Fixing My Apartment Door Buzzer

Posted in Personal on Nov 27, 2019 by Zach Schneider

The door buzzer system for my apartment building utilizes a landline phone to grant access to the building without having to run downstairs to let visitors in. The problem with that, is that I don't subscribe to a POTS (Plain Old Telephone Service) line, and I don't have a "landline phone." The easy solution to this would be to pickup a cheap landline phone and plug it into the wall. However, the better solution would result in being able to answer the door from anywhere using my cell phone, and additionally providing a way for trusted individuals to use a PIN to open the door without me ever picking up the phone.

Hardware

All I needed for this project was a Grandstream HT813 ATA. Not just any ATA will work, because an FXO (Foreign Exchange Office) port is required and most ATAs only have an FXS (Foreign Exchange Subscriber) port. The phone jack on the wall gets connected to the ATA with a regular old phone line, as well as an ethernet cable for network access.

Setup

The HT813 is capable of forwarding all POTS calls to a VoIP service, using a setting called Unconditional Call Forward to VoIP. I setup an application using Plivo, and enabled it's public URI which I then used as the destination for all incoming POTS calls on the HT813. The ATA has two ethernet ports, so it can act as a router. I've disabled DHCP on the LAN port, and bridged both ports in case the ethernet cable gets plugged into the wrong port. I also disabled SSH access and TR-069 for better security.

FXO Port

The FXO port needs SIP credentials in order to connect to the Call Forwarding service configured earlier.

Some other settings that are important for the FXO port:

Setting Value
SIP Register false
Number of Rings 2
PSTN ring thru FXS false
PSTN ring thru delay 1
Wait for dial tone false
Stage method 1

Software

I use Plivo for all my SIP applications because they have an simple API and relativley cheap pricing.

When someone enters my suite number, the door buzzer rings the ATA which then transfers the call using VoIP to the SIP application I've setup with Plivo. The application announces that it is connecting the call to the suite, which gives the person enough time to punch in their access code using the numberpad on the door buzzer. If the code is correct, it sends a DTMF tone (the number 9) to the buzzer system which unlocks the door. I currently get an email with the PIN used to enter everytime one is used. If the application doesn't get a code, it makes outbound calls to numbers that I've specified. In my case, that's my cell phone and VoIP phone in the apartment. If I answer the call on my cell phone, I can confirm the identity of the person who dialed my suite number and press 9 to grant them access to the building.

Security

I'm not worried about security with this setup. A call must first be placed from the door buzzer panel, so there's little risk of remotly unlocking the door. The front door buzzer doesn't have audible DTMF tones when numbers are pressed, which makes recording the audio and determining the code difficult. I use codes that are longer than 6 digits, witch makes bruteforcing the PIN far more difficult (and someone would notice before too long, as the buzzer speaker is loud).

Closing Thoughts

  • This setup relies on my home internet having 100% reliability, and while it's been close to that so far (except when I've caused the issues), I wouldn't want to leave without my front door key.
  • I could add a Raspberry Pi or similar SBC and run an Asterisk instance to acomplish the same functionality.
  • I'll work on migrating the code from PHP to Python/Django and adding a simple web interface to manage the numbers/endpoints that are dialed, the PINs, and access logs.
  • The web interface could also generate the configuration XML for the HT813 by exposing a provisioning URL, username, and password to connect. Those credentials could be entered into the HT813, which means configuration changes would be simplified. The Plivo API would then be used to generate the SIP endpoint credentials that the HT813 uses, without me ever hving to see them.
  • I could add brute force protection for the PINs by disabling that feature if there's too many attempts in a period of time, leaving only the cell/VoIP phone methods.