Browse Author

Paul Hayes

Door Entry Demo Kits

In order to properly demonstrate what our door entry kits look like and what they can do, I’ve turned my hand to a bit of metalwork and woodwork to make these display stands:

If you are at our Huddersfield or London Open Days then you can see these in action.

For more door entry info, have a look at the door entry section on our website.

We will have this demo kit set up at all times in our Huddersfield afterwards so if you are in the area pop in and have a look. Our plan is to have as much of our product range as possible on display and working so people can see what it does.

Oh and the brickwork image on the backgrounds of the stands is a genuine Savile Mill (the ProVu office) wall stone photo! No Google Image Search used here….

snom phones – which caller ID to use on inbound calls

There are several ways a snom phone can get Caller ID Name for an inbound call.

The first is from the Invite message of the inbound call from the sending SIP end-point. If a “Name” part of the Caller ID exists then this will be used by the Snom phone to display the name on the screen.

The phone can also get a name from it’s internal address book or an LDAP server if one is configured. However, it will only use this if there is no “Name” part of the Caller ID in the incoming Invite.

If you want to change this behaviour set this setting in the Snom phone’s web interface:

  • Advanced => Behaviour => Prioritise PBX Number Lookup

To “off”. Then an internal address book or LDAP server will take precedence.

More information here:

Snom Wiki

*****
UPDATE

This setting has no been superseded. From software version 8.7.3.19 use setting contact_source_priority

Information on snom Wiki:

http://wiki.snom.com/Settings/contact_source_priority

Cisco Small Business Phones and LDAP directory

Cisco Small Business phones (the SPA-3xx and SPA-5xx ranges) support central address books using LDAP.

The settings are notoriously difficult for people unfamiliar with LDAP to get right. Here is my example using an OpenLDAP server:

Cisco LDAP settings screenshot

So in my LDAP tree I’m using sn for surname and cn for first name.

Set up with Microsoft Active Directory shouldn’t be too much different from this but the exact settings will just depend on your AD structure.

Snom phones using SIPS/SRTP encryption with Asterisk 1.8

I’ve been looking forward to the time when Asterisk catches up with the rest of the SIP world and starts working with encrypted SIP and encrypted RTP (SIPS & SRTP respectively). Asterisk has supported it since the recent release of version 1.8 so I had to get it working.

Asterisk only supports a fairly fixed set of encryption options so you’ve got to set the phone up just right for it to work. I’d also say that SIPS & SRTP is very much new functionality in Asterisk so I’d treat it as for testing purposes only right now….although it’s looking promising.

Snom phones have supported both SIPS & SRTP for years (in fact I think they were the first IP phones on the market to do so). So if any phone can get it right it should be them, perfect to test with.

I am using the following to test with:

  • Current Debian Asterisk 1.8 packages maintained by Digium on Debian Squeeze (deb http://packages.asterisk.org/deb squeeze main)
  • My actual Asterisk version at the time of writing is “1.8.4.1-1digium1~squeeze”. Some older ones didn’t work.
  • Snom 300 with 8.4.31 firmware. It will not work with much older versions.

I’m not going to go into the setup of Asterisk itself as there is plenty of information on this out on the Internet, not to mention quite a lot of different ways of doing it. I will just mention that I am using a self-signed SSL certificate, this means you either have to leave server verification turned off on the phone (which it is by default on this firmware version) or import your own CA into the phone. Neither of which are ideal for a real world deployment, you’d buy a server certificate from a recognised CA in that case but for testing….

The important bits in Asterisk

OK so I will mention a couple of things in the Asterisk setup… all in sip.conf

  • tlsenable=yes : in general section
  • domain=ast18.provu.co.uk:5061 : this is needed for it to work
  • transport=tls : used in the general section or in each sip peer/friend to turn on tls for SIPS
  • port=5061 : in general or each sip peer/friend. 5061 is the usual port for SIPS
  • encryption=yes : turns on SRTP, if you have set this then the SIP device(s) MUST use it, it’s either on or off, not optional

There are more settings needed than this, please read the Asterisk documentation.

Snom phone setup

Everything is in identity 1, these are obviously examples only! You’ll need to put your own Registrar in etc…

Login tab:

  • Account: sip username
  • Password: sip password/secret
  • Registrar: ast18.provu.co.uk
  • Outbound Proxy: sips:ast18.provu.co.uk:5061
  • Authentication Username: sip username

SIP tab:

  • Support Broken Registrar: on

RTP tab:

  • RTP Encryption: on (should be default…)
  • SRTP Auth-tag: AES-80
  • RTP/SAVP: mandatory

That should be it. As mentioned the Snom phones do not verify the server certificates by default. If you want to turn this on then go to the “Certificates” page in the phone setup and click “Activate”. But bear in mind you must either use a certificate from a known CA or import your own certificate into each phone manually. Certificates must be in DER format for this.

To confirm it’s working, look for the little lock symbol on the phone screen during calls. It should look closed when the call is secure. For further confirmation you can do a pcap trace on the phone, open this up in Wireshark and then not be able to view the SIP packets or decode the audio to anything but white-noise.

Let me know if anyone thinks it’s worth me putting together a how-to with the full Asterisk config too.

IP phone web interface security

Security of IP telephony systems is a hot topic at the moment, it has been for quite some time and is should always be at the forefront of anyone’s mind when setting up such a system.

There are loads of methods and applications for securing PBXs and the like but something I often see overlooked is security of the actual phones themselves.

The usual threat is someone obtaining SIP credentials by looking at the phone’s web interface. In some cases, IP phone devices have the password displayed in plain-text for all to see. Slightly better implemented GUIs have the password obfuscated when you look at the page but still readable by viewing the page source code in your web browser.

If ProVu ever become aware of any products we sell with either of these issues, we push the manufacturer make changes to hide the password at all times.

Further to this though, anyone installing IP phones should really set strong web interface usernames and passwords. I see phones put on public IP addresses or sometimes with port forwards (often for support purposes) that have no passwords set! This is like leaving the front door to your house wide open while you go out to work all day. Please remember to set a username and password. If a phone comes with a default username and password then do not leave this set as you can be certain the people who want to break into your phone will know default passwords for various phones.

ProVu can set usernames and passwords for phones using our provisioning services:

ProVu fulfilment services

cheers,
Paul.

Draytek 2820 known issue with current firmware

Over the last few weeks we have been taking lots of support calls from people with NAT issues with phones using Draytek routers.

The 2820 seems to be the main router affected but it could be others.

The problem manifests itself with SIP phones losing Registration to the SIP server with 408 time-out messages. In most cases it is weird in that some phones on the network will work fine and others wont.

The fix (which is confirmed by Draytek themselves to a couple of my customers) is to downgrade to firmware version “333”.

This problem occurs even if you have the SIP ALG turned off. Please ensure the ALG is off as this can cause even more problems, it is usually off by default these days.

As a side note, please make sure you are not using a Draytek router with “voip” ports, the model number will usually have a “v” in it. These are not suitable for use with stand-alone SIP phones connected to the network, they are only use if you are ONLY using the built-in VoIP ports. There is no fix other than swapping the router out as far as I’m aware.

cheers,
Paul.

SnomONE and Voipfone

I’ve just diagnosed an issue a customer had getting a Voipfone SIP trunk Registered on a SnomONE PBX.

The trick to getting this to work is:

    • Turn on long SIP headers. Go to the admin, general settings page and set “Use Short SIP Headers” to “long”

 

    • If you are using IP access control then you need to enable the IP range 195.189.172.1 – 195.189.173.254 to ensure Voipfone will work

 

SnomOne more info

Common VoIP poor call quality symptoms and causes

We get asked this a fair bit here, I’ve compiled a quick list of the most common symptoms and causes with some possible solutions too:

Symptom: caller or callee hearing any of the following – clicks, periods of silence (voice stopping and starting), “robotic” sounding voice. This is by far the most common issue.

Cause: packet loss, can be due to lots of things, insufficient Internet bandwidth, lack of QoS on a connection shared with data, faulty network equipment (can include poor cabling), problems at the ISP.

More on bandwidth: a normal g711a VoIP call will require approximately 100kbps in both directions on the wire. The actual audio part is 64kbps but then you have to factor in RTP headers, IP headers, UDP headers etc… So it doesn’t matter if you have a 10Mbps Internet connection if this only has 256kbps, then you will only ever get two VoIP calls and even this assumes you are doing pretty much nothing else with it.

—-

Symptom: crackling during phone calls.

Cause: This is going to be a hardware issue with something like the phone’s handset or handset cable. Or headset if a headset is being used.

—-

Symptom: echo during calls, either the caller or callee hears their own voice coming back at them a fraction of a second after they spoke.

Cause: the fault usually lies with the person not hearing the echo. I.E. if a person you have phoned complains of echo then it is more than likely something on your phone causing it. The most common cause is people having handset volume turned up miles too loud, microphone gain too high or using a very poor quality handset or headset. It’s normally going to be an acoustic problem. Although it can also be caused by phones with extremely poor quality hardware and not very good echo cancellation routines (was common in the very early days of VoIP).

—-

Symptom: calls are too quiet, people who call me can’t hear me or I can’t hear them. My phone handset/headset volume is at full.

Cause: this is usually caused at the point where a call is translated from one format to another, such as inside a PBX converting an ISDN call to a SIP/RTP call. The fault needs to be fixed where at the cause rather than trying to mask the problem by turning handset volume up too loud (as this is likely lead to other problems such as echo on other calls). Most PBX systems will have settings to adjust gain levels when converting calls from one format to another. If this only occurs when using a headset, then check you are using the correct one for your phone.

—-

Symptom: when using a headset, the person I am talking to can hear a buzzing on the line. For those in the know, it is a 50Hz “mains buzz”.

Cause: this is caused by electrical interference being picked up by your headset’s cable. Causes can be faulty electrical equipment (computer, computer screen etc…) nearby. One solution is to ground your phone somehow. Either install fully shielded network cabling (which isn’t much use if you already have unshielded UTP cable installed throughout your building!). Or power your phone with a fully earth power supply, these are identifiable as they will have a 3-pin “IEC” connector from the wall socket to the power brick. Fortunately there is an easier answer which is to buy a headset which has a better quality shielded microphone.

—-

Protalk SIP Door Entry Phone with Gradwell

The scenario is that you are using one of our ProTalk Door Entry SIP phones with a Gradwell account and forwarding the call to a mobile phone. You might want to do this to talk to people at your door when really, you aren’t in or for when you aren’t near a desk phone in your place of work.

If you still want to operate the relays in the door phone (either to activate a door opener, turn on a light etc…) then you type in a certain sequence on the phone you are using. This sequence is transmitted back to the door phone using what is known as DTMF tones. In order for this to work with Gradwell accounts we’ve found that you need to use their Outbound Proxy.

Firstly, make sure you are on a recent firmware (v1.48 at the time of writing), you can get this from ProVu if you need to upgrade. Then set the device up as follows in the SIP Parameters page:

  • SIP Proxy Server Address – nat.gradwell.net
  • SIP Proxy Server Port – 5082
  • SIP Registrar Server Address – sip.gradwell.net
  • SIP Registrar Server Port – 5060

Then your username/password as Gradwell will have given you.

This may also be the case for other providers as well as Gradwell, so if you are getting one-way-audio problems or DTMF problems in general, ask them about Outbound Proxy.

More info on the ProTalk SIP Door Entry range here.