Asterisk, and other worldly endeavours.

A blog by Leif Madsen

Posts Tagged ‘sip

Digium D40 and D70 Phone Unboxing

Today I received a couple of phones from Digium; the D40 and D70. I’ll be using these phones for testing and documentation in the 4th edition of Asterisk: The Definitive Guide (which Jim Van Meggelen, Russell Bryant and myself are working on right now).

Here is my unboxing of the phones and some commentary about my initial impressions of the hardware itself.

Pretty boxes!

Phones arrived in some nice looking boxes.

Digium D40

Comes with a little pamphlet to help you get the phones setup on your network.

Comes with all the little things you need to get the phone up and running, including a network cable. I was just using POE to power the phone, so I didn’t end up with the 5VDC power adapter.

Nice looking base. Easy to put onto the phone. Just uses friction to hold the phones on the base. Not sure how well that’ll work over time, but this isn’t something that should be getting attached and detached a lot. The space for cables in the base is also quite large.

Holes to mount to wall. Requires adapter.

Easy access!

Lots of space for my hand to plug in cables. Much nicer than any of the Polycom bases where I usually give up and just remove it.

Boot screen

Booting up with the Digium logo.

Handset hook access

The tab on the back here is well designed so that you don’t require a tool to pull out and flip around. I prefer to have the hook for the handset so it doesn’t fall off the base easily. On the Polycoms (which have the same type of setup) it’s nearly impossible to remove with your fingers

D40 vs IP335 size comparison

.Size comparison between the D40 and IP335.

Digium D70

Open box

Hidden compartment

Back of the D70


I don’t quite get the base with the wall mount holes, but impossible mounting angles on the base. Must have something to do with the manufacturing process and not having separate molds for footing.

Update: Michael pointed out that the A-frame is actually two separate pieces, so with a (separately purchased) piece, you can attach it to the base and make the system wall mountable. With the number of phones I’ve actually wall mounted in deployments (I think the number is only one or two), I think I prefer the 2 options for steep and shallow angles. Neat idea.

Side cut outs for cables that I didn’t even notice the first time through. Michael pointed out they are for cable management. Nice!

Oh my! So much space! Very roomy ūüôā
Side by side comparison of the D70 vs the IP650 w/ sidecar.
Front to back comparison of the D70 vs IP650 w/ sidecar.

Advertisements

Written by Leif Madsen

2012/10/11 at 3:43 pm

Posted in Asterisk, Musings

Tagged with , , , , ,

Recent SIP Attacks from Amazon EC2

Recently (over the weekend and continuing into today) there have been several attacks from Amazon EC2 hosts running scanners looking for open SIP accounts. I’ve gathered a couple of links that I think are useful in knowing more about the attacks, along with methods of stopping the attacks. The Joshua Stein blog has a very clever way of stopping the attacks that impressed me.

http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood

http://www.voiptechchat.com/voip/457/amazon-ec2-sip-brute-force-attacks-on-rise/

http://www.stuartsheldon.org/blog/2010/04/sip-brute-force-attack-originating-from-amazon-ec2-hosts/

Update (2010/04/18): It seems the story has made it at least as far as Slashdot now. I seriously can’t believe the lack of response has gone on for so long. I figured by now we’d have some sort of official story stating that they are searching for the attacker, or that they have been shut down and that additional security precautions have been implemented, but thus far, nothing is being done. The status quo on something like this from Amazon is actually quite surprising.

http://it.slashdot.org/story/10/04/17/2059256/SIP-Attacks-From-Amazon-EC2-Going-Unaddressed

Written by Leif Madsen

2010/04/12 at 7:28 pm

Using a Nokia E71 with Asterisk (3G or WiFi)

There was some talk in one of the IRC chat rooms today about someone trying to get their E61i working with Asterisk. I haven’t had an issue getting that phone or my E71 phone working, but regardless he was having issues. I figured I might as well spend a little bit of time today going through my configuration, both for my own reference, and so that other people can get their Nokia’s setup with Asterisk as well.

I’ll be using the native SIP client, although I’ve had just as good of luck using the Fring application. The advantage to the Fring application is that you can use it with Skype, along with multiple IM clients, and also video! I especially like that the application makes use of the video camera on the front of the phone so that you can use it as a videophone. Using the video on a phone like the iPhone or Nexus One seems useless to me (but I digress!).

First, lets get our Asterisk configuration setup in sip.conf. We’ll need to make sure we’ve setup a realm in sip.conf as our phone will require it. If you don’t, then the default realm is ‘asterisk‘.

sip.conf:

[general]
realm=pbx.my_asterisk_box.com
disallow=all
allow=ulaw
allow=alaw
srvlookup=yes
pedantic=yes
maxexpiry=360
minexpiry=120
defaultexpirey=120
videosupport=yes

[leifmadsen_cell]
type=friend
secret=super_secret_password
context=devices
nat=yes
canreinvite=no
qualify=no
mailbox=100@default
callerid=Leif Madsen <571>
insecure=invite,port
subscribecontext=subscriptions
disallow=all
allow=g729
allow=ulaw
Feel free to change or add whatever options you need for your sip.conf. This is generally what I have working right now. I’ve left out all my domain handling and SIP URI stuff this time around. Maybe I’ll talk about it in another blog post in the future.
OK, back to the task at hand. Now that we have our sip.conf file configured, just run ‘sip reload’ from the Asterisk console, and your settings should be available. You can check to make sure your peer loads up with ‘sip show peers‘ or ‘sip show peer leifmadsen_cell‘ (or whatever you called your configuration.
The next step up is to configure our Nokia device. These settings should likely be the same on both the E61i and the E71, but I’m working from a 400 series firmware on the E71, so your mileage may vary.
Menu > Tools > Settings > Connection > SIP Settings > Options > New SIP Profile > Use default profile

With the new profile created, we need to modify it for connection to our Asterisk system. Starting at the top we have the following fields: Profile name, Service profile, Default access point, Public user name, Use compression, Registration, Use security, Proxy Server, and Registrar Server. We’ll going through each of these and configure the two submenus: Proxy Server and Registrar Server.
Profile name: Anything you want. I called mine “Business Line”
Service profile: IETF
Default access point: Select either a wifi connection or 3G connection. In my case I’m selecting “Rogers Internet”
Public user name: sip:leifmadsen_cell@pbx.my_asterisk_box.com (notice how leifmadsen_cell is the same as what we configured in sip.conf)
Use compression: No
Registration: Always on (you can set this to ‘When needed’ if you only want to place outbound calls via VoIP sometimes)
Use security: No
Proxy Server >
Proxy server address: pbx.my_asterisk_box.com
Realm: pbx.my_asterisk_box.com
Username: leifmadsen_cell
Password: super_secret_password
Allow loose routing: Yes
Transport type: UDP
Port: 5060 (unless you’ve changed this yourself on your Asterisk box)
Back > Registrar server >
(fill this information out exactly like the Proxy server section)
At this point, hit the Back button a couple of times to make sure you phone will register. If you’re still having issues, double check all your configuration options, and potentially restart the phone. With older firmware versions I’ve had issues where if I don’t get it perfect the first time and make a change, I have to restart the phone.
Once we see that we’ve registered the device, we need to enable it from another screen so that we can place and receive calls from Asterisk.
Go back out of the SIP Settings screen to your Connection screen in the Tools menu, then select Internet tel.
By default you will see a screen that says (no Internet telephone settings).
Select the Options button and create a new profile. There will be two fields: Name and SIP profiles. By default the SIP profile field should be selected with Business Line (or whatever you called your SIP connection) automatically. The Name field is currently set to Default, but I just renamed it to VoIP. Feel free to name it anything you want.
Back out of all your menus until you get back to the main screen. You should see an icon in the upper-right hand corner that looks like a telephone hand set on top of a globe. At this point, try dialing one of the extensions on your Asterisk server to see if things are working! I like to try calling my voicemail as it lets me test DTMF as well.
Below is a (modified) INVITE from the E71 showing what you’ll see when the request comes from the phone. The most interesting part is the SDP portion which shows us which codecs the device supports and offers. In the case of the phone and firmware combination I’m using, I can use G.711 ulaw and alaw, G729, and iLBC.
INVITE sip:8500@pbx.my_asterisk_server.com;user=phone SIP/2.0
Route:
Via: SIP/2.0/UDP 10.10.10.84:5060;branch=z9hG4bKlq60dckmalhc6vap06nosen;rport
From: ;tag=mh5gdciapphc6m6506no
To:
Contact:
Supported: 100rel,sec-agree
CSeq: 1252 INVITE
Call-ID: rdw6Iy8zoIfKxg6LzJ7FSPdgBvIb8y
Allow: INVITE,ACK,BYE,CANCEL,REFER,NOTIFY,OPTIONS,PRACK
Expires: 120
Privacy: none
User-Agent: E71-2 RM-346 400.21.013
P-Preferred-Identity: sip:leifmadsen_cell@pbx.my_asterisk_server.com
Max-Forwards: 70
Content-Type: application/sdp
Accept: application/sdp
Content-Length: 447

v=0
o=Nokia-SIPUA 63437257072703500 63437257072703500 IN IP4 10.10.10.84
s=-
c=IN IP4 10.10.10.84
t=0 0
m=audio 49152 RTP/AVP 96 0 8 97 18 98 13
a=sendrecv
a=ptime:20
a=maxptime:200
a=fmtp:96 mode-change-neighbor=1
a=fmtp:18 annexb=no
a=fmtp:98 0-15
a=rtpmap:96 AMR/8000/1
a=rtpmap:0 PCMU/8000/1
a=rtpmap:8 PCMA/8000/1
a=rtpmap:97 iLBC/8000/1
a=rtpmap:18 G729/8000/1
a=rtpmap:98 telephone-event/8000/1
a=rtpmap:13 CN/8000/1

So beyond that, there shouldn’t be anything else you need to do. Using the same configuration in sip.conf for Asterisk should also work with Fring. Perhaps I’ll create another blog post in the future about using Fring with E71 if there is interest in that. Anyone who wants to try testing out some video calls through my Asterisk box using their Fring video enabled phone, just let me know offline and we’ll set something up!

Written by Leif Madsen

2010/03/19 at 11:28 am

Musings about ENUMplus and ISNs

Recently I’ve been playing around with a couple of technologies that I haven’t used in quite a while; ENUM and ISN. First, a little information on what these technologies are about.

ISNs and ITADs

First, lets talk about ISN (ITAD Subscriber Number) and ITAD (Internet Telephony Administrative Domain). I think the http://www.freenum.org website does a good job of succinctly describing the problem attempting to be addressed:

“The Freenum/ISN system is 12-digit-keypad (telephone handset) friendly method of providing mapping between users. While the eventual use of email-style URI pointers is the eventual goal for communications identifiers, it is still the case that the majority of the world’s telephony users are trapped using a 12-digit keypad for extended numeric entry, and it is for the purposes of these devices that the Freenum system and ISN dialing was designed as a “stopgap” which may last many years. Using ENUM-like methods and IETF standards but not using telephone numbers, the Freenum/ISN dialing system is designed to initially allow SIP-capable proxies and iPBX systems to connect to each other in a free, open, and protocol agnostic manner over the Internet. Initially focused on SIP voice communications, the platform is hoped to eventually extend to other communications methods as those protocols become more widespread.” — freenum.org

An ISN is a number that looks like:  100*460

The ITAD part of that ISN is the number 460 where you can think of the 460 as the domain. If we used an email address (or SIP URI for that matter) as an example, we’d have something like leif@leifmadsen.com where leifmadsen.com would be the domain, and the number 460 would be the equivalent of that. The number 100 would be the unique identifier within that domain, which would represent ‘leif’ prior to the email ‘at’ symbol. And finally, you can think of the asterisk in the ISN as the ‘at’ symbol (@) in the ISN. We could then read 100*460 as “extension 100 at ITAD 460”. And the 100*460 would then map to the SIP URI of sip:leif@leifmadsen.com (for example).

This allows a stopgap measure of permitting traditional telephony devices to dial VoIP addresses from their keypad. Because of the nature of VoIP and how a simple URI can actually ring multiple devices, enter into a queue, or an auto-attendant, it doesn’t always make sense to utilize a telephone number to represent a SIP URI (see more information about this below in the ENUM section). Perhaps you are a small company with approximately 20 devices, but only 2-3 phone numbers. It doesn’t make sense to obtain multiple phone numbers for your company just as a method of dialing a SIP URI from a traditional keypad. In this way, you can assign numbers any which way it makes sense in your company with ISNs.

The company with 20 extensions could then assign ISNs to each device such as: ¬†201*460, 202*460 … 220*460. The operator could be 0*460, and perhaps the auto-attendant could be 1*460. There are no set mechanisms or best practices (yet), but as time evolves, perhaps these will come to fruition.

I’m not sure if ISNs will catch on with the general public, as historically things like ENUM and other services of this nature haven’t progressed as much as they likely should, but the idea is sound, and certainly makes more sense to me than having to remember several phone numbers for each extension or location.

As this is simply an overview about ISNs, I’ll stop here. Future articles will delve into the configurations and testing for outbound and inbound calls with Asterisk, setting up DNS, etc. For now, see the http://freenum.org website for more information about configuring these aspects. Unfortunately the Asterisk information is out of date (in terms of utilizing the best features of the dialplan). I’d be happy to update the information if enough requests and interest is generated.

ENUMplus

ENUMplus (http://www.enumplus.org) is a site which takes the information from several ENUM databases and allows you to perform a single lookup using cURL. Since there is a lot of technology going on in that sentence, lets step back and define each of these aspects.

I think the wikipedia entry about ENUM does more justice about what it is than what I could do, so lets quote a resource ūüôā

Telephone number mapping is the process of unifying the telephone number system of the public switched telephone network with the Internet addressing and identification name spaces. Telephone numbers are systematically organized in the E.164 standard, while the Internet uses the Domain Name System for linking domain names to IP addresses and other resource information. Telephone number mapping systems provide facilities to determine applicable Internet communications servers responsible for servicing a given telephone number by simple lookups in the Domain Name System.

The most prominent facility for telephone number mapping is the E.164 NUmber Mapping (ENUM) standard. It uses special¬†DNS record types to translate a telephone number into a¬†Uniform Resource Identifier or IP address that can be used in Internet communications.” — wikipedia entry at http://en.wikipedia.org/wiki/Telephone_Number_Mapping

And cURL is a technology that allows you place a request via a website, and have information returned. It is most typically used by programmers to get information from a website without having to parse through the entire site.

So by marrying these two technologies, ENUM and cURL together, ENUMplus has created a one-stop-shop for performing ENUM lookups. By performing an ENUM lookup prior to placing a call from your Asterisk system, is that if a telephone number has been registered with one of the ENUM organizations and has a SIP URI to point to, then we can utilize that SIP URI instead of calling over the PSTN, which can save toll costs, and free up a circuit for other calls.

I originally wrote a section of dialplan while testing out the service (which is very quick!) and added it to the ENUMplus wiki page for the configuration of Asterisk 1.6 systems. Originally I had this done as a separate path for dialing that would utilize a prefix of 7 prior to dialing out in order to do an ENUM lookup, and then you could dial without the prefix if you didn’t want the lookup (or if the lookup failed). I’ve since realized that this method is the wrong approach for obvious reasons (who wants to dial the number twice?), so I have since modified my dialplan to always utilize ENUM lookups prior to placing a call via the PSTN.

I want to show you the following example from my dialplan, which I’ll eventually clean up and add to the ENUMplus wiki.

exten => _+1NXXNXXXXXX,1,Set(X=${EXTEN:1})
exten => _+1NXXNXXXXXX,n,Goto(setCID,1)
exten => _+NXXNXXXXXX,1,Set(X=1${EXTEN:1})
exten => _+NXXNXXXXXX,n,Goto(setCID,1)
exten => _1NXXNXXXXXX,1,Set(X=${EXTEN})
exten => _1NXXNXXXXXX,n,Goto(setCID,1)
exten => _NXXNXXXXXX,1,Goto(1${EXTEN},1)

exten => setCID,1,NoOp()
exten => setCID,n,Set(CALLERID(name)=LM Enterprises)
exten => setCID,n,Set(CALLERID(num)=4164790259)
exten => setCID,n,Goto(lookup,1)

exten => lookup,1,Verbose(2,Looking up direct dial via ENUM from ENUMPlus: ${X:1})
exten => lookup,n,Playback(silence/1&doing-enum-lookup)
exten => lookup,n,Set(CURL_RESULT=${CURL(${GLOBAL(G_ENUMPLUS_API)}/${X:1},key=${GLOBAL(G_ENUMPLUS_KEY)})})
exten => lookup,n,GotoIf($[${ISNULL(${CURL_RESULT})}]?no_result,1)
exten => lookup,n,Goto(dial,1)

exten => dial,1,Verbose(2,Lookup returned:  ${CURL_RESULT})
exten => dial,n,Playback(enum-lookup-successful)
exten => dial,n,Dial(${CUT(CURL_RESULT,|,1)},30)
exten => dial,n,Hangup()

exten => no_result,1,Verbose(2,ENUMPlus returned no data.)
exten => no_result,n,Playback(silence/1&enum-lookup-failed)
exten => no_result,n,Set(OUTBOUND_ROUTE=SIP/${DEFAULT_ITSP_ROUTE})
exten => no_result,n,Dial(${OUTBOUND_ROUTE}/${X})
exten => no_result,n,Hangup()

Written by Leif Madsen

2010/02/19 at 10:38 am

Posted in Asterisk, Musings

Tagged with , , , , , , ,

Load testing SIP registrations with SIPp

Today I had a need to go and load a bunch of registrations into Asterisk for a bug I was working on. Since I’ve had this need a couple of times now, and I keep going and having to redevelop it, I think I’ll just write about it here, and then when I need it again, I can just look it up. Maybe this will be useful for someone else as well.

First of all, this is all based on the post I found on the SipX wiki. You can read the page I based this all off of here. Lots of good info there. All I’m really adding of value is the PHP scripts I used to generate the peers in the database, and the register_client.csv file.

First, lets load a bunch of peers into Asterisk. I’m loading peers numbered 101 –> 199.

<?php

if (!$link = mysql_connect('localhost','asterisk','asterisk')) {
	echo "Could not connect\n";
	die(mysql_error());
}

if (!mysql_select_db('asterisk',$link)) {
	echo "Could not get into database\n";
	die(mysql_error());
}

for($counter = 100; $counter <= 199; $counter++) {
	$sql = "INSERT INTO sipfriends (type,name,username,secret,context,canreinvite,nat,host,mailbox,dtmfmode,disallow,allow) VALUES ('friend','$counter','$counter','welcome','start','no','yes','dynamic','$counter@default','rfc2833','all','ulaw')";
	echo $sql."\n";
	$result = mysql_query($sql,$link);
	if (!$result) {
		echo "DB error " . mysql_error();
		exit;
	}
}

mysql_close($link);

?>

Next, we need to generate the register_client.csv file in order to tell SIPp which peers to authenticate, and how.

<?php

$myFile = "register_client.csv";
$fh = fopen($myFile, w);

for ($counter = 100; $counter <= 199; $counter++) {
	$data = "$counter;example.com;&#91;authentication username=$counter password=welcome&#93;;\n";
	fwrite($fh, $data);
}

fclose($fh);

?>

And finally, here is the line used to send a bunch of registrations to Asterisk. If you want to do a load test, you may need to adjust the numbers so it does a better job of “blasting” the end point you want to test.

sipp -sf register_client.xml -inf register_client.csv -r 10 -trace_err -trace_stat -nd -fd 1 -i <source_ip> <destination_ip>

If you have any questions, just ask, and I’ll try to comment here. This post is potentially light on specifics since these are notes for my future reference.

Written by Leif Madsen

2009/07/29 at 11:34 am

Posted in Asterisk

Tagged with , , , ,