SipToSis-Skype Gateway Tips

[bbhenry]

I have my IP phone locally registered with my asterisk. but the call got rejected. Then I later found out it's using external IP to send the call to siptosis. Here is the log I see:
incoming sip call from "101" <sip:101@68.105.xxx.xxx> callee=<sip:echo@127.0.0.1:5070>
I couldn't understand what cause the IP to show an external IP, is there a way to fix this?
additional note: I have done a sip show peers under asterisk CLI, and it's showing that my ip phone is registered with local IP:
101/101 10.48.5.111 D N 5061 OK (9 ms)

[Lost Trunk]

Originally Posted by jroper

In respect of dynamic IP addresses, there is a script available which will update your externip every few minutes. Have a search round and you will find something.

Here's a perl script that does it:

Code:

#!/usr/bin/perl # #This program gets the current IP address (as assigned by the ISP) from #whatismyip.org and modifies etc/asterisk/sip_nat.conf if the external IP #address has changed. Use Webmin to invoke it as cron job that runs every 5 mins # use strict; use warnings; use WWW::Mechanize; use Tie::IxHash; use Data::Validate::IP qw(is_public_ipv4); my $s_filepath = "/etc/asterisk/sip_nat.conf"; my $mech = WWW::Mechanize->new( autocheck => 1 ); $mech->get('http://whatismyip.com/automation/n09230945.asp'); $mech->success or die 'Cannot connect to http://whatismyip.com/automation/n09230945.asp'; my ($ip) = ($mech->content() =~ /(\d+\.\d+\.\d+\.\d+)/); if (is_public_ipv4($ip)) { tie my %configvars, 'Tie::IxHash'; %configvars = ('nat' => 'yes', 'externip' => '0.0.0.0','fromdomain' => 'your.dyndns.address','localnet' => '192.168.0.0/255.255.255.0') ; open IN,"<$s_filepath"; while (my $i = <IN>) { chop $i; if ($i =~ /=/) { $i =~ s/\s//g; my ($key,$value) = split /=/,$i; $configvars{$key} = $value; } } close IN; if ($configvars{'externip'} ne $ip) { $configvars{'externip'} = $ip; open OUT,">$s_filepath"; while (my ($key, $value) = each %configvars) { select OUT; print "$key=$value\n"; }; select STDOUT; close OUT; `/usr/sbin/asterisk -rx reload`; }; };

The only line you have to change is the one that reads:

%configvars = ('nat' => 'yes', 'externip' => '0.0.0.0','fromdomain' => 'your.dyndns.address','localnet' => '192.168.0.0/255.255.255.0') ;

(Change the parts in bold to suit your system)

Quote:

3. If a port does not need access, then close it down with IPTables to prevent anyone having a go, and exploiting a a yet undiscovered security flaw. Joe

Could you please elaborate on how you would add a restriction for port 5070 in IPTables, for those of us whose know next to nothing about that? I also had to change the line in SipToSkypeAuth.props to *,*,*,calleeid so I would be interested in knowing how to totally block access to 5070 from outside the box itself, or at least from outside the local network. I already have it blocked at the router so I'm not that worried about it, but a bit of extra security couldn't hurt.

[jroper]

The simplistic way is go into webmin, navigate to linux firewall, which may be under networking, or under unused modules (click refresh modules to fix that)

Find a rule similar to the one you want, e.g. udp or tcp, open it, scoll down to the bottom, click clone rule, edit the port to the one you want. Save the rule, then click apply configuration.

Job done.

It's worth having a read about iptables, its very powerful and flexible. Webmin presents an easy way of doing the config.

Joe

[bbhenry]

I am not having dynamic IP address. I have fixed external Ip address, and I am registering my ip phone to asterisk from internal network. But when I call through siptosis, it's rcognizing my extension IP as the external IP like I have posted earlier. I have no idea why this is happening.

But I guess I should mention that I am running pure asterisk, no freepbx. Maybe freepbx is doing something that makes the ip show as internal IP? I don't know, maybe you guys know.

[Lost Trunk]

The only problem with Webmin is that I have installed fail2ban using the instructions on the voip-info site and Webmin complains:

Webmin has detected 1 IPtables firewall rules currently in use, which are not recorded in the save file /etc/sysconfig/iptables. These rules were probably setup from a script, which this module does not know how to read and edit.
If you want to use this module to manage your IPtables firewall, click the button below to convert the existing rules to a save file, and then disable your existing firewall script.

But of course, I don't want to disable my existing firewall script because that would probably kill the functionality of fail2ban. Since I'm far more worried about SIP password cracking attempts than the possibility of someone using my Skype account (because we have 5070 blocked at the hardware router, and because there's no SkypeOut on our account, so they could only make free calls to other Skype users anyway) I think maybe I'll leave well enough alone for the moment.

[bbhenry]

I found out why it was showing external IP address now. It's because I have this setting in my sip.conf
externip=68.105.xxx.xxx
localnet=10.48.5.0/255.255.255.0

so whenever I dial out to siptosis from a registered IP phone. It would use the externip address instead of 127.0.0.1
Once I commented those lines out and reload. I was able to show 127.0.0.1 as the source dialing address.

So for people who use their PiaF behind a net. It's better to set the SipToSkypeAuth.props to accept your external IP address instead of the default 127.0.0.1 , or else it's not going to work.

[brunski]

Originally Posted by jroper

In respect of dynamic IP addresses, there is a script available which will update your externip every few minutes. Have a search round and you will find something. Joe

Joe, Are you're referring to this one?
http://pbxinaflash.com/forum/showthr...ht=dns-o-matic

[wardmundy]

There's a new comment posted on the Nerd Vittles site explaining how to automatically boot a system with Skype and SipToSis.

[bbhenry]

Dear all

this is exciting for me and maybe for some of you too. For the last few days spending time searching why siptosis wouldn't start up nicely with skype in /etc/rc.local

I have to say I am doing this a little different than people who use PBX in a Flash(not that I don't use them). This is a test server that only runs CentOS and asterisk, no freepbx. So I don't have all the package that PiaF is using. I am still using Xvfb,but I didn't have to do a xinit. Ok, put things short, I put my script in /etc/rc.local exactly the same way I would do it if I log in. Everything was launched successfully, but siptosis log tells me it can't find the skype client..... Tried millions of other starting script combination and still no luck.

This morning, some ideas sparked over my head. Skype is a user specific application(I am giving the hint now). Remember that we have to accept API connection in the beginning? right ,if you start skype in rc.local ,it doesn't know what user to use and therefore not using the right configuration you did earlier.

Here is how you initiate skype with a user:

su root -c "skype &"

I am using root as my user , you can swap "root" to any other user name that you use.

And here is my full script , please adjust it according to your environment:

Xvfb :0 &
export DISPLAY=:0
su root -c "skype &"
cd /siptosis
./SipToSis_linux

enjoy

[wardmundy]

Remember to get all of this running manually first. Specifically, be sure your Skype audio is working. Be sure you've set up Skype to autologin. Be sure to permanently authorize siptosis access to the Skype application.

Try it again manually to make sure everything works.

Then set up the autostart piece.