How to set up a Skype gateway

This how-to is a bit unusual in that it incorporates, by reference, a document on the Nerd Vittles site: Why Wait? Build Your Own Skype Gateway to Asterisk. These instructions were developed for and by users of the PBX in a Flash distribution, and while it appears they attempted to make the instructions generic enough to be used by all FreePBX users, I found that there were additional instructions that needed to be followed. My intent here is to document the differences between the Nerd Vittles (hereinafter: NV) instructions and what I had to do to actually make this work. I suggest you actually read the NV instructions first to get an overview of the process, but then follow along here to save yourself some grief. Note that at some point the NV folks may modify their instructions and hopefully incorporate some of the changes mentioned here.

These instructions assume you are using CentOS as your operating system. If not you will have to adjust these instructions accordingly (using apt-get or whatever you use in place of yum to install packages, for example). It also assumes your server has hardware audio capability - if it has microphone or line in and speaker/headphone jacks you should be fine, otherwise this may not (or may) work for you. And it assumes that you are running the Skype and SipToSis software as root - I know some people will choose not to do that, but I just followed the NV instructions originally and that's how they did it. If you can figure out how to run this as some other user, then you'll have to mentally compensate for any references to the /root directory in this document (and if you want to post a comment and tell us what you had to do, I think many users would appreciate it).

NOTE: If you have already downloaded configuration files from the NV site prior to March 1, 2009 please go back and download them again - they now contain important changes that are no longer mentioned in this document.

When you are ready to begin, read and follow the NV instructions down to where it says "Basic Installation. Now we're ready to get started. Log into your Asterisk server as root and issue the following commands" but ignore the sentence that says, "For inbound Skype calling to work with other implementations including generic PBX in a Flash systems, you'll need to create a SIP URI for your Asterisk server: mothership@127.0.0.1. We've previously explained how to set one up in this article. The Atomic Flash installer, VPN in a Flash build, and the Orgasmatron II and III builds include this SIP URI functionality out of the box." That's the wrong way to do things, in my opinion, so in the rest of this article I'm going to assume you did not do that part. However, you do need to follow the instructions about installing Java, if you don't already have it.

Before you begin the next section, know that there are additional packages you may need to install to satisfy dependencies on your system. For example, prior to doing "rpm -ivh skype*" you may need to do the following:

yum install libXv.so.1

Another issue that will affect many users is that for the gateway to operate properly, you must have the X Window System installed on your server. Many distributions don't include the X Window System, but fortunately it is easy to install:

yum groupinstall "X Window System"

Before you go any further, I suggest you open the file /etc/inittab see if there is a line that reads

id:3:initdefault:

if there is, change it to

id:5:initdefault:

This will start the X server at bootup. Be careful to just change the 3 to a 5 - if you get this wrong you can make your system unbootable! Save the file and continue on.....

If you do not have a full desktop on your system - and you probably shouldn't on a server - then the Skype client will be running in twm, which you can think of as a very lightweight windows manager of last resort. It is perfectly adequate for our purposes, but you need to make one change to twm's configuration for the Skype client to run properly. Open the file /etc/X11/twm/system.twmrc and add this line...

RandomPlacement

after top comment section. Save the change and then copy the entire file to /root/.twmrc (note the period before the filename). This will stop everything from coming to a screeching halt when Skype tries to open a window.

Note that, at least for initial testing and configuration, you will need a VNC server installed on your system (unless you intend to do all the initial configuration from your server's console). Many distributions already come with one installed but if yours doesn't, you can probably do

yum install vncserver

to remedy that situation (I already had it on my system, so am unable to test that). You may also want to look in the file /etc/sysconfig/vncservers and see if it has lines uncommented to start the VNC server with good security. In my file I have these two lines uncommented (and as shown):

VNCSERVERS="3:root"
VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -nohttpd -localhost"

With the above configuration, when you start your VNC client you will need to set it to connect to port 5903 rather than 5900. You are, of course, welcome to modify the VNC server configuration but that is beyond the scope of this document - I'm just showing what works for me.

Now follow the NV instructions from where it says "Basic Installation. Now we're ready to get started. Log into your Asterisk server as root and issue the following commands." and continue up to where it says "FreePBX Design. The FreePBX setup that we recommend goes something like this. ....." While you are welcome continue beyond that point and do things the way they suggest, I really don't recommend it, because they are going outside if the normal FreePBX interface when it's not necessary (which can come back to bite you if you ever upgrade FreePBX). So until you get the gateway set up, I suggest skipping this section and dropping down to where it says, "Activating Your Skype Gateway. Now we're ready to place your Skype gateway in production. ....."

But before you continue, one change I strongly suggest making is going into the file /siptosis/SkypeToSipAuth.props and change this line:

*,sip:mothership@127.0.0.1:5060

to

*,sip:75973@127.0.0.1:5060

75973 was chosen arbitrarily because that's what the letters S-K-Y-P-E spell out on a touch tone pad - the reason for changing this to a number is so that you can bring the call into FreePBX using an Inbound Route (the right way) rather than trying to modify part of a configuration file (the wrong way!). You can use any number you like, but these instructions will assume you've used 75973.

Okay, now you should be starting at the section where it says, "Activating Your Skype Gateway. Now we're ready to place your Skype gateway in production. ....." Do only steps 1 through 7 and stop there. You can do this part from within a VNC client window if necessary, or if you just don't want to be seated at the server console.

Some extra notes on these steps: During step 2, make sure to go into Skype's options, under Video Devices, and make sure that "Enable Skype Video" is UNCHECKED - if you don't do this you may have problems making or receiving calls. During Step 3, if you set up a new Skype account on the first run of the program, log in one more time the regular way because you'll be prompted for the password - check the box so that it won't prompt again on future startups. Then shut down Skype again before going on to Step 4. In step 6, it says to run ./SipToSis_Linux but in our installation it was actually ./SipToSis_linux (note the lowercase l). After completing Step 7, stop and skip down to the paragraph that begins: "Security Warning. One final note of caution. Do NOT expose UDP port 5070 to the Internet..." and heed that advice.

Now go into FreePBX, and create a new Inbound Route for DID 75973 (No CID). You may want to send it to an extension rather than an IVR for initial testing, so you can be sure that the audio is working properly. Try making a call from a Skype client into your system and see if it comes in and is properly routed. If not, you can either try going to the General Settings and setting Allow Anonymous Inbound SIP Calls? to Yes, or you can proceed with creating a trunk and then try the inbound test again.

To create a trunk, first edit the file /siptosis/siptosis.cfg - look for the (uncommented) line that says passwd=unimportantpassword, then change the password to something better:

passwd=somegoodpassword

Also check to see if the following (uncommented) line exists - it will probably be the line immediately following the passwd= line mentioned above, or at least very close to it:

from_url="SkypeCaller" <sip:Skype_Caller@127.0.0.1:5060>

Make sure this line is exactly as shown, including the underscore in the sip:Skype_Caller portion.

Stop SipToSis if it is running, wait one minute (important so you don't get multiple instances of Java running) and restart it. Now in the FreePBX interface, create a new SIP trunk and use the following settings:

Maximum Channels: 1

Trunk Name: Skype

PEER details:

disallow=all
allow=ulaw&alaw&ilbc&speex
canreinvite=no
context=from-trunk
dtmfmode=rfc2833
host=127.0.0.1
incominglimit=1
nat=never
port=5070
qualify=yes
secret=somegoodpassword
type=peer
username=Skype_Caller
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.255

Remove anything in the USER section, save and apply. If you have problems try temporarily removing the deny and permit lines - they are just there for added security.

Now you should be able to receive incoming calls with no problem. The next step is to try an outgoing call. Since you can't directly dial Skype addresses from most phones, you'll need to create a CUSTOM extension for each of the Skype users you want to call. So for now, create a new CUSTOM extension that connects to one of your Skype clients (not the one running on your FreePBX box!) - give the extension a number and a Display Name and then and use this format in the "dial" text box:

sip/Skype/skypeusername

Note this assumes you named the trunk "Skype."

Try an outgoing test call to the custom extension. If it doesn't work, there are two things to check:

First, edit /siptosis/SipToSkypeAuth.props and note that the last line is: *,*,127.0.0.1,calleeid - if you change that to *,*,*,calleeid it should work, although if you do that you want to make absolutely certain that port 5070 is not open in your router or firewall for incoming traffic from the world wide Internet. Note that I and many other people were originally led to believe that you had to open ports 5060 through 5084 (or even a wider range) for incoming SIP traffic, but it turns out that's not true - for SIP you only need to open port 5060 and any other ports that your off-site devices or other SIP connections may use (in most cases that will be 5060 and 5061, unless perhaps you have an 8-port device sitting out there somewhere that uses ports 5060-5067). Note I'm only referring to the SIP ports in the 50xx region here, but the point is, don't leave port 5070 open in your router or firewall!!! The same goes for your VNC server port(s) - use ssh tunneling if you simply must access VNC from outside your local network. YOU HAVE BEEN WARNED!!!

If outgoing calls still don't work, try going into the Skype client itself, into Options|Sound Devices and change the Sound Out setting to an actual hardware device instead of Default Device (I just picked the first one on the list). That was the final key to making outbound calls work on my system.

I'm not suggesting you make an outbound route unless you plan to use the SkypeOut service for completing calls - otherwise there's really no good reason to. The only way you can dial Skype numbers directly is by using a softphone and if you are going to use a softphone anyway, you might as well fire up a real Skype client and get a wider bandwidth connection. If you really want to do it (or plan on using the SkypeOut service) that's fine, but be aware that neither Outbound Routes nor Trunks are designed to use alpha characters in their dialing patterns/rules, and that certain characters (such as N and X) have a meaning in a route dial pattern or trunk dial rule, so you probably won't get the expected results if you try to put Skype user names in these fields. From what I see on the NV site, it appears that SkypeOut wants to see numbers in ten digit format (NXXNXXXXXX) so bear that in mind if you do decide to send calls to SkypeOut. By the way, I will never understand why the NV folks insist on including useless patterns that don't do anything in their trunk configurations - apparently they've never read the document HOWTO: Route Dial Patterns and Trunk Dial Rules.

Now, once you have this all working you'd probably like it to start whenever you boot the system. There are two ways of doing that. One is to start the VNC server at bootup (I used Webmin's System|Bootup and Shutdown to start vncserver at bootup - just check the box next to vncserver and click “Start on Boot”), and then start Skype and SipToSis from the vncserver startup script. If you want to do that, add these lines to /root/.vnc/xstartup after the line twm &:

skype &
sleep 5
cd /siptosis
./SipToSis_linux >> /var/log/siptosis

(The "sleep 5" is optional, but I think it's a good idea in order to give the Skype client time to fully initialize.)

After a reboot connect to the VNC server (remember that your client must connect to port 5903 if you used my configuration settings) and confirm that you can see the Skype client, also check /var/log/siptosis to make sure that siptosis is running. Once again, make sure the VNC server port is not exposed to the wide open Internet (that would be VERY bad since it's running as root and access is not restricted in any way)!

In normal operation, you do not need to have a VNC client connected for this to work - just the VNC server running seems to be sufficient. The advantage of this method is that you can take a look at what the Skype client is doing at any time by using a VNC client - the disadvantage is that it can be a very bad security risk if you don't know how to secure it properly. You might want to do it this way for the first week or so, then when you know everything is working as it should be, switch to method explained below (and disable the automatic running of the VNC server at startup).

The other method was suggested by bbhenry in this thread on the PiaF site (specifically this post, also see another variation in this post). Use his method if you'd rather not leave a VNC server running full-time.

To keep the logs from growing too large, if you have Webmin installed on your system you can use Webmin's System|Log File Rotation|Add a new log file to rotate to make sure the SipToSis log doesn't get too large. Suggested settings:

Log file paths: /var/log/siptosis
Ignore log file if missing? Yes
Re-create log file after rotation? Yes, with mode 0644 and owned by user root and group root

Leave everything else at the defaults. Then make another rule, but this time use /siptosis/log/*.log as the Log file path. You only need use the second rule if you are not starting everything with the VNC server and therefore not creating the /var/log/siptosis file.

One note on operation - if you ever need to shut down the SipToSis program (for example, to get it to reread its configuration file), wait about a minute or so between shutting it down and restarting it. The reason is that it apparently starts a Java process that takes a few seconds to realize that the program has been shut down, and then shut itself down. If you restart SipToSis too soon, you will have two (or more) instances of Java running and competing for the same connection to Asterisk, and one of them will get it and the other will post multiple lines of complaint to the log file at an astronomical rate! Pretty soon you will be out of hard drive space and when you look for the offending file, it will be SipToSis.log. So always give SipToSis (and its Java process) plenty of time to shut down before restarting it!

Finally, here are some links to posts and message threads that may be useful if you have problems:

SipToSis Skype Gateway Bridge Forum
Nerd Vittles: Why Wait? Build Your Own Skype Gateway to Asterisk
Elastix Forum: Siptosis Skype gateway
PBX in a Flash Forum: SipToSis-Skype Gateway Tips