CompleteSBC: Getting Started Guide · 2015. 4. 8. · Asterisk Configuration 1. Disable external IP...
Transcript of CompleteSBC: Getting Started Guide · 2015. 4. 8. · Asterisk Configuration 1. Disable external IP...
Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287
PM0628.03 - CompleteSBC Getting Started Guide Page 1 of 10
CompleteSBC: Getting Started Guide
Default CompleteSBC Configuration
CompleteSBC (SBC) is pre-configured to perform the following actions:
registration caching
limiting the number of concurrent calls via the CompleteSBC 'public' realm
rejecting SIP requests from endpoints with user agent names that are not configured in
CompleteSBC
routing all accepted SIP requests on the 'public' CompleteSBC realm to the Asterisk ('internal'
CompleteSBC realm, the 'PBX' call agent)
routing all accepted SIP requests on the 'internal' CompleteSBC realm to the CompleteSBC
'public' realm according to the information in the SIP Request-URI (R-URI)
Important!
CompletePBX/CompleteSBC is shipped configured with maximum protection. As a result, incoming
communication via the CompleteSBC public signaling interface is blocked. In order to be able to
make calls through CompleteSBC the administrator must first un-block it (refer to “Enable
communication through CompleteSBC”.)
CompleteSBC includes a demo license that permits generation of several simultaneous calls. The
maximum call duration is 90 seconds.
Before calls can be made via CompleteSBC the following tasks must be performed:
o configure and enable the CompleteSBC Web interface
o configure the IP address for the CompleteSBC signaling and media interfaces
o allow SIP requests on the CompleteSBC public realm
o ensure that the SIP device agent names you use appear in the list of permitted devices
Enable the CompleteSBC Web Interface
The SBC Web interface must be bound explicitly to one of the PBX IP addresses. It must be done via
command line interface as follows:
Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287
PM0628.03 - CompleteSBC Getting Started Guide Page 2 of 10
connect to the PBX via SSH and login as user 'root' (the default password is
!x0rc0m!voip5472#
Run sbc-init-gui utility and configure an IP address:
#sbc-init-gui
Access the SBC Web interface by clicking the “CompleteSBC” icon on the CompletePBX landing
page:
The login dialog will appear:
Use the following credentials to login:
Username: root
Password: !x0rc0m!voip5472#
Configure IP Addresses for the CompleteSBC Signaling and Media Interfaces
Go to the System | Interfaces and choose the CompleteSBC Interfaces dialog:
Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287
PM0628.03 - CompleteSBC Getting Started Guide Page 3 of 10
It is necessary to define correct IP addresses for the medpub and sigpub interfaces. Click the edit
link for each in turn and define the correct IP address.
The IP port ranges for medint and medpub interfaces can be modified. The default range is 20002-
20402, which is sufficient for 200 simultaneous calls. For a higher number of simultaneous calls the
range can be re-calculated on the basis of 2 ports per call.
Important Notes!
1. If you want CompleteSBC to substitute your public Internet IP address in the outbound SIP
messages then you have to define the address in the “Public IP address” field for both medpub and
sigpub interfaces and disable this feature in the Asterisk SIP settings.
2. A PBX reboot is required to apply the new interfaces settings.
Enable Communication through CompleteSBC
Both CompletePBX and CompleteSBC are shipped pre-configured with maximum protection. This is
the reason why the inbound traffic is blocked for the SBC sigpub interface by default.
Almost all of traffic restriction-related parameters are found in the 'settings' table.
Select the “Tables”| “Table: settings” menu item. The following dialog appears:
Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287
PM0628.03 - CompleteSBC Getting Started Guide Page 4 of 10
The table has three key/value pairs:
key_value Description
allowed-user-
agents
A regular expression for detection of permitted SIP user agent names. By
default the expression includes SIP user agent names for all supported SIP
phones listed in the CompletePBX Endpoint Manager, Zoiper, standard
Asterisk, FreePBX and CompletePBX.
block-public 1 – reject the incoming SIP requests received on the CompleteSBC public
realm
0 – accept the incoming SIP requests received on the CompleteSBC public
realm
call-limit Maximum number of concurrent calls through the CompleteSBC public
realm
You can change the values in the table according to your requirements and then click “Activate
changes” to apply the new settings.
NAT Router Configuration
If you have remote SIP extensions then it is necessary to configure port forwarding in the NAT router
configuration, as follows:
1. the CompleteSBC sigpub interface port (by default 6075/udp) must be forwarded to the PBX.
2. the CompleteSBC mediapub interface ports range (by default 20002-20402/udp) must be
forwarded to the PBX.
Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287
PM0628.03 - CompleteSBC Getting Started Guide Page 5 of 10
CompletePBX Firewall Configuration
1. The CompletePBX Firewall allows access to the Asterisk SIP ports (5060/udp/tcp and 5061/tcp) for
the requests which originate from hosts with private IP addresses only:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
As a result, Asterisk will not receive SIP calls from remote SIP endpoints. If you don't want to use
CompleteSBC then you have to change the firewall settings in such a way that the SIP ports will be
accessible from any source IP address.
2. If you change the default IP ports range defined for the medpub interface (20002-20402/udp) then
you have to make the corresponding change in the CompletePBX firewall configuration.
Asterisk Configuration
1. Disable external IP address substitution by Asterisk in the SIP messages.
Go to “Settings” | “SIP Settings” and define the “IP Configuration” parameter as “Public IP”:
2. Define a list of domains that can be used in the SIP requests.
Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287
PM0628.03 - CompleteSBC Getting Started Guide Page 6 of 10
For example:
- the local SIP phones send SIP requests to the PBX to 192.168.6.98:5060
- the remote SIP phones/servers send SIP requests to the PBX either to 212.1.2.3:6075 or to
mypbx.mycompany.com:6075
Then on the “Settings” | “SIP Settings” dialog it is necessary to define three domains in the “Other SIP
Settings” parameters, as follows:
3. Configure the remote extension to communicate with the PBX's external IP address and ports that
are forwarded by the NAT router to the CompleteSBC sigpub interface.
Remote SIP Server Configuration
Asterisk and CompleteSBC must be configured in a special way in order to allow communication
between Asterisk and the remote SIP server:
a. The CompleteSBC sigint interface (127.0.0.1:6075) must be defined as an outbound proxy
in the SIP trunk settings.
b. All SIP messages from the remote SIP server will be sent by CompleteSBC from its sigint
interface. Therefore, Asterisk will not be able to recognize the SIP server messages by their
source IP/port. Therefore, it is necessary to configure the CompleteSBC in such a way that it
will substitute the Asterisk SIP trunk name in the user name field of the header “From”. In order
to preserve the Caller ID that usually appears in that field the CompleteSBC should create the
Remote-Party-ID header and place the Caller ID value there.
c. If a remote SIP server communication must be routed to the service provider's outbound proxy
then this must be configured in the CompleteSBC.
Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287
PM0628.03 - CompleteSBC Getting Started Guide Page 7 of 10
Example:
As you can see there is the 'outboundproxy' parameter that points on the internal SBC interface
(sigint).
In the registration string there is the 'MyITSP?' prefix that is a reference to the MyITSP peer settings.
This causes Asterisk to send the REGISTER requests to the 'outboundproxy' (the SBC internal
interface!) defined in MyITSP PEER Details field.
In many cases the service providers have their own SBC and require that the PBX send the SIP
messages there, rather than directly to their SIP server (e.g., myitsp.cc). This messages redirection must
be implemented in the CompleteSBC configuration (“Routing” menu item in the CompleteSBC Web
interface.)
Below is an example of this type of configuration:
Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287
PM0628.03 - CompleteSBC Getting Started Guide Page 8 of 10
As you can see, CompleteSBC will route to the 'MyITSP-proxy' call agent all SIP requests
received from 'internal' realm (where the PBX is located) and destined to myitsp.cc (the host
configured in the 'MyITSP' trunk.) The 'MyITSP-proxy' call agent is defined in the 'public' realm
CompleteSBC configuration ('Realms', 'call-agents' for the 'public' realm):
Now let's review a solution for handling SIP requests that the remote SIP server (myitsp.cc) sends to
the PBX (ref. the problem description in (c) above.) Let's assume that the server provider has its own
SBC (e.g., 1.2.3.4:5060 in our example) that is actually sends the messages to the PBX.
The provider's SBC is configured as the 'MyITSP-proxy' call agent for the CompleteSBC 'public'
domain. Now we can define a set of inbound rules for the 'MyITSP-proxy' call agent that will do the
following:
Create the Remote-Party-ID header if it doesn't exist. Use the user name defined in the 'From'
header for it. Don't change the existing Remote-Party-ID header.
Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287
PM0628.03 - CompleteSBC Getting Started Guide Page 9 of 10
Replace the user name in the 'From' header with the trunk name defined in the Asterisk
configuration ('MyITSP'):
Important!
It is necessary to define the 'trustrpid=yes' in the Asterisk trunk configuration. Otherwise,
Asterisk won't accept the Caller ID that appears in the Remote-Party-ID header field.
Licensing
CompleteSBC has a demo license installed that allows generation of several simultaneous calls. The
maximum call duration is 90 seconds. In order to review the current licensing status or apply a
commercial license, go to the “System” | “License” dialog:
Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287
PM0628.03 - CompleteSBC Getting Started Guide Page 10 of 10
In order to apply a commercial license, make sure that the CompletePBX has Internet access.
input the activation code in the “Activation Code” field
input the CompletePBX serial number in the “Serial Number” field
click the “Apply” button
In a few seconds you should be able to see the purchased license details in the “Current License”
field.
If it is not possible to provide Internet access for the PBX then you can get a license file instead of the
activation code. That license file can be uploaded to the PBX and then activated. Please contact a
Xorcom authorized reseller for assistance.