TekSquare: 2015

Wednesday, October 28, 2015

Hack italkbb SIP trunk to use with AsteriskNow

Part A. Hack into italkbb Lynksys ATA

1. Follow the first steps on this link http://blog.howardtang.com/tag/italkbb-sip/ to set up the wireshark, SPAN port, and sniff the registration packets between ATA and italkbb registrar.

The following profile is obtained:

<flat-profile>

<Display_Name_1_ ua="na">username</Display_Name_1_>
<User_ID_1_ ua="na">italkbb_account</User_ID_1_>
<Password_1_ ua="na">registration_password</Password_1_>
<Auth_ID_1_ ua="na">italkbb_account</Auth_ID_1_>
<Use_DNS_SRV_1_ ua="na">Yes</Use_DNS_SRV_1_>
<Use_DNS_SRV_2_ ua="na">Yes</Use_DNS_SRV_2_>
<Proxy_Fallback_Intvl_1_ ua="na">180</Proxy_Fallback_Intvl_1_>
<Proxy_Fallback_Intvl_2_ ua="na">180</Proxy_Fallback_Intvl_2_>
<Dial_Plan_1_ ua="na">(*xx|[3469]11|0|00|<:1416>[2-9]xxxxxx|899[2-9]xxxxxxS0|<#:333>xxxxxxxxxxxS0>|1xxx[2-9]xxxxxxS0|<:1>[2-9]xx[2-9]xxxxxx|xxxxxxxxxxxx.)</Dial_Plan_1_>
<Dial_Plan_2_ ua="na">(*xx|[3469]11|0|00|<:1416>[2-9]xxxxxx|1xxx[2-9]xxxxxxS0|<:1>[2-9]xx[2-9]xxxxxx|xxxxxxxxxxxx.)</Dial_Plan_2_>
<Daylight_Saving_Time_Rule ua="na">start=3/8/7;end=11/1/7;save=1</Daylight_Saving_Time_Rule>
<Proxy_1_ ua="na">p2g1m22.italkbb.com</Proxy_1_> ! This is the SIP server the ATA uses. However this name can only be resolved by italkbb's private DNS server. Instead of using the method in the above link, Use Wireshark to sniff a real call from the ATA and observe the SIP INVITE and response message, the IP address of this SIP server 208.77.2.113
<Outbound_Proxy_1_ ua="na">p2g1m22.italkbb.com</Outbound_Proxy_1_><SIP_Port_1_ ua="na">10000</SIP_Port_1_> ! Note it's not the default 5060 port
<Preferred_Codec_1_ ua="na">G729a</Preferred_Codec_1_>
!!!omitted!!!!
<Upgrade_Enable>Yes</Upgrade_Enable>
<Profile_Rule ua="na">http://cfp2g1m22.italkbb.com/customContent/GenX.dbml?MA=$MA&SWVER=$SWVER&PSN=$PSN</Profile_Rule> !This is the URL where ATA will download this profile<Syslog_Server ua="na">
</Syslog_Server><Debug_Server ua="na"></Debug_Server>
<Debug_Level ua="na">0</Debug_Level>
<Forced_Resync_Delay ua="na">7200</Forced_Resync_Delay><Resync_Periodic ua="na">7200</Resync_Periodic>
<Resync_Error_Retry_Delay ua="na">7200</Resync_Error_Retry_Delay>
<Upgrade_Error_Retry_Delay ua="na">604800</Upgrade_Error_Retry_Delay>
<Profile_Rule_B ua="na"></Profile_Rule_B><Web_Server_Port ua="na">1980</Web_Server_Port>
<Admin_Passwd ua="na">Admin password of ATA</Admin_Passwd> !username is admin
<User_Password ua="rw">1234</User_Password> !user level access password is 1234
<Primary_DNS ua="rw">208.77.2.11</Primary_DNS> ! this is the private DNS server that's mentioned above, but we are not using it
<Secondary_DNS ua="rw">207.238.87.34</Secondary_DNS>

......

<SIP_User_Agent_Name ua="na">M22$MA$VERSION</SIP_User_Agent_Name> ! We can use this form to forge the user-agent header of Asterisk to make it the same as Linksys (M22000e08eaaab2Linksys/SPA2102-5.2.13(004))
<Enable_WAN_Web_Server ua="na">Yes</Enable_WAN_Web_Server>
<WAN_Web_Server_Port ua="na">1980</WAN_Web_Server_Port> !This is the port to refer to in the browser if need to access ATA's web gui.
<LAN_IP_Address ua="rw"/><QOS_Policy ua="rw"/>
<SIT1_RSC>S01,S02</SIT1_RSC><SIT2_RSC>R01,R02,R03,R40</SIT2_RSC>
<SIT1_Tone>397@-16,1428@-16,1777@-16;20(.380/0/1,.380/0/2,.380/0/3,0/4/0)</SIT1_Tone>
<SIT2_Tone>520@-19,507@-19;15(0/2/0,.2/.1/1,.1/2.1/2)</SIT2_Tone>
<Upgrade_Rule ua="na">(<5.2.13)?http://version2113.italkbb.com/spa2102-5-2-13-004.bin</Upgrade_Rule>
</flat-profile>

2. To stop auto provisioning on ATA(so that the password will not be changed periodically), log into the ATA web gui http://ip_address:1980 then log in as admin with the above admin password, go to voice tab then provisioning tab, select no to provision enable.

Part B. AsteriskNow SIP trunk configuration

1. Go to Settings, Asterisk SIP Settings, then under NAT settings, click detect External IP, the following info will be automatically detected.

Codecs can be configured as follows,

Then go to Chan SIP, scroll down and change

a.)Bind port from 5060 to 10000 (otherwise the source port would always be 5060 which probably is not allowed by italkbb)

b.)SRV lookup enable

c.)Add field to Other SIP Settings, useragent = M22000e08eaaab2Linksys/SPA2102-5.2.13(004)

2. Create a new SIP Trunk with the following settings

General Settings

Trunk Name: italkbb

Outbound CallerID: can be empty

CID Options: All Any CID

Trunk Name: same as italkbb_account (899203XXXX)

PEER Details:(some settings might be unnecessary)


host=p2g1m22.italkbb.com

fromdomain=p2g1m22.italkbb.com //otherwise the from header in INVITE would have italkbb_account@internal_IP_address

username=899203XXXX

defaultuser=899203XXXX

secret=Password obtained in profile

type=friend

insecure=port,invite

context=from-trunk

dtmfmode=auto

disallow=all

allow=ulaw,alaw,g729,g723

account_name:registration_password@p2g1m22.italkbb.com/account_name

Note: without this /account_name portion, registration would fail with "403 forbidden No registration-plan" message.

Contact URI would have sip:s@host instead of extension@host

If no extension is given, the 's' extension is used. The extension needs to  ; be defined in extensions.conf to be able to accept calls from this SIP proxy  ; (provider).   reference:http://doxygen.asterisk.org/trunk/Config_sip.html

After apply change, in Wireshark we should have

Note: ATA and Asterisk are able to register at the same time. They are both able to make outbound calls but inbound calls would be affected.

3. Configure outbound and inbound routes

Go to Connectivity>Outbound Routes>Add Route

Route Name: italkbb

Route CID: italkbb_account Check Override Extension //Note: very important, otherwise the outbound call SIP INVITE would have wrong CID in from header and causing 603 Forbidden error. italkbb requires valid italkbb_account (899XXXXXXX) to present in the FROM header.

Route Positon: move to top if there are multiple

Dial Ptterns that will use this Route: add route patterns as required, prepend 1

Trunk Sequence form Matched Routes: 0 italkbb

Then submit and appl the changes

Go to Connectivity>Inbound Routes>Add Incoming Route

DID Number:italkbb_account (899XXXXXXX)

Scroll to bottom,

select Extensions: assign a preferred extension (phone) <001> cisco7960-1 //Note:here assumes extensions and phones are configured and registered already

Submit and apply changes

Saturday, October 3, 2015

Connecting SPON terminals(8530,8523,8533) and Cisco 7960 w/ SIP fw in AsteriskNow

1. Download AsteriskNow 64bit iso file and install in VMware Workstation 9.

Note: make sure internet is reachable to the VM and DNS is set correctly. Otherwise after installation the AsteriskNow would report errors and won't be able to upgrade.
(If forgot to enter the valid DNS name, after installation, edit the resolv.conf file located in the etc directory nano /etc/resolv.conf)

2. Adding Extensions for SPON terminals in AsteriskNow

Then scroll down to the bottom and click submit button

Then click Apply Config on the top menu bar

3. Configure SPON terminals corresponding to the above settings(NAS-8530 as an example)

User Name and Password should match the User Extension and Secret respectively.

After resetting the terminal, it should register on Asterisk.

4. Allowing Video Calls on Asterisk

In top right corner, click Chan SIP

Submit change on the bottom and Apply Config on the top.

5. Hacking a Cisco 7960 phone to register to Asterisk.

Guide-1

Guide-2

Supporting Firmware search

5.1 Download the firmware and unzip to the tftp server's root folder

5.2 Editing the reqired conf files and xml files all under the same root folder.

Note:The correct name of xmldefault file is: XMLDefault.cnf.xml

SEP000D653398AF.cnf.xml

</device>

XMLDefault.cnf.xml (note the highlighted lines and its meaning)

<ports>

</mgcpPorts>

</ports>

</callManager>

</member>

</members>

</callManagerGroup>

</Default>

SIPDefault.cnf (note the highlighted lines and its meaning)

image_version: P0S3-08-11-00

proxy1_address: "10.0.1.31" ; Can be dotted IP or FQDN, this is the IPPBX server addr.

proxy2_address: "" ; Can be dotted IP or FQDN

proxy3_address: "" ; Can be dotted IP or FQDN

proxy4_address: "" ; Can be dotted IP or FQDN

proxy5_address: "" ; Can be dotted IP or FQDN

proxy6_address: "" ; Can be dotted IP or FQDN

proxy_register: 1

messages_uri: "1"

phone_password: "cisco" ; Limited to 31 characters (Default - cisco)

sntp_mode: unicast

sntp_server: "10.0.1.2" ;This is the working NTP server

time_zone: "GMT" ; assuming you're in GMT

time_format_24hr: 1 ; to show the time in 24hour format

date_format: "Y/M/D" ; format you would like the date in

dial_template: dialplan

SIP000D653398AF.cnf(note the highlighted lines and each meaning)

image_version: P0S3-08-11-00

line1_name: 001

line1_authname: "001"

line1_shortname: "Line 1" ; displayed on the phones softkey

line1_password: "cisco7960"

line1_displayname: "cisco7960-1"; the caller id

proxy1_port: 5060

proxy1_address: 10.0.1.31

# Line 2 Setup

line2_name: 002

line2_authname: "002"

line2_shortname: "cisco7960-line2"

line2_password: "cisco7960"

line2_displayname: "cisco7960-2";

# Phone Label (Text desired to be displayed in upper right corner)

phone_label: "SPON.COM.CN " ; add a space at the end, looks neater

phone_password: "cisco" ; Limited to 31 characters (Default - cisco)

user_info: none

telnet_level: 2

logo_url: "http://kermit/asterisk-tux.bmp"

5.3 Configure the Asterisk's extension's accordingly.

Based on the above settings on the phone, we have two DN's , 001 and 002, and passwords are both cisco7960...

5.4 Manually configure the phone's network setting so that it points to a specific TFTP server (my laptop running Tfpd64). the phone should find its firmware and go through an upgrade

5.5 After the upgrade, the phone should register