In Part 1 of our series “Build your own VoIP System” we learned about the very basics of how VoIP and SIP in particular works.
This is Part 2, describing the process of setting up a Skype-like service using the sip:providerCE.
In Part 3 you will learn how to protect existing VoIP deployments with the sip:provider acting as a Session Border Controller (SBC).

Since version 2.6 of our sip:provider platform, we got everything in our hands to build a secure and self-hosted Skype-like communication service solely based on open source software.

The Goal

In this post, we attempt to build a free, secure, SIP based communication system to provide encrypted voice and video communication, buddy lists, instant messaging, presence and remote desktop sharing/control on a self-hosted system.

Once you’re done with that, adding skype-in/skype-out features to receive and place calls from/to the traditional telephony/mobile network is fairly easy, but will be covered in a separate post.

The whole process will take around 30 minutes up to an hour for an initial setup, so grab a coffee and clear your head.

The Ingredients

For our system to work, we need a communication server and a proper client for our end users.

The Server

As a communication server, we will use sip:providerCE v2.6. The easiest way to get started with it is to download the VMware or Virtualbox image and fire it up on a suitable machine. If you get more serious, you want to install the system from scratch on a dedicated server with a public static IP. If you’re new to VoIP and SIP, do NOT try to install it on an Amazon EC2 instance, as they’re using destination NAT, which is a big pain for SIP and needs some experience with the SPCE to tweak it properly for that scenario.

Note that the SPCE is a 64bit system, so in order to run the VM images, you need to turn on 64bit CPU virtualization in your BIOS if VMware or Virtualbox warns you about it.

The Client

Like with Skype, your users will need a Client software to leverage the full potential of the server. The good thing about a SIP based system is that you can hook up pretty much every SIP client (IP phone, ISDN adapter, Desktop client, Mobile client) to the SPCE. This usually works fine with just voice/video communication, but with advanced features like presence, diversity leads to interoperability issues, so the SPCE server is optimized for Jitsi, a Java based multi-platform client providing all the features we require for this tutorial.

Install the Server

In our setup, we will use Virtualbox to boot the Virtualbox VM image of the SPCE. Follow these steps to get started:

  1. If you don’t have Virtualbox 4.x installed yet, download it from here and install it, or upgrade your older version.
  2. Download the Virtualbox VM image of the SPCE from here.
  3. Start Virtualbox. On Linux, you can start it like this:
    $ virtualbox sip_provider_CE_2.6_virtualbox.ova
    You will be prompted to import the new VM, which will look similar to this:
    Import VM into Virtualbox
    Once the import is finished, double-check if the network interface is the correct one providing access to the Internet:
    Check network interface
    In this case, it shows eth1, where I really want to use wlan0 because this is the interface into my LAN network I use for testing. To change it, click Settings on the top and change it in the Network section, like this:
    Change network settings

    Use the proper interface suitable for you, wlan0 will most likely not work for you!

    IMPORTANT: Keep the mode to Bridged Adapter to avoid any NAT on the server side!

  4. Start the sip_provider_CE VM instance.
  5. Once the login screen is shown, log in with user root and password sipwise.
  6. Check your network settings. The VM instance is set to use DHCP by default. If this is fine with you, execute ifconfig eth0 and remember the IP address of this interface, and continue to the next step.

    However if you want to configure a static IP address, you need to edit /etc/network/interfaces, e.g. like this:

    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet static
    address 192.168.0.122
    netmask 255.255.255.0
    gateway 192.168.0.1
    dns-nameservers 8.8.8.8 8.8.4.4

    Then execute ifdown eth0; ifup eth0 to bring up the interface with the proper configuration. Then edit /etc/ngcp-config/config.yml, search for eaddress and and change the option to the IP address you statically set above, like this:

    eaddress: 192.168.0.122

  7. The last step on the command line is to execute the command ngcpcfg apply to generate the platform configuration files and reboot the server (only needed for the first time for simplicity reasons to make sure all services are started correctly).

Configure the Domain and Users

Now that the SPCE system is up and running, point your browser to the Administrative Web Panel located at HTTPS port 1443 of your IP you configured or got via DHCP above, like this:

https://192.168.0.122:1443

The username is administrator and the password is administrator.

There are a couple of steps to get your first users online:

  1. Create a Domain for your users. Your users will have subscribers identified by a so-called SIP URI like sip:alice@example.org, and similar to virtual hosts on a web server, you can create as many domains as you like in order to partition your users. Just make sure that the domain name you define here is pointing to the IP address of the system. You can also directly use your IP address for testing purposes, so a user would be alice@192.168.0.122 in my case, and I’ll use that throughout the rest of the post.


    To create the domain, go to System AdministrationDomains, enter your Domain name or IP address and press the Add button.

    Add new Domain

  2. Create an Account for your user. On the SPCE, accounts are billing containers for one or more subscribers. Usually one user will have one account with one subscriber in it.


    To create an account, go to AccountsCreate new account and press the Add button. You will be presented with the Billing Settings, which we just keep at its defaults for now, so we press the Save button.

    Create a new Account

  3. Create a Subscriber within the new account. At the bottom of the Account page is the Subscribers section. Click the Create button to configure a new Subscriber.

    Create new Subscriber

    The only mandatory information is the SIP URI and the SIP password fields. If you set the Web User and Web Password as well, the user is able to log into the Customer Self Care Web Interface running at HTTPS port 443, e.g. https://192.168.0.122.

  4. Repeat steps 2 and 3 for all the users you want to create.

That’s it on the server side. There is a lot more you can configure and tweak for Domains and for Subscribers, but it’s not important for your first tests. There is the SPCE Handbook providing all the detailed information, which you should check to learn about advanced configuration options.

Install and configure the Client

Your users need to download and install the Jitsi Client. Make sure to use the v1.1 latest Nightly Build. All the cool features won’t work otherwise (e.g. with the stable 1.0 version line).


The setup process is still quite bumpy compared to setting up a Skype client, because there are some manual steps involved. We’re working on that part providing an SPCE-optimized version of Jitsi, but up until now it works like this:


When starting Jitsi for the first time, you will be presented with a Sign In page. Choose the Use online provisioning link at the very bottom of this window.

Jitsi Sign In window

Check the Enable provisioning check box, select Manually specify a provisioning URI and put the following URL there, with only the IP address part changed to reflect your IP or domain name (make sure to leave the rest intact exactly as shown here):

https://192.168.0.122/jitsi?user=${username}&pass=${password}&uuid=${uuid}

Enable Jitis autoprovisioning

In case Jitsi was already installed, make sure to click the Forget Password! button as well.

Then exit Jitsi and start it again!

During the next startup, Jitsi will pop up an authentication window asking for your username and password. Enter your SIP URI and your SIP password here.

Jitsi Authentication Popup.

If you’re asked for a Certificate Verification, click Show Certificate, select the Always trust the certificate check-box and click Continue anyway.

Jitis verify Server Certificate

To avoid this warning, you have to upload a properly signed SSL certificate to the server and configure it. Check the chapter in the Handbook to learn how to do.

That’s it. Jitsi will download the configuration via an SSL encrypted HTTP connection, should register successfully to the server (might take some seconds) via a TLS encrypted SIP connection, and will fetch the buddy list (empty for a new user) also via an SSL encrypted HTTP connection.

You can now add other contacts to the buddy list like you know it with other services like Skype. You can place a voice or video call by calling the username (e.g. bob) if the other party is within the same doman, or username@domain (e.g. bob@example.org) if the other party is within another domain.

Jitsi Screen Sharing

Jitis encrypted Video call

Next Steps

Please consult the SPCE Handbook to learn how to configure phone numbers for your subscribers, how to configure subscriber features like call-forwards, call-blockings etc, and how to add SIP Peerings to connect to the traditional phone network in order to place and receive calls to/from landlines and mobile phones.

Feedback, Questions and Support

Please leave your feedback here, on Twitter or on Facebook.

If you need help for you setup process, please subscribe to our SPCE Mailing List where our Engineers and other community members are happy to answer your questions.