Yealink “ghost” phone calls

Occasionally we get support calls from people reporting “ghost” calls on a Yealink phone.

Fortunately the problem is easier to fix than calling the Ghostbusters in.

It’s caused by potential hackers trying to gain access to public SIP phone systems by scanning IP addresses for anything that responds to SIP calls. Usually using a tool called sipvicious.

Whilst they can’t really do anything bad with your Yealink phone, these calls are a nuisance.

To stop them, make sure you are on a fairly recent firmware version. v73 from www.yealink.co.uk or newer is recommended.

Then change two settings in the web interface:

    • Allow Direct IP Call – this means the phone will respond to calls coming in to it from any IP address, to any number. Sometimes used for internal intercom systems or basic phone testing without using a PBX. Set it to disabled. This setting is found in the “Features” setting tab, “General Information” page.

 

    • Accept SIP Trust Server Only – this is whether the phone accepts calls to the correct phone number but from a different place than it is Registered to. Sometimes needed for certain SIP providers but you want to set this to enabled wherever possible so the phone only accepts calls from your service provider. This setting is found either in the “Features” tab, “General Information” page or the “Account” tab depending on the phone model or firmware version.

 

On v80 firmware these are both in the same place:

Features > General Information

Christmas shipping and opening times 2015

Standard UK deliveries via APC:

Order Date Delivery Date
22nd December 23nd December
23rd December – 4th January 5th January *
5th January (Back to normal)     6th January


* If you place an order on the 23rd December it will be delivered on the 5th January, should you require the goods to be delivered on Christmas Eve, a £25 surcharge will apply. You will need to let us know if you would like this service.

Standard UK deliveries via DPD:

Order Date Delivery Date
22nd December 23nd December
23rd December 24th December
24th December – 4th January 5th January
5th January (Back to normal)     6th January

ProVu Christmas Opening times:

Dates Opening times
24th December OPEN 09:00 – 13:00
25th December – 28th December     CLOSED
29th – 31st December     OPEN (Skeleton staffing) 10:00 – 16:00    
1st – 3rd January CLOSED
4th January     Back to normal 09:00 – 17:30

Gigaset DE Series End of Life Notice

We would like to inform all ProVu resellers that we have received an end of life notice from Gigaset for their current DE series of IP PRO desk phones. This includes the DE310, DE410, DE700 and DE900 models. We are currently holding stock of these phones and expect to be able to supply these until the end of the year. However, we have been informed that Gigaset’s stock levels are limited, should you have any sizeable demand for these models please let us know.

The replacement models have been confirmed as the Maxwell 3, Maxwell Basic and Maxwell 4; we do not expect to launch these products until at least April 2016.

If you have any queries or would like to discuss how these changes may effect any projects you are working on, please call the sales team on: 01484 840048 or you can email: contact@provu.co.uk.

Introducing the New Snom D710


The new Snom D710 is now in stock and available to purchase from ProVu. Joining the D7 series of IP phones, the new D710 will replace Snom’s current 710 model.

Providing the ideal entry-level handset for everyday business use, the D710 comes complete with a range of cost-effective features:

  • Supports up to 4 SIP accounts
  • PoE support
  • 4-line black and white backlit graphical display
  • 5 programmable function keys with multi-coloured LEDs
  • Superior, crystal-clear call quality
  • 2 x 10/100 Mbps ethernet switch

For more information, please see the Snom D710 webpage.

Pricing and stock information is available on our reseller portal, ProSys. If you would like to become a ProVu reseller, you can apply via our online reseller application form.

End of Year Conferencing Promotions from ProVu


We are delighted to offer ProVu resellers some excellent money-saving promotions across our range of Conferencing Solutions. Available until the end of the year and whilst stocks last, ProVu resellers can purchase both the Konftel 300Wx and Yealink CP860 Conference Phones at reduced prices.

Pricing and stock information is available on our reseller portal, ProSys. If you would like to become a ProVu reseller, you can apply via our online reseller application form.

Huddersfield Examiner Business Awards 2015

ProVu Team - Examiner Business Awards 2015

Members of the ProVu Team enjoyed a great night last night at the Huddersfield Examiner Business Awards, where we were shortlisted for SME of the year award. Featuring some of the best businesses in our local area, it was great to see the diversity and success in the businesses around us.

ProVu would like to congratulate all finalists and winners who took part in this year’s awards!

Algo 8128 Uses & Benefits


The Algo 8128 Strobe Alerter is a SIP compliant PoE high intensity strobe light. Suitable for a wide variety of application environments, and for a number of potential uses, the Algo strobe alerter provides a host of opportunities to you and your business.

Solution for: Application Scenario:
Visual Alerting for noisy environments Warehouses, Workshops, Factories, Bars, Call Centres
Visual Alerting for quiet environments Libraries, Hospitals, Churches, Theatres
Visual Alerting for the Hard of Hearing Home, Student Accommodation, Hotels, Nursing Homes
Visual Alerting for additional security notification Airports, Retail, Transport Logistics, Construction Sites

Along with its wide variety of application environments, the Algo strobe alerter also has a number of uses. Offering 360 x 180 degree visibility and a range of flash pattern options, the strobe alerter can be used for; alerting and notification of telephone calls, emergencies, and/or safety and security events. The strobe alerter can be particularly useful for use with people who experience hearing difficulties.

Easy to Install

Algo’s strobe alerter can be easily integrated in to any VoIP environment, hosted or premise PBX. With an option for ceiling or wall mount fitting, the strobe alerter can be positioned to the user’s preferred position. For environments that require both visual and audio alerting, the strobe alerter can also be used with the Algo 8180 SIP alerter.

Web Interface

Through Algo’s web interface, strobe alerters can be remotely managed and allow you to select one of 16 programmed light patterns.

Auto-Multicast

With Auto-Multicast, multiple strobes may be operated simultaneously and synchronously using just one SIP extension.

For more information on the Algo strobe alerter, please see our webpage. Pricing and stock information is available on our reseller portal, ProSys. If you would like to become a ProVu reseller, you can apply via our online reseller application form.

Panasonic – TPA60/TGP600 How to transfer calls and switch between two simultaneous calls

This blog post will instruct you how to perform an attended transfer and switch between two calls on a TPA60 with the TGP600 base station.

What is an attended transfer? An attended transfer is where you speak to the person receiving the transfer before transferring the call.

To perform an attended transfer and switch between two calls follow the steps below:

    • Answer the call.

 

    • When you are ready to transfer the call press the transfer key, this will place the call on hold.

 

    • Enter the extension number of the person you want to transfer the call to and press the button labelled ‘call’ on the display.

 

    • When you want to switch between the two calls press the switch key.

 

    • When you are ready to connect the calls, hangup the DECT handset and the transfer will be completed.

 

ProVu and Panasonic Host SIP Demonstration Workshop

Earlier this week we teamed up with Panasonic to offer resellers a free SIP Demonstration Workshop.

Resellers were invited to Panasonic’s purpose-built Solutions Centre, in Bracknell where they were introduced to Panasonic’s existing and future SIP range and given the opportunity to get hands on with the products.

The event turned out to be a great success, with over 30 resellers joining us. We would like to thank everyone who joined us – we hope you enjoyed the day!

Using secure SIP and RTP with SARK PBX and Snom or Yealink phones

This involves two levels of encryption. The first is SIPS/TLS which is encryption of SIP signalling between the SARK PBX and your IP phone. It works in much the same way as HTTPS certificates do.

You can either purchase a certificate from a trusted source or generate your own self signed certificates. I’ll use self-signed certificates here because they are free and do the job for what I wanted.

The second part of encrypting your phone calls is the actual audio stream itself, the RTP. We can use SRTP, this is simply a case of turning it on but there’s no real point to doing this without firstly configuring SIPS/TLS because the keys used in SRTP encryption are passed in the SIP messages.

For me, there’s two reasons for doing all this.

The most obvious one is security, encrypting your phone calls means that anyone who is able to sniff your network traffic cannot extract your phone calls. For most people this is pretty unlikely but could happen all the same.

Perhaps of much more use is for remote or home workers and this is what made me get this working with SARK. One of the biggest problems in the world of VoIP is SIP-ALGs on routers making incorrect alterations to SIP packets. If your SIP packets are encrypted then any router they pass through cannot possibly make any alterations to them!

The steps to getting this working are (basically the same process on a SARK PBX as on any Asterisk PBX).

1) Generate self-signed certificates (commands issued at the Linux command prompt on SARK):

  • cd /etc/asterisk
  • mkdir ssl
  • cd ssl
  • echo 00 > file.srl
  • openssl req -out ca.pem -new -x509 -days 365
  • openssl genrsa -out server.key 2048
  • openssl req -key server.key -new -out server.req -days 365
  • openssl x509 -req -in server.req -CA ca.pem -CAkey privkey.pem -CAserial file.srl -out server.pem -days 365

2) Configure Asterisk:

Edit the file ‘sark_sip_header.conf’ either from the command line or in Asterisk File Edit in the SARK web interface. Add the following:

tlsenable=yes
tlsbindaddr=xx.xx.xx.xx
tlscafile=/etc/asterisk/ssl/ca.pem
tlsprivatekey=/etc/asterisk/ssl/server.key
tlscertfile=/etc/asterisk/ssl/server.pem
tlsclientmethod=tlsv1
tlscipher=ALL
tlsdontverifyserver=yes

Replacing xx.xx.xx.xx with your system’s own IP address. The last line isn’t essential for us but means if Asterisk is connecting as a client to a TLS server (so you’d need a SIP service provider who does TLS), whether to verify their certificate or not. If you do verify their certificate then they cannot be using self-signed certificates.

3) Configure extensions:

You can specify which extensions will use TLS & SRTP (and any you don’t, stay using unencrypted SIP & RTP).

In the SARK web interface, edit the extension and go to the “asterisk” tab. Add these lines:

transport=tls
port=5061
encryption=yes

This will turn on both TLS and SRTP for that single extension.

It’s important to note that once you’ve applied this, the phone MUST use it and trying to Register without encryption will now fail.

4) Configure the firewall:

By default SARK PBX only allow in SIP over UDP but TLS uses TCP. You need to add a rule in the ‘firewall’ section of the SARK web interface to allow TCP port 5061 (SIPS/TLS uses 5061 by default). Note, you don’t need to allow RTP over TCP, SRTP still uses UDP normally.

5) Configure the phones:

This assumes you already have a phone configured and working using normal SIP, this is how to convert them to use SIPS/TLS & SRTP.

Snom phones (note, you’ll probably need a fairly recent firmware version)

  • In identity #, add an outbound proxy such as “sip.mydomain.com:5061;transport=tls”. Where sip.mydomain.com is your SARK PBX’s hostname or IP address. You could also set up the correct DNS-SRV records for this (hint, _sips._tcp) but I’ll not go in to that here.

  • In the RTP tab, turn on RTP Encryption, set SRTP Auth-tag to AES-80 and RTP/SAVP to Mandatory

Then when making or receiving a call, look out for the little “lock” symbol on the phone screen to signify SIPS/TLS & SRTP are both in use in the call in progress.

Yealink phones (I used v72 firmware, older may work too)

  • In Account #, Register tab, set Transport to TLS, set Server Host Port to 5061.
  • In the Advanced tab, set RTP Encryption(SRTP) to ‘Compulsory’

Much like Snom, the phone will also display a “lock” symbol on the screen during a call with SIPS/TLS & SRTP in use.

One last thing to note, both Snom and Yealink phones do not verify server certificates by default. This means that there is no protection against a man-in-the-middle attack (someone else pretending to be your SIP server). You can turn on certificate verification on either phone but you MUST also do one of the following in order for SIPS/TLS to continue to work:

  • Purchase a certificate from a trusted source, much like you would if setting up a HTTPS website. Please speak to us first so we can advise you on the best place to buy as the phones have a limited number of CAs built into them in comparison to a web browser.
  • Continue with your self-signed certificate but load the CA it was signed against into the phone. This is the “ca.pem” file generated earlier on. It is safe to distribute this to your phones, it cannot be used to be generate more certificates without the key (which you need to keep safe).

Any questions to paul@provu.co.uk