Occasionally in life you run into the tech equivalent of a “Hey, you got chocolate in my Peanut Butter!”. For those of you who were not watching TV in the 80’s please see this video.
You can also download larger versions of the diagrams in this post here.
Last year when the tiny Obihai OBi100 became available it allowed us to create a simple, cheap and almost free method of providing encrypted voice communication using regular off the shelf $10 telephones. The phone is actually the largest physical item in this bag of tricks, nothing else is bigger than a deck of cards.
Now would also be a good time to note that we have no financial connection with Obihai, we just purchase, use and like their products.
Ingredients
Lets start with the ingredients to this recipe. First, the OBi100. It is 3.5” x 2.6”.

On the back there are three plugs; power, Ethernet, and phone.

Before we go on lets pause and look at a wonderfully simple bit of functionality available to us with no more effort than plugging the thing in.
On the bottom of each Obi there is a unique 9 digit number. Lets say you and a friend each have one of these and they are each plugged in to the Internet anywhere on the planet. If you pick up the phone attached to the unit and dial two asterisks followed by your friend’s 9 digit number, his phone rings.
Nice. Simple. Zero config voip phone calls. But wait, there’s more.
Enter the Tiny Hardware Firewall
The THFW is 3.3” by 2.4” and weighs 50 grams. In the picture below it is velcro’d to my laptop.
On the side of the THFW there are two plugs, one for power and the other is an Ethernet port. Inside it has a wifi radio and a small computer. It acts as a gateway, firewall, and a 256bit VPN client and runs on USB power. Now you should see where we are going with this.
Time for some diagrams
In this scenario your access to the Internet is provided by some open access point. We were working on a road warrior solution so everything is small and low powered. We even found this cool little USB powered Ethernet switch. Fire up a laptop, turn off it’s wifi radio and plug the switch and THFW USB power ports into your laptop or some other USB power source. Then plug an Ethernet cable into your laptop and the switch. Plug an Ethernet cable into the switch and the THFW. Now plug an Ethernet cable into the Obihai Obi100 and the switch, but don’t power on the Obihai yet.
You should have something that looks like the photo above in real life. If you do this in a coffee shop you will get either strange or envious and knowing looks, maybe even a tech envy nod. Just be prepared.
Leaving the real world for the warm embrace of a network diagram, this is what it looks like when scribbled on a napkin.
This diagram shows you and a friend on the left and the right separated by the increasingly hostile Internet, designated by the letter “I” in the tiny (not to scale) cloud.
In this diagram “HotSpotVPN” is a HotSpotVPN encryption server in one of our datacenters, “SW” is the tiny USB powered Ethernet switch you saw in the photo above next to your laptop, the OBi is in green box and the THFW is talking to the AP via WiFi radio waves. And yes, my laptop artistry is very sad indeed. Hopefully you can pick out the phone.
Now hop on your laptop, log into the THFW, connect it to the access point and then and have it connect to a preferred voip optimized vpn cluster by entering the ip address in the preferred server field. (You can get the ip address from the help desk) It is best to choose udp and use that if possible. The voip will sound a lot better that way, however if you are on a restrictive network then you can fall back to tcp. Drop outs will take longer to repair but at least you can make the call.

Click “Save & Connect to VPN”.
After the VPN is connected the status section will show the VPN as connected. Your status section of the dash board will look like the picture below.

Now, all the Internet traffic of anything plugged into your switch is going through the vpn. The tunnel is shown in red below.
Now, turn on your Obi devices. Please note that Obi traffic is shown in green. When the Obi turns on it first talks to the Obitalk server.
Also note that Internet traffic is only encrypted between the THFW and the HotSpotVPN VPN servers. When it leaves the server it is not encrypted. The trick is to keep the voip conversation encrypted from one Obi 100 to the other Obi 100.

Now just pick up the phone and dial your friend’s 9 digit phone number preceded by **. Each Obi will now know it’s own ip address and the ip address of the 9 digit target and the two units will talk to each other through the encrypted tunnel.
Now the voip data follows the green line from one Obi unit to the other, through the vpn and it is encrypted end to end, all with off the shelf hardware. Nice.
Implementation Notes.
This implementation mimics a MUCH more expensive solution we provided to a client about five years ago at over 500 times the price of what you see here. They were a roving band of international mergers and acquisitions specialists and spent a lot of time in countries where your laptop is under cyber siege from the instant you step off of the plane. That said, this provides about 98 percent of the functionality of that solution.
Changes like this make me smile.
We actually use this internally but with smaller more expensive and occasionally wireless phones.
Other Features
This does not even scratch the surface of what you can do with this basket of tools. Just a few options are:
- There are voip clients for smartphones, tablets and computers that work with the Obi.
- The Obi will also work with Google Voice with very little setup.
- The Obi’s will work with other voip servers, even one you set up in a vm in the cloud.
- The larger Obi’s also have an ATA built in to connect it to a land line.
If you have any questions just drop us a line at the helpdesk.