[Freeswitch-users] Phones registered to internal profile hit external profile when calling
Donny Hardyanto
hardyanto.donny at gmail.com
Wed Oct 23 19:26:41 MSD 2013
The problem is there were some SIP port scanner constantly scanning ip
address for SIP known port in internet, when they found they automatically
and systematically try to break SIP authentification and try to make
routing. It very vicious world out there for SIP. Changing the port is the
least defense we can do very minimaly. Of course they other solution like
put on sbc or something but in depend on circumstances. So what ever that
we can control such as our deployed softphone or ip phone, we change its
the default SIP port listener.
My own solution is always open source. In the hacking case I was put our
solution in the partner network. I cannot control my partner what hardware
they are using. And in sip/netwotk world we do interconnecting with all
kind of hardware and software, whether commercial and oss.
Donny
On Oct 23, 2013 10:10 PM, "hcoin" <hcoin at quietfountain.com> wrote:
> Donny, It's a balancing act, people choose commercial routers because
> they want it all to 'just work' and not have to get into the guts of it.
> That's what please expect and pay for-- 'just working', you pay for not
> being forced to learn the guts and 'deal with it'.
>
> My policy has been that if the commercial router doesn't come with a staff
> member at the commercial company to make the problem go away, go to an open
> source solution. If you're going to be made to 'deal with it', then you
> might as well have access to all the guts, all the tools, the whole thing
> yourself. Otherwise you wind up working for free making someone else's
> commercial product better, and who knows if the next release will break
> your fix or not. No, if you are being forced to deal with a problem in
> the guts of commercial software yourself, you aren't getting any value and
> the answer is find out whether an open source version is solid enough and
> if it is go with that. Might was well learn 'everything' about something
> you can compile yourself if it comes down to that. You pick up a lot of
> dubious skills though, for example I can now edit freeswitch transport
> protocols and the sip stack. A thing I hope never to have to do....
> Seriously whoever came up with RTP and SIP using a bezillion ports and the
> whole NAT nightmare.... arg. Look how much of freeswitch is not dealing
> with telephone and talk issues, but routing issues. It's half a router
> itself.
>
> This business of weaving together products made by various vendors:
> routers, soft phones, pstn-voip legacy boxen, freeswitch, routers, 'guis
> on top of X', it's every bit as tough as programming. In programming you
> control 'the world' and have a narrow focus. This business of integrating
> lots of work by lots of folks, not for the timid.
>
>
> On 10/23/2013 01:42 AM, Donny Hardyanto wrote:
>
> I am now practicing not using standard port because some hacks couple
> month ago. It was quite bad, it cost thousand of dollars and we cannot find
> the culprit IP address because the router ALG rewrites them and there is no
> accessible log on the router.
>
> Donny
> On Oct 23, 2013 1:17 PM, "hcoin" <hcoin at quietfountain.com> wrote:
>
>> Anthony and Donny, thanks for replying.
>>
>> Putting a packet capture on the line revealed the problem to be a
>> combination of quirks in both linphone (windows version ignores fs
>> nonstandard destination port) and dns-forwarder (override of foo.bar.comfails if
>> foo.bar.com is a cname on the public internet, not an A record). The
>> call was coming in on the external profile because the dns forwarder was
>> letting the resolution go to the public internet and so the local systems
>> were sending out to the router, which sent it back in to... the external
>> interface. However, I do now know how to watch calls pass through
>> freeswitch and have read most of the source code in the sofia endpoint,
>> nta, nua, etc. etc... and had lots of fun with gdb stepping around
>> watching the packets flow.
>>
>> The main lession I think is worth sharing is this: Use 5060 for sip.
>> If you are thinking of various profiles using the same address but
>> different ports on the one hand, or on the other hand using ip aliases so
>> each profile uses the 'standard' ports but a different ip--- go with the ip
>> alias approach. So in /etc/network/interfaces , supposing your main nic
>> is eth0:
>>
>> iface eth0 inet dhcp <-- or whatnot on your system>
>> ..
>> post-up ifup eth0:1
>> pre-down ifdown eth0:1
>> ..
>>
>>
>> iface eth0:1 inet static
>> address <something unique on the lan>
>> netmask <etc.>
>>
>> Problems all melted away as if they never were.
>>
>> Thanks again for trying to help! I even bought the freeswitch book.
>> Ka-Ching for someone on this list...
>>
>>
>>
>> On 10/22/2013 06:38 PM, Anthony Minessale wrote:
>>
>> Did you change all the fields in the new profile you duplicated that were
>> relevant to the name like name...
>>
>> I usually cp internal.xml new.xml then edit new.xml and global replace
>> internal with new right off the bat.
>>
>> You might find your mistake faster if you backup and revert to default
>> sip profiles from sample and slowly make changes again.
>> On Oct 22, 2013 1:04 AM, "hcoin" <hcoin at quietfountain.com> wrote:
>>
>>>
>>> This has been a really frustrating problem, I'm sure the answer is
>>> simple but I just can't see it.
>>>
>>> I had several extensions registered to the internal profile, sending
>>> calls out the external profile to a sip-pstn gateway, all seemed fine.
>>>
>>> Then created another internal profile, using a different sip port on the
>>> same lan address, because of 'no device left behind' and NAT issues..
>>>
>>> All seemed well, all the phones register normally. Looking at the
>>> databases in FS they all show the proper ports, the proper domains, etc.
>>>
>>> However, every single call gets picked up as a new call via
>>> sophia/external/... and it hits the public dialplan normally -- except
>>> that's the wrong plan, it should hit the default plan and be identified
>>> as sofia/internal/.... and so forth.
>>> 2013-10-22 00:31:11.001600 [NOTICE] switch_channel.c:1034 New Channel
>>> sofia/external/hcoin at pbx.foobar.com[28ed125a-3adb-11e3-9cc1-cbb8efb09b83]
>>>
>>> What could possibly be the reason phones registered on the internal
>>> profile have their new calls identified as sophia/external and don't hit
>>> the correct plan? Both the phones and the freeswitch are on the same
>>> subnet. This should be so vanilla. What am I missing?
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www..freeswitchsolutions.com <http://www.freeswitchsolutions.com>
>>>
>>>
>>>
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:consulting at freeswitch.orghttp://www..freeswitchsolutions.com <http://www.freeswitchsolutions.com>
>>
>> FreeSWITCH-powered IP PBX: The CudaTel Communication Server
>>
>> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://wiki.freeswitch.orghttp://www.cluecon.com
>>
>> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www..freeswitchsolutions.com <http://www.freeswitchsolutions.com>
>>
>>
>>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>
> FreeSWITCH-powered IP PBX: The CudaTel Communication Server
>
> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://wiki.freeswitch.orghttp://www.cluecon.com
>
> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20131023/f3245b8e/attachment-0001.html
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list