SipToSis-Skype Gateway Tips

bbhenry

New Member
Joined
Sep 25, 2008
Messages
19
Reaction score
0
Weird thing happened

I have my IP phone locally registered with my asterisk. but the call got rejected. Then I later found out it's using external IP to send the call to siptosis. Here is the log I see:
incoming sip call from "101" <sip:[email protected]> callee=<sip:[email protected]:5070>
I couldn't understand what cause the IP to show an external IP, is there a way to fix this?
additional note: I have done a sip show peers under asterisk CLI, and it's showing that my ip phone is registered with local IP:
101/101 10.48.5.111 D N 5061 OK (9 ms)
 

Lost Trunk

Guru
Joined
Aug 5, 2008
Messages
228
Reaction score
0
In respect of dynamic IP addresses, there is a script available which will update your externip every few minutes. Have a search round and you will find something.

Here's a perl script that does it:

Code:
#!/usr/bin/perl
#
#This program gets the current IP address (as assigned by the ISP) from
#whatismyip.org and modifies etc/asterisk/sip_nat.conf if the external IP
#address has changed. Use Webmin to invoke it as cron job that runs every 5 mins
#
use strict;
use warnings;
use WWW::Mechanize;
use Tie::IxHash;
use Data::Validate::IP qw(is_public_ipv4);
my $s_filepath = "/etc/asterisk/sip_nat.conf";
my $mech = WWW::Mechanize->new( autocheck => 1 );
$mech->get('http://whatismyip.com/automation/n09230945.asp');
$mech->success or die 'Cannot connect to http://whatismyip.com/automation/n09230945.asp';
my ($ip) = ($mech->content() =~ /(\d+\.\d+\.\d+\.\d+)/);
if (is_public_ipv4($ip)) {
    tie my %configvars, 'Tie::IxHash';
    %configvars = ('nat' => 'yes', 'externip' => '0.0.0.0','fromdomain' => 'your.dyndns.address','localnet' => '192.168.0.0/255.255.255.0') ;
    open IN,"<$s_filepath";
    while (my $i = <IN>) {
        chop $i;
        if ($i =~ /=/) {
            $i =~ s/\s//g;
            my ($key,$value) = split /=/,$i;
            $configvars{$key} = $value;
        }
    }
    close IN;
    if ($configvars{'externip'} ne $ip) {
        $configvars{'externip'} = $ip;
        open OUT,">$s_filepath";
        while (my ($key, $value) = each %configvars) {
            select OUT;
            print "$key=$value\n";
        };
        select STDOUT;
        close OUT;
        `/usr/sbin/asterisk -rx reload`;
    };
};
The only line you have to change is the one that reads:

%configvars = ('nat' => 'yes', 'externip' => '0.0.0.0','fromdomain' => 'your.dyndns.address','localnet' => '192.168.0.0/255.255.255.0') ;

(Change the parts in bold to suit your system)

3. If a port does not need access, then close it down with IPTables to prevent anyone having a go, and exploiting a a yet undiscovered security flaw.

Joe
Could you please elaborate on how you would add a restriction for port 5070 in IPTables, for those of us whose know next to nothing about that? I also had to change the line in SipToSkypeAuth.props to *,*,*,calleeid so I would be interested in knowing how to totally block access to 5070 from outside the box itself, or at least from outside the local network. I already have it blocked at the router so I'm not that worried about it, but a bit of extra security couldn't hurt.
 

jroper

Guru
Joined
Oct 20, 2007
Messages
3,832
Reaction score
71
The simplistic way is go into webmin, navigate to linux firewall, which may be under networking, or under unused modules (click refresh modules to fix that)

Find a rule similar to the one you want, e.g. udp or tcp, open it, scoll down to the bottom, click clone rule, edit the port to the one you want. Save the rule, then click apply configuration.

Job done.

It's worth having a read about iptables, its very powerful and flexible. Webmin presents an easy way of doing the config.

Joe
 

bbhenry

New Member
Joined
Sep 25, 2008
Messages
19
Reaction score
0
I have static IP

I am not having dynamic IP address. I have fixed external Ip address, and I am registering my ip phone to asterisk from internal network. But when I call through siptosis, it's rcognizing my extension IP as the external IP like I have posted earlier. I have no idea why this is happening.

But I guess I should mention that I am running pure asterisk, no freepbx. Maybe freepbx is doing something that makes the ip show as internal IP? I don't know, maybe you guys know.
 

Lost Trunk

Guru
Joined
Aug 5, 2008
Messages
228
Reaction score
0
Problem with Webmin and Linux Firewall

The only problem with Webmin is that I have installed fail2ban using the instructions on the voip-info site and Webmin complains:
Webmin has detected 1 IPtables firewall rules currently in use, which are not recorded in the save file /etc/sysconfig/iptables. These rules were probably setup from a script, which this module does not know how to read and edit.
If you want to use this module to manage your IPtables firewall, click the button below to convert the existing rules to a save file, and then disable your existing firewall script.

But of course, I don't want to disable my existing firewall script because that would probably kill the functionality of fail2ban. Since I'm far more worried about SIP password cracking attempts than the possibility of someone using my Skype account (because we have 5070 blocked at the hardware router, and because there's no SkypeOut on our account, so they could only make free calls to other Skype users anyway) I think maybe I'll leave well enough alone for the moment.
 

bbhenry

New Member
Joined
Sep 25, 2008
Messages
19
Reaction score
0
I found the issue

I found out why it was showing external IP address now. It's because I have this setting in my sip.conf
externip=68.105.xxx.xxx
localnet=10.48.5.0/255.255.255.0

so whenever I dial out to siptosis from a registered IP phone. It would use the externip address instead of 127.0.0.1
Once I commented those lines out and reload. I was able to show 127.0.0.1 as the source dialing address.

So for people who use their PiaF behind a net. It's better to set the SipToSkypeAuth.props to accept your external IP address instead of the default 127.0.0.1 , or else it's not going to work.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
There's a new comment posted on the Nerd Vittles site explaining how to automatically boot a system with Skype and SipToSis.
 

bbhenry

New Member
Joined
Sep 25, 2008
Messages
19
Reaction score
0
boot siptosis with skype on boot without vncserver

Dear all

this is exciting for me and maybe for some of you too. For the last few days spending time searching why siptosis wouldn't start up nicely with skype in /etc/rc.local

I have to say I am doing this a little different than people who use PBX in a Flash(not that I don't use them). This is a test server that only runs CentOS and asterisk, no freepbx. So I don't have all the package that PiaF is using. I am still using Xvfb,but I didn't have to do a xinit. Ok, put things short, I put my script in /etc/rc.local exactly the same way I would do it if I log in. Everything was launched successfully, but siptosis log tells me it can't find the skype client..... Tried millions of other starting script combination and still no luck.

This morning, some ideas sparked over my head. Skype is a user specific application(I am giving the hint now). Remember that we have to accept API connection in the beginning? right ,if you start skype in rc.local ,it doesn't know what user to use and therefore not using the right configuration you did earlier.

Here is how you initiate skype with a user:

su root -c "skype &"


I am using root as my user , you can swap "root" to any other user name that you use.

And here is my full script , please adjust it according to your environment:

Xvfb :0 &
export DISPLAY=:0
su root -c "skype &"
cd /siptosis
./SipToSis_linux


enjoy
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Remember to get all of this running manually first. Specifically, be sure your Skype audio is working. Be sure you've set up Skype to autologin. Be sure to permanently authorize siptosis access to the Skype application.

Try it again manually to make sure everything works.

Then set up the autostart piece.
 

drsatch

New Member
Joined
Feb 25, 2008
Messages
41
Reaction score
0
Thanks bbhenry

Here is how you initiate skype with a user:

su root -c "skype &"


I am using root as my user , you can swap "root" to any other user name that you use.

And here is my full script , please adjust it according to your environment:

Xvfb :0 &
export DISPLAY=:0
su root -c "skype &"
cd /siptosis
./SipToSis_linux


enjoy

Worked like a charm!
 

Lost Trunk

Guru
Joined
Aug 5, 2008
Messages
228
Reaction score
0
I found out why it was showing external IP address now. It's because I have this setting in my sip.conf
externip=68.105.xxx.xxx
localnet=10.48.5.0/255.255.255.0

so whenever I dial out to siptosis from a registered IP phone. It would use the externip address instead of 127.0.0.1
Once I commented those lines out and reload. I was able to show 127.0.0.1 as the source dialing address.

So for people who use their PiaF behind a net. It's better to set the SipToSkypeAuth.props to accept your external IP address instead of the default 127.0.0.1 , or else it's not going to work.

I don't have time to test this right now, but I got to thinking, if you used a real trunk rather than a custom trunk, maybe in the trunk peer settings you could put something like externhost=127.0.0.1 or defaultip=127.0.0.1 in the trunk setting? Maybe I'm crazy to think this way, but there is a boatload of sip configurations options, many of which we've never used or even seen used, but I wonder if one of them could be used to specify that the 127.0.0.1 address be used on calls from a specific trunk. Maybe this will spark someone's thinking to find another solution that won't hinge on using the external address.
 

RizSher

Guru
Joined
Oct 18, 2007
Messages
146
Reaction score
7
Btw, does all this need to be done physically on the PiaF machine?.

For the last few days, I was doing it thru a Putty session, and on running xinit, would get nothing on my WinXp desktop. Today, I went to the server directly and ran xinit, got the graphical screen, followed by skype, which brought the Skype login screen - couldn't do much after that as didn't have a mouse connected to the machine at that time!!!.

Can these steps be carried out remotely?

Thanks.
Rizwan
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
We took the drsatch tip above and embellished it a bit. Be sure you complete your initial setup and testing before automating this...

First, create a start-skype script in your root folder:

Code:
#!/bin/bash
Xvfb :0 &
export DISPLAY=:0
su root -c "skype &"
sleep 5
cd /siptosis
su root -c "./SipToSis_linux &"
Second, make the script executable:

Code:
chmod +x /root/start-skype
Third, add /root/start-skype to the end of your rc.local startup file and reboot:

Code:
echo "/root/start-skype" >> /etc/rc.d/rc.local
reboot
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
And to answer RizSher's question, you probably need to do all of this using xinit on your Asterisk server with a mouse BEFORE you automate it. It's the only way you'll get to see the screen and know that things are working. Remember, you must set Skype to log you in automatically when it's started. And, after starting siptosis, you must tell Skype to allow the connection AND to remember the setting in the future.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
If any of you happen to have a Skype account, please call nerdvittles and try out the new demo. :smile5:
 

Fortel

Guru
Joined
Oct 19, 2007
Messages
122
Reaction score
4
Demo worked fine from my Polycom 601 Skype-enabled phone! (I've programmed a few Skype users into the contact directory, preceded with a *) Inbound and outbound Skype through a regular Polycom SIP phone- now that's added value!
 

drsatch

New Member
Joined
Feb 25, 2008
Messages
41
Reaction score
0
Here's a tip. Don't know if this has been covered. I didn't find it anywhere.

I didn't like the idea of not knowing who was calling over skype. Caller ID would only show "SkypeCaller"

In siptosis.cfg add this line:
from_url="SkypeCaller" <sip:[email protected]:5060>

so it looks like this:

Code:
#Sample AUTO config with NO registration
#  username and password not important in this mode
#Set to available port to transport SIP messages on siptosis computer
host_port=5070
#username=skypests
username=SkypeCaller
passwd=unimportantpassword
from_url="SkypeCaller" <sip:[email protected]:5060>
# --- end of NO registration example ---
Now the caller's skype name comes through too!
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
I would encourage everyone to read the comments to the Nerd Vittles article. This and many other suggestions were covered not the least of which was how to enable DTMF detection. All of the suggestions now have been incorporated into the download. If you call nerdvittles from any Skype phone, you can test DTMF for yourself.
 

Members online

No members online now.

Forum statistics

Threads
25,782
Messages
167,509
Members
19,203
Latest member
frapu
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top