Earlier this week we teamed up with Panasonic to offer resellers a free SIP Demonstration Workshop.
Resellers were invited to Panasonic’s purpose-built Solutions Centre, in Bracknell where they were introduced to Panasonic’s existing and future SIP range and given the opportunity to get hands on with the products.
The event turned out to be a great success, with over 30 resellers joining us. We would like to thank everyone who joined us – we hope you enjoyed the day!
This involves two levels of encryption. The first is SIPS/TLS which is encryption of SIP signalling between the SARK PBX and your IP phone. It works in much the same way as HTTPS certificates do.
You can either purchase a certificate from a trusted source or generate your own self signed certificates. I’ll use self-signed certificates here because they are free and do the job for what I wanted.
The second part of encrypting your phone calls is the actual audio stream itself, the RTP. We can use SRTP, this is simply a case of turning it on but there’s no real point to doing this without firstly configuring SIPS/TLS because the keys used in SRTP encryption are passed in the SIP messages.
For me, there’s two reasons for doing all this.
The most obvious one is security, encrypting your phone calls means that anyone who is able to sniff your network traffic cannot extract your phone calls. For most people this is pretty unlikely but could happen all the same.
Perhaps of much more use is for remote or home workers and this is what made me get this working with SARK. One of the biggest problems in the world of VoIP is SIP-ALGs on routers making incorrect alterations to SIP packets. If your SIP packets are encrypted then any router they pass through cannot possibly make any alterations to them!
The steps to getting this working are (basically the same process on a SARK PBX as on any Asterisk PBX).
1) Generate self-signed certificates (commands issued at the Linux command prompt on SARK):
2) Configure Asterisk:
Edit the file ‘sark_sip_header.conf’ either from the command line or in Asterisk File Edit in the SARK web interface. Add the following:
Replacing xx.xx.xx.xx with your system’s own IP address. The last line isn’t essential for us but means if Asterisk is connecting as a client to a TLS server (so you’d need a SIP service provider who does TLS), whether to verify their certificate or not. If you do verify their certificate then they cannot be using self-signed certificates.
3) Configure extensions:
You can specify which extensions will use TLS & SRTP (and any you don’t, stay using unencrypted SIP & RTP).
In the SARK web interface, edit the extension and go to the “asterisk” tab. Add these lines:
This will turn on both TLS and SRTP for that single extension.
It’s important to note that once you’ve applied this, the phone MUST use it and trying to Register without encryption will now fail.
4) Configure the firewall:
By default SARK PBX only allow in SIP over UDP but TLS uses TCP. You need to add a rule in the ‘firewall’ section of the SARK web interface to allow TCP port 5061 (SIPS/TLS uses 5061 by default). Note, you don’t need to allow RTP over TCP, SRTP still uses UDP normally.
5) Configure the phones:
This assumes you already have a phone configured and working using normal SIP, this is how to convert them to use SIPS/TLS & SRTP.
Then when making or receiving a call, look out for the little “lock” symbol on the phone screen to signify SIPS/TLS & SRTP are both in use in the call in progress.
Much like Snom, the phone will also display a “lock” symbol on the screen during a call with SIPS/TLS & SRTP in use.
One last thing to note, both Snom and Yealink phones do not verify server certificates by default. This means that there is no protection against a man-in-the-middle attack (someone else pretending to be your SIP server). You can turn on certificate verification on either phone but you MUST also do one of the following in order for SIPS/TLS to continue to work:
Any questions to paul@provu.co.uk
We have received an end of life notice from Gigaset for the SL610H PRO handset. We currently have limited stocks of this phone remaining; once stock has cleared they will not be replaced.
The SL610H will be replaced by the recently announced SL750H which is now in stock and available to order from us. For more information, please see our webpage.
Pricing and stock information is available on our reseller portal, ProSys. If you would like to become a ProVu reseller, you can apply via our online reseller application form.
We have teamed up with Sangoma to bring ProVu customers some great money-saving offers on their telephony cards. With promotions running until the end of the year, ProVu customers can save up to 25% on selected cards!
Together with the Sangoma NetBorder or SS7 Software, these cards can provide the ideal solution to any Telecoms infrastructure. Pricing and stock information is available on ProSys, our reseller portal. If you would like to become a ProVu reseller, you can apply via our online reseller application form.
We have received an end of life notice from Snom for their current 710, 720 and 760 models. We are currently holding significant stocks of each of these models and fully expect to be able to continue to supply these for the remainder of 2015 and most likely for some weeks in to the New Year.
The replacement models will be the D710, D715, D725 and D765. Although these new models look the same, they are black in colour and have completely new hardware and firmware. All of the D7 series models except the D710 are in stock and available to order now. We expect the D710 to arrive in the next few weeks.
If you have any queries or would like to discuss how these changes may effect any projects you are working on, please call the sales team on: 01484 840048 or you can email: contact@provu.co.uk.
We are pleased to announce that we are now able to offer our fully automated provisioning services for the full range of both Polycom phones and Konftel IP conferencing phones.
For many years now we have been providing resellers a fully automated provisioning service for Snom, Yealink, Gigaset, Panasonic and Cisco. Now, with increasing demand for both Polycom and Konftel phones our technical team have developed our hosted provisioning platform to support both Polycom and Konftel.
For Polycom phones we are utilising the proven Secure Device Provisioning method of client certificate authentication, this enables our provisioning service to provide real confidence that you can order Polycom phones to be shipped direct to your customer’s site and for them to obtain their settings in a secure manner. Phones provisioned by ProVu in this way simply need to be connected and they will work out of the box.
To find out more about our provisioning services and how to get started please visit our Automatic Provisioning webpage
The new Snom D765 is now available from ProVu. Joining the D7-series of IP phones, the D765 is the perfect companion for users requiring cutting-edge design and high-end functionality.
This new desk phone will replace the Snom 760 and is the first in the range to feature integrated Bluetooth connectivity and a large 3.5″ high resolution colour TFT display.
For more information, please visit the D765 webpage.
Launched in 2006 and having gone through several revisions the Snom 300 has stood the test of time and is still going strong. Over the years the Snom 300 has become one of the most popular SIP Phones ever. Proving to be the ideal choice for those volume applications where a relatively low cost but reliable and robust phone are essential requirements.
Although compact the Snom 300 has the same high quality handset and audio as the larger models and supports PoE as well as a 2 line backlit LCD display and headset port. It also has all the the most commonly used telephony features required for business use.
With a retail price of just £55.00 the Snom 300 represents outstanding value and with its reputation for robustness and reliability it provides a great return on investment.
The new Gigaset SL750H PRO is now in stock and available from ProVu. This new, stylish handset is Gigaset’s thinnest PRO handset yet and comes complete with a large 2.4″ illuminated display with an intuitive, icon-based user interface. With its scratch-resistant coating, the SL750H PRO is resilient to scratches on the display, case and keys. The coating also provides protection from disinfectant liquids making it ideal for use in industrial, manufacturing and clinical environments.
Along with other PRO handsets, the SL750H is compatible with the N510IP PRO, N300IP PRO and the N720IP PRO, offering customers a solution to suit their individual needs. With the N720IP you can offer a multi cell solution that ensures complete coverage of any building or widespread surroundings.
More information can be found on the SL750H webpage. Pricing and stock information is available on our reseller portal, ProSys.
We’ve had a great morning here at ProVu filming for the Huddersfield Examiner Business Awards. Filming took place here at our offices in Huddersfield by Flix Facilities, who are based in Manchester. Complete with an interview from our Managing Director, Darren Garland, the Flix team took shots around the whole building.
Filming follows the recent announcement that we have been shortlisted for the SME of the year award, along with two other successful companies in the Huddersfield area. The video is due to be shown at the Awards Ceremony, taking place at the John Smith’s Stadium on 12th November – we look forward to seeing the end product!
 |
 |