Tag: digium

Categories
Gateways

Redfone FoneBRIDGE

The foneBRIDGE is a T1/E1 PRI-to-Ethernet Bridge. It is an integrated black box appliance designed to streamline installation and enable redundant design of open source telephony based VoIP systems such as Asterisk®, Elastix, Trixbox, FreeSwitch and others.

Features

Failover and HA Enabled
• Flexible Configuration
• Highly reliable design
• Simple Install
• Form factor independent
• Single, Dual, Quad and Octal Port models

Applications

• T1/E1 PRI Trunk termination
• Legacy PBX-to-Asterisk integration
• Simple, single server installs
• Complex, HA Asterisk clusters
• Channel Bank connectivity
• Mixed telephony environments (T1 and E1)
• Blade Servers where PCI slots are not available

Download Datasheet here

Price excluding VAT:

  • Non ec Single e1 £430
  • Non ec Dual e1 £850
  • Non ec Quad e1 £1200
  • ec Single e1 £640
  • ec Dual e1 £1200
  • ec Quad e1 £1700
*ec = Hardware echo cancelation
Categories
Gateways

Digium G100/G200

Built on a powerful combination of the Asterisk Open Source communications engine and a state-of- the-art embedded platform, Digium VoIP Gateways provide the best value for Asterisk connectivity.

The gateway software is based on the Asterisk communications engine and is managed through Digium’s intuitive point-and-click GUI interface, which allows for easy navigation and effortless setup. VoIP gateways feature a power-saving embedded design with a highly efficient digital signal processor (DSP) handling all media-related operations.

The Digium G100 VoIP Gateway includes a single software-selectable T1/E1/PRI interface and supports up to 30 concurrent calls. It is built to support TDM-to-SIP, SIP-to-TDM and SIP-to-SIP (transcoding) applications. In a TDM-to-SIP deployment the VoIP gateway significantly reduces operating costs by connecting a legacy business phone system with dynamic SIP trunking services. SIP-to-TDM deployments use the VoIP gateway to connect a modern SIP communications system with T1/E1/PRI service from legacy carriers.

Applications

Digium VoIP Gateways are flexible solutions that fit a variety of communications applications. The applications listed below represent some of the most widely used, today. The flexible configurtation options and standards-based connectivity mean Digium’s gateway appliances can support a wide range of custom applications.

Public Switched Telephone Network T1/E1/PRI to VoIP:

VoIP Provider to Legacy PBX:

Specifications

Interfaces / Connections

  • 1/2 T1/E1/PRI w/ RJ-45
  • 1 10/100/1000 Ethernet

Benefits

  • Hardened
  • Cost effective
  • Low power consumption

Features

  • Intelligent call routing
  • Easy-to-navigate GUI
  • Fax and modem support
  • Solid state (no moving parts)
  • Remote configuration and software updates
  • Octasic™ DSP processor
  • Up to 60 concurrent calls

Price excluding VAT : G100 £820.00 G200 £1370.00

Categories
Services

VoIP Design and Sales

At Cyber-cottage.co.uk we provide support,design and installation services. We have over 25 years of experience of the telecommunications industry and have the depth of knowledge to assist you in all aspects of telecommunications needs.

We have been working with VoIP systems since 1999, and VoIP networks from the Mid 1990s everything from small offices of 15 extensions to large multi-site networks with bespoke platforms. Our primary deployments are now based on the Asterisk open source platform from Digium.

Solutions have included:-

  • High capacity conference servers.
  • High availability redundant servers for emergency services dispatch.
  • Click2Call solutions
  • Call Centres
  • Office PABX systems

Asterisk is a complete telecommunications platform. From caller ID to multi-site networks, anything your telephone system can do, Asterisk can do better and maybe cheaper.

It includes a whole host of telephony features such as CTI, Voicemail, call conferencing and CRM integration.

We have tailored our Asterisk solution to behave like a normal PBX, with call barring, day and night service, call re-routing, DND, voice mail for all users and new features can be added easily at any time.

With Asterisk we can replace your PBX or complement an existing PBX by adding more functionality at a competitive price.

Recent systems have included a large hosted callback platform for a Major UK Car Parking company allowing drivers to make calls to the office at no charge to themselves.A system for a “online” Solicitors group to allow the tracking of calls and work-flow. We have recently deployed a system for TableBook.me to allow them to take table reservations for restaurants.

Recently customers have included Mendip Outdoor Pursuits, Purple CarParks, NorthCott Global Solutions and Qwtanet. These have been a mixture of onsite systems, hosted systems and solutions based on Asterisk running in a VMware environment.

Call or email us to discuss your requirements.

Categories
Knowledge Base

Digium G100/200 Gateways and UK CallerID Number

The current firmware in the Digium G series gateways have a quirk that if they don’t receive caller ID name they move the caller Id number to be the Caller Id name but don’t leave the Caller Id number in place. The relies on you setting  “trustrpid=yes” in teh sip trunk configuration.

We have produced a short document on settings for using the gateway with any freePBX based asterisk solution. It can be downloaded here

 

Categories
Case Studies

Elastix solution for a Bristol IT company

We were recently approached by a Bristol IT company to replace their ageing Avaya system. The proposed solution was an Elastix 2.3 solution running on Vmware 5.1, with their ISDN30e line connected via a Digium G100 gateway.

A key requirement was the ability to recharge usage to tenants in the building and replace an aging and expensive Oak call logger, This was simple with the Elastix solution as this option is included free of charge in the system and just required the uploading of a rates table.

The customer decided on Yealink T28 handsets for the office, utilising the BLF to have visibility of who is engaged on calls.

Categories
Case Studies

Outdoor pursuits company.

We were approached to supply  a hosted PBX solution to a Southwest England based Outdoor pursuits company replacing their on site AsteriskNow system with a more manageable and streamlined hosted Elastix based solution.

This gave them the ability to have handsets located where ever they were needed and add handsets easily with the user friendly Elastix interface. It also gave them increased viability of call usage with the inbuilt reporting and FOP2 let them see users engaged on calls.

We ported their existing BT Analogue lines to Gradwell VoIP trunks, This gave them an immediate increase in call capacity and combined with inclusive landline and mobile call packages meant call costs were kept under control.

Categories
Case Studies

Xorcom Solution for Kensington Office

An existing client was moving offices from Carnaby St London to Kensington, Since the original system was installed the usage had changed with the majority of staff now being based in South Africa where we also have remotely installed an Asterisk solution previously.

For the new kensington office it was decided to use a Xorcom IPBX as this single box solution would make management easier and as ISDN2 Lines were required the overall cost would be lower than using a dedicated server and ISDN2 gateway.

xr2000-analog-250

The system was preconfigured and tested in our Lab and then taken to site and installed in one day. The clean interface allows for easy addition of handsets using the endpoint manager.

Since the company make a large volume of international calls it was decided to use Gradwell for outgoing calls as this means a great saving over BT for call charges. They also had a EFM circuit installed for both Voice and office internet usage.

Categories
Knowledge Base

Sip debugging with wireshark

Wireshark and Cloudshark are invaluable tools for debugging sip and iax issues on your Asterisk server.

Here we have a short Video that goes over the basics of getting a call captured and opened in Cloudshark

we also have a short tutorial for download here in PDF format

First we need to get the packets we want. This is far simpler than its thought. We use a simple command line tool called tcpdump, if its not installed install it now, You wont be able to live without it.

Here we have 2 commands, The first captures packets on interface eth0, -n means we won’t convert addresses, -w means we just capture raw packets and udp means its only the udp packets we want and finally port 5060 means its only the sip messaging we want. In the second we dont specify port 5060 so that we get the rtp stream as well.

/usr/sbin/tcpdump -n -i eth0 -w /tmp/wireshark.pcap -s2000 udp port 5060
 /usr/sbin/tcpdump -n -i eth0 -w /tmp/wireshark.pcap -s2000 udp
screen -S "udpDump" -dm tcpdump -n -i eth0 -C 9 -W 15 -w /var/log/asterisk/dumpsip.pcap -s2000 udp port 5060

The command above will write to file in the background and will rotate at 9 meg so suitable for cloudshark

Once you have started the capture and made a call as required you will get a file called for example /tmp/wireshark.pcap copy this to your workstation via ftp or sftp as you would copy any file.

Categories
Knowledge Base

Better SIP security

In Seven Steps

Original Text by J Todd March 28th, 2009

In case any of you were wondering why there has been a fairly notable upswing in the attacks happening on SIP endpoints, the answer is “script kiddies.”  In the last few months, a number of new tools have made it easy for knuckle-draggers to attack and defraud SIP endpoints, Asterisk-based systems included.  There are easily-available tools that scan networks looking for SIP hosts, and then scan hosts looking for valid extensions, and then scan valid extensions looking for passwords.You can take steps, NOW, to eliminate many of these problems.  I think the community is interested in coming up with an integrated Asterisk-based solution that is much wider in scope for dynamic protection (community-shared blacklists is the current thinking) but that doesn’t mean you should wait for some new tool to defend your systems.  You can IMMEDIATELY take fairly common-sense measures to protect your Asterisk server from the bulk of the scans and attacks that are on the increase. The methods and tools for protection already exists – just apply them, and you’ll be able to sleep more soundly at night.

Seven Easy Steps to Better SIP Security on Asterisk:

 

1) Don’t accept SIP authentication requests from all IP addresses.  Use the “permit=” and “deny=” lines in sip.conf to only allow a reasonable subset of IP addresess to reach each listed extension/user in your sip.conf file.  Even if you accept inbound calls from “anywhere” (via [default]) don’t let those users reach authenticated elements!

 

2) Set “alwaysauthreject=yes” in your sip.conf file.  This option has been around for a while (since 1.2?) but the default is “no”, which allows extension information leakage.  Setting this to “yes” will reject bad authentication requests on valid usernames with the same rejection information as with invalid usernames, denying remote attackers the ability to detect existing extensions with brute-force guessing attacks.

 

3) Use STRONG passwords for SIP entities.  This is probably the most important step you can take.  Don’t just concatenate two words together and suffix it with “1? – if you’ve seen how sophisticated the tools are that guess passwords, you’d understand that trivial obfuscation like that is a minor hinderance to a modern CPU.  Use symbols, numbers, and a mix of upper and lowercase letters at least 12 digits long.

 

4) Block your AMI manager ports.  Use “permit=” and “deny=” lines in manager.conf to reduce inbound connections to known hosts only.  Use strong passwords here, again at least 12 characters with a complex mix of symbols, numbers, and letters.

 

5) Allow only one or two calls at a time per SIP entity, where possible.  At the worst, limiting your exposure to toll fraud is a wise thing to do.  This also limits your exposure when legitimate password holders on your system lose control of their passphrase – writing it on the bottom of the SIP phone, for instance, which I’ve seen.

 

6) Make your SIP usernames different than your extensions.  While it is convenient to have extension “1234? map to SIP entry “1234? which is also SIP user “1234?, this is an easy target for attackers to guess SIP authentication names.  Use the MAC address of the device, or some sort of combination of a common phrase + extension MD5 hash (example: from a shell prompt, try “md5 -s ThePassword5000?)

 

7) Ensure your [default] context is secure.  Don’t allow unauthenticated callers to reach any contexts that allow toll calls.  Permit only a limited number of active calls through your default context (use the “GROUP” function as a counter.)  Prohibit unauthenticated calls entirely (if you don’t want them) by setting “allowguest=no” in the [general] part of sip.conf.

 

These 7 basics will protect most people, but there are certainly other steps you can take that are more complex and reactive.  Here is a fail2ban recipe which might allow you to ban endpoints based on volume of requests.  There is discussion on the asterisk-user and asterisk-dev mailing lists of incorporating this type of functionality into Asterisk – let’s hear your ideas!

 

If you’d like to see an example of the tools that you’re up against, see this demo video of an automated attack tool that does scan, guess, and crack methods via a click-and-drool interface.
In summary: basic security measures will protect you against the vast majority of SIP-based brute-force attacks.  Most of the SIP attackers are fools with tools – they are opportunists who see an easy way to defraud people who have not considered the costs of insecure methods.  Asterisk has some methods to prevent the most obvious attacks from succeeding at the network level, but the most effective method of protection are the administrative issues of password robustness and username obscurity.

 

JTodd
Digium
Categories
Asterisk Support Elastix Support Knowledge Base OpenVox

Asterisk pickup groups

The aim here is to explain the relationship between the callgroup and pickup group settings in extension conf files of an Asterisk server and named pickup in freepbx, we will use numbers but not names (see explanation below).

Call Pickup is the abilty to pickup a ringing phone from another phone.

The ability to do this is defined in the extensions conf file.

In many systems there is only on setting to do this normally “pickup group” you add extensions to this group and they can pickup calls ringing at members of the group. Obvious really.

Now Asterisk goes one better. You can define the callgroup and pickup group, This way you define who you can pickup and who can pickup you. This is very useful for operators, who for example don’t want calls picked up of them but do want to pickup calls from all other users.

So how do you define it.

In our example we will have 4 phones defined as follows

Callgroup Pickupgroup
201 2 1-2
202 1-4 1-4
203 2,4 2,4
204 1 1

And who can do what when trying t pickup is as follows

Ringing Phones attempting Pickup
Call to 201 204 PU failed 203 PU Passed
Call to 202 201 PU passed 203 PU Passed
Call to 203 201 PU passed 204 PU failed
Call to 204 201 PU passed 203 PU failed

So from this we can see that its the Pickupgroup that defines what callgroup can be picked up.

So because 201 has a callgroup of 2 Only sets who’s pickup group includes 2 can pick up the call. whereas as 201 has a pickupgroup of 1-2 it can pickup calls from callgroups 1-2.

For example you may have 6 pickup groups defined with users only allowed to pickup their own group members except an operato who wishes to be able to pick everyone up and a PA who has a college who she wants to be able to pickup

So all normal users would have their pickup and callgroup the same. The PA would have the pickupgroup defined with both the group numbers but only its own call group. And finally the operator would have a callgroup of 0 and its pickupgroup of 1-6.

Named call pickup groups

Named pickup groups are new with Asterisk 11. And are now supported in FreePBX , But be careful even though the ‘hint’ says they can be numeric or names the just use the named variable.

namedcallgroup=office,home,1
namedpickupgroup=office,home

As above we have a namedcallgroup as 1 but this is not the same as callgroup 1

A named callgroup and pickupgroup can be set to a comma separated list of case sensitive name strings. The number of named groups is unlimited. The number of named groups you can specify at once is limited by the line length supported.

SYNTAX
namedcallgroup=[name[,name[,...]]]
namedpickupgroup=[name[,name[,...]]]
  • namedcallgroup – specifies which named pickup groups that this channel is a member.
  • namedpickupgroup – specifies which named pickup groups this channel can pickup.
Configuration Example
namedcallgroup=engineering,sales,netgroup,protgroup
namedpickupgroup=sales

Configuration should be supported in several channel drivers, including:

  • chan_dahdi.conf
  • misdn.conf
  • sip.conf
  • pjsip.conf

pjsip.conf uses snake case:

named_call_group=engineering,sales,netgroup,protgroup
named_pickup_group=sales

You can use named pickup groups in parallel with numeric pickup groups. For example, the named pickup group ‘4’ is not the same as the numeric pickup group ‘4’.

Numeric call pickup groups

(obsolete use named groups)

A numeric callgroup and pickupgroup can be set to a comma separated list of ranges (e.g., 1-4) or numbers that can have a value of 0 to 63. There can be a maximum of 64 numeric groups. This is important to note as Freepbx does not sanity check what you put in there, So you can put 70 in the Gui and it will show 70 but do a sip show peer or a pjsip show endpoint and you will see its not set.