Monday, September 28, 2009

More Document Updates

I updated the "Installing OpenSBC on Vyatta 5" document again. Added a firewall rule change and also tweaked the formatting and text a little bit to clarify a few of the finer points.

While I was at it I also freshened up the "DNS Setup Concepts for Session Border Controllers" document also published at

Friday, September 25, 2009

Updated document on Installing OpenSBC on Vyatta 5

Sorry for the delay all but a project finally forced my hand on this. Here's a link to the updated document for installing OpenSBC on Vyatta 5.0.

Install OpenSBC on Vyatta 5.0

The original document was built with Vyatta 5.0 beta and there were some changes with the final release of Vyatta 5.0.

Tuesday, September 22, 2009

An Interview with... Me!

Packt Publishing just released an interview they did with me.

Monday, September 14, 2009

Setting up DNS for Internet Calling

Somebody questioned how I was handling DNS inside and outside my network so I figured I'd document what I'm doing for remote users and Internet dialing.

I have the following setup at home right now. This same configuration would apply for a small business that doesn't have static IP's (I'm sure you could cherry pick info here if you do have static IP's too).

My home sip server is in SIP domain (just one i made up while i was writing the book)

I'm on a DSL connection at home with a non-static IP.

My domain is hosted at

My firewall (pfSense) updates with my current IP address

GoDaddy is a CNAME pointing to priority 0, weight 0, port 5060 points to

Copied existing to in /var/named
Modified file and replaced all references to '' with ''.
Edit /etc/named.conf and duplicated info from domain for new domain.
Restart DNS and make sure you can ping / dig new domain.

sipXecs Configuration Server
Buy my book :-)
Add alias to domain (Domain is under System menu) for
Restart all services that request restart.
Add the SIP Trunking services to the SIP Server (Click on server in System->Servers).
Restart all services that request restart.
Enable Internet Dialing and set your internal IP range (under System menu), set the SBC to be sipXbridge-1. Added * as an Intranet Domain.
Enable NAT Traversal and let sipXecs know it is behind a NAT (Click on Internet Calling in System then NAT is on LEFT menu).

Internal Workstations / Phones
Determine where you are pointing for DNS.
If you are pointing at the PBX machine then no worries.
If you are pointing at some other DNS server you'll need to figure out how to get that machine to point to the PBX to resolve your domain (in my case all resolves for the domain can be redirected by pfSense to the PBX and I point to pfSense for my DNS server).

pfSense Firewall Configuration
Turn off automatic NAT so NAT port translation is static (See earlier Blog Entry)
For the following NAT entries, allow pfSense to also create the required firewall rules.
Add NAT entry for External IP port 5060 udp to sipXecs internal IP port 5060 udp.
Add NAT entry for External IP port 5080 udp to sipXecs internal IP port 5080 udp. (only needed if you do SIP Trunks).
Add NAT entry for External IP port range 30000-31000 udp to sipXecs internal IP port range starting at 30000.

So, what does all this do?

Allows my roaming users and other users on the internet to find my sipXecs server via an external IP address that is forwarded in to my PBX.

Allows my internal users to find my sipXecs via an internal IP address.

Allows anybody on the internet to reach me at myextension 'at' sipxecs 'dot' info.

Also, if you add an alias onto your sipXecs user extension that is equal to your e-mail alias, now users can phone you (with url dialing in their softphone) or email you at exactly the same address... voila!

Saturday, September 12, 2009

sipXecs 4.0.2 Released

sipXecs version 4.0.2 was officially released yesterday. There were a bunch of bug fixes (23) and some minor improvements (5) and one feature added.

Release Notes

Of note is the new Skype for SIP ITSP Template. The sipXecs development team has tested Skype for SIP but Skype has not made this generally available. When Skype finally gets this rolling it will be an easy add to our systems. I'll try to post it in the blog as soon as I get my account. I'm signed up for the Beta program and just waiting on Skype.

I tested the 4.0.2 upgrade on one of my sandbox systems and all went well. I'll test it on another any only post if I run into problems.

There is one change in the 4.0.2 upgrade procedure that everybody should note (documented on the upgrade page (

The local domain bind zone is overwritten; if: You are using the system as a DNS server, and You have made any manual changes to the zone file then before doing the upgrade, you should add the following lines to the beginning of the file /etc/named.conf:

// WARNING: Name server configuration is a sipX automatically generated file.
// Contents may be overwritten unless you change the mode to "Manual".
// Available modes:
// "Master" - Master name server (on primary server).
// "Slave" - Slave named server (on distributed server).
// "Caching" - Caching only name server.
// "Manual" - Blocks future automatic updates.
// DNS_MODE="Manual"

this will protect your changes from any automated updates by sipXconfig.
Backup your /etc/named.conf file as well as any DNS zone files you may have tweaked (if you installed from ISO they are in /var/named/

Saturday, September 5, 2009

pfSense with Freeswitch for SIP Trunks to sipXecs

Ok, so here's a bit of a new twist. I was toying with the thought of trying to get OpenSBC running on pfSense firewall. Long story short, I couldn't get the developer version of pfSense running in a virtual on my machine so I decided to give the FreeSwitch pfSense package a go.

What do you know... I actually got it going as a bridge pretty easily. So I figured I'd document it for others who follow...

The purpose of this exercise was to have pfSense with FreeSwitch register to my Gizmo account and forward calls in to sipXecs. This is just a starting point but shows great promise as a way to front-end a sipXecs server.

1. In pfSense install the FreeSwitch package (System -> Packages - FreeSwitch) (I picked the Dev version to run on my pfSense 1.2.3 rc1 install).

2. Once installed, go to Services -> FreeSwitch.

3. Click on the Gateways tab and then the + sign on the right to add a new gateway.

4. At the top of the Gateway Setup form is a handy hyperlink to examples for different SIP Providers. Here is my Gizmo configuration:
  • Gateway: gizmo
  • Username: 1747xxxxxxx
  • Password: xxxxxxxx
  • From-user: 1747xxxxxxx
  • From-domain:
  • Proxy:
  • Expire-seconds: 3600
  • Register: true
  • Retry-seconds: 3600
  • Caller-id-in-from: false
  • Enabled: true
  • Gateway Description: Gateway to gizmo account
5. Click the Save button at the bottom of the page.

6. Click on the Public tab at the top of the page.

7. Click on the + sign over on the right hand side of the Public table to create a new extension.

8. Create the following extension:
  • Extension Name: sipXecs
  • Enabled: true
  • Order: 000
  • Description: Transfer to internal spiXecs Server
9. Add the following conditions and actions at the bottom of this page (hit the + sign to add each one).
  • Tag: condition
  • Type: destination_number
  • Data: 1747xxxxxxx
  • Order: 000
  • Tag: action
  • Type: bridge
  • Data: sofia/lan/100@ip.addr.of.sipxecs (what sipXecs extension to route it to)
  • Order: 001

10. On the Status tab, click the 'reloadxml' button. You should see your gateway in the 'sofia status' section as 'REGED' if you have done things properly.

11. Create 2 firewall rules in pfSense (Firewall -> Rules):
  • Action: Pass
  • Interface: WAN
  • Protocol: UDP
  • Source: any
  • Destination: WAN address
  • Destination port range: 5080

  • Action: Pass
  • Interface: WAN
  • Protocol: UDP
  • Source: any
  • Destination: WAN address
  • Destination port range: 10000 – 35000 (* - I haven’t tried narrowing this down…)

12. Try dialing your Gizmo number and your sipXecs server should answer the call!

Tip, if you get a Google Voice account you can make it ring inbound to your Gizmo account and have free inbound calling.