CompleteSBC: Getting Started Guide

(1)

Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287

CompleteSBC: Getting Started Guide

Default CompleteSBC Configuration

CompleteSBC (SBC) is pre-configured to perform the following actions:  registration caching

 limiting the number of concurrent calls via the CompleteSBC 'public' realm

 rejecting SIP requests from endpoints with user agent names that are not configured in CompleteSBC

 routing all accepted SIP requests on the 'public' CompleteSBC realm to the Asterisk ('internal' CompleteSBC realm, the 'PBX' call agent)

 routing all accepted SIP requests on the 'internal' CompleteSBC realm to the CompleteSBC 'public' realm according to the information in the SIP Request-URI (R-URI)

Important!

CompletePBX/CompleteSBC is shipped configured with maximum protection. As a result, incoming communication via the CompleteSBC publicsignaling interface is blocked. In order to be able to make calls through CompleteSBC the administrator must first un-block it(refer to “Enable communication through CompleteSBC”.)

CompleteSBC includes a demo license that permits generation of several simultaneous calls. The maximum call duration is 90 seconds.

Before calls can be made via CompleteSBC the following tasks must be performed:

o configure and enable the CompleteSBC Web interface

o configure the IP address for the CompleteSBC signaling and media interfaces o allow SIP requests on the CompleteSBC public realm

o ensure that the SIP device agent names you use appear in the list of permitted devices

Enable the CompleteSBC Web Interface

The SBC Web interface must be bound explicitly to one of the PBX IP addresses. It must be done via command line interface as follows:

(2)

Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287  connect to the PBX via SSH and login as user 'root' (the default password is

!x0rc0m!voip5472#

 Run sbc-init-guiutility and configure an IP address:

#sbc-init-gui

Access the SBC Web interface by clicking the “CompleteSBC” icon on the CompletePBX landing page:

The login dialog will appear:

Use the following credentials to login: Username: root

(3)

Configure IP Addresses for the CompleteSBC Signaling and

Media Interfaces

Go to the System | Interfaces and choose the CompleteSBC Interfaces dialog:

It is necessary to define correct IP addresses for the medpuband sigpub interfaces. Click the edit link for each in turn and define the correct IP address.

The IP port ranges for medintand medpubinterfaces can be modified. The default range is 20002-20402, which is sufficient for 200 simultaneous calls. For a higher number of simultaneous calls the range can be re-calculated on the basis of 2 ports per call.

Important Notes!

1. If you want CompleteSBC to substitute your public Internet IP address in the outbound SIP

messages then you have to define the address in the “Public IP address” field for both medpuband

sigpubinterfaces and disable this feature in the Asterisk SIP settings. 2. A PBX reboot is required to apply the new interfaces settings.

Enable Communication through CompleteSBC

Both CompletePBX and CompleteSBC are shipped pre-configured with maximum protection. This is the reason why the inbound traffic is blocked for the SBC sigpubinterface by default.

(4)

Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287 Almost all of traffic restriction-related parameters are found in the 'settings' table.

Select the “Tables”| “Table: settings” menu item. The following dialog appears:

The table has three key/value pairs:

key_value Description

allowed-user-agents A regular expression for detection of permitted SIP user agent names. By default the expression includes SIP user agent names for all supported SIP phones listed in the CompletePBX Endpoint Manager, Zoiper, standard Asterisk, FreePBX and CompletePBX.

block-public 1 – reject the incoming SIP requests received on the CompleteSBC public

realm

0 – accept the incoming SIP requests received on the CompleteSBC public

realm

call-limit Maximum number of concurrent calls through the CompleteSBC public

realm

You can change the values in the table according to your requirements and then click “Activate changes” to apply the new settings.

NAT Router Configuration

If you have remote SIP extensions then it is necessary to configure port forwarding in the NAT router configuration, as follows:

1. the CompleteSBC sigpupinterface port (by default 6075/udp) must be forwarded to the PBX. 2. the CompleteSBC mediapubinterface ports range (by default 20002-20402/udp) must be

(5)

CompletePBX Firewall Configuration

1. The CompletePBX Firewall allows access to the Asterisk SIP ports (5060/udp/tcp and 5061/tcp) for the requests which originate from hosts with private IP addresses only:

10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

As a result, Asterisk will not receive SIP calls from remote SIP endpoints. If you don't want to use CompleteSBC then you have to change the firewall settings in such a way that the SIP ports will be accessible from any source IP address.

2. If you change the default IP ports range defined for the medpup interface (20002-20402/udp) then you have to make the corresponding change in the CompletePBX firewall configuration.

Asterisk Configuration

1. Disable external IP address substitution by Asterisk in the SIP messages.

Go to “Settings” | “SIP Settings” and define the “IP Configuration” parameter as “Public IP”:

2. Define a list of domains that can be used in the SIP requests.

(6)

Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287 - the local SIP phones send SIP requests to the PBX to 192.168.6.98:5060

- the remote SIP phones/servers send SIP requests to the PBX either to 212.1.2.3:6075 or to mypbx.mycompany.com:6075

Then on the “Settings” | “SIP Settings” dialog it is necessary to define three domains in the “Other SIP Settings” parameters, as follows:

3. Configure the remote extension to communicate with the PBX's external IP address and ports that

are forwarded by the NAT router to the CompleteSBC sigpubinterface.

Remote SIP Server Configuration

Asterisk and CompleteSBC must be configured in a special way in order to allow communication between Asterisk and the remote SIP server:

a. The CompleteSBC sigintinterface (127.0.0.1:6075) must be defined as an outbound proxy in the SIP trunk settings.

b. All SIP messages from the remote SIP server will be sent by CompleteSBC from its sigint

interface. Therefore, Asterisk will not be able to recognize the SIP server messages by their source IP/port. Therefore, it is necessary to configure the CompleteSBC in such a way that it will substitute the Asterisk SIP trunk name in the user name field of the header “From”. In order to preserve the Caller ID that usually appears in that field the CompleteSBC should create the Remote-Party-ID header and place the Caller ID value there.

c. If a remote SIP server communication must be routed to the service provider's outbound proxy then this must be configured in the CompleteSBC.

(7)

Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287 Example:

As you can see there is the 'outboundproxy' parameter that points on the internal SBC interface (sigint).

In the registration string there is the 'MyITSP?' prefix that is a reference to the MyITSPpeer settings. This causes Asterisk to send the REGISTERrequests to the 'outboundproxy'(the SBC internal interface!) defined in MyITSP PEER Detailsfield.

In many cases the service providers have their own SBC and require that the PBX send the SIP

messages there, rather than directly to their SIP server (e.g., myitsp.cc). This messages redirection must be implemented in the CompleteSBC configuration (“Routing”menu item in the CompleteSBC Web interface.)

(8)

As you can see, CompleteSBC will route to the 'MyITSP-proxy'call agent all SIP requests received from 'internal' realm (where the PBX is located) and destined to myitsp.cc (the host configured in the 'MyITSP' trunk.) The 'MyITSP-proxy' call agent is defined in the 'public' realm CompleteSBC configuration ('Realms', 'call-agents' for the 'public' realm):

Now let's review a solution for handling SIP requests that the remote SIP server (myitsp.cc) sends to the PBX (ref. the problem description in (c) above.) Let's assume that the server provider has its own SBC (e.g., 1.2.3.4:5060 in our example) that is actually sends the messages to the PBX.

The provider's SBC is configured as the 'MyITSP-proxy' call agent for the CompleteSBC 'public' domain. Now we can define a set of inbound rules for the 'MyITSP-proxy' call agent that will do the following:

 Create the Remote-Party-ID header if it doesn't exist. Use the user name defined in the 'From' header for it. Don't change the existing Remote-Party-ID header.

(9)

Misgav Industrial Park, POB 60, D.N. Misgav 20174, Israel Tel:+972-4-9951999; Fax:+972-4-9990287  Replace the user name in the 'From' header with the trunk name defined in the Asterisk

configuration ('MyITSP'):

Important!

It is necessary to define the 'trustrpid=yes'in the Asterisk trunk configuration. Otherwise, Asterisk won't accept the Caller IDthat appears in the Remote-Party-IDheader field.

Licensing

CompleteSBC has a demo license installed that allows generation of several simultaneous calls. The maximum call duration is 90 seconds. In order to review the current licensing status or apply a commercial license, go to the “System” | “License”dialog:

(10)

In order to apply a commercial license, make sure that the CompletePBX has Internet access.  input the activation code in the “Activation Code” field

 input the CompletePBX serial number in the “Serial Number” field  click the “Apply” button

In a few seconds you should be able to see the purchased license details in the “Current License” field.

If it is not possible to provide Internet access for the PBX then you can get a license file instead of the activation code. That license file can be uploaded to the PBX and then activated. Please contact a Xorcom authorized reseller for assistance.