Categories
Blog Services Support

ISDN Switch Off 2025

It’s the biggest and most important modernisation of the public phone network ever, and your business needs to check and may need to make changes to ensure a smooth transition

In 2017 BT announced it intended to Switch Off ISDN and PSTN by the end of 2025. From September 2023 new ISDN lines will not be available for purchase. Businesses must make alternative plans and migrate all ISDN / PSTN channels or they will be without a telephony service. All equipment that currently uses the PSTN will stop working: such as alarms, elevator phones, EPOS machines, door entry systems etc

There are four options, all suitable for businesses ranging in size from as few as 3 employees to many thousands of employees. All you have to do is decide which is the best fit for you

Option 1: Adapt What You Have

Extend the life of your current phone system by connecting it to the internet. This is simply done by adding hardware known as a VoIP Gateway and a link known as a SIP Trunk, which uses your existing Internet connection. It’s easy, affordable, and users notice no difference – no new cables, no new handsets, no new training.

Option 2: Blend It All Together

Mix options 1, 2, and 3 to suit your needs. For example, an on-premise system at your head office, and a cloud-based system serving your remote sites. Or connect a cloud-based unified communications platform to an on-premise VoIP Gateway or SIP Trunk-powered system. Whatever the blend, enjoy the same seamlessly-integrated user experience.

Option 3: Upgrade What You Have

Replace your installed on-premise system with the latest feature-rich digital technology known as a Unified Communications (UC) Platform; this can be installed on your site as hardware or software, fully under your control. All your telephony now on the internet, but also seamlessly aligned with your email, messaging, and chat applications via an easy-to-use, easily accessible user interface. Plus, it can all be replicated on employees’ desktop computers, laptops and mobile devices for super-convenience.

Option 4: Migrate To The Cloud

Follow hundreds of millions of organisations worldwide by replacing your on-premise system with a powerful, cloud-powered Unified Communications (UC) solution. All your calls, email, chat, and messaging now via the internet; limitless ability to add the latest new features at will; and pay monthly, only for the services you use.

Sangoma have produced a useful Webinar: “How To Prepare For The Great British ISDN Switch Off”Webinar Recording: “How To Prepare For The Great British ISDN Switch Off”

If you have any questions or need advice email or call us.

Categories
Blog Knowledge Base Products and services Support

Changes to help reduce smishing and SMS fraud

UK regulators have implemented changes to help reduce smishing and SMS fraud incidents.

As a reminder, effective immediately, application-to-person (A2P) SMS messages sent to the UK from Alphanumeric Sender IDs that contain special characters will be blocked. 

The following characters are allowed:

  • A to Z (upper and lowercase)
  • 0 to 9 
  • – (dash)
  • _ (underscore)
  • ‘ ‘ (space)
  • & (ampersand) 

Any special characters outside of the list above will be blocked (example: “+” or “@”).

Effective October 31, 2023, application-to-person (A2P) SMS messages sent to the UK from the following list of generic Alphanumeric Sender IDs will be blocked.

Note: Combinations of these generic Alphanumeric Sender IDs are allowed (for example, “Smith Bank” or “Border Control” are both allowed.
 

1TimePin2FAAcceptAccessAccountActiveAdmin
AdviseAlertAllowAllowanceAppAppointmentApprove
ApprovedAuthAuthMSGAuthoriseAuthSMSAwareBank
BankingBillBillingCallCardCautionCertify
CheckCloudOTPCodeCollectCollectionConfirmContact
ControlCourierDelayDeliverDeliveryDiscountEnergy
FraudHelpInfoInfoSMSISAKeyLoan
LoginLogisticsLogMeInLogonMalwareMessageMobile
MortgageMSGMsgAuthNetworkNoReplyNotifyOneTimePin
OrderOTPOTPSMSPackageParcelPayPayment
PinPinCodePostProtocolPurchaseRatifyRebate
ReceiptRefundReminderRepaymentReplyRespondSave
SavingSavingsScamScheduleSecureSecurityService
ShippingSignSigninSignonSMSSMSAuthSMSCode
SMSInfoSMSOTPSMSVerifySupportSystemTextTrace
TrackTrackingTrustTXTUpdateUpdatesValidate
VerifyVerifySMSVerifyMeVirusWarnWarningWinner

What do you need to do?

Avoid using special characters in your Alphanumeric Sender IDs and use a non-generic Alphanumeric Sender ID to send messages in the UK to avoid message disruption following the steps below:

  1. If you’re using a Messaging Service, update your generic Alphanumeric Sender ID by reviewing your suppliers guide on Using Alphanumeric Sender ID with Messaging Services.
  2. If you’re specifying your Alphanumeric Sender ID directly in your API request, update the “From” parameter in your application code with a non-generic Alphanumeric Sender ID.

What if you don’t take action?

There’s no action for you to take. SMS messages sent to the UK from generic Alphanumeric Sender IDs or Sender IDs that contain special characters will be blocked and return an error code.

Categories
Blog FreePBX Products and services Software

FreeStats

FreeStats is a re-write and expansion of the original call center stats package from Asternic giving it a fresh look and some additional features requested by users including CDRs, Search and Administrator login.

The statistics are now ‘live’ as the system uses mysql storage of queue records and not the parsing of the logfile that in the case of the original package had to be “Cron’d”

The screenshots of the package here show the refreshed user interface and additional pages.

The Search function lets you search the DB for the call uniqueID or callerID number then displaying all items in the queue logs and the realtime page is rewritten to work with modern Asterisk versions and the updated versions of AMI and Ajam for control of agents.

The package for downloading includes full installation instructions that can be viewed here and sql file for creating the mysql DB. An additional option is to limit access to the application by changing the config.php so that the Administrator logins can be used for allowing access to the system.

The code is opensource and your free to make changes or if you like it consider buying me a coffee.

Download the Source here

Categories
Blog FreePBX Software

A Web based call management package for small Hotels and Serviced offices

FreeHMS is a web based call management package for small Hotels, Guest Houses and managed offices. It is designed to work with FreePBX and Asterisk.

It allows owners to bill guests or users for the phone usage allowing guests to make calls, setup wakeup calls and access voicemail. Rooms are initially blocked from calling other rooms but can call Admin extensions with out being checked in. When a room is checked in they can make trunk calls and set up wakeup calls. When checking out any wakeup calls are removed and the voicemail is defaulted and all Voicemail messages are deleted.

Setting up the system is simple for Installer with minimal changes to the dialplan which are included in the custom configuration file. The system can be set to any language as all text is from a single configuration file which also includes currency and tax rate for billing. Users are created in FreePBX user admin so are easily changed and added.

Call rates are set using the rates page only available to the Admin users

Administration is simple and password controlled using the ‘User Managment’ module of Freepbx so changes to rates and rooms can only be carried out by the admin users, Reception users can log guests in and out, Create Bills and mark rooms for cleaning as well as set or cancel wakeup calls, The Housekeeping login only allows setting of rooms clean or not*. If a room is not marked as clean then that room cannot be checked in.

The software is fully web based and can be used on PC, Mac, Tablet or even smartphone.

The software is opensource and can be customised to suit most customers.

Features Include:

Checkin /Checkout

Billing : Rates are set by the admin user only, Bill can printed with relevant sales tax added.

Cleaning : Rooms are marked unclean on checkout and can only be checked in when marked as clean by reception or the cleaning staff. A cleaning list can be printed off for stall without a tablet or smartphone.

The software is here to download  and as its released as OSS you can modify and extend it as you wish

If you just want the software its free to download,  Limited email support will be available, All we ask is if you add a feature or make a change let us have it so everyone can benefit from it.

Finally if there is a feature you want let us know how we can work with you to make it come about.

If you do download and like it, maybe think about buying me a coffee

Categories
Asterisk Support Blog Elastix Support FreePBX Knowledge Base Security

Keeping the Bots out and allowing your friends in

Since this post was originally written things have advanced, FreePBX has an integrated firewall with intrusion detection using Fail2Ban, and this should always be enabled even if system is on premise.

Another major step forward in protection is APIBAN this is a client program that helps prevent unwanted SIP traffic by identifying addresses of known bad actors before they attack your system. Bad bots are collected through globally deployed honeypots. To use APIBAN you will need a key these are obtained from here . More details on API ban are here if you are interested in using it in different situations.

To simplify installation on Freepbx based systems I have simple script that downloads and install it, this can be downloaded here or from the command line of the server as follows:

wget https://freeaccesspublic.s3.eu-west-2.amazonaws.com/apiban.sh
Make it an executable : chmod +x  apiban.sh
then run the script : ./apiban.sh your_api_key

If you dont add your APIKEY on the command line vi will open and you can add it manually. The script will then initially run the client which will take a few seconds to download the initial set of bots, then it will add a line to the crontab file and restart the cron daemon. the timing of the cronjob is randomised to be between every 4 and 22 minutes.

We have seen many Bots attacking Asterisk servers, Interestingly its not always good old sipvicious anymore but a Windows program called sipcli and originating mainly from the US and Germany.

Normally our iptables firewalls are updated but for some reason these keep getting through, So we have now based rules on the User-Agent in iptables as well

Here are a few examples to get rid of many of the favourites

-A INPUT -p udp -m udp --dport 5060 -m string --string "User-Agent: friendly-scanner" --algo bm --to 65535 -j DROP
-A INPUT -p udp -m udp --dport 5060 -m string --string "User-Agent: sipcli" --algo bm --to 65535 -j DROP
-A INPUT -p udp -m udp --dport 5060 -m string --string "User-Agent: sipvicious" --algo bm --to 65535 -j DROP
-A INPUT -p udp -m udp --dport 5060 -m string --string "User-Agent: VaxSIPUserAgent" --algo bm --to 65535 -j DROP

For Freepbx format add following to the Firewalls custom rules


-A fpbxreject -p udp --dport 5060:5261 -m string --string "REGISTER sip:server.domain.co.uk" --algo bm -j ACCEPT
-A fpbxreject -p udp --dport 5060:5261 -m string --string "REGISTER sip:" --algo bm -j DROP
-A fpbxreject -p tcp --dport 5060:5261 -m string --string "REGISTER sip:server.domain.co.uk" --algo bm -j ACCEPT
-A fpbxreject -p tcp --dport 5060:5261 -m string --string "REGISTER sip:" --algo bm -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "sip:a'or'3=3--@" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: PolycomSoundPointIP SPIP_550 UA 3.3.2.0413" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: Avaya IP Phone 1120E" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: Cisco-SIPGateway/IOS-15.2.4.M5" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: PolycomVVX-VVX_401-UA5.4.1.18405" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: eyeBeam release 3006o stamp 17551" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: owenee" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: owenee" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: Custom" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: Custom" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: SIP" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: SIP" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: gazllove" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: gazllove" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: pplsip" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: pplsip" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: sipcli" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: sipcli" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: sipvicious" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: sipvicious" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: sip-scan" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: sip-scan" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: sipsak" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: sipsak" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: sundayddr" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: sundayddr" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: friendly-scanner" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: friendly-scanner" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: iWar" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: iWar" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: CSipSimple" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: CSipSimple" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: SIVuS" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: SIVuS" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: Gulp" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: Gulp" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: sipv" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: sipv" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: smap" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: smap" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: friendly-request" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: friendly-request" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: VaxIPUserAgent" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: VaxIPUserAgent" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: VaxSIPUserAgent" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: VaxSIPUserAgent" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: siparmyknife" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: siparmyknife" --algo bm --to 65535 -j DROP
-A fpbxreject -p udp -m udp --dport 5060:5261 -m string --string "User-Agent: Test" --algo bm --to 65535 -j DROP
-A fpbxreject -p tcp -m tcp --dport 5060:5261 -m string --string "User-Agent: Test" --algo bm --to 65535 -j DROP

Also its worth adding these ranges as little good will ever come from them

# Ponytelecom ranges
-A INPUT -s 62.210.0.0/16 -j DROP
-A INPUT -s 195.154.0.0/16 -j DROP
-A INPUT -s 212.129.0.0/18 -j DROP
-A INPUT -s 62.4.0.0/19 -j DROP
-A INPUT -s 212.83.128.0/19 -j DROP
-A INPUT -s 212.83.160.0/19 -j DROP
-A INPUT -s 212.47.224.0/19 -j DROP
-A INPUT -s 163.172.0.0/16 -j DROP
-A INPUT -s 51.15.0.0/16 -j DROP
-A INPUT -s 151.115.0.0/16 -j DROP

# VITOX TELECOM
-A INPUT -s 77.247.109.0/255.255.255.0 -p udp -j DROP 
-A INPUT -s 185.53.88.0/24 -p udp -j DROP 
-A INPUT -s 185.53.89.0/24 -p udp -j DROP 
-A INPUT -s 37.49.224.0/24 -p udp -j DROP 
-A INPUT -s 37.49.230.0/24 -p udp -j DROP 
-A INPUT -s 37.49.231.0/24 -p udp -j DROP 
-A INPUT -s 77.247.110.0/255.255.255.0 -p udp -j DROP
Categories
FreePBX Knowledge Base Security Support Technical

Freepbx 15 /16 module exploits. Action required

If you have any Freepbx 15 servers you need to check the restapps and userman modules
https://community.freepbx.org/t/0-day-freepbx-exploit/80092

you need to make sure you are running at LEASTrestapps 15.0.20 and userman 15.0.67 anything newer use scripts below to downgrade 

Now fixed versions in repositories

Useman 15.0.67 is the fix version

[root@pbx ~]# fwconsole ma list |grep userman
| userman | 15.0.67 | Enabled | AGPLv3+ |
[root@pbx ~]# crontab -l -uasterisk |grep userman
*/15 * * * * [ -e /usr/sbin/fwconsole ] && sleep $((RANDOM\%30)) && /usr/sbin/fwconsole userman --syncall -q

For restapps see https://wiki.freepbx.org/display/FOP/2021-12-21+SECURITY%3A+Potential+Rest+Phone+Apps+RCE

But fixed version is

  • > restapps v15.0.20
  • > restapps v16.0.19


Simple scripts to check and update are 

fwconsole ma list |grep restapps
Anything older than 15.0.20

fwconsole ma downloadinstall restapps --tag 15.0.20
fwconsole ma list |grep restapps
fwconsole chown
fwconsole r

and 

In the userman reversion note that you need to install again after the downloadinstall , This removes the offending line from crontab

fwconsole ma list |grep userman
crontab -l -uasterisk |grep userman

The above checks the cron jobs for the offending line then if older than 15.0.67 then update as below

fwconsole ma downloadinstall userman --tag 15.0.67
fwconsole ma install userman
fwconsole chown
fwconsole r
Categories
Asterisk Support Knowledge Base Products and services Technical

Gradwell IP Address ranges

At Gradwell, they send internet traffic from different addresses (known as IP addresses) to allow their telephony systems to work smoothly. Below is the list of IP addresses where their VoIP (Voice over IP) traffic will come from. It’s important that your firewall allows traffic from these addresses however they recommend you don’t set it to allow only from these, just that they are included.

The reason they say don’t allow only these addresses is that there network is dynamic and may shift or new items added and we don’t want this to affect your service.

There are a couple of things you should do to ensure you get the most from the Gradwell Voice services:

  • Check your firewall filtering – is there anything being excluded?
    • If yes – Allow the IP range traffic – this will most likely be in your firewall settings or tools (they all differ so they can’t exactly point you there)
    • If no – you’re good to go
  • If you use UDP traffic then you’ll need to allow Media ports (known as RTP) with the numbers 1024 to 65535

Current ranges as of summer 2021

109.224.232.0/22 109.224.232.0 to 109.224.235.255
109.224.240.0/22 109.224.240.0 to 109.224.243.255
109.239.96.132/31 109.239.96.132 to 109.239.96.133
141.170.24.21/31 141.170.24.21 to 141.170.24.22
141.170.24.5/31 141.170.24.5 to 141.170.24.6
141.170.50.16/28 141.170.50.16 to 141.170.50.31
185.47.148.0/24 185.47.148.0 to 185.47.148.255
194.145.188.224/27 194.145.188.224 to 194.145.188.255
194.145.189.52/31 194.145.189.52 to 194.145.189.53
194.145.190.128/26 194.145.190.128 to 194.145.190.191
194.145.191.128/27 194.145.191.128 to 194.145.191.159
195.74.60.0/23 195.74.60.0 to 195.74.61.255
213.166.3.128/26 213.166.3.129 - 213.166.3.190
213.166.4.128/26 213.166.4.129 - 213.166.4.190
213.166.5.0/24 213.166.5.0 to 213.166.5.255
78.40.243.192/27 78.40.243.192 to 78.40.243.223
87.238.72.128/26 87.238.72.128 to 87.238.72.191
87.238.73.128/26 87.238.73.128 to 87.238.73.191
87.238.74.128/26 87.238.74.128 to 87.238.74.191
87.238.77.128/26 87.238.77.128 to 87.238.77.191

To simplify things a bit listed below are the ranges in common formats.

Rules for Freepbx Custom file “firewall-4.rules”

-A fpbxreject -s 109.224.232.0/22 -p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s 109.224.240.0/22 -p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	109.224.222.16/28	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	109.224.232.0/22	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	109.224.240.0/22	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	109.239.96.132/31	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	141.170.24.20/30	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	141.170.24.5/31	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	141.170.50.16/28	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	185.47.148.0/24	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	194.145.188.224/27	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	194.145.189.52/31	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	194.145.190.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	194.145.191.128/27	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	195.74.60.0/23	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	212.11.68.144/28	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	213.166.2.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	213.166.3.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	213.166.4.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	213.166.5.0/24	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	78.40.243.192/27	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	87.238.72.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	87.238.73.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	87.238.74.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A fpbxreject -s	87.238.77.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT

Rules for IPtables file

-A INPUT -s 109.224.232.0/22 -p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s 109.224.240.0/22 -p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	109.224.222.16/28	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	109.224.232.0/22	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	109.224.240.0/22	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	109.239.96.132/31	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	141.170.24.20/30	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	141.170.24.5/31	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	141.170.50.16/28	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	185.47.148.0/24	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	194.145.188.224/27	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	194.145.189.52/31	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	194.145.190.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	194.145.191.128/27	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	195.74.60.0/23	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	212.11.68.144/28	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	213.166.2.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	213.166.3.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	213.166.4.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	213.166.5.0/24	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	78.40.243.192/27	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	87.238.72.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	87.238.73.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	87.238.74.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
-A INPUT -s	87.238.77.128/26	-p udp -m udp --dport 4569:5270 -j ACCEPT
Categories
Blog FreePBX Knowledge Base

Running Subroutines on answer for Queues

Some years ago we wrote a post on running macros on queue answer here. this was very useful for integration with backends, At the time we raised a feature request to get it added to Freepbx, But this never happened.

Now the variable QGOSUB is in the dialplan for freepbx queues, But still there is no way of setting this in a default freepbx installation and it requires a snip-it of custom dialplan that is called from freepbx by a ‘custom destination’ . For example at its simplest the dialplan to set it could be :-

[qmacro-set]
exten => .,1,Noop(ians test) 
exten => .,n,Set(_QGOSUB=ians_routine) 
exten => .,n,Goto(app-daynight,1,1)  

and this sets the variable for all channels in this call, and when the Queue command is run in the default freepbx dialplan

Queue(9471,${QOPTIONS},,${QAANNOUNCE},${QMAXWAIT},${QAGI},,${QGOSUB},${QRULE},${QPOSITION})  

This allows simple or more complicated routines to be run. For example sending an email on answer which was a request we had that caused us to revisit this.

[ians_routine]
exten = s,1,Set(origtime=${EPOCH})
exten = s,n,Noop(${CHANNEL})
exten = s,n,Set(Agent11=${CUT(CHANNEL,@,1)})
exten = s,n,Set(Agent12=${CUT(Agent11,/,2)})
exten = s,n,Noop(${Agent11} , ${Agent12} )
exten = s,n,Set(fulltime=${STRFTIME(${EPOCH},,%d%m%Y-%H:%M:%S)})
exten = s,n,system(echo "There has been a call , Callers Details: ${CALLERID(number)} ,  ${CRM_SOURCE} , Date and Time: ${fulltime} ,  Agent: ${Agent12} ,Timestamp: ${origtime} , Queue Number: ${QUEUENUM} " | mail -s "failed recall at ${fulltime}" email@address.com)
same = n,Return()

If you think that you would like to be able to set this variable in the freepbx gui give it a vote https://issues.freepbx.org/browse/FREEPBX-22274

Categories
Covid-19 System Status

Covid 19 update June 2020

Coronavirus: service updates and supplier information

03 APRIL 2020

Last updated: 17:00 5 June 2020

This page contains important updates from us and our suppliers that may affect our partners or customers during this unprecedented time. We’ve also included useful links and support information and a full breakdown of any service updates as we have them. This will continue to be updated at least once a day, so please check back here regularly.

Key points:

BT Openreach (who help us supply internet connectivity services) have advised that provision and repair of their services are now on a “best endeavours” basis only across the UK and will impact almost all connectivity products: DSL, Ethernet, FTTC, FTTP, FIBRE, PSTN, ISDN2, ISDN30, LLU and SMPF

Openreach will be assisting providers to bring forward certain WLR and MPF new line installs to an earlier date. They will be contacting customers directly to try to agree an earlier install date to complete the work on behalf of the Provider.

Priority restoration of services will only take place for organisations deemed “critical”, including NHS, pharmacies, utilities etc (full list below)

Ongoing repairs will continue for all, but with priority given to critical organisations and customers deemed “at risk” and you will now be asked if you are an “At Risk Customer” or “suffering COVID-19 Symptoms” before they assess priority of restoration

All newly-appointed provisioning will be pushed back to Monday 1st June 2020 at the earliest

All other Gradwell products (Wave, 3CX, SIP Trunks etc) remain unaffected with the exception of number porting, which may be delayed

Openreach/BT have declared that the current situation they and we are all facing is a matter beyond their control in light of COVID-19.

As such, appointments for provision and repair are on a best endeavours basis only, this covers everyone nationwide and will impact the following products that we provide: DSL, Ethernet, FTTC, FTTP, FIBRE, PSTN, ISDN2, ISDN30, LLU MPF and SMPF, including adjustment of orders.

Fault Repair

During this time, priority and restoration of services will take place for critical functions only, such as NHS, pharmacies, utilities, emergency services, retail and wholesale food distribution outlets and financial services. This also applies to customers deemed “at risk”.

Ongoing repairs to the BT/Openreach infrastructure will continue, but with high priority focus being on the above-mentioned critical core services ahead of all others. You will be asked by Gradwell if anyone is deemed within the building or location is considered at “at risk” of exposure to Covid-19:
Customer meets criteria for repair and IS symptomatic
Customer meets criteria for repair and IS NOT symptomatic

Ongoing repairs to the BT/Openreach infrastructure will continue, but with high priority focus being on the above-mentioned critical core services ahead of all others. We appreciate your patience during these times, and we’re sure you understand that the protection and restoration of core services is paramount to sustaining core infrastructure services.

Openreach have advised on Fault repair with immediate effect: 

To support efforts to reduce human contact and promote social distancing, all installation activities that require access to a customer’s premises are now being assessed and the customer to state the following criteria to ensure if repairs are deemed essential that appropriate teams can deal with the issue at hand:

  • Customer meets criteria for repair and IS symptomatic
  • Customer meets criteria for repair and IS NOT symptomatic

Openreach will attempt to complete as much of the inflight orders from outside of the premises as possible, but if internal work is required, these will be done on a priority and risk assessed basis. Any orders that do not require on premise installation will proceed as normal, but we appreciate these cases are limited.
The exception to these rules are those businesses identified as critical national infrastructure. This includes; NHS, pharmacies, utilities, emergency services, retail and wholesale food distribution outlets, and financial services businesses. On site installation work will be permitted for these businesses but we will have to justify the criticality of the service to Openreach.

The Openreach Emergency Helpdesk will remain open. However, all business as usual contact centres have now closed.

Porting of Numbers

Following on from previous updates on BT’s porting backlog, we are pleased to announce this has now been cleared and we are able to place new orders again. There still may be a slight delay in contrast to normal timescales, as it’s likely that BT and our direct suppliers will receive a large amount of new port requests all at once, but this will likely only add on 24-48 hours to the normal processing time. In conclusion, we will not be operating at our normal timescales for another few days, but we anticipate everything to be back to normal in the short term. We appreciate your patience during this time.

New Orders

All new orders received with immediate effect that require BT or Openreach infrastructure (the majority) are being moved to commence from 1st June 2020 onwards. This will be under constant review and may have further delays should the situation worsen. Exceptions apply for customers deemed “at risk”.

All existing orders in the system with BT or Openreach will continue to progress, but with a view to completing the orders as soon as possible and may be delivered well outside of expected and industry standard timelines.

We are still accepting new orders, however, there will be a delivery backlog for any products requiring BT or Openreach provision until at least 1st June 2020 onwards. All other Gradwell products, eg Wave, Multi User VoIP, 3CX and SIP Trunk services, are currently not impacted and delivery times will remain unaffected.

Openreach have announced the below with regards to WLR and MPF new line installs.

Openreach will be assisting providers to bring forward certain new line installs to an earlier date. They will be contacting customers directly to try to agree an earlier install date to complete the work on behalf of the Provider.

Only lines that have relatively simple installation journeys will be eligible for this support. Orders that are deemed to have complex delivery that would require additional engineering work or orders where Openreach feel that it would not be possible to gain access to the premises safely in adherence to their COVID-19 safe working practices will be excluded from this process. For example, orders that require entry to blocks of flats etc will be out of scope.

Core infrastructure service providers

We will of course continue to share more information from core suppliers like BT Openreach on this page as soon as we have it. A full breakdown of Openreach’s current service status is in the table below.

Openreach Critical Functions
DamageOpen (limited service)
WelfareOpen (limited service)
DSOOpen (limited service)
ProductRepairProvision
Escalations (EPOC)No new work acceptedNo new work accepted
Premium Business HelpdeskNo new work acceptedNo new work accepted
WLRBAU if non-appointedBAU if non-appointed
LLUBAU if non-appointedBAU if non-appointed
FTTCBAU if non-appointedBAU if non-appointed
SOGEABAU if non-appointedBAU if non-appointed
GFASTBAU if non-appointedBAU if non-appointed
SOGFASTBAU if non-appointedBAU if non-appointed
Migration ServicesBAU if non-appointedBAU if non-appointed
ISDNBAU if non-appointedBAU if non-appointed
FTTPBAU if non-appointedBAU if non-appointed
EthernetBAU if non-appointedBAU up to curtilage

BAU: For Total Loss of Service Faults: Openreach will attempt to activate the service remotely. If they are unable to, then they will visit the premises and ask two risk assessment questions:

1) Is there anyone on-site who has Covid-19 symptoms?

2) Has there ever been anyone on-site with symptoms?

3) Has anyone on-site been advised by the NHS via a letter to isolate for 12 weeks?

If the answer is yes to either of these questions then they will not access the premises and the fault repair will be postponed until restrictions have been lifted. If not, they will schedule a repair.

For all other repair faults, Openreach will only resolve if it’s possible to fix remotely and without access to the premises.

Provisions: Will only attempt to access the premises if the provider is classed as CNI/welfare/at risk/specific key worker (see below).

CNI: refers to “Critical Network Infrastructure.”

All Welfare/At Risk/Specific Key Worker cases will be reviewed by Openreach after a case submission by a customer.

Categories
Covid-19

New 119 Covid line number

Ofcom announced this afternoon the new 3-digit telephone number ‘119’ to be used as part of the NHS’s Covid-19 response, the number will be used as part of the NHS’s effort to handle the response to the Coronavirus situation.

The 119 number is supported by networks and so calls will connect as soon as the Government announce the service has been launched.

The number will be free to dial, in line with the NHS 111 service, as directed by Ofcom.