Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

VoIP How-To's

Comments

  • Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    1. Login to FreePBX
    2. Navigate to Connectivity > Trunks
    3. Click 'Add SIP Trunk'
    4. Configure as below:

    Trunk Name: Blueface
    Outbound Caller ID: [Blank]

    Outbound Settings
    Trunk Name: Blueface
    PEER Details:
    type=peer
    host=cust.ie.blueface.com
    fromuser=username
    username=username
    secret=password
    insecure=invite
    deny=0.0.0.0/0.0.0.0
    permit=194.213.29.0/255.255.0.0

    USER Context: from-trunk

    USER Details:
    [Blank]

    Register String:
    username:password@cust.ie.blueface.com:5060


    5. Click 'Submit Changes'
    6. Click the 'Apply Config' at the top bar.


  • Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    (Below applies if you are using IP Authentication rather than registering)

    Before forwarding ports, make sure you have taken measures to secure your PBX fully. Ensure you have locked extensions down with strong passwords, extensions limited to certain IP Addresses and have a firewall & Fail2Ban correctly configured. Google for some tips. I take no responsibility for your PBX getting hacked.

    1. Forward port 5060 to FreePBX
    2. Login to FreePBX
    3. Navigate to Connectivity > Trunks
    4. Click 'Add SIP Trunk'
    5. Configure as below:

    Trunk Name: Digiweb
    Outbound Caller ID: [As Preferred, Include Area Code, e.g. 011234567]

    Outbound Settings
    Trunk Name: Digiweb
    PEER Details:
    type=friend
    insecure=very
    nat=yes
    qualify=no
    canreinvite=no
    host=[SBC IP Address from Digiweb]
    dtmfmode=rfc2833
    context=from-trunk
    disallow=all
    allow=alaw
    disallow=all
    permit=[SBC IP Address from Digiweb]

    USER Context: from-trunk

    USER Details:
    [Blank]

    Register String:
    [Blank]

    5. Click 'Submit Changes'
    6. Click the 'Apply Config' at the top bar.


  • Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    There are a number of free voiceover packages that you can download online. See here for a list.

    For the Cutglass ones, download the following to your PC:
    http://www.enicomms.com/cutglassivr/audiofiles/Alison_Keenan-British-English-44kwav.tar.gz
    http://www.enicomms.com/cutglassivr/audiofiles/Alison_Keenan-British-English-alaw.tar.gz
    http://www.enicomms.com/cutglassivr/audiofiles/Alison_Keenan-British-English-g723.tar.gz
    http://www.enicomms.com/cutglassivr/audiofiles/Alison_Keenan-British-English-g729.tar.gz
    http://www.enicomms.com/cutglassivr/audiofiles/Alison_Keenan-British-English-sln.tar.gz
    http://www.enicomms.com/cutglassivr/audiofiles/Alison_Keenan-British-English-ulaw.tar.gz

    Extract all these. If you are using Windows, you can download 7-Zip for free to do this.

    Download WinSCP so that you can remotely upload the files through SSH (assuming SSH is installed).

    303988.png


    This is self explainatory.

    Navigate to Var>Lib>Asterisk>Sounds

    303993.png

    Create a folder named 'uk'

    Open this folder and upload all the previously extracted files and folders in there together:

    303994.png

    In FreePBX > Asterisk SIP Settings, adjust the language setting to 'uk'.

    Save changes and Apply Config.


  • Moderators, Technology & Internet Moderators Posts: 4,621 Mod ✭✭✭✭Mr. G


    Like any other traditional phone system, it is possible that your phone system can be hacked. These tips should at least help in preventing your phone system from being hacked, but should not be seen as an ultimate list. As always, please let me know if anyone has anything to add.

    1. Do not forward any ports from your router
    It has been well documented that opening any ports on your router is the first technique any DDoS system will use to breach your system.

    If you do need to forward ports, most firewalls have a setting on them that allow you to only forward ports for a certain IP Address (i.e. your provider's SBC/Server's IP). You should be able to find this under a 'Filter' or '' setting.

    2. Change all passwords on all equipment and extensions

    It is bad practice in my opinion to use default passwords on extension SIP accounts, e.g. don't use the password 100 on the extension 100. Some people use a mix of the phone's MAC address and random characters, but I think it's best to use a very long random password.

    It's always a good idea to change the username and password on all network equipment (Router, Printers, File Shares etc), especially the router.

    Make sure to change the default Asterisk password, voicemail passwords, FreePBX passwords and the server password. [If possible, do not use root. Some distros use root, some don't. If they don't, don't enable the root user. Use the sudo command instead.]

    These password generators are very handy for passwords:
    https://identitysafe.norton.com/password-generator
    https://www.random.org/passwords/

    3. Ensure software packages are kept up to date
    It sounds pretty obvious but it's important. Keep all software updates up to date to patch any security bugs that appear from time to time.

    E.g. For Debian based systems:
    sudo apt-get update
    sudo apt-get upgrade
    raspbx-upgrade [Only For Raspbx]

    Also, update any phone firmware that is available from the manufacturer.

    4. Use a separate VLAN & encrypt calls
    It's always a good idea to separate voice from other data on your network. If a computer gets a virus, then at least it won't be able to listen in on calls. I would also recommend to use SRTP and VoIP encryption on your network, especially if you are connecting computers and phones on the same network. If you don't do this, it is very easy to snoop on calls.

    If you have a wireless network, separate this from the VoIP network by using a VLAN. Guests should be on a lan-firewall isolated network from any business server.

    5. Restrict registrations
    Lock down extensions to a certain IP address so no unauthorised person can go calling premium rate numbers willy-nilly.

    6. Password protect premium rate numbers
    International numbers, 118XX and 15XX numbers can cost a fortune to ring. It's possible to set a password on those routes. It would not suit some businesses however.

    7. Encrypt calls between your network and your provider
    In light of foreign Government surveillance and due to the exact nature of the internet, it's a good idea to encrypt calls to your provider. Whether or not it's encrypted between your provider and their carriers is unknown and beyond of your control. VoIP encryption is not that common, however, it's something that is being developed. Corporate espionage is a huge issue for businesses, and fortunately you can encrypt calls unlike with with traditional lines where you cannot prevent wiretaps.

    8. Implement Fail2Ban
    By now you probably think that you have enough done. Probably. But if you don't do any of the above, make sure you do this!
    Set up Fail2Ban on your Asterisk box. Give them 1 chance, specify allowed IP ranges on your network and block any unauthorised users indefinitely. If you lock a phone out because you put in the wrong password, you can always unblock that phone.

    9. Do not use inbound DID calling numbers

    Some find it useful to set up a dial-in number to call out through your business phone system. It's not a great idea and if you're going to do it, lock it to your caller ID. You can always call out through a private number by setting up that through your outbound routes using the number 141 + the phone number you wish to ring. If possible, please avoid setting up a dial-in call-out number on your system!!

    Other resources to read:
    http://nerdvittles.com/?p=9452
    http://www.voip-info.org/wiki/view/Asterisk+security
    http://nerdvittles.com/?p=3148
    http://www.businessbee.com/resources/news/technology-buzz/5-tips-beefing-voip-security/
    http://meship.com/Blog/2011/04/21/network-voip-security-tips/


Advertisement