andrewgroup

V3.4.3201 lacks the blacklist options...

this spring we participated in the SIP approval process for then Nuvox, but now Windstream. this was a step by step testing and SIP trace capturing of all features they support. We successfully completed the entire process, submitted the resulting traces for review, and were accepted and have been successfully using Nuvox/Windstream for a client since Early May... They should have records of these test results if you are challenged to comply. Contact me for details if needed.

Latest Update, We are once again experiencing failures where the PBX is not replying to the SUBSCRIBE message and we not seeing any traffic out the WAN port.

Below is the configs and the route Interestly after adding the gateway to the WAN IP 192.168.2.1, we began having PNP problems, the problem was compounded by a factory restart on a snom 320 test phone, so we are troubleshootingmore variables. The gateway was removed, and the route adjusted, but the PNP process appears to end when the phone makes a subscribe, and we see no reply from the PBX. (using a HUB to see all) Now going for Wireshark on the WAN port to see if these replies are going out the WAN port, and also adding routes to the PBXnSIP routes entry fields. (Perhaps that has become a requirement and will know more shortly. This file was automatically generated by the IP PBX. auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.1.254 network 192.168.1.0 netmask 255.255.255.0 broadcast 192.168.1.255 auto eth1 iface eth1 inet static address 1.1.1.1 network 1.1.1.0 netmask 255.255.255.0 broadcast 1.1.1.255 auto eth2 iface eth2 inet static address 192.168.2.99 network 192.168.2.0 netmask 255.255.255.0 broadcast 192.168.2.255 gateway 192.168.2.1 Routes Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.2.0 * 255.255.255.0 U 0 0 0 eth2 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 1.1.1.0 * 255.255.255.0 U 0 0 0 eth1 default 192.168.2.1 0.0.0.0 UG 0 0 0 eth2 comcerto:~#

We have recently upgaded 5 instock CS410's (BLACK) to the latest Firmware & MSP, and were planning an installation. The staff was having their buttocks kicked trying to get PNP operational. We engaged support (thanks) but the internal problems continued. The CS410 was configured with the PUBLIC IP and the internal LAN. Many hours passed, and PNP was non functional as configured. one thing that was said, in the process, was they saw PNP work with the CS410 provided DHCP services. On a hunch, Step 1. assigned the LAN Interface a common local IP address (NO GATEWAY), and assigned a scope to the CS410 DHCP server. We also assigned another STATIC IP to the WAN interfce (NO GATEWAY). With the CS410 and a fresh SNOM phone plugged into a HUB, we were able to get PNP working. We were successful getting several more phones operational too.. NOTE, We also had a PC attached and have captured for reference purposes using WIRESHARK the entire PNP sequence. Step 2. We disabled the CS410 DHCP and using a simple DHCP server on the PC, we were able to duplicate our successes, and again capturing the entire sequence with wireshark. Step 3. We replaced the HUB with a few switches and confirmed the success. The hunch is that whenever a GATEWAY IP is assigned to the CS410, this might be interfering with the PNP processes, by replying on the wrong interface. Remember the CS410 has three interfaces - LAN, WAN, and the 4 port analog gateway. Our next step, is to assign a gateway and work towards making the PNP process fail. (It was consistently failing on all units) We also want to make sure any routers that may have been involved in the earlier testing did not have UPNP enabled. This might interfere too.. We will know (with 100% assurance) what was causing this problem, and we will share the results, any LAB diagrams, traces and tips to anyone interested.... One possibility that might come of this is to not assign any gateways, but only use the ROUTES settings in the CS410. this might offer better security too.... Cheers

We recommend at least 1 day, and have the system send the call logs to an external email address for keeping or further processing. It's also unfortunate the OEM builder when they compiled the kernel, they chose to not include CRON. However, since the startup is a series of scripts, it would be easy enough to add a script to delete cdr's during the boot or restart process.

OK, After a quick read, are we to assume that a dual NIC PBXnSIP box can be deployed, and optionally have no default gateway, but allow the PBX to determine the route for both the SIP and RTP traffic based upon the Source? Is it recommended to always to IP replacement when having Two NICs?

On a 3.4.x system we recently removed the default gateway from the WAN IP, (public) and put it on a LAN IP (192.168.50.1). We created a persistent static route for the ITSP proxy to go through the original default gateway on the WAN IP. This works as expected and the PBX can make and recieve calls, and the goal was to isolate the PBX from the world. Works, but we have another issue. We have a single remote IP phone that has worked fine for a long time. This phone is behind a good router on a static IP. On the PBX another static route is created for the public IP of this router to go out the WAN IP just as the ITSP does. The problem is it appears the SIP (TCP) traffic works correctly, but when it hands off the call to UDP RTP streams we get no audio. Clearly this must be an issue where UPD does not find and follow the correct route. The ITSP continues to work fine. This is a UDP/TCP routing issue, but posting it here in context might be the best place to get a relevent answer. Thanks

Sorry for the time, the original problem appears to have been a combination or associated with one of two devices used on the test bench. A older 12 port CISCO HUB, and/or an off the shelf router for DHCP. Eliminated these and the process worked fine. The units we were upgraded from 2.1.13 to 3.4.0.3401. Based on some unscientific evidence, we upgrade the PBX first, then then MSP file.. It also appears as if the WEB interface simply copies the file as-is into the /pbx folder and the restart installs it...

What might we be doing wrong preventing us from upgrading the MSP and FIRMWARE on several CS410's? Can you manually copy the firmware into a folder? previously mentioned in http://forum.pbxnsip.com/index.php?showtopic=3664

This would have to be a match to a rule within a dial plan, not the entire dial plan.

A universal prompt for "this phone is not authorized to dial this number, please see your administrator." is needed then a Dial Plan 011* could replace and dial a certain error msg number to play this to the offender. Andy

If necessary, can an update package be manually copied onto the CS410, and if so what folder would you copy the update file into? Same folder for the MSP-UPDATE too?

We have several new in the box Black 410's that seem not to accept an upgrade . They are presently V 2.1.3.3332 attempting to upload update-3.4.0.320 and save / restart it stays at the V2 release? What and Where is the latest MSP upgrade?

Does a list of sample dial plan best practices exist? IE replace all 7 digit dialing with 10 or 11 digit dialing and a default area code. add a 1 to all 10 digit dialing. suggestions to block all international dialing. (allow only 11 digit or less dialing) allow only a designated internally country code that a client may call.

Maybe Not related, but worth a try... set the inbound trunk setting to http://forum.pbxnsip.com/index.php?showtopic=3598 Out ITSP just upgraded their BroadSoft Platform to Enterprise V16 and installed a acme packet SBC that deliver of the originating caller when redirected to a cell or land line. Use the term "hairpinning" when talking to the ITSP, maybe that will help.

It took about 1 google search to quickly determine the recommendations are; First Master ISA, Second Master Group Policies, need a MS ADM for port ranges, Hack the crap out of Server to allow you to affix PortRanges for a variety of services, 5060 and the RTP streams.... Read the many posts on Microsoft Social Networking sites, Still feel lucky? Or Put a Low Cost SIP AWARE Firewall Router on the LAN, and avoid all possibilites of a hack by using static routes at the central router to the remote sites, Secure the PBX with access ranges, and if you need to split a single ethernet feed from the ISP, use a suitable switch that SUPPORTS port based QOS and assign the PBX to a higher Queue than the LAN....DSCP value the incoming packets if you can. (Geeze, I hope you weren't thinking of running PBX on a system with ISA, Were you?) Much of this is reference in OCS installation guides for EDGE deployments..

On the trunk send calls to !(.*)!\1!t! This forces PBX in Sip to look at the To field just after the from field in the invoice and not the URI number

We would like to secure our SIP trunks by removing the default gateway from the WAN Interface, however, we would still need to add a Route to the Linux operating system that needs to be persistent to survice reboots. We will be making the default gateway on the LAN IP, for DNS lookup for the NTP service, or get NTP from a Windows Server on the LAN segment... What Linux config file would you add the route statement for the WAN interface to locate the SIP trunk provider IP?

No further comments on the previous post, http://forum.pbxnsip.com/index.php?showtopic=2902 but here is what I have seen.. CS410 firmware upgrade both gateway and os 3.4.0.3201 (Linux) attached WAN port with default 192.168.1.99 IP... attached to a 10/100 HUB... SNOM recovery firmware update assign MAC to ext 40 and voila we saw PNP work.. Set LAN port to static IP 192.168.1.200 move WAN port to a PUBLIC IP.... something interesting is that the DHCP LAN IP is able to PING the unconnected 192.168.1.99 IP address prior to making the above changes. Presently have Wireshark capturing all packets to create a PNP master diagnostic / setup handbook...

Other things you must do Use the Trusted IP Addresses: settings; If home users are cable modem, add static routes to the IP range that would cover the dynamic IP changes Add a unique Dial Out Code in the dial plan,,, (basically a code to dial out) save a button on the phone with the code presaved..

get 4 cheap numbers on added to the broadvox SIP trunk and forward each call to a each of the new number and alias the exts. Caller ID on the inbound call is not practical to use to direct calls, if possible at all... :-) AT

Trying to interpret your view, but the call picked up on extension appearence on the remote phone was still bound for 201 and all 201 settings should apply. Understanding and explaining the current behavior to a paying client is far more difficult, and is bound to cause confusion and concern than the desired functionality. The came about after hours when I took an important and private call in our offices at a staff members desk and discussed private matters related to a staffer. That call record was then was sent to the very staff members email. Needless to say, not good. Cheers.

I'm having trouble finding an online calculator that has a conversion function from TONS to FILE COUNTS. haha. On a secondary note, why does the PBX need to read the CDR's when it boots? Seems these are things in the past and could simply be ignored...

Will do and will do it on a live system, as that's how we roll. Kinda does this upgrade provide a long anticipated new operating system from comcerto? Do you know if that was ever released for this platform?