VoIP:101 — Getting started with your VoIP Network — Part 1

VoIP networks, VoIP phones, VoIP extensions, VoIP everything. VoIP seems to be one of those black box buzz words that IT pros toss around, like the “CLOUD!” But what is really going on behind the scenes? How does VoIP protocols actually work? How can I setup a Call System? How do I get an outside number people can use to dial me?

thejimmahknows.com VoIP

This next series of blog posts (Part1, Part2, Part3) are dedicated to walking through the many aspects related to VoIP(Voice over Internet Protocol) and it’s features.

PART #1 — Laying the foundation for our VoIP network
  • The Lab — Our Network pieces.
  • SIP — Life blood of VoIP
  • FreePBX/Asterisk — Call System Exchange
  • Phone Provisioning (Manual/Auto)
    • Manual Provisioning with Zoiper, Liphone, UbiPhone
    • Auto-provisioning with Cisco 7941G and 7945G (7961G,7965G)
  • Making your first VoIP call!
PART #2 — Call routing, Call numbers, SIP Trunks
  • VoIP SIP Termination — Where VoIP ends and PSTN begins
  • SIP Trunks and DID(external PTSN numbers)
  • Outbound and Inbound Call Routing
  • Optional: Install g729 codec
PART #3 — Ring Groups, Extension Shortcuts, Call Centers, Voicemails, Secure SIP with TLS, etc
  • Ring Groups
  • Extension Speed Dialing
  • IVR (Interactive Voice Response) — useful for Business Directory Prompt
  • Advanced Voicemail Services
  • Securing SIP (TLS and SRTP)
  • Other Cool Features

Part#1

Our Goal and Network Lab

Our goal for this Article is to create a small office VoIP network that consists of the following; A few VoIP phones (both Manual and Auto provisioned) running SIP with an extension schema of our choosing, an outside PTSN line where we can call out of and others can call into, an Interactive Voice Response(IVR) for incoming calls, and other features( secure calling, security banning, hold music, etc). Below is our lab where we will accomplish this.

  • Internal VLAN = 10.55.55.0/24, gate 10.55.55.1, nameservers 10.55.55.1
  • Our FreePBX box = 10.55.55.135
  • Extension Schema x86000 – x86999
  • A picture speaks a thousand words
    http://postimg.org/image/7amjiq9a5/

    • Please excuse my diagram :-p
  • So as you can see, this is a very flat network, however the principals are the same regardless of size. We have separated our Data and Voice networks, just to demonstrate good practice, when in reality it wouldn’t matter for this small of a site. Our WiFi network is just an extension of the Data VLAN (10.55.55.0/24). The only firewall is between our internal VLANs (Data, Voice) and the Internet.

SIP (Session Initiation Protocol)

What is SIP? SIP is the life blood of the VoIP network, our transport protocol. SIP allows us to signal a remote VoIP phone to start the call process, SIP transports the audio/videio payload between VoIP phones to maintain a call session, SIP also handles the registration of our VoIP extensions, and much much more. SIP like most audio/video network transport protocols uses UDP natively to ensure minimal network overhead and reduces bandwidth requirements. SIP relies on a SDP(Session Description Protocol) to negotiate each endpoints capabilities for a call. SIP then relies on RTP(Real-Time Transport Protocol) , SRTP(Secure Real-Time Transport Protocol), or TLS for media stream transmission.

who.rocq.inria.fr

**The Excerpt Above is owned by https://who.rocq.inria.fr/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html

  1. The process starts with VoIP phones running the SIP protocol issuing a REGISTER command to register with a PBX (Asterisk).
  2. The PBX response with a Unauthorized back to the SIP User Agent attempting to register.
  3. the SIP User Agent submits another REGISTER command, but this time containing the Authorization section.
  4. PBX sends back a OK 200 with what SIP features SIP User Agent is allowed to perform.

 

SIP Request commands: Before we get any further let’s go over the different ones.

  • REGISTER = you just read the process above of how a SIP User Agent, such as a VoIP phone registers itself with a PBX (Asterisk). A VoIP phone needs to be registered in order to make and receive calls.
  • INVITE = this command is used either directly from SIP User Agents (more on this later) or by the PBX to “invite” SIP clients to a call session.
  • ACK = used to Acknowledge INVITE messages and join the call session
  • BYE = terminates the connection between users and the call session
  • And much more.

SIP Call Sessions basics: How a call gets setup.

Cisco Documentation **Owned by Cisco.com

  1. Calling phone sends out INVITE
  2. Called phone receives INVITE and sends an 100 response back “Trying”
  3. Called phone starts ringing and sends a 180 response “Ringing” back to the Calling phone.
  4. A 200 “OK” is sent from the Called station once the phone is picked up.
  5. Calling stations responds with a ACK request
  6. RTP takes over to handling the audio back and forth “Media Session”.
  7. A BYE is sent by which ever phone hangs up first.

There is another alternative to SIP called Skinny which is a Cisco proprietary protocol. You will most like find this running as the Signally protocol in a VoIP network which is predominately Cisco. Keep in mind Cisco equipment can run SIP as well. So if your environment/equipment is mixed you will want to go with SIP.

FreePBX/Asterisk — Call System Exchange

FreePBX is a Linux distro that includes Asterisk and a Web Management GUI. Asterisk being the PBX(Private Branch Exchange) software that is used to manage your VoIP logic. A PBX is responsible for your extension numbering plan (x1234), dial plans routing (like when you have to dial *9 to get an outside line), VoIP trunking (merging PBXs together), voicemail boxes, etc. A PBX is also where your VoIP capable phones will register themselves with and receive INVITEs. All in all, just remember the PBX has many features, but it’s primary function is to set up and destroy SIP Call sessions.

Installing…

Let’s get started by installing FreePBX by following the official documentation here(http://wiki.freepbx.org/display/FD/Installing+FreePBX+Official+Distro);

  • I chose IPv4 Manual Configuration and set the IP to 10.55.55.135 with a gateway of 10.55.55.1 and DNS to 10.55.55.3+4
  • Once the install has completed and you rebooted, go to the Web Admin GUI http://10.55.55.135
  • Change the default password to whatever you want.
  • Click on FreePBX Administrator
  • Run an update by going to Admin –> Module Admin, then click Check Online and at the far right click Upgrade all and Process. (this will only work if you FreePBX server has access to the internet.
Setting up a few extensions…
  1. Go to Applications –> Extensions
  2. Select Generic SIP Device and click Submit.
  3. User Extension = The unique extension , I picked 86555.
  4. Display Name = The CallerID name that will display on the Called phone when calling from this Extension, TestUser1
  5. CID Num Alias = This is a masquerade alias that will display when calling from this extension to anyone internally. Used for call centers so the user can’t call you back directly because they are presented with the call centers number. I left this blank.
  6. Emergency CID = This is the CallerID that will be used when calling outbound routes flagged as Emergency, such as 911 so they will get a number to reach you back at. I left this blank, you will have to set up the logic for this if you want to use it properly.
  7. Secret = This is the SIP password to be used during the SIP authentication piece. i set it to testpassword123
  8. NAT Mode = O NAT, this confuses so many people when dealling with SIP.Set this to No, see below.
  9. Link to Default User = Here we can link this extension to a username. This is handy if you want to support Emailing of Voicemail message and the ability of users to log into the Voicemail port to listen to there voicemail’s over the web. I created a new user with Username = testuser123, Password = testpassword123.
  10. Voicemail = Enable/Disable voicemail on this extension.
    • Voicemail password = Number password for voicemail box when dialing from this extension.
    • Require from same Extension = whether the Voicemail box is available to reach to check message from anywhere.
    • Email Address = Email address to send Voicemail notifications to
    • Email Attachment = Attaches Voicemail message as a WAV and sends it to the email address specified.
    • Delete Voicemail = Voicemail message will be deleted once it is sent to email address as an attachment.
  11. Optional Destinations = Here is where you can choose what to do with an incoming call under the following conditions, No Anwser (max rings attempted), Busy (extension is busy), Not reachable (phone is not currently reachable by the PBX to send an INVITE for this call)
  12. Click Submit.
  13. Now create a few more extensions, 86444, 86777, and 86888.

Advanced Options:

  • Can Reinvite = By default this is set to No, which means the Call session “media session” between two extensions or more is all done through the PBX system. PhoneA talking to PhoneB through the PBX acting like a proxy. When re-invite is set to Yes, after the initial Call session is set up, each phone in the session will try to send a INVITE directly to each other. This is helpful in terms of taking the load off of the PBX, however re-INVITEs get complicated when SIP Call Sessions are not Internal to Internal extensions within the same IP network.
  • Qualify = Enabled by default, will send OPTION SIP requests periodically to check that the extension is still available by the device the registered with it. Turning this feature off will help performance, but service will be less resilient to network changes. For instance the PBX only know where the phone is with the extension based on the initial REGISTER request. If this is WiFi phone or LTE…this would not work.
  • Transport = UDP, TCP, or TLS for SIP signally (not for the actually audio/video). So for SIP request and responses like REGISTER, AUTH, INVITE, etc. UDP is the best performance but has not security. Use UDP on private and protected networks. TCP is the same just TCP with no security. TLS is just like HTTPS, all SIP signally commands are sent over TLS, meaning you will need a SSL certificate and private key.
  • Enable Encryption = This will enable media encryption. Use this in conjunction with TLS transport from above to make SIP signalling and media encrypted. SRTP is the only option. Does not require a certificate as the initial encryption stream is set up in plain text, hence why you need TLS above to blanket this SRTP initiation.
  • Deny/Permit IP = Just a little bit more added security. Here you can set what IP ranges devices can be coming from when trying to REGISTER this extension. So like in our lab we know they will be coming from 10.55.55.0/24, we can put Permit 10.55.55.0 255.255.255.0.
To NAT or not to NAT, that is the Question…

SIP NAT’ing. If you recall from the SIP registration messages above you can see in the SIP payload sip:192.168.0.2:5060 SIP/2.0 , so when a call is being setup each phone has been registered with that syntax sip:{address}{port}. Now what happens if my phone is behind a NAT where the real IP address of phone does not match the IP packet that arrives at the PBX server. For example, my phones IP is 192.168.55.5, but my IP packet gets SNAT’d and changed to 1.1.1.10 on it’s way to the PBX server. The IP packet will arrive correctly, but the SIP payload message will contain the line sip:192.168.55.5:5060 SIP/2.0. The PBX will then try to send ACK, and INVITEs for calls to 192.168.55.5:5060 which it cannot get to. SIP breaks. Setting the PBX server up with the NAT mode to yes, tells the server, when this extension registers, ignore IP address in the sip:192.168.55.5:5060 SIP/2.0 message and use the IP Source in the IP packet instead.

Phone Provisioning

There are mostly two types of provision when working with VoIP phones. Manual provisioning and Auto-provisioning. There are pros and cons for each. For example Manual provisioning is easier to get working right away because these phones have a configuration menu on them. I’ve seen most WiFi VoIP phones and VoIP Apps on Smartphones (like UbiPhone or Zoiper or Linphone for apple users) to be this way. You can also find some desktop phones that have manual provisioning, like the Nortel IP1535. On the other side of the coin, Auto-Provisioning is automatic! and best used for larger deployments. It is however a more sophisticated setup. Auto-Provisioning deployments are most common in the business or corporate world where you have many VoIP phones that get their configuration from centralized place upon bootup. These are the Cisco or Avaya phones you may have seen.

Manual Provisioning.
  1. Start by using your computer/laptop (hopefully with a Microphone, and download MicroSIP which is super easy. I downloaded the Lite version portalable ZIP file.
  2. Extract it and Run the MicroSIP executable.
  3. Goto Menu –> Add Account
  4. Filling in the Following:
    • SIP Server = 10.55.55.135 {IP or DNS name of your PBX server}
    • User = 86555, or whatever extension you create in the previous steps.
    • Domain = local
    • Password = password for x86555
    • Your name = testuser123
    • Transport = UDP
  5. Click Save and you should see MicroSIP Connecting… and eventually Online.
  6. Now let’s set it up on a Android Smart Phone using UbiPhone
  7. Once installed open the app.
    • Click Let’s Go at the Welcome screen
    • Select I already have a SIP account
    • Type in Extension/User = 86888, password = testpassword123, domain = 10.55.55.135 (your PBX DNS/IP)
    • You’ll see registration in progress, but you need to put in a password. So click on Settings bottom right, Click on the account (86888@10.55.55.135), find the password field and type in the password. Hit Settings button again to back out to main dialer menu.
      password
    • Registration Successful
Try a Test Call.

x86555 to x86888.

Auto-Provisioning.

So here comes the fun part! Auto-Provisioning of SIP phones! This will be a little more sophisticated than Manual provisioning as more pieces are involved and need to be configured to get it all to work. Each Phone type/brand may also be different. I am going to use two Cisco phones; 1x Cisco 7941G and 1x Cisco 7945G, the G stands for Global not gigabit!.
7941 G nolabel7945 G nolabel

The basic process for auto provisioning Cisco 7940s and 7960s series phones is through DHCP boot options and TFTP server housing the specific config files for the phones.

  1. Power starts the Phones boot up process
  2. Phone detects firmware, if no firmware detected goes into Firmware download mode.
    7945 G booting Normal Booting Screen cisco Phone Firmware Download ModeFirmware Loading Screen
  3. Phone receives IP via DHCP and DHCP option is set telling the phone where the location of the TFTP server is with the config files
  4. Cisco 7940 and 7960 series phones config file name format is SEP{MAC Address}.cnf.xml, so for example a phone with the MAC address of AAAA.BBBB.CCCC would look for a file named SEPAAAABBBBCCCC.cnf.xml
    Excerpt from my TFTP server upon Cisco 7941G boot.
    Aug 27 14:29:44 FreePBX xinetd[1108]: START: tftp pid=8382 from=10.55.55.151
  5. As long as the config file has no issues the phone will continue to boot using the configuration items in the file.

Luckly, our FreePBX server by default installs a TFTP service. Located at /tftpboot on the box itself.

Important Files:

  • OS79xx.txt = Older series Cisco phones 7940s and 7960s will look for this file for what firmware version to be running, if mitmatch will drop into Firmware Download Mode. This file is not used in SIP, perhaps Skinny?
  • XMLDefault.cnf.xml = Global Configuration File used durning Firmware Download Mode. The phone will look for its Firmware version it should download. Firmware Package consists of 8 Files. Download Cisco Firmware here.For example cmterm-7941_7961-sip.9.4.2.zip consists of SIP41.9-4-2SR1.loads, term41.defaults.loads, term61.defaults.loads, jar45sip.9-4-2ES9.sbn,cnu45.9-4-2ES9.sbn,apps45.9-4-2ES9.sbn,dsp45.9-4-2ES9.sbn, and cvm45sip.9-4-2ES9.sbn )
  • dialplan.xml = Cisco phones use this file to create their dialplans, meaning when you start dialing a number on the  phone, how does the phone know hwo long your extensions are? How does it know to signal a outbound call with *9, etc.
  • ringlist.xml = Configuration file showing where each ring sounds is located. Should be WAV format and placed in root TFTP directory
  • menu.xml = Address book or other Service extension

     

     
  • SEP000011112222.cnf.xml = the main confirutation file for Cisco phone with MAC address 0000.1111.2222.
    • Cisco 7941G
    • Cisco 7945G

      Al
Almost There –DNS and DHCP server time.

The next steps are required so that the Cisco phones will know where the TFTP server is, remember they don’t know anything upon boot and must be told via DHCP Option 150 or 66

  1. Create a DNS A record to point to your PBX server. I chose sip.local –> 10.55.55.135
  2. If using Windows create a new DHCP Option 150 with a value type of IP
  3. Optional: Option 150 should work, however some older phones like DHCP Option 66 (I know this conflicts with PXE!)
  4. Using Cisco Switch
  5. Using your FreePBX server to become the DHCP server for the VLAN, see Red Hat Documentation Install DHCP Server, then follow Red Hat DHCP Option 150 Documentation.

Troubleshooting:

If  you’ve made it this far..Congrats!! Now the fun part of figuring out what went wrong. Like in the next Parts I will only be Troubleshooting what we went over.

Checking Asterisk and watching SIP messages
  1. SSH into your FreePBX box, or whatever Distro you have that is running Asterisk.
  2. Type asterisk -rvvv to open the asterisk CLI
  3. This CLI will stdout SIP messages, warnings, and errors. The most common are

    • The first one denotes authentication failed due to incorrect SIP password for the extension trying to register.
    • Second one denotes the SIP Client isn’t set up with the correct Transport set for the Extension (UDP,TCP, or TLS). Check FreePBX configuration for this extension
    • Third, you can see why the Transport type failed. Only accepts UDP, not TCP for this extension.
    • Good responses:
Checking Cisco Phones
  1. If you think your Phone may just be stuck, do a Restart by pressing ‘**#**
  2. Resetting a Phone may help wipe any legacy or old configuration files that may be causing issues. To do this you will  need to power cycle the phone and hold down the ‘#’ key until you see the Line Buttons alternate orange back and forth. Cisco Documentation.
    1. Soft Reset = Press 123456789*0# , this will delete any cached files, like FIrmware and SEP configs
    2. Hard Reset = Press 3491672850*#, this will reset the phone and format the flash.
    3. Difference between Restart and Reset, read this.
  3. Checking the Phones logs (if your phone has an IP address)
    1. On the Phone go to Settings –> Network Configuration –> IP Address
    2. Open a browser on a computer that has access to that IP address’s network http://{you-phones-ip}
    3. Here Click Console Logs and click on the log with the highest increment
      Cisco Phone Device InfoCisco Phone Console Logs
    4. Check the console logs for anything

      • This shows an error that the phoneLabel paramter is too long  
  4. Check FreePBX Password and Phones SEP.cnf.xml password are the same
    Note: I had an issue if I made the password too long. The Cisco 7941s didn’t seem to like it more than 15 characters roughly.
  5. Check your /var/log/messages on your FreePBX box to see if TFTP requests are making it to the server.
  6. You may have to do a Packet Capture, check that the Option 150 is being confirmed on the DHCP ACK between the Phone and the DHCP server

 

Continue to PART#2….

Sources:

There are 5 comments left Go To Comment

  1. Pingback: Building your VoIP Network — Round 2! | thejimmahknows /

  2. Pingback: Getting started with your VoIP Network — Part 1 | thejimmahknows /

  3. jc geny /

    your article is very good and “up 2 date” with firmwares… my phone is a 7945 i took it last February and it is still unused…[ i think i tried with a bad provider : ippi.fr : i took the free 5 number and used my mobile to phone my home but it fails…so i ll register elsewhere , may be callwithus that has a lot of infos for phones and redo test ]
    i tried to use asterisk but it is very complex , too many modules.., have you tried xivo ?
    the web interface is clean , they made module for cisco 7945 and others but they use firmware 8.54 and my phone refuses to load this old firmware…
    with your article , i ll try again asterisk if i fail with xivo .
    i tried to use your file parameters , one thing puzzled me : with the 7945 , you say the ip for 127.0.0.1 , but i do not think you install aterisk in the phone….so you use that ip because of the vlan ?
    beside the vlan , both pc and 7945 are having their own ip , the pc is connected to the second port of the 7945 and have the asterisk server . no ?
    if i think right , that ip difference in the configs you show between the 7945 and 7941 is the result of the lan connection and the use of vlan . i mean you could have made a similar xml as with the 7941 using real ip …

    what could be cool is that you wrote a config for standalone 7945 …will you do that soon ?
    thank you again for the article , i hope you will make it even better

    1. thejimmahknows / Post Author

      Hi jc geny,

      I have not tried Xivo, I started with Elasix but moved to AsteriskNOW since I wanted to get a PBX up and running quickly. There are many articles on how to build from source making the PBX less bulky. I’ve disabled most of the modules in Asterisk and find it runs very stable.

      Regarding your input on the Cisco 7945 as standalone, correct, my article is showing the configuration for a lightweight or boot from LAN setup. Cisco 7945 phones will save their first boot config file in flash, so you can load the config via TFTP that points to callwithus PBX system, which is what it sounds like you are going forward with. I’ve used http://www.voip-info.org to do much of my research, try http://www.voip-info.org/wiki/view/Standalone+Cisco+7945/7965 and good luck!

  4. jc geny /

    i made a topic at elastix forum and posted there my config files for my 7945…
    they are different from yours and are working well with elastix 2.5 ou the ippi.com provider that gives a sip and a terrestrial line phone numbers so phone can be called..
    http://forum.elastix.org/viewtopic.php?f=84&t=131636&mobile=mobile

    the topic is in french…
    have a nice time reading it

Leave a Reply to thejimmahknows Cancle Reply