Friday, August 31, 2012

How to setup SIP account in Android 4.0 ICS

There are many SIP-compliant soft phones like Xlite, 3CX, Linphone, Sipdroid etc. on Windows and Smartphones.  These software turn our PC or Smartphones to a SIP end point such that we could enjoy benefits from VOIP, such as cost reduction and roaming.  

With native SIP stack support in Android ICS, we could conveniently configure a SIP account without the need of a 3rd party apps.  Here describes the procedures involved.

Firstly, open Settings in the 'Phone' apps

Scroll to Internet Call Settings and Add the SIP account

The SIP account information is obtained from our SIP provider.  It usually consists of three information: SIP username, password and the SIP server name or ip address.

We could also specify when the internet call should be used.

Lastly, please check that your mobile network will not block the VOIP traffic.

Monday, August 27, 2012

Some security tips for Asterisk deployment

Unless your Asterisk server is purely for internal use, you will
inevitably face the potential threats from hackers who look for security
loopholes to abuse your system.

Here are some protection measures that we should consider.

1. Disallow guest call unless you really need it

In the [general] section of sip.conf, set allowguest=no

2. Always reject with '401 Unauthorized' for unauthorized INVITE or
REGISTER, instead of letting the requester know whether there was a
matching peer.

In [general] section of sip.conf, set alwaysauthreject = yes

3. Make use of permit= and deny= in sip peer definition to restrict
which clients we will accept.

4. Empty the [default] context

5. We always use strong password in our sip entities.

6. If we really need to enable AMI on a public ip address, make use of
the permit and deny to restrict which client can access Asterisk via AMI.

7. Sip username should be different from the extensions. That would
make guessing less easy.

8. Deploy iptables and fail2ban. We can then monitor the asterisk log
file to spot intruders and block them accordingly.

9. We can also change the port (default 5060) that Asterisk listens to.
(bindport=5060 in sip.conf). This approach applies when we only need
to handle known peers such as branch offices or remote extensions.

Monday, August 20, 2012

Working with Asterisk 10 t38 gateway

Below describes my experience with Asterisk 10 t38 gateway.

I am using Hylafax (open-source version 5.2.7) + iaxmodem (1.1.0) + Asterisk 10.7.0 + t38 ISP for oubound fax. 

There are a couple of ways to send t38 faxes to the ISP for PSTN termination, such as Digium's commercial Fax for Asterisk module,  the commercial Hylafax Enterprise Edition or the Asterisk Application SendFAX.  However, these solutions could not support utf8 fax tagline which is one of our primary faxing requirements.

On the other hand, the open-source hylafax not only support utf8 tag line, but also feature fax scheduler and mysql integration for better job management.  The next step is to let Asterisk act as t38 gateway between the iax side and the t38 ISP side.

iax Setup

We would get better result when jitter buffer is disabled in the iaxmodem configurations.

Add 'nojitterbuffer' to /etc/iaxmodem/

Also in the iax2 peer definition in Asterisk, we add:

Asterisk Setup

We need both Asterisk 10 and spandsp (eg spandsp-0.0.6) for the t38 gateway to work. 

 *CLI> module show like fax
Module                         Description                              Use Count                     Generic FAX Applications                 1             Spandsp G.711 and T.38 FAX Technologies  0          

In the sip.conf, we enable t38 on sip call as below.
t38pt_udptl = yes,redundancy,maxdatagram=400

t38pt_udptl = yes,redundancy,maxdatagram=400
jbenable = no

To turn on gateway mode, we use the FAXOPT function as below.
exten => _1500.,1,NoOp(${CALLERID(all)})
   same => n,Set(CALLERID(num)=${EXTEN:0:8})
   same => n,Set(FAXOPT(gateway)=yes)
   same => n,Dial(SIP/t38gw/${EXTEN:11:8})

Send the fax

Just before we go ahead, it is better to use a source tiff supported by Asterisk, eg, the one created by ReceiveFAX.

We also need to check the UDPTL ports are opened for t38 traffic.  These ports are defined in /etc/asterisk/udptl.conf.


We start by calling the 'sendfax' hylafax command, passing in the source tiff and required utf8 tagline string.  The selected iaxmodem is then dialed and t30 audio is passed via the iax channel to the t38 partner via Asterisk which acts as t38 gateway.


We could get detailed logging of the t38 session with below commands.
sip set debug on
rtp set debug on
udptl set debug on

The log should show the t38 capabilities reported by both sides in a fax session.  One possible reason for failed fax is the incorrect value of t38 datagram.  Note the use of t38pt_udptl = yes,redundancy,maxdatagram=400 to override the datagram value returned by the t38 receiver which incorrectly advertises a tiny datagram value such as 72.

Another problem we might see is the 'RTP read too short' error.  It is worthwhile to check whether we disable jitter buffer along the audio path upon seeing this error .