DIY Crypto Phone

Alex, November 3, 2015 06:22
For my work I travel a lot and I want to stay connected to my family when I am not home. Of course I have a mobile phone that works almost anywhere but I also want to be able to use m landline and my home PBX (Asterisk). I’ve set up a (sort of) portable phone to use abroad using any free WiFi access point.

My SOHO set up

I have an Asterisk server connected to a SIP-trunk with two numbers for work. It is also connect to an old analogue landline using a Grandstream HT503 which is my home phone number. Five phones are connected via UTP to this server. Some other devices like computers, NAS, printers and an Apple TV are also connected to the same network. I have not separated the Voice network from the Data network. Yet.

Road Warrior

Simply connecting over the internet to my home PBX is not an option. SIP login and password data is not encrypted and leaving port 5060 or similar exposed on my border router would probably attract all kind of people I don’t want to have snooping around my home network. But I do have a working OpenVPN server running. I flashed a spare TP-LINK WiFi router with OpenWRT and installed an OpenVPN client on it. When it is connected to the internet via WiFi or UTP (WAN port) it will automatically set up the OpenVPN tunnel to my home.

Road Warrior Crypto Phone

The phone (A Grandstream GXP1160, the cheapest VoiP phone I could find) is glued on top of the TP-LINK router and connects using an UTP cable to one of the LAN ports. It will try to connect to the Asterisk server via the OpenVPN connection. As soon it is able to register on the Asterisk server it can make outbound calls and even receive inbound calls. I used this last time I was abroad in a hotel calling my family who of course knew I brought the crypto phone with me. My mother also called to chat. The phone rang: I picked up and we had a conversation. The call quality was excellent. I don’t think she has a clue I was abroad that day.

Bonus – Private WiFi

By inserting a WiFi USB dongle in the USB port of the TP-LINK router I upgraded this set up to include a WiFi access point as well. Devices (phone, laptop) will connect to the TP-LINK router, use the OpenVPN tunnel to connect to my home and go back out to the internet from there. Just like I am at home. I can even use the printers, or adjust the thermostat. By giving this access point the same ESSID as my home WiFi, phones, tablets and laptop will automatically connect to it.