Three Years At The Internet Society
Join Me On VUC Today At Noon US EDT To Talk IPv6, IoT, WebRTC and more...

Talko Looks Very Cool, But Needed A Firewall Change To Work

Talko directoryThe big telecom story today certainly seems to the be launch of Ray Ozzie's new "Talko" application for iOS. Tons of attention in the tech media, and many of my friends on social media have been trying it out. There's a brilliant article posted on Medium about the "Brave New Phone Call" along with a great blog post from Ray Ozzie about how this new app will revolutionize the voice experience.

I think Talko has great potential to do so, particularly after using it.

But...

... I had to change my firewall rules in order to make Talko work. :-(

And I don't know how long it will continue to work.

Perhaps worse than that... it wasn't clear initially that I had a firewall problem. Frequent testing partner Jim Courtney sent me a message and after installing the Talko app on my iPhone I tried to talk to him, but all I seemed to be able to do was send him a voice message or a text message.

Subsequently I tried connecting to Tim Panton and again could only send voice messages. It made for a very asynchronous "walkie-talkie" style of communication that clearly seemed to not be what was described in the article.

At that point my many years in VoIP kicked in and I realized the firewall at the edge of my network was probably blocking something. Sure enough, when I pulled up the live firewall log and filtered on my iPhone's IP address I could see blocked connections from my iPhone that were intended for an IP address in Amazon's EC2 cloud. These blocked connections happened when I tried to initiate a voice conversation within Talko.

I first tried to create a firewall rule that would allow specific ports through, just by guessing from the firewall logs what ports Talko might be using. However, they jumped around and what I ultimately had to do was create a rule allowing any connection from inside my network to the specific IPv4 address of what I assume is one of Talko's servers on Amazon EC2.

Once I did this, I was able to have a voice conversation with Tim perfectly fine. It was actually rather cool how it would record the conversation and let me easily go back, listen again, advance through it, etc.

But...

... poking a hole in my firewall to a specific IP address is very definitely NOT the way to have a telecom application work.

And... Talko will only work on my network as long as that destination IP address doesn't change. If they add more servers or change their architecture, it's dead to me. At least... dead on my home WiFi network. Presumably it could still work on my mobile data network (at a cost to me).

Now, to be fair, I'm a bit more security-paranoid than the average home user and so I run a Linux-based firewall/server/gateway on the edge of my home network with a fairly restrictive set of firewall rules. The default policy is to deny outbound connections unless they fit into various rules. I've had to add rules allowing VoIP and IM protocols... and it's not uncommon for me to have to add new rules for applications like this. For instance, I had to do so for Tox when I was playing with it a few months back.

Odds are Talko will probably work fine for the vast majority of connections from WiFi networks with less paranoid firewall rules.

But... for an app like this to really challenge the existing telecom infrastructure, it needs to work from almost anywhere. This is why Skype usage is so ubiquitous - Skype "just works" and has its ways to work around firewalls. Within the SIP and WebRTC communities there are all the STUN / TURN / ICE servers and technologies that enable this kind of transit of a firewall. The technology is out there. And there will certainly be some enterprises and other businesses that set up firewalls at least as restrictive as mine is.

I realize today's news is the initial public launch and that this is early days for the app. I hope the Talko team can figure out a way to make the voice conversation work through firewalls. I really like what I see inside the app.

Meanwhile... I'm just hoping they don't change the IP address of the server with which my app is communicating!


If you found this post interesting or useful, please consider either:


Comments