in Twinkle, and calling the same "Echo Test" number. Here's how I effectively blacklisted the bcm2835 module, so that my Turtle Beach became my only "soundcard".


Prerequisite configuration:

- Raspbian Wheezy

- You should probably overclock to 1000 MHz. At this speed, a SIP call takes about 50% CPU steadily, encrypted or not.


Procedure:

1) Sign up for a free Ekiga.net SIP account. In our example, let's pretend the SIP account created is called "your_username@ekiga.net".

2) Install twinkle:

Code: Select all

sudo apt-get install twinkle

Launch it, click OK to create a profile. Click "Profile Editor". Call it "your_username@ekiga.net". Click "OK".
User name: your_username
Domain: ekiga.net
Password: your_password

From this point, there are alot of possible settings that could be fiddled with, and I recommend that you follow my minimalistic advice closely to start with, and only fiddle around later if necessary. Now on the left, click "RTP Audio". On the Codecs tab, re-arrange the "Active codecs:" thusly (which is the ordering which work best for me, as I'm on HUGHESNET satellite internet): G.711 u-law, G.711 A-law, GSM, speex-wb, speex-nb. In the "Preprocessing" tab, check "Acoustic Echo Cancellation". Click "OK" at the bottom, and "OK" again to bring up the "System Settings". Click "Audio" on the left. For "Ring Tone", "Speaker", and "Microphone", all are set to ALSA default. None of these will work. Pull down each one, selecting the ALSA choice mentioning "plughw", along with the specific name of your corresponding devices (such as bcm2835). Click "OK".

3) Time to make an "Echo Test" SIP call, to verify your hardware and network connection works well. Provide your username again: "your_username", and hit Enter. After a pause, you should see "registration succeeded", meaning you've logged into your SIP account successfully. Type "500" into the "Call:" box and hit Enter. A lady's voice should explain the Echo Test, and you should be able to talk and hear yourself back. Once that is successful, click the "Bye" button in the upper right to Hang Up.

4) Do you have a geek friend with the same Twinkle SIP setup (up to this point) that you can call (to eventually try a ZRTP-encrypted call with)? If not, you can simulate one, by installing the same Twinkle setup on a second GNU/Linux machine on your LAN (in the same subnet). On the second machine, for the "Domain", just use the IP address of that machine, and use whatever username you like. That's right: even though neither computer has any sort of SIP server running, the Twinkle clients can talk directly to each other, as long as each endpoint knows the username, and IP address of the other computer! This is a "poor man's office intercom". If you go this route, you'll need to set up a second SIP account in Twinkle on your Raspberry Pi, for use within your LAN. Here's how: Pull down the "File" menu -> Change User -> in the "Create Profile" area on the right, click the "Editor" button. Name it something like "me_on_raspi", then set a username like "me_on_raspi", and your domain will be the IP address of the Raspberry Pi. You'll unfortunately need to re-enter a few settings from earlier: on the left, click "RTP Audio". On the Codecs tab, re-arrange the "Active codecs:" thusly (which is the ordering which work best for me, as I'm on HUGHESNET satellite internet): G.711 u-law, G.711 A-law, GSM, speex-wb, speex-nb. In the "Preprocessing" tab, check "Acoustic Echo Cancellation". Click "OK" at the bottom. Ensure your new profile "me_on_raspi" ALSO has a checkmark beside it, and click OK. Now you're logged into both SIP accounts simultaneously (and the correct SIP account will get used, based on SIP address's domain, when you enter a SIP address to call). Test making a SIP call to the other computer, by calling "other_user@<other_ip_address>". Once the call is established, you should speak and hear the audio coming out of both computers properly before proceeding.

Once you've found another geek friend, or set up a second GNU/Linux computer on your LAN accordingly, proceed to the next step.

5) Time to try out ZRTP encryption. Pull down the "Edit" menu, and choose "User Profile". Click "Security" in the lower left. Check "Enable ZRTP/SRTP encryption", and "Only encrypt audio if remote party indicated ZRTP support in SDP". If you made a second SIP account in the previous step, pull down the "User profile" at the top of the window, and select the other SIP account, repeating to enable ZRTP similarly. Click the "OK" button at the bottom. enter the SIP address of your callee, who has Twinkle online, and has ZRTP enabled the same way. When the call is shown as "established", right beside it, now there's a golden padlock, and a 4-character password to the right of the padlock. Once both users confirm that the password is the same, each user must click the padlock, such that a green checkmark appears on the padlock. In the "Display" area of Twinkle, a message appears, saying "SAS confirmed". It is now that you are having an encrypted conversation!

6) Feel free to discuss any "sensitive" subject matter you wish, being as cool as a cucumber in a bowl of hot sauce. ;]


Final Notes:

- IMHO it would be extremely cool if Ekiga.net free SIP accounts became the "lowest common denominator" for all Raspberry Pi users to judiciously make free, encrypted voice calls to each other, wether they're using their Raspberry Pi's, or much more powerful machines. This is my proposal to the Raspberry Pi community.

- This forum allows users to edit their user profiles, and specify a "Jabber address" (which is equivalent to any XMPP account name), but unfortunately there's no "SIP address". Forum admins, forgive my nagging, but could you please add a field for "SIP address"?

[esbeeb]

Addendum to step 4 above: If you choose to call a geek friend (on Ekiga.net), and you're NAT'ted behind a firewall, you'll need to specify a STUN server in Twinkle's settings.

How do you know if you're NAT'ted? If the IP address of your Raspberry Pi starts with 192.168., or 10., or 172.16., that's telltale evidence. These are private LAN addresses, and cannot be directly connected to by computers out on the internet-at-large. That's what STUN servers are for: allowing others to connect to you (i.e. to initiate SIP calls to you), overcoming your "NAT'tedness".

Here's where to specify a STUN server in Twinkle: pull down the "Edit" menu -> User profile -> ensure that a SIP account (that connects beyond your LAN) is selected in the "User Profile" dropdown at the top (like your Ekiga.net account) -> click "Transport/NAT" on the left -> under NAT Traversal, click the "Use STUN (does not work for incoming TCP)" radio button -> you could enter "stunserver.org" (which is a free STUN server for public use, hint, hint) onto the "STUN server:" textbox -> Click the "OK" button at the bottom. For the change to take effect: pull down the "Registration" menu -> "Deregister all" (to log out of any changed SIP accounts), then pull down the "Registration" menu -> "Register".

If the friend you're wanting to connect to is also NAT'ted, they'll also have to do this procedure, or you won't be able to initiate SIP calls to them.

[esbeeb]

By default, your "Presence" is publically published, when you connect to your SIP account (say, to all the other Ekiga.net users). To go "invisible", as it were, pull down the "Edit" menu -> User profile -> ensure that a SIP account (that connects beyond your LAN) is selected in the "User Profile" dropdown at the top (like your Ekiga.net account) -> click "Presence" -> Uncheck "Publish availability at startup". Click the "OK" button at the bottom. For the change to take effect: pull down the "Registration" menu -> "Deregister all" (to log out of any changed SIP accounts), then pull down the "Registration" menu -> "Register".

[esbeeb]

It pretty much goes without saying that you can't just use any USB webcam (with built-in microphone) or USB Audio dongle, and just expect it to work perfectly on the Raspberry Pi.

Here's a pretty good list of webcams and soundcards (including USB audio dongles) that ought to work. If you buy something that doesn't work, please don't blame me!

Myself, my microphone is on my Microsoft LifeCam VX-5000 (new for $17CDN), and my USB audio dongle is a "Turtle Beach Audio Advantage Micro". Both work well.

[esbeeb]

If you set up multiple SIP accounts in Twinkle, then there's a slight change to what I said in step 4, above:

When I said:

"Now you're logged into both SIP accounts simultaneously (and the correct SIP account will get used, based on SIP address's domain, when you enter a SIP address to call)."

...actually, you need to first pick the correct SIP account you want to initiate a call from in the "User" dropdown menu (in Twinkle's main window), before calling a SIP address. In other words, you need to choose wether you'll call another Ekiga.net user, or MoneyPenny in the adjacent office first, before you type in the SIP address to call.

I apologize for any confusion.

[esbeeb]

Unfortunately, Twinkle only works in Linux.

What if you want to connect to someone on a Windows or OSX box? A decent, cross-platform, Open Source, free SIP client is Jitsi. Be warned that it hogs alot of RAM, because it's Java based (it can easily take over 500 MB RAM!).

Jitsi does have alot going for it. You can define multiple SIP accounts (as well as support many types of IM acounts), and it does support ZRTP encryption by default. One thing Jitsi cannot do, which Twinkle can, is to do the computer-to-computer calls within your LAN, where no SIP server is running on either side (you know, the "poor man's Office Intercom").

Also, at present, Jitsi does not let you specify a STUN server (and this is on purpose), but they plan to add a similar feature in an upcoming release, which is even better, called ICE.

[esbeeb]

I don't have time to test it, but LinPhone might also work well, both on the Raspberry Pi, and on other computers. It has several good things going for it:
- Very cross platform
- Supports ZRTP encryption
- Can specify a STUN server
- Looks more user-friendly than Twinkle
- Seems to have more active development than Twinkle

I only wish LinPhone had better SIP audio codecs available, such as ILBC and G.711 (which would be especially useful over satellite internet).


I'm curious about LinPhone on the Raspberry Pi, and would really appreciate it if anyone would actually test this and post their findings:

- Does Linphone run reliably on the Raspberry Pi (and not crash)?
- Does it use the Raspberry Pi's onboard audio well (with no loud static pops heard when calling the Ekiga.net "Echo Test" sip user: "sip:500@ekiga.net")? If not, how about when using a USB audio dongle instead? I've found that one can't take for granted that ANY application can successfully use audio whatsoever on a Raspberry Pi (even after fiddling with the Preferences, trying ALSA, OSS, PulseAudio, etc.)
- How much CPU percentage does a SIP voice-only call consume (at 1000 MHz)?
- Can LinPhone do video as well on the Raspberry Pi? If so, what framerate can it handle? That would be the cat's pyjamas. Twinkle can't do this.
- Can Linphone make calls to a Twinkle Client, and successfully do ZRTP encryption?

My suspicion is that Twinkle will be a tough act to follow, when it comes to doing secure voice-only VOIP calls on the Raspberry Pi. Please prove me wrong!

[bugmenot3]

esbeeb, did you find answers to your questions? I successfully used linphone with OpenVPN many times, now I would like to run it RP connected to a big flat TV. I'm especially interested in video support.

[esbeeb]

Sorry bugmenot3, no. I can't devote more time to this (except for the following rant).

I highly doubt the RPi has enough crunch power to do encrypted video as well as voice, in any way, shape or form (and please prove me wrong). Why? Because under the best circumstances I could possibly achieve (after dozens of hours of intense tinkering), encrypted voice ALONE took a minimum of 50% of the CPU power, and that's with the CPU overclocked to 1 GHz. Video will CERTAINLY demand much more CPU than voice.

PERHAPS if someone got Weston working well, then wrote a Weston-native app, say, roughly equivalent to Jitsi (but not written in Java, but rather, say, Python, with the high-performance parts written in C), THEN it might work. But that would be THOUSANDS of hours of labor. Having said that, I hope somebody eventually does it. It's sorely needed, especially coinsidering all this Prism monkey-business!

No offense, but if I was to continue pursuing this seriously, I would probably continue any and all efforts on the BeagleBone Black. I've got nothing against the RPi, however the BBB's got something like double the CPU power (although video is weaker) than the RPi. And in this domain (secure VOIP), that CPU power matters dearly.

It also helps alot that the BBB has an ARMv7 processor, meaning it's officially supported by Debian and Ubuntu. The BBB's progress is not hampered by the redundant efforts of making an unofficially supported distro like Raspbian (in the way of security updates). With the advent of Prism, I also feel we're entering a time when security matters dearly as well (and thus my mention of the need for security updates).

[chnyc]

Hello esbeeb,

I know you've bowed out of this discussion, but am wondering if I could bother you for a quick question. Apologies in advance for a noob framing...

Your project was focused on a secure VOIP environment, which is my ultimate goal, as well. However, for prototyping right now, I'm OK with unsecured. Do you think that an unsecured environment (v. a secure environment) would reduce the load on the RPi sufficiently to run audio + vid stream?

Thanks for your enormously helpful post.
Charles Hamilton

[esbeeb]

Hello Charles,

Choosing not to ZRTP encrypt will save you virtually nothing in the way of CPU. ZRTP is extremely well-designed in the way of incurring virtually no extra CPU overhead. The key developer of ZRTP, Phil Zimmermann, deserves HUGE kudos for this BRILLIANT piece of work!

When I observed the difference in CPU usage, comparing ZRTP-encrypted VOIP to non-ZRTP-encrypted VOIP, I could not even tell the difference! Like maybe the extra overhead seemed to be less than 1%, that is to say, the ZRTP overhead was "lost in the noise" of the gently fluctuating CPU usage seen in the "htop" command. I know it sounds too good to be true, doesn't it! Try it for youself, by following my directions (for Twinkle), and you'll see.

So in summary, you would pretty much be a fool to NOT encrypt (if the software you're using easily allows the use of ZRTP), as it's virtually "free", in the way of additional CPU usage reguired.

Bonus: I'd also like to point out that in the last few months, Jitsi has made great strides in consuming much less RAM (than when I last bellyached about this in a previous post on this forum). Jitsi used to take over 500 MB RAM, now it's down to about 100 MB of RAM. HUGE IMPROVEMENT! The question now is how much of a CPU hog Jitsi is on the Raspberry Pi.

I point this out because Jitsi ZRTP-encrypts by default. I would recommend that interested parties give the latest Jitsi "nightly build" a try. I haven't tried it (and cannot (as I'm now seperated by a great distance from my Raspberry Pi, so please don't ask me to try anything new), but here's the two commands you would hypothetically run, in the unpacked folder (of the jitsi source):

ant rebuild
ant run

-Esbeeb

[esbeeb]

I've tried building and running Jitsi on my Samsung Chromebook (which has an ARM processor, somewhat like the Raspberry Pi), running Ubuntu 13,04. Here was how I did it. I post the following in case it's useful for anyonw wanting to run Jitsi on the Raspberry Pi:

1) Do these commands in a Terminal, as a regular, non-root user (who IS in the sudo group):

sudo apt-get install default-jdk ant-gcj libbsf-java liboro-java liblog4j1.2-java libxerces2-java-gcj dpkg-dev debhelper javahelper
mkdir -p ~/src
cd ~/src


2) Now in your web browser, visit: https://download.jitsi.org/jitsi/nightly/src/

Right-click on the zip file of the version you'd like to download, and choose “Copy Link Location”. (Myself, I copied the URL for jitsi-src-2.2.4611.9630.zip)


3) Back in the Terminal:

wget [paste in the URL here, with Ctrl+Shift+V]
unzip jitsi-src-[correct.versioning.here].zip
cd jitsi
ant rebuild
ant run

[chnyc]

I've tried building and running Jitsi on my Samsung Chromebook (which has an ARM processor, somewhat like the Raspberry Pi), running Ubuntu 13,04. Here was how I did it. I post the following in case it's useful for anyonw wanting to run Jitsi on the Raspberry Pi:

1) Do these commands in a Terminal, as a regular, non-root user (who IS in the sudo group):

sudo apt-get install default-jdk ant-gcj libbsf-java liboro-java liblog4j1.2-java libxerces2-java-gcj dpkg-dev debhelper javahelper
mkdir -p ~/src
cd ~/src


2) Now in your web browser, visit: https://download.jitsi.org/jitsi/nightly/src/

Right-click on the zip file of the version you'd like to download, and choose “Copy Link Location”. (Myself, I copied the URL for jitsi-src-2.2.4611.9630.zip)


3) Back in the Terminal:

wget [paste in the URL here, with Ctrl+Shift+V]
unzip jitsi-src-[correct.versioning.here].zip
cd jitsi
ant rebuild
ant run

esbeeb,

Thanks for the good guidance. I'm in mid-install/compile of jitsi right now. Just to make sure it's not frozen and is actually doing something: how long does it typically take to compile?

Thanks much.
CharlesH

[esbeeb]

The "ant rebuild" is the compiling-esque part. Expect that to take on the order of an hour or three. You do that only once (unless you're trying a newly-downloaded, yet-newer version for the first time). The "ant run" part is where you actually launch Jitsi, which you'll have to do (initiated from that same ~/src/jitsi directory), every time you want to launch it. Don't expect an icon to get created in your Desktop Environment's main menu (but you might get one if you're lucky)!

The "ant run" should launch Jitsi in say, 40-60 seconds. That's just a guess. Watch for the appearance of the little Genie icon with the light blue square background in your Panel Notification area (perhaps in the lower right of your screen). Double click it to show the main Jitsi window (if it doesn't appear by default).

On my dual-core 1.7 GHz ARMv7 CPU, Jitsi launches in 25ish seconds (and uses just one core). I currently have Jitsi version 2.3.4677.9761. I sure hope they optimize it for more speed in the future! I don't suppose there are any Java coders out there with time to spare on this?

[chnyc]

So I was finally successful in getting Jitsi compiled and installed. Thanks for the guidelines! However, the build has several problems:

1) Audio and Video - Jitsi doesn't recognize any device, whether it's my Creative webcam, ALSA, or Pulseaudio. No device is the only option offered, so no audio or video is available.

2) VERRRY slow - screen refreshes were so bad that form fields often bled into one another

Regardless of the ability to recognize audio or video on the Pi, the overall pokiness of Jitsi seems like it may not be a viable choice for the Pi right now. I'm wondering if you or anyone has had any better experience with Jitsi on the Pi?

CharlesH

[esbeeb]

Charles, thanks for your efforts!

On my Samsung Chromebook, Jitsi wouldn't recognize my sound or video either, just as you've described. And this is even after I've tried hooking up an external webcam as well, which I know works in Ubuntu on an AMD64 box. So this leads me to strongly suspect that this no-sound-or-video-hardware-recognition problem might be ARM-specific (performance problems aside). Your efforts with Jitsi might feel fruitless, but between the two of us collaborating on our findings, we have now come up with reproducable evidence that can help narrow down precisely where the problem lies (namely, it looks ARM-specific)!

Actually, I would strongly recommend trying Kopete next (which I never thought to try on my Raspberry Pi). Kopete seems to be the next most feature-rich IM client for any linux desktop (besides Pidgin, which ran too slow on the Pi when I tired it last, and posted upon wthin this forum), when you look at this chart:
http://en.wikipedia.org/wiki/Comparison ... ng_clients

One nice thing about Kopete being QT-based, is that there is hope that it could be potentially run in a QT-only graphical environment (not x.org-based), thereby gaining more performance:
http://www.raspberrypi.org/archives/2076

[chnyc]

esbeeb,

Thanks for the input and the IM comp table. Re. kopete:

1) I see on their site (http://kopete.kde.org/) that their most recent release dates to 2008. Are you aware of any more current version?
2) In your referenced IM comp table (http://en.wikipedia.org/wiki/Comparison ... ng_clients), it says Kopete supports video messaging. Yet, on their site there's no indication that's part of the feature set. Have you seen a version of Kopete with video? I ask because my RPi application is about video telephony, not just voice.

CharlesH

[esbeeb]

Hi Charles,

I have Kopete installed on my Samsung Chromebook, and when I look in the "About" Dialog, it also mentions 2008 as the most recent date that the licensing applies to.

BUT when I navigate into the "Settings" Menu -> Configure -> Video tab, it recognizes my built-in webcam (of the Samsung Chromebook), and displays a live webcam video preview (where I see myself). Kopete also emits sounds upon doing various things, which proves that sound support (the built-in audio hardware) is working as well. So it's got Jitsi beat there. Kopete also CAN connect to my jit.si XMPP account.

BUT once online (using an XMPP account at jit.si, which can and should support video chat), Kopete offers me no option to engage in a video chat with any other XMPP buddies (when I know video chat WOULD be an option in Jitsi, if used on an i386 or AMD64 machine). And, interestingly, Jitsi running on an AMD64 machine also does not display a video chat button for that online Kopete-using buddy (where it normally would)! It seems Kopete intelligently informs Jitsi through XMPP that "I can't do video, so don't even offer your end user the option of engaging in a video chat with me".

So I think we can say that Kopete "sometimes" offers video, but unfortunately not for XMPP.

I'm all out of ideas to offer, and I'm curious what software you end up choosing, should you come upon success in your endeavour.

[mpodroid]

A brief post to clarify something about ZRTP.

ZRTP is extremely well-designed in the way of incurring virtually no extra CPU overhead

Actual RTP encryption is carried on using SRTP protocol, which is about symmetric (no important CPU overhead) encryption using AES-256.
ZRTP protocol is NOT about encrypting voice, but it is used to negotiate SRTP keys

The key developer of ZRTP, Phil Zimmermann, deserves HUGE kudos for this BRILLIANT piece of work!

Phil Zimmermann, creator of PGP also, is the designer of ZRTP protocol, not the software developer.

[esbeeb]

Thanks for those clarifications. I think the bottom line is that currently ZRTP is built into NOTHING that the Raspberry Pi can actually run, except Twinkle.

BTW: has anyone had luck running Gajim on a Raspberry Pi? I've been playing with it on my Samsung ARM Chromebook, and loving it. It's a standard package, written in Python, has a Plugin architecture, and claims to support video and sound over XMPP chats (as long as you install the package "python-farstream" first). (Charles, I thought you might be really interested to hear that). Gajim also notably supports OTR-encrypted text chatting (again, over XMPP), which Twinkle cannot do. Gajim is also about ten times better looking than Twinkle, even the the point where non-geeks would not be frightened away. That is to say, it's actually "usable", whereas my Twinkle solution above is a solution pretty much only for people who can barely afford a Rasberry Pi (plus accessories), and not anything fancier (and want to do free, strongly-encrypted voice calls over the Internet).

If anyone wants to bring secure XMPP voice calls to the Raspberry Pi using human-friendly-looking python software (which I'd call a worthy pursuit for budding coders), I think the easiest and most realistic route would probably be to code a new Plugin for Gajim (in Python), implimenting SRTP/ZRTP on top of the existing audio/video capabilities. The Raspberry Pi might actually have the performance to pull this off!

This is a throwdown to all you budding Python developers out there! Jitsi has already done it, so there's working, open-source Java code to look at. How much more efficiently can you do it in Python?

Note: there's already a "Feature Request" for the Gajim developers to impliment ZRTP, but it seems to be going nowhere fast: "Support for ZRTP": https://trac.gajim.org/ticket/7135

[esbeeb]

BTW, one extremely sweet feature of Gajim is the ability to route OTR-encrypted text chats through the Tor network. This Tor functionality is built right into Gajim.

[johnaaronrose]

@esbeeb Have you heard anything about ZRTP plugin for Gajim?

[fawad ahmad]

hey i run the follwing line

Code: Select all

sudo apt-get install twinkle

but it doesn't work ,following error comes

Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package twinkle

[RedFoxy]

hey i run the follwing line

Code: Select all

sudo apt-get install twinkle

but it doesn't work ,following error comes

Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package twinkle

Same here, can you told me the repository?

[fruitoftheloom]

hey i run the follwing line

Code: Select all

sudo apt-get install twinkle

but it doesn't work ,following error comes

Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package twinkle

Same here, can you told me the repository?

The original post was from 2012 and likely running Debian Armel Soft Float Operating System which is obsolete (even though states Wheezy).

Since that time there has been Raspbian Wheezy a Debian ARMHF respin which is obsolete.

Nowadays Raspbian Jessie a Debian Jessie ARMHF respin is the Operating System.

Twinkle is in the Debian Stretch Testing repositories

https://packages.debian.org/stretch/twinkle

That is an issue of using obsolete instructions they just do not work.

It would appear that Twinkle underwent a major overhaul in 2016 and hence why package was dropped from the Wheezy & Jessie Repositories.

.