Politecnico di Torino

C.A.R.S.
Center for Automotive Research and Sustainable
mobility

Implementation of a
VoIP-enabled V2I
communication based on
802.11a
Author: Supervisor:
Marco Malinverno Carla Chiasserini
Giuseppe Avino Claudio Casetti

April 18, 2018

1 Introduction
This brief document has been created to give the detailed hardware and
software architecture’s description of the solution we implemented in a Uni-
versity project. All the procedure and configurations will be presented and
explained in order to provide step-by-step guides and to let other replicate
each aspect of the network architecture. For questions, comments or doubts,
send an email to:
marco.malinverno@polito.it
giuseppe.avino@polito.it

1.1 Network Architecture Description

Figure 1: Network Architecture

The architecture that will be created can be see in Fig 1. The main
router (the one that will act as Access Point), will act as DHCP server and
as Asterisk server. The vehicles is equipped with the MicroAutoBox II control
unit, and its network capability will be extended to wireless by plugging its
Ethernet port to our Routed Client. This will be the same as plugging the
control unit to a wifi dongle. The device used in the vehicle (Alix3d3) comes
with embedded audio in-out with two 3.5mm Jack. An audio splitter will be
connected to those port and will provide a unique input (to match modern
headsets requirements). A simple Baresip client will be created directly in

1
the Routed Client. A terminal directly plugged to the AP may run the
MicroAutoBox II manager and connect the user with the vehicle’s control
unit, and a Linphone client can be connected to the AP to communicate
with Baresip present in the Routed Client. From a network topology point
of view, all the nodes will be in the 192.168.1.0/24 subnet.

1.2 Hardware used

In order to enable the communication between the control unit and the engi-
neer desk, additional hardware is needed, since the MicroAutoBox only come
with an Ethernet port. The devices used are two Alix board:

• PC Engines Alix 3d31 : to be used in the vehicle. It is equipped with two

3.5mm Jack input that will be used to enable the voice communication
in the vehicle.

• PC Engines Alix 3d22 : to be used at the box-side.

The two mainboards do not come with built-in Wi-Fi modules, so they
have been equipped with a Ubiquiti XR53 .
Two antennas, working in the 5GHz domain are used:

• Vehicle antenna: NET-WL-ANT5458-04SCN4

• Box antenna: Horizon Maxi 12dB5

Finally, to load the OS in the boards, two 8GB PC Engines Compact

Flash6 are used.
1
https://www.pcengines.ch/alix3d3.htm
2
https://www.pcengines.ch/alix3d2.htm
3
https://dl.ubnt.com/xr5 datasheet.pdf
4
https://www.solwise.co.uk/wireless-outdoorantenna-58-vehicle-04scn.htm
5
http://www.ted.net.pl/anteny/antena-dookolna-interline-horizon-maxi-12dbi-5ghz-5-
4-5-8ghz.html
6
https://www.pcengines.ch/cf8slc.htm

2
1.3 Software used
1.3.1 Operating Systems
The two Alix boards are equipped with the latest (at the time of writing)
OpenwWrt distribution (Lede 17.01.4). In order to install OpenWrt in the
two devices it is necessary to download the .img file from the Downloads area
in the OpenWrt web page and then, using a CF reader, write the image in the
CF support. To do so, we used the Startup Disk Creator utility of Ubuntu.
The image file we used for our Alix board, as well as other information and
the full guide to install the OpenWrt distro can be found at:
https://openwrt.org/toh/hwdata/pcengines/pcengines alix3d2

1.3.2 VoIP software

In order to enable a voice communication between the vehicle and the box,
we need a simple VoIP architecture in the LAN we’re going to create. This
architecture is composed by a PBX server (to be issued somewere in the
network, possibly ’in the middle’ between the vehicle and the box) and of
two VoIP clients. One of those clients should be installed in the Alix present
on the vehicle, while the other on a terminal used by the engineering team
in the box. The PBX server used here is Asterisk7 , while the VoIP client will
be Baresip8 (for the vehicle) and Linphone9 (for the box).

2 Step-by-step guides
In this part, the step-by-step guides to reach the configuration in Figure 1
are presented. The tutorials are created using documentation present on the
internet (OpenWrt how-tos and threads, blogs, forums etc.) as well as with
direct experience. This guide will show how to configure the devices using
the Web GUI. Moreover, all the config files will be showed.

3
 Figure 2: Communication between terminal and MicroAutoBox II

2.1 Communication between terminal and MicroAu-

toBox II
The communication between the vehicle control unit and the box terminal is
depicted in Figure 2.
The two Alix device will be set as follows:

• Access Point: at the box side.

• Routed Client: also called bridged client, wireless repeater etc. All
the traffic coming from the wifi interface will be bridged to the Ethernet
port, and all the traffic from the Ethernet port will be bridged to the
wifi interface.

2.1.1 Access Point

Step 0
Flash the OpenWrt .img in the CF. This guide has been tested for the version
LEDE 17.01.4.

Step 1 - connection
Connect to the web interface by plugging the device’s Ethernet port to a
PC and browsing to the default address 192.168.1.1. If unable to connect
it means that the PC is not in the same subnet, thus change the network
7
https://www.asterisk.org/
8
https://github.com/alfredh/baresip
9
http://www.linphone.org/

4
card address. It can be done either through the Linux connection manager
(edit Wired connection → IPv4 Settings → Method: Manual → Address:
192.168.1.2, Netmask: 24, Gateway: 192.168.1.1) or simply doing:
$ sudo i f c o n f i g <i n t e r f a c e > 1 9 2 . 1 6 8 . 1 . 2 / 2 4
where ’interface’ is the Ethernet interface’s name (usually eth0). Once con-
nected, login with username ’root’ and go to ’configure password’ (configuring
a password will allow SSH access to the device).
Step 2 - wireless card configuration
Go to the menu Network → Wireless and click edit beside the Radio interface
you want to configure (e.g. Generic MAC80211 802.11abg (radio0)). In the
General Setup tab click to Enable to enable the interface. Now select the
Band (e.g. 5GHz) and the Channel.

NOTE: do not choose ’auto’ in the channel method, since it seems to

create problem. Use instead a channel that you are sure it suits your
Wi-Fi card. For Ubiquiti XR5 available and tested channels are: 36,
40, 44, 48, 149, 153, 157, 161, 165.

Go to Advanced Settings tab and configure the Country Code. Finally

in the section ’Interface Configuration’, tab General Setup, set your ESSID
(the name of the wireless network), set Mode to ’Access Point’ and leave all
the other configuration as they are. In the tab Wireless Security, eventually
choose an Encryption mehod (e.g. WPA2-PSK). a Cipher and a password.

Step 3 - interface configuration

Go to Network → Interfaces and click ’edit’ beside the interface LAN. Here
be sure that the Protocol is set to ’Static address’. In the Physical Settings
tab, check that the Bridge Interfaces option is ticked and that it bridges
between Ethernet Adapter and Wireless Network. Finally control that the
DHCP server is enabled (so, leave the ’Ignore interface’ option unchecked).
This device will assign the IP address to each node in the nework. ’Save and
apply’ and now you can unplug the cable and plug back again as a DHCP
client.

5
 NOTE: If you want to fix IP addresses of clients connected to the
AP, just go to tab Network → DHCP and DNS, in the section ’Static
Leases’ click on ’Add’ and compile the section by specifying ’Lease
time’ to ’infinite’.

Step 4 - firewall
Go to tab Network → Firewall and in the section ’Zones’ put all the values
for the ’lan’ zone to accept.

Configuration Files

/etc/config/network

c o n f i g i n t e r f a c e ’ loopback ’
o p t i o n ifname ’ l o ’
option proto ’ s t a t i c ’
option ipaddr ’ 1 2 7 . 0 . 0 . 1 ’
o p t i o n netmask ’ 2 5 5 . 0 . 0 . 0 ’

config globals ’ globals ’

o p t i o n u l a p r e f i x ’ fd8b : 2 0 6 d : 2 3 9 c : : / 4 8 ’

c o n f i g i n t e r f a c e ’ lan ’
o p t i o n type ’ b r i d g e ’
o p t i o n ifname ’ eth0 ’
option proto ’ s t a t i c ’
option ipaddr ’ 1 9 2 . 1 6 8 . 1 . 1 ’
o p t i o n netmask ’ 2 5 5 . 2 5 5 . 2 5 5 . 0 ’
option ip6assign ’60 ’

/etc/config/wireless

c o n f i g w i f i −d e v i c e ’ r a d i o 0 ’
o p t i o n type ’ mac80211 ’
o p t i o n hwmode ’ 1 1 a ’

6
 o p t i o n path ’ p c i 0 0 0 0 : 0 0 / 0 0 0 0 : 0 0 : 0 c . 0 ’
o p t i o n c o u n t r y ’ IT ’
option channel ’153 ’

c o n f i g w i f i −i f a c e ’ d e f a u l t r a d i o 0 ’
option device ’ radio0 ’
o p t i o n mode ’ ap ’
o p t i o n s s i d ’ AccessPoint ’
o p t i o n key ’ password ’
o p t i o n network ’ lan ’
o p t i o n e n c r y p t i o n ’ psk2 ’
o p t i o n wmm ’ 0 ’

/etc/config/dhcp

c o n f i g dnsmasq
option domainneeded ’ 1 ’
option boguspriv ’1 ’
option l o c a l i s e q u e r i e s ’1 ’
option rebind protection ’1 ’
option rebind localhost ’1 ’
option local ’/ lan / ’
option domain ’ lan ’
option e xpand hosts ’ 1 ’
option authoritative ’1 ’
option readethers ’1 ’
option l e a s e f i l e ’ / tmp/ dhcp . l e a s e s ’
option r e s o l v f i l e ’ / tmp/ r e s o l v . c o n f . auto ’
option l o c a l s e r v i c e ’1 ’
option nonwildcard ’0 ’

c o n f i g dhcp ’ lan ’
o p t i o n i n t e r f a c e ’ lan ’
option s t a r t ’100 ’
option l i m i t ’150 ’

7
 option l e a s e t i m e ’12h ’
option dhcpv6 ’ s e r v e r ’
option ra ’ server ’
option ra management ’ 1 ’

c o n f i g dhcp ’ wan ’
o p t i o n i n t e r f a c e ’ wan ’
option ignore ’1 ’

c o n f i g odhcpd ’ odhcpd ’
option maindhcp ’ 0 ’
option l e a s e f i l e ’ / tmp/ h o s t s / odhcpd ’
option l e a s e t r i g g e r ’ / u s r / s b i n / odhcpd−update ’

c o n f i g host
option name ’ example−s t a t i c −l e a s e ’
option dns ’ 1 ’
option mac ’ 0 0 : 0 0 : 0 1 : 0 0 : 0 0 : 0 1 ’
option ip ’192.168.1.100 ’
option leasetime ’ infinite ’

/etc/config/firewall

config defaults
option syn flood ’1 ’
o p t i o n i n p u t ’ACCEPT’
o p t i o n output ’ACCEPT’
o p t i o n f o r w a r d ’ACCEPT’

c o n f i g zone
o p t i o n name ’ lan ’
l i s t network ’ lan ’
o p t i o n i n p u t ’ACCEPT’
o p t i o n output ’ACCEPT’
o p t i o n f o r w a r d ’ACCEPT’

8
c o n f i g zone
o p t i o n name ’ wan ’
l i s t network ’ wan ’
l i s t network ’ wan6 ’
o p t i o n i n p u t ’REJECT’
o p t i o n output ’ACCEPT’
o p t i o n f o r w a r d ’REJECT’
o p t i o n masq ’ 1 ’
option mtu fix ’1 ’

config forwarding
o p t i o n s r c ’ lan ’
o p t i o n d e s t ’ wan ’

config rule
option name ’ Allow−DHCP−Renew ’
option s r c ’ wan ’
option p r o t o ’ udp ’
option dest port ’68 ’
option t a r g e t ’ACCEPT’
option f a m i l y ’ ipv4 ’

config rule
option name ’ Allow−Ping ’
option s r c ’ wan ’
option p r o t o ’ icmp ’
option icmp type ’ echo−r e q u e s t ’
option f a m i l y ’ ipv4 ’
option t a r g e t ’ACCEPT’

config rule
option name ’ Allow−IGMP’
option s r c ’ wan ’
option p r o t o ’ igmp ’
option f a m i l y ’ ipv4 ’

9
 o p t i o n t a r g e t ’ACCEPT’

config rule
option name ’ Allow−DHCPv6’
option s r c ’ wan ’
option p r o t o ’ udp ’
option src ip ’ fc00 ::/6 ’
option dest ip ’ fc00 ::/6 ’
option dest port ’546 ’
option f a m i l y ’ ipv6 ’
option t a r g e t ’ACCEPT’

config rule
o p t i o n name ’ Allow−MLD’
o p t i o n s r c ’ wan ’
o p t i o n p r o t o ’ icmp ’
option s r c i p ’ fe80 : : / 1 0 ’
l i s t icmp type ’ 1 3 0 / 0 ’
l i s t icmp type ’ 1 3 1 / 0 ’
l i s t icmp type ’ 1 3 2 / 0 ’
l i s t icmp type ’ 1 4 3 / 0 ’
o p t i o n f a m i l y ’ ipv6 ’
o p t i o n t a r g e t ’ACCEPT’

config rule
o p t i o n name ’ Allow−ICMPv6−Input ’
o p t i o n s r c ’ wan ’
o p t i o n p r o t o ’ icmp ’
l i s t icmp type ’ echo−r e q u e s t ’
l i s t icmp type ’ echo−r e p l y ’
l i s t icmp type ’ d e s t i n a t i o n −u n r e a c h a b l e ’
l i s t icmp type ’ packet−too−big ’
l i s t icmp type ’ time−exceeded ’
l i s t icmp type ’ bad−header ’
l i s t icmp type ’ unknown−header−type ’
l i s t icmp type ’ r o u t e r −s o l i c i t a t i o n ’

10
 l i s t icmp type ’ neighbour−s o l i c i t a t i o n ’
l i s t icmp type ’ r o u t e r −a d v e r t i s e m e n t ’
l i s t icmp type ’ neighbour−a d v e r t i s e m e n t ’
o p t i o n l i m i t ’ 10 00 / s e c ’
o p t i o n f a m i l y ’ ipv6 ’
o p t i o n t a r g e t ’ACCEPT’

config rule
o p t i o n name ’ Allow−ICMPv6−Forward ’
o p t i o n s r c ’ wan ’
option dest ’∗ ’
o p t i o n p r o t o ’ icmp ’
l i s t icmp type ’ echo−r e q u e s t ’
l i s t icmp type ’ echo−r e p l y ’
l i s t icmp type ’ d e s t i n a t i o n −u n r e a c h a b l e ’
l i s t icmp type ’ packet−too−big ’
l i s t icmp type ’ time−exceeded ’
l i s t icmp type ’ bad−header ’
l i s t icmp type ’ unknown−header−type ’
o p t i o n l i m i t ’ 10 00 / s e c ’
o p t i o n f a m i l y ’ ipv6 ’
o p t i o n t a r g e t ’ACCEPT’

config rule
option name ’ Allow−IPSec−ESP ’
option s r c ’ wan ’
option d e s t ’ lan ’
option p r o t o ’ esp ’
option t a r g e t ’ACCEPT’

config rule
option name ’ Allow−ISAKMP’
option s r c ’ wan ’
option d e s t ’ lan ’
option dest port ’500 ’
option p r o t o ’ udp ’

11
 o p t i o n t a r g e t ’ACCEPT’

config include
o p t i o n path ’ / e t c / f i r e w a l l . u s er ’

2.2 Routed Client with relayd

The following step-by-step is based upon:
https://wiki.openwrt.org/doc/recipes/relayclient
with some minor changes. This configuration needs some packages to be
installed. Download the packages from:

https://downloads.lede-project.org/releases/17.01.4/packages/
i386 pentium/
https://downloads.lede-project.org/releases/17.01.4/targets/
x86/geode/packages/

if working with Alix device (otherwise find the package directory for the
target device). In particular download the two packages:

/luci/luci-proto-relay
/base/relayd

Step 0 and Step 1 are the same as Section 2.1.1. Then transfer the
packages in the device (using scp).
$ scp < f i l e > root@192 . 1 6 8 . 1 . 1 : / r o o t
Step 1 - install packages
Connect with ssh into the device:
$ s s h root@192 . 1 6 8 . 1 . 1
Insert the password and install the two packages just transferred:
$ opkg i n s t a l l <package>
Step 2 - wireless card configuration
Connect to the web interface at 192.168.1.1. Be sure that the AP is on and
running, then go to the tab Network → Wireless. Beside the radio interface

12
click ’Scan’. Select the access point’s SSID (e.g. ’AccessPoint’), enter the
password and then create a NEW network called ’wwan’. Set the Firewall-
Zone to ’lan’.
Step 3 - interfaces configuration
Go to Network → Interface, edit the interface ’wwan’ and just set Protocol/-
Mode to DHCP Client. Then go back and click ’Add new interface...’. Call
this new interface ’stabridge’. This will be the interface that will connect the
LAN and the wireless interfaces, so as Protocol/Mode set ’Relay Bridge’ and
check the box to relay between ’lan’ and ’wwan’. The local IPv4 address for
the bridge can be 192.168.1.2.
Save and apply and go back to edit interface ’lan’: set the IPv4 Gateway
and the Custom DNS to the IP address of the AP (192.168.1.1). Be sure
that the Protocol is ’Static’ and set the local IPv4 address to 192.168.2.1.
NOTE: It is necessary that the LAN interface of this device is set
to another subnet with respect to its wireless interface (192.168.2.0 is
good if AP is in 192.168.1.0). This is because otherwise there will be
some cases in which packets from a client connected via Ethernet to
this device will not be forwarded to the wireless interface.

Finally, under the section ’DHCP Server’, check off ’ignore interface’, so
the DHCP server is disabled.
Step 4 - firewall configuration
go to page Network → Firewall, in the section ’Zones’, beside ’lan’ click Edit.
Set Forward=Accept and set Covered Network = ”lan” & ”wwan”.
Step 5 - reboot and connectivity
Go to System → Reboot → Reboot Now. Now, assuming the AP on and
running, the Routed Client’s IP can be retrieved by accessing the AP (via
browser) at 192.168.1.1. In the section Network → DHCP, you can now see
the client connected and its IP address. If you connect a device (in our case
the MicroAutoBox II) via Ethernet to the Routed Client, it will appear on
this list. Indeed, every device connected to the AP will be present in this list.
For ’static’ topology like ours, it is good to set static leases of IP addresses,
as explained in Sec. 2.1.1.

Configuration Files

/etc/config/network

13
 c o n f i g i n t e r f a c e ’ loopback ’
o p t i o n ifname ’ l o ’
option proto ’ s t a t i c ’
option ipaddr ’ 1 2 7 . 0 . 0 . 1 ’
o p t i o n netmask ’ 2 5 5 . 0 . 0 . 0 ’

config globals ’ globals ’

o p t i o n u l a p r e f i x ’ fd5b : 0 e21 : 2 c 0 f : : / 4 8 ’

c o n f i g i n t e r f a c e ’ lan ’
o p t i o n type ’ b r i d g e ’
o p t i o n ifname ’ eth0 ’
option proto ’ s t a t i c ’
o p t i o n netmask ’ 2 5 5 . 2 5 5 . 2 5 5 . 0 ’
option ip6assign ’60 ’
o p t i o n gateway ’ 1 9 2 . 1 6 8 . 1 . 1 ’
o p t i o n dns ’ 1 9 2 . 1 6 8 . 1 . 1 ’
option ipaddr ’ 1 9 2 . 1 6 8 . 2 . 1 ’

c o n f i g i n t e r f a c e ’wwan ’
o p t i o n p r o t o ’ dhcp ’

config i nt er f ac e ’ stabridge ’
option proto ’ relay ’
option ipaddr ’ 1 9 2 . 1 6 8 . 1 . 2 ’
l i s t network ’ lan ’
l i s t network ’wwan ’

/etc/config/wireless

c o n f i g w i f i −d e v i c e ’ r a d i o 0 ’
o p t i o n type ’ mac80211 ’
option channel ’36 ’
o p t i o n hwmode ’ 1 1 a ’
o p t i o n path ’ p c i 0 0 0 0 : 0 0 / 0 0 0 0 : 0 0 : 0 c . 0 ’

14
 option disabled ’0 ’
o p t i o n c o u n t r y ’US ’

c o n f i g w i f i −i f a c e
o p t i o n network ’wwan ’
o p t i o n s s i d ’ AccessPoint ’
o p t i o n e n c r y p t i o n ’ psk2 ’
option device ’ radio0 ’
o p t i o n mode ’ s t a ’
o p t i o n b s s i d ’ 0 0 : 1 5 : 6D: 6 8 : 2D: 6 F ’
o p t i o n key ’ password ’

/etc/config/dhcp

c o n f i g dnsmasq
option domainneeded ’ 1 ’
option boguspriv ’1 ’
option f i lt e r wi n 2 k ’0 ’
option l o c a l i s e q u e r i e s ’1 ’
option rebind protection ’1 ’
option rebind localhost ’1 ’
option local ’/ lan / ’
option domain ’ lan ’
option e xpand hosts ’ 1 ’
option nonegcache ’ 0 ’
option authoritative ’1 ’
option readethers ’1 ’
option l e a s e f i l e ’ / tmp/ dhcp . l e a s e s ’
option r e s o l v f i l e ’ / tmp/ r e s o l v . c o n f . auto ’
option l o c a l s e r v i c e ’1 ’

c o n f i g dhcp ’ lan ’
o p t i o n i n t e r f a c e ’ lan ’
o p t i o n dhcpv6 ’ s e r v e r ’
option ra ’ server ’

15
 option ignore ’1 ’
o p t i o n ra management ’ 1 ’

c o n f i g dhcp ’ wan ’
o p t i o n i n t e r f a c e ’ wan ’
option ignore ’1 ’

c o n f i g odhcpd ’ odhcpd ’
option maindhcp ’ 0 ’
option l e a s e f i l e ’ / tmp/ h o s t s / odhcpd ’
option l e a s e t r i g g e r ’ / u s r / s b i n / odhcpd−update ’

/etc/config/firewall

config defaults
option syn flood ’1 ’
o p t i o n i n p u t ’ACCEPT’
o p t i o n output ’ACCEPT’
o p t i o n f o r w a r d ’ACCEPT’

c o n f i g zone
option name ’ lan ’
option i n p u t ’ACCEPT’
option output ’ACCEPT’
option f o r w a r d ’ACCEPT’
option network ’ l a n wwan ’

c o n f i g zone
option name ’ wan ’
option i n p u t ’REJECT’
option output ’ACCEPT’
option f o r w a r d ’REJECT’
option masq ’ 1 ’
option mtu fix ’1 ’
option network ’ wan wan6 ’

16
config forwarding
o p t i o n s r c ’ lan ’
o p t i o n d e s t ’ wan ’

config rule
option name ’ Allow−DHCP−Renew ’
option s r c ’ wan ’
option p r o t o ’ udp ’
option dest port ’68 ’
option t a r g e t ’ACCEPT’
option f a m i l y ’ ipv4 ’

config rule
option name ’ Allow−Ping ’
option s r c ’ wan ’
option p r o t o ’ icmp ’
option icmp type ’ echo−r e q u e s t ’
option f a m i l y ’ ipv4 ’
option t a r g e t ’ACCEPT’

config rule
option name ’ Allow−IGMP’
option s r c ’ wan ’
option p r o t o ’ igmp ’
option f a m i l y ’ ipv4 ’
option t a r g e t ’ACCEPT’

config rule
option name ’ Allow−DHCPv6’
option s r c ’ wan ’
option p r o t o ’ udp ’
option src ip ’ fc00 ::/6 ’
option dest ip ’ fc00 ::/6 ’
option dest port ’546 ’
option f a m i l y ’ ipv6 ’

17
 o p t i o n t a r g e t ’ACCEPT’

config rule
o p t i o n name ’ Allow−MLD’
o p t i o n s r c ’ wan ’
o p t i o n p r o t o ’ icmp ’
option s r c i p ’ fe80 : : / 1 0 ’
l i s t icmp type ’ 1 3 0 / 0 ’
l i s t icmp type ’ 1 3 1 / 0 ’
l i s t icmp type ’ 1 3 2 / 0 ’
l i s t icmp type ’ 1 4 3 / 0 ’
o p t i o n f a m i l y ’ ipv6 ’
o p t i o n t a r g e t ’ACCEPT’

config rule
o p t i o n name ’ Allow−ICMPv6−Input ’
o p t i o n s r c ’ wan ’
o p t i o n p r o t o ’ icmp ’
l i s t icmp type ’ echo−r e q u e s t ’
l i s t icmp type ’ echo−r e p l y ’
l i s t icmp type ’ d e s t i n a t i o n −u n r e a c h a b l e ’
l i s t icmp type ’ packet−too−big ’
l i s t icmp type ’ time−exceeded ’
l i s t icmp type ’ bad−header ’
l i s t icmp type ’ unknown−header−type ’
l i s t icmp type ’ r o u t e r −s o l i c i t a t i o n ’
l i s t icmp type ’ neighbour−s o l i c i t a t i o n ’
l i s t icmp type ’ r o u t e r −a d v e r t i s e m e n t ’
l i s t icmp type ’ neighbour−a d v e r t i s e m e n t ’
o p t i o n l i m i t ’ 10 00 / s e c ’
o p t i o n f a m i l y ’ ipv6 ’
o p t i o n t a r g e t ’ACCEPT’

config rule
o p t i o n name ’ Allow−ICMPv6−Forward ’
o p t i o n s r c ’ wan ’

18
 option dest ’∗ ’
o p t i o n p r o t o ’ icmp ’
l i s t icmp type ’ echo−r e q u e s t ’
l i s t icmp type ’ echo−r e p l y ’
l i s t icmp type ’ d e s t i n a t i o n −u n r e a c h a b l e ’
l i s t icmp type ’ packet−too−big ’
l i s t icmp type ’ time−exceeded ’
l i s t icmp type ’ bad−header ’
l i s t icmp type ’ unknown−header−type ’
o p t i o n l i m i t ’ 10 00 / s e c ’
o p t i o n f a m i l y ’ ipv6 ’
o p t i o n t a r g e t ’ACCEPT’

config rule
option name ’ Allow−IPSec−ESP ’
option s r c ’ wan ’
option d e s t ’ lan ’
option p r o t o ’ esp ’
option t a r g e t ’ACCEPT’

config rule
option name ’ Allow−ISAKMP’
option s r c ’ wan ’
option d e s t ’ lan ’
option dest port ’500 ’
option p r o t o ’ udp ’
option t a r g e t ’ACCEPT’

config include
o p t i o n path ’ / e t c / f i r e w a l l . u s er ’

2.2.1 Network topology

The results of this configuration is a network topology analogue to the one
depicted in Fig 3. It is a simple topology where the Access Point act as gate-
way and each device connected belongs to the same subnet (192.168.1.0/24).

19
 Figure 3: Network topology

2.3 VoIP server and client

In order to enable the voice communication between the box and the vehicle
we need:

• A VoIP server, somewhere in the network (Asterisk)

• A VoIP client, suitable to run in OpenWRT (Baresip)

• One (or more) client in the box (Linphone is good, available for Mac,
Windows, iOS, Android and Linux).

In this section we’ll see how to issue an Asterisk server in OpenWRT, a Bare-
sip client in OpenWRT and how to configure a Linphone client to connect
to a local server.

2.3.1 Asterisk over OpenWrt

Asterisk is a complete PBX in software. It provides all of the features you
would expect from a PBX and more. It does voice over IP in three protocols,

20
and can interoperate with almost all standards-based telephony equipment
using relatively inexpensive hardware. The software has been ported for
OpenWrt and it packages are maintained by Jiri Slachta. In this guide we’ll
install all the packages available for Asterisk13 inside our Access Point. Of
course, if some packages are not necessary (e.g. VoiceMail or SMS or what-
ever) it is possible to skip their installation. The list of dependency packages
to be downloaded is reported here. Refer to the first paragraph in Sec. 2.2
for the link and the instruction to transfer the packages into the device.

alsa-lib / alsa-utils / alsa-utils-seq / alsa-utils-tests / bcg729

/ dahdi-tools-libtonezone / jansson / kmod-dahdi / kmod-
sound-core / kmod-usb-acm / kmod-usb-serial / kmod-usb-
serial-option / kmod-usb-serial-wvan / libcurl / libgmp /
libgnutls / libiksemel / libjpeg / libltdl / libmbedtls / lib-
ncurses / libnettle / libopenssl / libpj / libpjlib-util / libpj-
media / libpjnath / libpjsip / libpjsip-simple / libpjsip-ua /
libpjsua / libpopt / libpq / libpri / libreadline / libspandsp
/ libsqlite3 / libsrtp / libstdcpp / libtiff / libxml2 / libxlst /
terminfo / unixodbc / usb-modeswitch

For what concern Asterisk packages, go to the folder telephony and download
everything starts with ’Asterisk13’. Once downloaded these packages, tranfer
them to the AP with
$ scp <d i r e c t o r y >/∗ root@192 . 1 6 8 . 1 . 1 : / r o o t
and finally log into the AP with ssh and install them using ’opkg install * ’.
What we will do is to configure two SIP clients, one for the vehicle and one
for the box. If you want more clients in the box (for example, to let them be
able to talk each other at box-side) just add more clients.
Step 1 - create users at /etc/asterisk/users.conf
modify the file /etc/asterisk/users.conf using ’vi editor’10 and add the fol-
lowing lines at the end of the file:

[6001]
f u l l n a m e = VEHICLE
s e c r e t = 1234

10
https://www.washington.edu/computing/unix/vi.html

21
 hassip = yes
context = users
h o s t = dynamic

[6002]
f u l l n a m e = BOX1
s e c r e t = 1234
hassip = yes
context = users
h o s t = dynamic

where the number inside the square brackets is the number that will be as-
signed to the entity; ’fullname’ is the name that will be displayed in the
client user-interface (where present); ’secret’ is its password; ’hassip’ tells
the server to create a SIP account for the user; ’context’ is used to cathego-
rize the users (to possibly assign priority and subdivide them); ’host’ set to
Dynamic let the client register periodically to the server.
Step 2 - create extensions at /etc/asterisk/extension.conf
Once created the users, the last step to do is to tell the server what to do
when it receives a Dial for a certain number. To do so, modify file /etc/as-
terisk/extension.conf and add the following lines at the end of the file:

[ users ]
e x t e n => 6 0 0 1 , 1 , D i a l ( SIP /6001)
e x t e n => 6 0 0 2 , 1 , D i a l ( SIP /6002)

This is self-explainatory: if the number 6001 is called, then Dial the SIP
number with identifier 6001.
Step 3 - load new configuration
To let the changes be effective, type:
$ a s t e r i s k −r
CLI> c o r e r e s t a r t g r a c e f u l l y
and the server will restart with the brand new configurations. From now on,
everytime the AP is started, the Asterisk server will start and let the SIP
client be able to connect.

22
2.3.2 Baresip over OpenWrt
The credit for this Baresip guide goes in part to the OpenWrt’s user Pilovis11 .
Baresip is a portable and modular SIP User-Agent with A/V support. In
our case it will be used only for audio. This guide is inteded for the Alix3d3
(the one that has been configured as Routed Client), that comes with two
3.5mm Jack. If you are working with a device with no audio support, but
with a USB port, you can refer to the thread:
https://forum.openwrt.org/viewtopic.php?pid=225463#p225463
to proper install audio driver for USB. For what concern Baresip packages, it
is needed to install all the packages present in the folder ’telephony’ and
starting with ’baresip’. In this guide a full Baresip installation is done.
However, you can decide to avoid intalling those packages you don’t need.
The other packages to be downloaded and installed are:

alsa-lib / alsa-utils / alsa-utils-seq / alsa-utils-tests / kmod-

ac97 / kmod-hid / kmod-hid-generic / kmod-input-core
/ kmod-input-evdev / kmod-sound-core / kmod-usb-hid /
lame-lib / libbz2 / libffmpeg-full / libjpeg / libncurses / li-
bopenssl / libopus / libre / librem / libresample / libspandsp
/ libspeex / libstdcpp / libtiff / libv4l / libx264 / terminfo /
kmod-sound-cs5535audio

Note that the package in red is the driver for the audio card present in
Alix3d3. For other device models, you may have to install other drivers. As
before, transfer all the file to the Routed Client using ’scp’ and install them
using ’opkg install * ’.
Step 1 - start ALSA and Baresip
first of all, ssh into the Routed Client, and start ALSA to let it detect the
audio driver:
$ alsactl init
It will output the name of the audio driver installed. Then, start Baresip, in
order to create the initial configuration files:
$ baresip

11
https://forum.openwrt.org/profile.php?id=129651

23
wait some seconds and then press CTRL+C to close the User Agent.
Step 2 - configure SIP client
now, cd into the hidden folder that has been created in /root:
$ cd . b a r e s i p
and modify the file accounts using vi editor. The file has to be modified to
match the following file:
/root/.baresip/accounts

#
# SIP a c c o u n t s − one a c c o u n t per l i n e
#
<s i p : 6 0 0 1 : 1 2 3 4 @192 . 1 6 8 . 1 . 1 > ; answermode=auto

This will tell the Baresip client to connect (using the SIP protocol) to the
server placed at 192.168.1.1 using username 6001 and password 1234. The file
’accounts’ originally came with all the example of all possible parameters that
can be set; however, the only thing that we need, is to let the device answer
automatically to an incoming call. To do so, we set answermode=auto.
Step 3 - configure Baresip
now we need to modify the Baresip configuration. To do so, we need to
modify the file config:
/root/.baresip/config

poll method epoll

input device / dev / i n p u t / e v e n t 0
#e v e n t u a l l y a d a p t i n p u t d e v i c e f o r your system
input port 5555
sip trans bsize 128
audio player alsa , default
# audio speaker devic e
audio source alsa , default
# a u d i o microphone d e v i c e
audio alert alsa , default
# audio ring de vice
#

24
 # i f you want t o use more than one a u d i o d e v i c e
# you need t o use : a l s a , d e f a u l t :CARD=devicename
# t o d i s c o v e r d e v i c e name use command : a p l a y −L
# −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
audio srate 8000 −48000
audio channels 1−2
rtp tos 184
rtcp enable yes
rtcp mux no
#j i t t e r b u f f e r d e l a y 15−35 # uncomment t h i s
#l i n e o n l y i n c a s e you use an e x t e r n a l v o i p
#p r o v i d e r and you e x p e r i e n c e h i g h p i n g l a t e n c e
rtp stats no
dns server 8.8.8.8:53
# use your p r e f e r r e d DNS s e r v e r
module path / u s r / l i b / b a r e s i p / modules
module s t d i o . so
module evdev . so
module g711 . so
module a l s a . so
module stun . so
module turn . so
module tmp account . so
module app c o n t a c t . so
module app menu . so
natbd server c r e y t i v . com
natbd interval 600

Once done that, you can start Baresip and see if it connects to the server
without error.
Step 4 - let Baresip starts at boot
since this device will be used as plug-n-play, we need to properly set the
Baresip daemon to start at boot. To do so, go into folder /etc/ and modify
the file rc.local by adding:
/etc/rc.local

25
 alsactl init
/ bi n / s l e e p 5
b a r e s i p −f / r o o t / . b a r e s i p −d &&
exit 0

in this way, the Baresip daemon will start at boot (only after ALSA dectected
the audio devices).

NOTE: If the Ethernet port of the Routed Client is not connected

to any device, Baresip may encounter some problem in finding the
network interface to connect with. To face this problem it is needed
to modify the file rc.local and just shut down and restart the br-lan
interface. The rc.local will be:
alsactl init
i f c o n f i g br−l a n down
/ bi n / s l e e p 5
i f c o n f i g br−l a n up
b a r e s i p −f / r o o t / . b a r e s i p −d &&
exit 0
This little patch will solve the problem.

2.3.3 Configure Linphone and Routed Client headset

Linphone is an open source Voice Over IP phone (or SIP phone) that makes
possible to communicate over the internet, with voice, video, and text instant
messaging. It is a multi-platform application and its configuration is simple.
No matter what client is being used (Linux, Windows, Android or iOS), the
only thing to do is to select ’Use SIP accounts’ and insert the Username=6002
(or whatever has been inserted in the Asterisk configuration), password=1234
and domain 192.168.1.1.
Now, with the SIP client at the box connected and the SIP client in
the vehicle connected, the last thing to do is to connect the headset to the
Alix3d3. Since it comes with two separate jack (for audio-out and mic), a

26
jack splitter is needed12 to let it connect to modern headsets. Once done
that, from the Linphone client, it will be possible to dial the number 6001
and the call will start.
To configure and adjust the audio in the Routed Client, just ssh into it
and start alsamixer with:
$ alsamixer
This program comes with a nice and intuitive control panel to adjust every
audio device.

12
http://amzn.eu/9UY1wFv

27