Published another document today on configuring internal / external DNS for use with Session Border Controllers. It's got a bit of a sipXecs slant to it but should be useful for others looking for redundant and load balanced SBC setup help.
It is available HERE and HERE2
YMMV with Asterisk & FreeSwitch installations and SRV based authentication methods... Most of the setups I have seen are A records pointing to the PBX.
Saturday, January 3, 2009
Use Microsoft DNS Servers with sipXecs
Alright, so you want to maintain one set of DNS servers for your organization and it's just easier for you to do it with Microsoft's DNS servers?
I made public a document I wrote a couple years ago and published it on the sipX Wiki. Located here.
I made public a document I wrote a couple years ago and published it on the sipX Wiki. Located here.
Thursday, January 1, 2009
OpenSBC on Vyatta Firewall How-To published
After toiling for many hours I was finally able to get OpenSBC running properly on Vyatta. This solution builds a firewall that allows for Inbound SIP calling, Outbound SIP calling and far-end NAT traversal for remote users.
The paper is published HERE and HERE2
Many thanks to Joegen, Eric and Raymond over on the OpenSBC site for their help and patience with me in getting this going.
The paper is published HERE and HERE2
Many thanks to Joegen, Eric and Raymond over on the OpenSBC site for their help and patience with me in getting this going.
Wednesday, December 31, 2008
Vyatta Rules to Block China / Pacific Rim IP's
Created a set of Vyatta rules to block all traffic from Pacific Rim nations. I usually do this as a matter of course with firewalls with customers. To get the addresses I combed through IANA's database.
The first set should be the first set of rules inbound on your outside interface.
set firewall name INBOUND rule 5 action drop
set firewall name INBOUND rule 5 source address 202.0.0.0/7
set firewall name INBOUND rule 5 log enable
set firewall name INBOUND rule 6 action drop
set firewall name INBOUND rule 6 source address 210.0.0.0/8
set firewall name INBOUND rule 6 log enable
set firewall name INBOUND rule 7 action drop
set firewall name INBOUND rule 7 source address 218.0.0.0/7
set firewall name INBOUND rule 7 log enable
set firewall name INBOUND rule 8 action drop
set firewall name INBOUND rule 8 source address 220.0.0.0/7
set firewall name INBOUND rule 8 log enable
set firewall name INBOUND rule 9 action drop
set firewall name INBOUND rule 9 source address 222.0.0.0/8
set firewall name INBOUND rule 9 log enable
set firewall name INBOUND rule 10 action drop
set firewall name INBOUND rule 10 source address 59.0.0.0/8
set firewall name INBOUND rule 10 log enable
set firewall name INBOUND rule 11 action drop
set firewall name INBOUND rule 11 source address 60.0.0.0/7
set firewall name INBOUND rule 11 log enable
set firewall name INBOUND rule 12 action drop
set firewall name INBOUND rule 12 source address 114.0.0.0/7
set firewall name INBOUND rule 12 log enable
set firewall name INBOUND rule 13 action drop
set firewall name INBOUND rule 13 source address 116.0.0.0/6
set firewall name INBOUND rule 13 log enable
set firewall name INBOUND rule 14 action drop
set firewall name INBOUND rule 14 source address 120.0.0.0/6
set firewall name INBOUND rule 14 log enable
set firewall name INBOUND rule 15 action drop
set firewall name INBOUND rule 15 source address 124.0.0.0/7
set firewall name INBOUND rule 15 log enable
set firewall name INBOUND rule 16 action drop
set firewall name INBOUND rule 16 source address 126.0.0.0/8
set firewall name INBOUND rule 16 log enable
This second set of rules should be set for inbound on your inside interface.
set firewall name OUTBOUND rule 5 action drop
set firewall name OUTBOUND rule 5 destination address 202.0.0.0/7
set firewall name OUTBOUND rule 5 log enable
set firewall name OUTBOUND rule 6 action drop
set firewall name OUTBOUND rule 6 destination address 210.0.0.0/8
set firewall name OUTBOUND rule 6 log enable
set firewall name OUTBOUND rule 7 action drop
set firewall name OUTBOUND rule 7 destination address 218.0.0.0/7
set firewall name OUTBOUND rule 7 log enable
set firewall name OUTBOUND rule 8 action drop
set firewall name OUTBOUND rule 8 destination address 220.0.0.0/7
set firewall name OUTBOUND rule 8 log enable
set firewall name OUTBOUND rule 9 action drop
set firewall name OUTBOUND rule 9 destination address 222.0.0.0/8
set firewall name OUTBOUND rule 9 log enable
set firewall name OUTBOUND rule 10 action drop
set firewall name OUTBOUND rule 10 destination address 59.0.0.0/8
set firewall name OUTBOUND rule 10 log enable
set firewall name OUTBOUND rule 11 action drop
set firewall name OUTBOUND rule 11 destination address 60.0.0.0/7
set firewall name OUTBOUND rule 11 log enable
set firewall name OUTBOUND rule 12 action drop
set firewall name OUTBOUND rule 12 destination address 114.0.0.0/7
set firewall name OUTBOUND rule 12 log enable
set firewall name OUTBOUND rule 13 action drop
set firewall name OUTBOUND rule 13 destination address 116.0.0.0/6
set firewall name OUTBOUND rule 13 log enable
set firewall name OUTBOUND rule 14 action drop
set firewall name OUTBOUND rule 14 destination address 120.0.0.0/6
set firewall name OUTBOUND rule 14 log enable
set firewall name OUTBOUND rule 15 action drop
set firewall name OUTBOUND rule 15 destination address 124.0.0.0/7
set firewall name OUTBOUND rule 15 log enable
set firewall name OUTBOUND rule 16 action drop
set firewall name OUTBOUND rule 16 destination address 126.0.0.0/8
set firewall name OUTBOUND rule 16 log enable
If you are using any local services on the firewall itself, consider applying the rules to the local section of the outside interface.
The first set should be the first set of rules inbound on your outside interface.
set firewall name INBOUND rule 5 action drop
set firewall name INBOUND rule 5 source address 202.0.0.0/7
set firewall name INBOUND rule 5 log enable
set firewall name INBOUND rule 6 action drop
set firewall name INBOUND rule 6 source address 210.0.0.0/8
set firewall name INBOUND rule 6 log enable
set firewall name INBOUND rule 7 action drop
set firewall name INBOUND rule 7 source address 218.0.0.0/7
set firewall name INBOUND rule 7 log enable
set firewall name INBOUND rule 8 action drop
set firewall name INBOUND rule 8 source address 220.0.0.0/7
set firewall name INBOUND rule 8 log enable
set firewall name INBOUND rule 9 action drop
set firewall name INBOUND rule 9 source address 222.0.0.0/8
set firewall name INBOUND rule 9 log enable
set firewall name INBOUND rule 10 action drop
set firewall name INBOUND rule 10 source address 59.0.0.0/8
set firewall name INBOUND rule 10 log enable
set firewall name INBOUND rule 11 action drop
set firewall name INBOUND rule 11 source address 60.0.0.0/7
set firewall name INBOUND rule 11 log enable
set firewall name INBOUND rule 12 action drop
set firewall name INBOUND rule 12 source address 114.0.0.0/7
set firewall name INBOUND rule 12 log enable
set firewall name INBOUND rule 13 action drop
set firewall name INBOUND rule 13 source address 116.0.0.0/6
set firewall name INBOUND rule 13 log enable
set firewall name INBOUND rule 14 action drop
set firewall name INBOUND rule 14 source address 120.0.0.0/6
set firewall name INBOUND rule 14 log enable
set firewall name INBOUND rule 15 action drop
set firewall name INBOUND rule 15 source address 124.0.0.0/7
set firewall name INBOUND rule 15 log enable
set firewall name INBOUND rule 16 action drop
set firewall name INBOUND rule 16 source address 126.0.0.0/8
set firewall name INBOUND rule 16 log enable
This second set of rules should be set for inbound on your inside interface.
set firewall name OUTBOUND rule 5 action drop
set firewall name OUTBOUND rule 5 destination address 202.0.0.0/7
set firewall name OUTBOUND rule 5 log enable
set firewall name OUTBOUND rule 6 action drop
set firewall name OUTBOUND rule 6 destination address 210.0.0.0/8
set firewall name OUTBOUND rule 6 log enable
set firewall name OUTBOUND rule 7 action drop
set firewall name OUTBOUND rule 7 destination address 218.0.0.0/7
set firewall name OUTBOUND rule 7 log enable
set firewall name OUTBOUND rule 8 action drop
set firewall name OUTBOUND rule 8 destination address 220.0.0.0/7
set firewall name OUTBOUND rule 8 log enable
set firewall name OUTBOUND rule 9 action drop
set firewall name OUTBOUND rule 9 destination address 222.0.0.0/8
set firewall name OUTBOUND rule 9 log enable
set firewall name OUTBOUND rule 10 action drop
set firewall name OUTBOUND rule 10 destination address 59.0.0.0/8
set firewall name OUTBOUND rule 10 log enable
set firewall name OUTBOUND rule 11 action drop
set firewall name OUTBOUND rule 11 destination address 60.0.0.0/7
set firewall name OUTBOUND rule 11 log enable
set firewall name OUTBOUND rule 12 action drop
set firewall name OUTBOUND rule 12 destination address 114.0.0.0/7
set firewall name OUTBOUND rule 12 log enable
set firewall name OUTBOUND rule 13 action drop
set firewall name OUTBOUND rule 13 destination address 116.0.0.0/6
set firewall name OUTBOUND rule 13 log enable
set firewall name OUTBOUND rule 14 action drop
set firewall name OUTBOUND rule 14 destination address 120.0.0.0/6
set firewall name OUTBOUND rule 14 log enable
set firewall name OUTBOUND rule 15 action drop
set firewall name OUTBOUND rule 15 destination address 124.0.0.0/7
set firewall name OUTBOUND rule 15 log enable
set firewall name OUTBOUND rule 16 action drop
set firewall name OUTBOUND rule 16 destination address 126.0.0.0/8
set firewall name OUTBOUND rule 16 log enable
If you are using any local services on the firewall itself, consider applying the rules to the local section of the outside interface.
Vyatta with OpenSBC Install
Finally got pointed in the right direction with Vyatta and OpenSBC by Joegen (the main developer over at OpenSipStack.org). Here are my install notes for OpenSBC on Vyatta.
Install OpenSBC on Vyatta Firewall
Install Vyatta:
Boot from Vyatta LiveCD ISO. Press ENTER.
At login, username 'root', password 'vyatta'.
Enter 'install-system'
Configure as needed... I'll share mine when I get this all working...
Get items required for building OpenSBC (kitchen sink approach):
Login to Firewall as user 'vyatta'
cd /etc/apt
su
Password: (enter root password)
nano -w sources.list
Add line: "deb ftp://ftp.us.debian.org/debian/ lenny main contrib non-free"
Ctrl-X and Y to overwrite
apt-get update
apt-get install -y mc autoconf automake cvs flex expat libexpat1-dev libtool build-essential libxml2 libxml2-dev libtiff4 libtiff4-dev php5 php5-cli php5-mysql php5 php5-cli php5-mysql php5-gd mysql-server libmysqlclient15-dev php-pear php-db curl sox apache2 libssl-dev libncurses5-dev bison libaudiofile-dev subversion libnewt-dev libcurl3-dev libnet-ssleay-perl openssl ssl-cert libauthen-pam-perl libio-pty-perl libmd5-perl libpg-perl libdbd-pg-perl php5-pgsql sqlite3 libsqlite3-dev openssl ssl-cert libapache2-mod-php5 php5-cli php5-common phpMyAdmin php5-mcrypt mcrypt phppgadmin apache2 libmcrypt-dev
Get OpenSipStack and OpenSBC from CVS:
cd /usr/src
cvs -d:pserver:anonymous@opensipstack.cvs.sourceforge.net:/cvsroot/opensipstack login
cvs -z3 -d:pserver:anonymous@opensipstack.cvs.sourceforge.net:/cvsroot/opensipstack co -P opensipstack
cvs -z3 -d:pserver:anonymous@opensipstack.cvs.sourceforge.net:/cvsroot/opensipstack co -P opensbc
Compile / Make OpenSipStack and OpebSBC:
cd /usr/src/opensipstack
chmod +x ./configure
./configure
make bothnoshared
cd ../opensbc
chmod +x ./configure
./configure
make bothnoshared
make distrib
Starting OpenSBC
In the distrib folder under /usr/src/opensbc there should be a couple of scripts. Use ./startup.sh to start the services and ./shutdown.sh to stop them.
Access the OpenSBC management then at http://inside.ip.addr.offw:9999
Hope this helps others who have been struggling getting this going! I'm working on some Vyatta configuration files for making things all work together.
.
Install OpenSBC on Vyatta Firewall
Install Vyatta:
Boot from Vyatta LiveCD ISO. Press ENTER.
At login, username 'root', password 'vyatta'.
Enter 'install-system'
Configure as needed... I'll share mine when I get this all working...
Get items required for building OpenSBC (kitchen sink approach):
Login to Firewall as user 'vyatta'
cd /etc/apt
su
Password: (enter root password)
nano -w sources.list
Add line: "deb ftp://ftp.us.debian.org/debian/ lenny main contrib non-free"
Ctrl-X and Y to overwrite
apt-get update
apt-get install -y mc autoconf automake cvs flex expat libexpat1-dev libtool build-essential libxml2 libxml2-dev libtiff4 libtiff4-dev php5 php5-cli php5-mysql php5 php5-cli php5-mysql php5-gd mysql-server libmysqlclient15-dev php-pear php-db curl sox apache2 libssl-dev libncurses5-dev bison libaudiofile-dev subversion libnewt-dev libcurl3-dev libnet-ssleay-perl openssl ssl-cert libauthen-pam-perl libio-pty-perl libmd5-perl libpg-perl libdbd-pg-perl php5-pgsql sqlite3 libsqlite3-dev openssl ssl-cert libapache2-mod-php5 php5-cli php5-common phpMyAdmin php5-mcrypt mcrypt phppgadmin apache2 libmcrypt-dev
Get OpenSipStack and OpenSBC from CVS:
cd /usr/src
cvs -d:pserver:anonymous@opensipstack.cvs.sourceforge.net:/cvsroot/opensipstack login
cvs -z3 -d:pserver:anonymous@opensipstack.cvs.sourceforge.net:/cvsroot/opensipstack co -P opensipstack
cvs -z3 -d:pserver:anonymous@opensipstack.cvs.sourceforge.net:/cvsroot/opensipstack co -P opensbc
Compile / Make OpenSipStack and OpebSBC:
cd /usr/src/opensipstack
chmod +x ./configure
./configure
make bothnoshared
cd ../opensbc
chmod +x ./configure
./configure
make bothnoshared
make distrib
Starting OpenSBC
In the distrib folder under /usr/src/opensbc there should be a couple of scripts. Use ./startup.sh to start the services and ./shutdown.sh to stop them.
Access the OpenSBC management then at http://inside.ip.addr.offw:9999
Hope this helps others who have been struggling getting this going! I'm working on some Vyatta configuration files for making things all work together.
.
Sunday, December 28, 2008
Looking for an SBC solution? Vyatta + Freeswitch...
Started working on getting a proper SBC for the home network. I hacked on Vyatta with OpenSBC this morning with less than stellar compilation results. I may revisit that.
I did get a good start on Vyatta (beta of Ver 5... Debiab) with Freeswitch installed though. Here are my installation notes so far:
I did get a good start on Vyatta (beta of Ver 5... Debiab) with Freeswitch installed though. Here are my installation notes so far:
Vyatta VC5 Beta ISO download is at: http://www.vyatta.org/downloads
Vyatta (ver 5 beta) with FreeSwitch Installation
Install Vyatta
Boot from ISO. Press ENTER.
At login, username 'root', password 'vyatta'.
Enter 'install-system'
Configure as needed...
Get items required for building Freeswitch
Login to Firewall as user 'vyatta'
vyatta@FW1:~$ cd /etc/apt
vyatta@FW1:/etc/apt$ su
Password: (enter root password)
vyatta@FW1:/etc/apt$ nano -w sources.list
Add line: "deb ftp://ftp.us.debian.org/debian/ lenny main contrib non-free"
Ctrl-X and Y to overwrite
FW1:/etc/apt# apt-get update
FW1:/etc/apt# apt-get install -y mc autoconf automake libtool build-essential libxml2 libxml2-dev libtiff4 libtiff4-dev php5 php5-cli php5-mysql php5 php5-cli php5-mysql php5-gd mysql-server libmysqlclient15-dev php-pear php-db curl sox apache2 libssl-dev libncurses5-dev bison libaudiofile-dev subversion libnewt-dev libcurl3-dev libnet-ssleay-perl openssl ssl-cert libauthen-pam-perl libio-pty-perl libmd5-perl libpg-perl libdbd-pg-perl php5-pgsql sqlite3 libsqlite3-dev openssl ssl-cert libapache2-mod-php5 php5-cli php5-common phpMyAdmin php5-mcrypt mcrypt phppgadmin apache2 libmcrypt-dev
Get the Freeswitch Code
cd /usr/src/
svn checkout http://svn.freeswitch.org/svn/freeswitch/trunk freeswitch
Build Freeswitch...
cd freeswitch
./bootstrap.sh
./configure –prefix=/usr/local/freeswitch
make
make install
make sounds-install
make moh-install
make samples
Run Freeswitch...
cd /usr/local/freeswitch/bin
./freeswitch
Vyatta (ver 5 beta) with FreeSwitch Installation
Install Vyatta
Boot from ISO. Press ENTER.
At login, username 'root', password 'vyatta'.
Enter 'install-system'
Configure as needed...
Get items required for building Freeswitch
Login to Firewall as user 'vyatta'
vyatta@FW1:~$ cd /etc/apt
vyatta@FW1:/etc/apt$ su
Password: (enter root password)
vyatta@FW1:/etc/apt$ nano -w sources.list
Add line: "deb ftp://ftp.us.debian.org/debian/ lenny main contrib non-free"
Ctrl-X and Y to overwrite
FW1:/etc/apt# apt-get update
FW1:/etc/apt# apt-get install -y mc autoconf automake libtool build-essential libxml2 libxml2-dev libtiff4 libtiff4-dev php5 php5-cli php5-mysql php5 php5-cli php5-mysql php5-gd mysql-server libmysqlclient15-dev php-pear php-db curl sox apache2 libssl-dev libncurses5-dev bison libaudiofile-dev subversion libnewt-dev libcurl3-dev libnet-ssleay-perl openssl ssl-cert libauthen-pam-perl libio-pty-perl libmd5-perl libpg-perl libdbd-pg-perl php5-pgsql sqlite3 libsqlite3-dev openssl ssl-cert libapache2-mod-php5 php5-cli php5-common phpMyAdmin php5-mcrypt mcrypt phppgadmin apache2 libmcrypt-dev
Get the Freeswitch Code
cd /usr/src/
svn checkout http://svn.freeswitch.org/svn/freeswitch/trunk freeswitch
Build Freeswitch...
cd freeswitch
./bootstrap.sh
./configure –prefix=/usr/local/freeswitch
make
make install
make sounds-install
make moh-install
make samples
Run Freeswitch...
cd /usr/local/freeswitch/bin
./freeswitch
That's as far as I've taken it at this point...
Shout out to http://madhawa.com/?p=10 for shedding light on Debian (etch) install of Freeswitch.
.
Saturday, December 20, 2008
New Snom 820
Looks like Snom is finally getting their act together with their phones. They've always had the technology underneath (much better from an administrative perspective than Polycom) but their packaging left a LOT to be desired.
The new Snom 820 is set to change that. With sleek new looks, finally no paper templates, an available wireless version and Snom's great software under the hood, the 820 looks ready for prime time.
Take a closer look: http://www.snom.com/sv/products/snom-820/
Let's hope they follow it up quickly with an 860 or 870 for the attendant position.
.
The new Snom 820 is set to change that. With sleek new looks, finally no paper templates, an available wireless version and Snom's great software under the hood, the 820 looks ready for prime time.
Take a closer look: http://www.snom.com/sv/products/snom-820/
Let's hope they follow it up quickly with an 860 or 870 for the attendant position.
.
Friday, December 12, 2008
sipXecs updates..
Version 3.10.3 Stable has hit the streets. I've done a couple upgrades at this point and all is working great.
3.10.30 combined with Polycom 3.1.1 firmware and 4.1.2 bootrom brings Music On Hold to the Polycom phones finally! Woohoo!
Oh, and they fixed a few other bugs too...
4.0 development seems to be pressing ahead quite well. The developers have just upped the development version to 3.11.9. I have been installing 3.11.8 regularly in a virtual and things seem to be shaping up quite nicely.
.
3.10.30 combined with Polycom 3.1.1 firmware and 4.1.2 bootrom brings Music On Hold to the Polycom phones finally! Woohoo!
Oh, and they fixed a few other bugs too...
4.0 development seems to be pressing ahead quite well. The developers have just upped the development version to 3.11.9. I have been installing 3.11.8 regularly in a virtual and things seem to be shaping up quite nicely.
.
Wednesday, November 26, 2008
Audiocodes adds IP Phones to Offerings
Audiocodes which has been known for many years for their gateways has added IP Phones to their repertoire. The new phones are all HD (g.722). To me, their looks are uninspiring. If their tech support is as good as their tech support has been with their gateways I'm sure they will go nowhere... Sorry, was that sarcastic?
http://www.audiocodes.com/Content.aspx?voip=3112
Judge for yourself I guess...
.
http://www.audiocodes.com/Content.aspx?voip=3112
Judge for yourself I guess...
.
Thursday, November 6, 2008
Been a while...
Gosh, it's been a month since I posted... doh!
October and November are usually crazy months for me and seemingly even more so this year.
Was able to get a little more bird hunting in this year which was nice and I've already bagged my deer (an hour and fifteen minutes into the season... oh well...). I've got one more autocross coming this weekend too and then am headed for the Nascar finale in Miami the next weekend.
The development builds for sipXecs 4.0 (3.11.x) are getting better and better with every passing week. Looks like the clustering pieces are finally in place and I'll be doing some testing with that soon. I'm still not exactly sure how they will be dealing with voicemail / media services in a clustered environment... hope to have that answered soon.
The concept of locations & gateway resources at locations seems to be coming together. This should allow a group of phones to prefer particular gateways based on what site they are at. I'm expecting this to be a huge benefit to a clustered system.
I've got another project I'm working on and expect to be able to provide info on that next month or in January.
.
October and November are usually crazy months for me and seemingly even more so this year.
Was able to get a little more bird hunting in this year which was nice and I've already bagged my deer (an hour and fifteen minutes into the season... oh well...). I've got one more autocross coming this weekend too and then am headed for the Nascar finale in Miami the next weekend.
The development builds for sipXecs 4.0 (3.11.x) are getting better and better with every passing week. Looks like the clustering pieces are finally in place and I'll be doing some testing with that soon. I'm still not exactly sure how they will be dealing with voicemail / media services in a clustered environment... hope to have that answered soon.
The concept of locations & gateway resources at locations seems to be coming together. This should allow a group of phones to prefer particular gateways based on what site they are at. I'm expecting this to be a huge benefit to a clustered system.
I've got another project I'm working on and expect to be able to provide info on that next month or in January.
.
Subscribe to:
Posts (Atom)