Jump to content

Vodia PBX

Administrators
  • Posts

    11,108
  • Joined

  • Last visited

Posts posted by Vodia PBX

  1. The PBX generally pools connections, which is for example also necessary for Teams. Usually there is some keep-alive traffic, so that the one TLS connection stays up for days, weeks and hopefully many months and then there is only one TLS handshake in the beginning. This is also the only way to keep TLS working behind NAT. 

    5 minutes sound to me like the connection idles and then gets torn down. If there is no REGISTER, what would still be an option would be — OPTION. This would generate keep alive traffic if there is no REGISTER in use.

  2. We keep getting tickets because servers are running out of their license. This is a problem that can be avoided by having your favorite uptime checker looking at the PBX from time to time and report when it has problems fetching the license. We had it already for SNMP, but it's also available through the REST API. We have also lined this up for version 68.0.30, and the link is here. BTW it also makes sense to check if certain certificate expire, which has become another frequent and avoidable problem with running the problem. For those you don't need anything from the REST API because most scanners are able to parse the license from the HTTPS connection. 

     

  3. 69 is using passkey, which puts the burden of the second, third, ... factor on the browser and operating system. It's essentially the job of the operating system or environment to make sure that the user is the user. Passkeys are available on all mainstream browsers today and it is heavily promoted by the FIDO alliance, though admittedly users need to get used to the concept more. But it will happen.

  4. There are servers that have more than 30K extensions on it, however with a low usage in terms of actually having a registration and or making a call. It does not matter how those extensions are subdivided into tenants. As for active registrations, 2000 should be a good number and as for active calls, depending if they perform call recording, SRTP and transcoding, 200 should be rule of thumb. Of course it depends a lot on the CPU, but those numbers are for a reasonable modern CPU with two cores. 

    Having multiple servers helps to not put all eggs into one basket but still maintain some efficiency with running. For example, if you have 100 tenants on one server, you need to perform only one software update instead of on hundred and you need to pay for only one VM instead one hundred. If you would double the number of tenants on it, the scale effect would improve only from 99 % to 99.5 % so that is why it does not make sense to totally overload a VM.

  5. On 4/4/2023 at 10:09 AM, mcbsys said:

    I can't find any mention of "localhost" though I'm not sure I know where to look.

    System > Tenants > List > pencil icon > Primary DNS address = phonesystem.mydomain.com

    System > Settings > SIP > Settings > IP routing = private public

    The name localhost is a special "DNS address" in the parameters for a tenant. It goes back to the old times when PBX were running on a random IP address without the luxury of having a DNS address assigned to them. It just matches anything. It is not related to the IP routing.

    On 4/4/2023 at 10:09 AM, mcbsys said:

    On the Debian server, under /usr/local/pbx/extensions, I have 1.xml through 6.xml. Interesting, since I only have 5 extensions. That would seem to support my suspicion that deleting x250 didn't really get rid of it.

    Well if there is one file missing that math would still work. But extensions can also be disabled or just have no license.

    On 4/4/2023 at 10:09 AM, mcbsys said:

    Not only are the passwords encrypted, it seems that these XML files do not even contain the extension number. If I open every one, and look at <display_name>, I may be able to backtrack to figure out which file applies to which extension. Am I allowed to see the files that maps extensions to XML definitions? Or for that matter the indexes to all the various folders on the server?

    I am really missing the simple Excel file export in 3CX that lists all extensions and passwords (web, SIP, phone UI) in plain text!

    Passwords need to be encrypted, otherwise there is no way to have the system e.g. compliant for healthcare. Passwords that humans enter are sensitive information and should not be visible anywhere, not and especially not to the administrator. If 3CX sends them in CSV files, they might be in trouble regarding compliance and actually general security.

    But you can export the list of extensions, just click on "Export as CSV" in the accounts overview.   

  6. As for emergency calls, it's just smart to make sure that you can call the emergency number. In some countries it might be the law, and in others it just makes sense. I agree a hotdesk phone is not the right choice for a lobby phone. The next version will actually make the login possible and then let's see if there is anything else useful that can be associated with that account type. 

  7. If there is a phone in the office you would want to be able to place a call to an emergency number. For that functionality you need to be registered to the PBX and you can't just recycle the extension number of a regular user. 

    Let's say you have a shared office with 100 desks, and 200 people working for the company, many of them working from home. Then it makes sense to pay the regular extension price for those and a small amount for the hot desk accounts.

    If there is additional functionality for a hot desk account, we can think about adding that as well. This would be about someone randomly walking to an empty desk and want to something. Maybe calling the front desk? That would be something that could make sense. Internal calls would be debatable, especially if this is in a public area or lobby and you don't want strangers to call employees up or even start overhead paging.

  8. The hot-desking accounts solve the problem that in a co-working space you otherwise would have to pay almost twice — one time for the physical phone on a desk and another time for the user. The desktop phones need a dummy-extension, so that the phones can be provisioned and can dial log-in, log-out and emergency calls, but not much more. That is why they are prices far below other extensions. 

  9. On 4/5/2023 at 8:01 AM, mcbsys said:

    Is there a way to generate a trunk-level PCAP inside the PBX, one that tracks _all_traffic (not just subsets attached to individual calls)?

    This PBX is running on an Azure virtual machine so the Internet connection is probably pretty good.

    You can enable PCAP on trunk level as well. However it tracks only traffic for calls, registration traffic is not being recorded. But what you can do is to filter the SIP packets by IP address, then you get a good picture on that is going back and forth with the trunk.

  10. 3 hours ago, RichardDCG said:

    Potentially just having periodic AMI images created may suffice...

    Absolutely. Failover when the datacenter is under attack and goes down is one thing. But when an administrator accidentally makes a stupid move is another. I would say the latter happens more often. Then having a snapshot not too long ago can be a true blessing. And it's really easy and cheap in most data centers, including EC2.

  11. Hmm. Well we can't do anything about the administrator choosing a password that includes special characters, and IMHO a device should be able to handle that. XML properly does it. But for passwords that the PBX generates, AFAI can see, it should not contain an ampersand unless you are on a really old version. Setting if through the web interface will not help much, because you will set the web or SIP password which is unrelated. What you could try if regenerate the MAC password, easiest would be to delete the MAC and add a new one, maybe just for sake of proving the hypothesis. Or edit the file for the MAC in the file system, take the encrypted parameter out for the password and put it there in plane text, then restart the service. 

×
×
  • Create New...