Voice over IP with Ekiga [LWN.net]

April 26, 2006

This article was contributed by Hendrik Weimer

Vox Libertas

Voice over IP (VoIP) telephony has seen an enormous boom recently. Saving costs by routing calls via the Internet or by using software-based solutions instead of expensive hardware has been the driving factor for the adoption of VoIP. Ekiga, the application formerly known as GnomeMeeting, is the free software community's answer to these needs. In contrast to GnomeMeeting, Ekiga supports the Session Initiation Protocol (SIP) as well as H.323. Ekiga can also handle multiple H.323 and SIP accounts at the same time.

There are several different protocols in the VoIP arena. The oldest is H.323, which was developed by the International Telecommunication Union (ITU). The protocol isn't especially firewall-friendly due to the use of multiple dynamically-chosen port numbers. SIP is slightly better in this respect and it is used in many hardware VoIP phones. Another interesting protocol is IAX2, developed by the Asterisk project, since it communicates only over a single UDP port. However, very few clients support it. Also worth mentioning is the proprietary Skype protocol, which has some serious security implications, according to what researchers presented (PDF) at the Black Hat Europe 2006 conference. Skype clients can be abused for the purpose of port scanning, distributed Denial of Service (dDoS) attacks and other unpleasant things.

To circumvent the problems faced when dealing with Network Address Translation (NAT), a Simple Traversal of UDP over NATs (STUN) server can be used. However, this won't work in a properly firewalled environment. In this case, you usually end up with running a separate H.323 or SIP proxy.

Since the first release of Ekiga came out only a few weeks ago, very few GNU/Linux distributions include binary packages. However, the project itself offers packages for every major Linux distribution. If you decide to use one of them, make sure that you have installed the latest libraries needed by Ekiga, or you will run into trouble.

When Ekiga is launched for the first time, it asks the user a few questions and then shows the main window. From there, you can make outgoing calls or specify how to react to incoming calls. Ekiga supports the transferring of calls immediately, or after a certain delay.

The default behavior is to display a pop-up window when an incoming call is received. Unfortunately, the window is active immediately, meaning you can erroneously accept or reject a call depending on what you are typing or where you are clicking when the call comes in. Clearly, this is an area of the code that needs some attention.

Ekiga supports both audio and video communication. Setting up video devices is trivially easy if the device is supported by the Video4Linux drivers. Participation in conferences is possible, but requires an additional Multipoint Control Unit (MCU). MCUs are available as hardware or software, the OpenH323 project offers a free implementation called OpenMCU.

Even though extensions to H.323 and SIP allow encryption of calls, Ekiga currently does not support that feature. Ekiga does include a text chat function.

In contrast to many other VoIP suites, Ekiga can register with several different SIP registrars and H.323 gatekeepers at the same time. These services provide a mapping from SIP and H.323 URLs (the equivalent of a phone number) to the IP address of a particular user. To find out someone's SIP or H.323 URL, Ekiga can ask LDAP and ILS servers.

In summary, Ekiga should serve all your VoIP needs. And with the widespread adoption of VoIP, you can expect it to become even better over time.

(Log in to post comments)

Voice over IP with Ekiga

Posted Apr 27, 2006 6:43 UTC (Thu) by tajyrink (subscriber, #2750) [Link]

As a real-world point of view, SIP VoIP solutions including Ekiga lack a perfect solution for overcoming Symmetric NAT. STUN works nicely and automatically for port/cone-restricted NATs (and that, or in the case of no NAT, Ekiga just rules!), but for Symmetric NAT you need to have an outside server you can use to help your connection, you need to configure the settings manually and/or you still can't make the connection.

Only when TURN/ICE will be standardized and working Symmetric NAT can be workarounded automatically, but even then it will suck as all the data has to apparently be forwarded through another host anyway (and will someone provide such a server for everyone to use? maybe Google, though). S**** works around this by being a P2P program, not just a VoIP program, by using ruthlessly the bandwidth of other users even without them knowing about it.

I, for one, have a Internet connection using Symmetric NAT at home. But I think most home users (ADSL/Cable) don't have this problem.

Voice over IP with Ekiga

Posted Apr 27, 2006 12:43 UTC (Thu) by jamesh (guest, #1159) [Link]

Well, the other option here is to run a protocol specific proxy on your firewall machine. There are a number of SIP proxies available, such as siproxd or a full Asterisk setup.

Voice over IP with Ekiga

Posted Apr 27, 2006 20:09 UTC (Thu) by tajyrink (subscriber, #2750) [Link]

Ah, gotcha. It's not "my" firewall, there's no way I could configure the firewall, and there are no exceptions made even if asking for some.

And this is the situation for many - people that are using an Internet connection that goes through firewall X somewhere (like, in a basement of a group of flats, behind locked doors) that cannot be configured in any way.