- Twinkle, a lightweight, Open Source SIP client, which is easily installable on the Raspberry Pi, as well as on many other Linux distros, like Ubuntu.
- ZRTP, an Open Standard for encrypting SIP calls, which Twinkle supports.
- A free Ekiga.net SIP account. You'll be able to make secure SIP voice-only calls to any other Ekiga.net user who's online, as well as any other computer on your LAN, with Twinkle configured the same way (in an "Office Intercom"-like fashion. Just like on James Bond, when Q or M presses the intercom button on their desk to talk to MoneyPenny). ;]
Hardware Needed:
- A USB Webcam with a microphone. For our purposes here, you only need the microphone.
- Headphones, or amplified speakers.
- You might also want a USB audio dongle. You could use the onboard bcm2835, but I had nasty-loud static popping heard during calls. When I used my "Turtle Beach Audio Advantage Micro" USB sound dongle instead, I had no popping, even though I was using the same amplified speakers, the same audio codecs in Twinkle, and calling the same "Echo Test" number. Here's how I effectively blacklisted the bcm2835 module, so that my Turtle Beach became my only "soundcard".
Prerequisite configuration:
- Raspbian Wheezy
- You should probably overclock to 1000 MHz. At this speed, a SIP call takes about 50% CPU steadily, encrypted or not.
Procedure:
1) Sign up for a free Ekiga.net SIP account. In our example, let's pretend the SIP account created is called "your_username@ekiga.net".
2) Install twinkle:
Code: Select all
sudo apt-get install twinkle
User name: your_username
Domain: ekiga.net
Password: your_password
From this point, there are alot of possible settings that could be fiddled with, and I recommend that you follow my minimalistic advice closely to start with, and only fiddle around later if necessary. Now on the left, click "RTP Audio". On the Codecs tab, re-arrange the "Active codecs:" thusly (which is the ordering which work best for me, as I'm on HUGHESNET satellite internet): G.711 u-law, G.711 A-law, GSM, speex-wb, speex-nb. In the "Preprocessing" tab, check "Acoustic Echo Cancellation". Click "OK" at the bottom, and "OK" again to bring up the "System Settings". Click "Audio" on the left. For "Ring Tone", "Speaker", and "Microphone", all are set to ALSA default. None of these will work. Pull down each one, selecting the ALSA choice mentioning "plughw", along with the specific name of your corresponding devices (such as bcm2835). Click "OK".
3) Time to make an "Echo Test" SIP call, to verify your hardware and network connection works well. Provide your username again: "your_username", and hit Enter. After a pause, you should see "registration succeeded", meaning you've logged into your SIP account successfully. Type "500" into the "Call:" box and hit Enter. A lady's voice should explain the Echo Test, and you should be able to talk and hear yourself back. Once that is successful, click the "Bye" button in the upper right to Hang Up.
4) Do you have a geek friend with the same Twinkle SIP setup (up to this point) that you can call (to eventually try a ZRTP-encrypted call with)? If not, you can simulate one, by installing the same Twinkle setup on a second GNU/Linux machine on your LAN (in the same subnet). On the second machine, for the "Domain", just use the IP address of that machine, and use whatever username you like. That's right: even though neither computer has any sort of SIP server running, the Twinkle clients can talk directly to each other, as long as each endpoint knows the username, and IP address of the other computer! This is a "poor man's office intercom". If you go this route, you'll need to set up a second SIP account in Twinkle on your Raspberry Pi, for use within your LAN. Here's how: Pull down the "File" menu -> Change User -> in the "Create Profile" area on the right, click the "Editor" button. Name it something like "me_on_raspi", then set a username like "me_on_raspi", and your domain will be the IP address of the Raspberry Pi. You'll unfortunately need to re-enter a few settings from earlier: on the left, click "RTP Audio". On the Codecs tab, re-arrange the "Active codecs:" thusly (which is the ordering which work best for me, as I'm on HUGHESNET satellite internet): G.711 u-law, G.711 A-law, GSM, speex-wb, speex-nb. In the "Preprocessing" tab, check "Acoustic Echo Cancellation". Click "OK" at the bottom. Ensure your new profile "me_on_raspi" ALSO has a checkmark beside it, and click OK. Now you're logged into both SIP accounts simultaneously (and the correct SIP account will get used, based on SIP address's domain, when you enter a SIP address to call). Test making a SIP call to the other computer, by calling "other_user@<other_ip_address>". Once the call is established, you should speak and hear the audio coming out of both computers properly before proceeding.
Once you've found another geek friend, or set up a second GNU/Linux computer on your LAN accordingly, proceed to the next step.
5) Time to try out ZRTP encryption. Pull down the "Edit" menu, and choose "User Profile". Click "Security" in the lower left. Check "Enable ZRTP/SRTP encryption", and "Only encrypt audio if remote party indicated ZRTP support in SDP". If you made a second SIP account in the previous step, pull down the "User profile" at the top of the window, and select the other SIP account, repeating to enable ZRTP similarly. Click the "OK" button at the bottom. enter the SIP address of your callee, who has Twinkle online, and has ZRTP enabled the same way. When the call is shown as "established", right beside it, now there's a golden padlock, and a 4-character password to the right of the padlock. Once both users confirm that the password is the same, each user must click the padlock, such that a green checkmark appears on the padlock. In the "Display" area of Twinkle, a message appears, saying "SAS confirmed". It is now that you are having an encrypted conversation!
6) Feel free to discuss any "sensitive" subject matter you wish, being as cool as a cucumber in a bowl of hot sauce. ;]
Final Notes:
- IMHO it would be extremely cool if Ekiga.net free SIP accounts became the "lowest common denominator" for all Raspberry Pi users to judiciously make free, encrypted voice calls to each other, wether they're using their Raspberry Pi's, or much more powerful machines. This is my proposal to the Raspberry Pi community.
- This forum allows users to edit their user profiles, and specify a "Jabber address" (which is equivalent to any XMPP account name), but unfortunately there's no "SIP address". Forum admins, forgive my nagging, but could you please add a field for "SIP address"?