hosted Posted January 8, 2014 Report Share Posted January 8, 2014 soon, very soon Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted January 8, 2014 Report Share Posted January 8, 2014 Looks cool let us know if we should add something to the drop-down... Quote Link to comment Share on other sites More sharing options...
koolandrew Posted January 9, 2014 Report Share Posted January 9, 2014 Am i missing something here. We are interested in this topic, but there is nothing to view or read? Quote Link to comment Share on other sites More sharing options...
hosted Posted January 9, 2014 Author Report Share Posted January 9, 2014 @koolandrew its was in the attachment. were testing our sip trunk service Quote Link to comment Share on other sites More sharing options...
hosted Posted January 15, 2014 Author Report Share Posted January 15, 2014 tls trunk require "Explicitly list addresses for inbound traffic" correct? or is there another way.. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted January 15, 2014 Report Share Posted January 15, 2014 tls trunk require "Explicitly list addresses for inbound traffic" correct? No, TLS trunk don't require that (though it is a good way to further secure the trunk). You might stumble over the certificate problem, where either the PBX does not trust the client certificate from the SIP client or the SIP client does not trust the cert of the server. The log will show this on one of the sides. Quote Link to comment Share on other sites More sharing options...
hosted Posted January 17, 2014 Author Report Share Posted January 17, 2014 so when i use outbound proxy = tls.io does it look up the IP's in the dns? and authorize any/all of them? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted January 17, 2014 Report Share Posted January 17, 2014 It runs the DNS NAPTR, SRV, AAAA and A resolution and comes up with one IP address. When verifying the domain, the IP address does not matter (unless it is in the domain name or outbound proxy). It checks if what is being presented as certificate matches the domain name, and if yes, it proceeds. Actually when I try, I can connect using TLS (certificate works). DNS resolution did not work out of the box, needed to add transport=tls but then the TLS connection was find. Quote Link to comment Share on other sites More sharing options...
Vodia support Posted January 17, 2014 Report Share Posted January 17, 2014 it should resolve the DNS however TLS would require a certificate from the provider and I don't think this is implemented yet. Please check this article. http://www.informationweek.com/infrastructure/unified-communications/how-secure-are-sip-trunks/d/d-id/1080573? Quote Link to comment Share on other sites More sharing options...
hosted Posted January 17, 2014 Author Report Share Posted January 17, 2014 i have a TLS cert and am passing TLS just fine. BUT when i use outbound proxy tls.io;transport=tls the TLS.io domain will have SRV records with 3 different IP's sooo does the PBX allow all 3 IP's for inbound calls? (because they match the SRV) Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted January 17, 2014 Report Share Posted January 17, 2014 Yes and no. From a trunk association point of view, it would allow it. The PBX really does a recursive lookup of the possible IP addresses, unless explicitly specified. However it has no relevance for TCP and TLS, as the registration is always connection oriented (unless the registrar starts opening new TCP connections to the PBX, which is unlikely in case the PBX is behind NAT). The reverse lookup is only interesting for UDP-based trunk registrations. Quote Link to comment Share on other sites More sharing options...
hosted Posted January 17, 2014 Author Report Share Posted January 17, 2014 I have 2 SIP switches #1 residential #2 business. (yes odd i just have not migrated) switch1) pbx registers to node1. call comes in on node3 it will transfer to node1 and then PBX. *no issues pbx is registered and knows the IP switch2) i have 3 nodes, with a central database. pbx registers to node1 but call comes in on node3. node3 seeing the registration IP (from the database) sends the call to the PBX directly. so scenario #2, there is no option that to have all 3 node IP in the explicit list right? because there is no DNS control to recognize tls.io has the 3 IP's as possibilities. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted January 17, 2014 Report Share Posted January 17, 2014 Again you can put all those three IP in the list of explicit addresses. But it would not solve your problem. With TCP and TLS, the switch must know where the registration is and send it through that TCP and TLS connection. The point is simply, that the PBX is the TCP client and the registrar is the TCP server. This is like a wire between the PBX and the switch. You can put messages only in on the two ends, "injecting" messages is not possible. So if the PBX lets say is regsitered to server #2 and you want to send a message to the PBX, you will have to send it through the connection with that server #2. Quote Link to comment Share on other sites More sharing options...
hosted Posted January 18, 2014 Author Report Share Posted January 18, 2014 makes sense, thanks for clarifying. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.