CompleteSBC: Getting Started Guide · 2015. 4. 8. · Asterisk Configuration 1. Disable external IP...

Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287

PM0628.03 - CompleteSBC Getting Started Guide of 10

CompleteSBC: Getting Started Guide

Default CompleteSBC Configuration

CompleteSBC (SBC) is pre-configured to perform the following actions:

registration caching

limiting the number of concurrent calls via the CompleteSBC 'public' realm

rejecting SIP requests from endpoints with user agent names that are not configured in

CompleteSBC

routing all accepted SIP requests on the 'public' CompleteSBC realm to the Asterisk ('internal'

CompleteSBC realm, the 'PBX' call agent)

routing all accepted SIP requests on the 'internal' CompleteSBC realm to the CompleteSBC

'public' realm according to the information in the SIP Request-URI (R-URI)

Important!

CompletePBX/CompleteSBC is shipped configured with maximum protection. As a result, incoming

communication via the CompleteSBC public signaling interface is blocked. In order to be able to

make calls through CompleteSBC the administrator must first un-block it (refer to “Enable

communication through CompleteSBC”.)

CompleteSBC includes a demo license that permits generation of several simultaneous calls. The

maximum call duration is 90 seconds.

Before calls can be made via CompleteSBC the following tasks must be performed:

o configure and enable the CompleteSBC Web interface

o configure the IP address for the CompleteSBC signaling and media interfaces

o allow SIP requests on the CompleteSBC public realm

o ensure that the SIP device agent names you use appear in the list of permitted devices

Enable the CompleteSBC Web Interface

The SBC Web interface must be bound explicitly to one of the PBX IP addresses. It must be done via

command line interface as follows:



connect to the PBX via SSH and login as user 'root' (the default password is

!x0rc0m!voip5472#

Run sbc-init-gui utility and configure an IP address:

#sbc-init-gui

Access the SBC Web interface by clicking the “CompleteSBC” icon on the CompletePBX landing

page:

The login dialog will appear:

Use the following credentials to login:

Username: root

Password: !x0rc0m!voip5472#

Configure IP Addresses for the CompleteSBC Signaling and Media Interfaces

Go to the System | Interfaces and choose the CompleteSBC Interfaces dialog:



It is necessary to define correct IP addresses for the medpub and sigpub interfaces. Click the edit

link for each in turn and define the correct IP address.

The IP port ranges for medint and medpub interfaces can be modified. The default range is 20002-

20402, which is sufficient for 200 simultaneous calls. For a higher number of simultaneous calls the

range can be re-calculated on the basis of 2 ports per call.

Important Notes!

1. If you want CompleteSBC to substitute your public Internet IP address in the outbound SIP

messages then you have to define the address in the “Public IP address” field for both medpub and

sigpub interfaces and disable this feature in the Asterisk SIP settings.

2. A PBX reboot is required to apply the new interfaces settings.

Enable Communication through CompleteSBC

Both CompletePBX and CompleteSBC are shipped pre-configured with maximum protection. This is

the reason why the inbound traffic is blocked for the SBC sigpub interface by default.

Almost all of traffic restriction-related parameters are found in the 'settings' table.

Select the “Tables”| “Table: settings” menu item. The following dialog appears:



The table has three key/value pairs:

key_value Description

allowed-user-

agents

A regular expression for detection of permitted SIP user agent names. By

default the expression includes SIP user agent names for all supported SIP

phones listed in the CompletePBX Endpoint Manager, Zoiper, standard

Asterisk, FreePBX and CompletePBX.

block-public 1 – reject the incoming SIP requests received on the CompleteSBC public

realm

0 – accept the incoming SIP requests received on the CompleteSBC public

realm

call-limit Maximum number of concurrent calls through the CompleteSBC public

realm

You can change the values in the table according to your requirements and then click “Activate

changes” to apply the new settings.

NAT Router Configuration

If you have remote SIP extensions then it is necessary to configure port forwarding in the NAT router

configuration, as follows:

1. the CompleteSBC sigpub interface port (by default 6075/udp) must be forwarded to the PBX.

2. the CompleteSBC mediapub interface ports range (by default 20002-20402/udp) must be

forwarded to the PBX.



CompletePBX Firewall Configuration

1. The CompletePBX Firewall allows access to the Asterisk SIP ports (5060/udp/tcp and 5061/tcp) for

the requests which originate from hosts with private IP addresses only:

10.0.0.0/8

172.16.0.0/12

192.168.0.0/16

As a result, Asterisk will not receive SIP calls from remote SIP endpoints. If you don't want to use

CompleteSBC then you have to change the firewall settings in such a way that the SIP ports will be

accessible from any source IP address.

2. If you change the default IP ports range defined for the medpub interface (20002-20402/udp) then

you have to make the corresponding change in the CompletePBX firewall configuration.

Asterisk Configuration

1. Disable external IP address substitution by Asterisk in the SIP messages.

Go to “Settings” | “SIP Settings” and define the “IP Configuration” parameter as “Public IP”:

2. Define a list of domains that can be used in the SIP requests.



For example:

- the local SIP phones send SIP requests to the PBX to 192.168.6.98:5060

- the remote SIP phones/servers send SIP requests to the PBX either to 212.1.2.3:6075 or to

mypbx.mycompany.com:6075

Then on the “Settings” | “SIP Settings” dialog it is necessary to define three domains in the “Other SIP

Settings” parameters, as follows:

3. Configure the remote extension to communicate with the PBX's external IP address and ports that

are forwarded by the NAT router to the CompleteSBC sigpub interface.

Remote SIP Server Configuration

Asterisk and CompleteSBC must be configured in a special way in order to allow communication

between Asterisk and the remote SIP server:

a. The CompleteSBC sigint interface (127.0.0.1:6075) must be defined as an outbound proxy

in the SIP trunk settings.

b. All SIP messages from the remote SIP server will be sent by CompleteSBC from its sigint

interface. Therefore, Asterisk will not be able to recognize the SIP server messages by their

source IP/port. Therefore, it is necessary to configure the CompleteSBC in such a way that it

will substitute the Asterisk SIP trunk name in the user name field of the header “From”. In order

to preserve the Caller ID that usually appears in that field the CompleteSBC should create the

Remote-Party-ID header and place the Caller ID value there.

c. If a remote SIP server communication must be routed to the service provider's outbound proxy

then this must be configured in the CompleteSBC.



Example:

As you can see there is the 'outboundproxy' parameter that points on the internal SBC interface

(sigint).

In the registration string there is the 'MyITSP?' prefix that is a reference to the MyITSP peer settings.

This causes Asterisk to send the REGISTER requests to the 'outboundproxy' (the SBC internal

interface!) defined in MyITSP PEER Details field.

In many cases the service providers have their own SBC and require that the PBX send the SIP

messages there, rather than directly to their SIP server (e.g., myitsp.cc). This messages redirection must

be implemented in the CompleteSBC configuration (“Routing” menu item in the CompleteSBC Web

interface.)

Below is an example of this type of configuration:



As you can see, CompleteSBC will route to the 'MyITSP-proxy' call agent all SIP requests

received from 'internal' realm (where the PBX is located) and destined to myitsp.cc (the host

configured in the 'MyITSP' trunk.) The 'MyITSP-proxy' call agent is defined in the 'public' realm

CompleteSBC configuration ('Realms', 'call-agents' for the 'public' realm):

Now let's review a solution for handling SIP requests that the remote SIP server (myitsp.cc) sends to

the PBX (ref. the problem description in (c) above.) Let's assume that the server provider has its own

SBC (e.g., 1.2.3.4:5060 in our example) that is actually sends the messages to the PBX.

The provider's SBC is configured as the 'MyITSP-proxy' call agent for the CompleteSBC 'public'

domain. Now we can define a set of inbound rules for the 'MyITSP-proxy' call agent that will do the

following:

Create the Remote-Party-ID header if it doesn't exist. Use the user name defined in the 'From'

header for it. Don't change the existing Remote-Party-ID header.



Replace the user name in the 'From' header with the trunk name defined in the Asterisk

configuration ('MyITSP'):

Important!

It is necessary to define the 'trustrpid=yes' in the Asterisk trunk configuration. Otherwise,

Asterisk won't accept the Caller ID that appears in the Remote-Party-ID header field.

Licensing

CompleteSBC has a demo license installed that allows generation of several simultaneous calls. The

maximum call duration is 90 seconds. In order to review the current licensing status or apply a

commercial license, go to the “System” | “License” dialog:



In order to apply a commercial license, make sure that the CompletePBX has Internet access.

input the activation code in the “Activation Code” field

input the CompletePBX serial number in the “Serial Number” field

click the “Apply” button

In a few seconds you should be able to see the purchased license details in the “Current License”

field.

If it is not possible to provide Internet access for the PBX then you can get a license file instead of the

activation code. That license file can be uploaded to the PBX and then activated. Please contact a

Xorcom authorized reseller for assistance.

CompleteSBC: Getting Started Guide · 2015. 4. 8. · Asterisk Configuration 1. Disable external IP...

Documents

Transcript of CompleteSBC: Getting Started Guide · 2015. 4. 8. · Asterisk Configuration 1. Disable external IP...