sip5060.net / en es
It’s definitely a great time to be a Managed Service Provider (MSP), Communication Service Provider (CSP), and Voice Service Provider (VSP), delivering managed communication services. Whether they be a seasoned provider or just starting out, the work-from-home movement has created a massive change in IT infrastructure, which means managed service providers have become very popular and are enticed to deliver more. For instance, the MSP market was valued at $242.9 billion in 2021 and is projected to reach 354.8 billion by 2026, registering a CAGR of 7.9%! This tremendous growth is pushing MSPs to continue to broaden and diversify their offerings. Still, there is a big surprise waiting for inexperienced or ill-informed providers: the increased set of communications tax complexity, obligations, and risk.
MSPs, CSPs, and VSPs certainly understand that they are required to charge for and remit communications taxes. If you are reselling, charging, and invoicing for telecom services, such as data, voice, video, and messaging, then you’re in that camp. But what’s been happening, which has become more challenging, is that communications services have become the de facto method for delivering services from the cloud, but not only that, they’re being offered via programmable interfaces, or APIs. So now communication services are being embedded into SaaS platforms, essentially reselling data services. So the lines have become blurred, and knowing whether you need to pay communication taxes is a bit unknown. You need to ask yourself, “Is my business selling services that incorporate voice, video, or data?” If the answer is yes, then you’ll need to make sure you’re up to speed on tax compliance; otherwise, you’ll have some penalties to pay, aside from learning how to pay those taxes going forward.
Let’s start with general sales taxes, which apply at the federal, state, county, and city levels. Communication taxes fall under this umbrella too. From there, though, they can be very different, not just in terms of the rate and how it’s applied, but with communications taxes, there are instances of tax on tax in tearing of taxes. In many instances, the jurisdiction for communications taxes will be completely different from what you may have from a sales tax perspective. For instance, there are a lot of communication taxes that are based on school district zones, so even just establishing the jurisdiction that applies can be different. We now have a stacking of communication tax complexity over the existing complexity of sales tax. So, registering with the local jurisdiction, and collecting the tax, is one thing, but then it cascades since communications taxes have different compliance obligations. There are different registration obligations, different filing obligations, and also things like exemption management, where the forms that are needed to be filled out to be exempt from communications taxes are different from what is needed to be collected from a sales and use perspective.
This depends on two criteria: jurisdiction and types of services sold. These combined could mean filing 1,000s of compliance tax returns, especially if the provider is selling services nationwide. Voice itself is taxed heavily, as many different types of taxes are applied. Communication taxes are applied at the federal, state, and jurisdictional levels. E-911 is also similarly taxed.
We talked a bit about the blurred lines around knowing if a business is required to pay communication taxes. On top of that, with the plethora of service providers out there, it would be unsustainably time-consuming for the government to find every business out there with communication services, find out if they are simply consuming or reselling them and dig from there. Businesses could easily fly under the radar from paying their taxes.
The recent robocall mitigation regulations, including the STIR/SHAKEN mandate, has forced VSPs, CSPs, and MSPs to register their telecommunications business by applying for a Federal Registration Number (FRN). Now that their telecommunications business is registered with the FCC, comprehensive compliance is much more important for that business. This includes the rating, collection, and remittance of taxes, fees, and surcharges that are levied by the government in the various states, counties, and cities that they sell in, as well as at the federal level.
With all that there is to consider and the challenges there are to become well informed of tax compliance, it may be a good idea to pair up with experts in the field for consultation or, better yet, with a vendor having a tax engine, who can automate rating and calculations of services, based on local and service feature.
As part of our wholesale carrier services hosted billing service, we have a built-in tax module that automates the calculation and collection of taxes and regulatory fees for our customers who resell our wholesale carrier services. For readers unfamiliar with our wholesale carrier services, read this blog post. What differentiates us is that we offer a complete set of wholesale VoIP services, from termination/origination, DIDs, SMS, E911, Fax, fraud detection/protection, and telecom compliance toolkits, wrapped around an intuitive portal, which includes our hosted billing platform and tax module.
Our tax module is the “single pane of glass,” where our customers save a ton of time in tax rating and calculation for all their customers who may be dispersed nationwide using various services we resell. It consolidates taxes on all levels of government and service types. Also, as our customers expand across regions, the tax modules save them time from figuring out new tax compliance information for those areas as well.
Tax compliance becomes more complex as products become more innovative and are offered in a less traditional fashion. For instance, voice services integrated within APIs were never something tax compliance was designed for. The natural progression is that innovation outpaces tax law but, with time, always catches up. A great example of this is with streaming services, such as Netflix or Amazon Prime, for example. When they came out on the market, communications tax compliance only applied to traditional TV services. So no taxes were applicable for a while, but communication taxes started working their way into these new innovation streaming services as time progressed.
As an MSP, CSP, or VSP, it’s essential to understand the gray areas of communications tax compliance and be informed to avoid risks and possible penalties.
Learn more about Sangoma’s Tax module, built into our hosted billing platform, and have your tax rating and calculations automated for you.
The post What You Need To Know About The Growing Complexities of Communications Taxes appeared first on Sangoma Technologies.
When the day came that we all “had” to work from home, everyone learned how important a phone system client became (whether it was a mobile one, or a desktop one), because that was how we continued to talk to people and keep the business running– because our business phone number could be called, or we could call out on the business phone number – from these clients. And then the clients that integrated chat and video took center stage. Today, this is all part of a typical Unified Communication solution, including those from Sangoma.
However, as we start to return to the office, will the importance of these clients diminish? I’ve definitely started to see articles about how especially the mobile client experience may not be the best.
It seems unlikely that client importance will diminish. First, some form of hybrid work seems to be here to stay, as discussed in this article from Forbes. Employees will always be working remotely in some fashion, whether it is from home or from another location. Employees like it, and while there is some debate about it, it seems organization output is not impacted, though organization culture might be impacted. So, while everyone now needs to come back from the cool place they moved, they likely don’t have to go into the office every day.
And second, just like always, technology will “solve” any problems. We saw it 20 years ago when VoIP first came on the scene. There were issues and they were overcome. And we’ll see it here as well. 5G is one technology that will certainly play a role in improving the mobile client experience.
Getting back to the clients. So yes, they will remain even more important. And we’ll need to keep innovating them forward since they’ll remain an ever-critical part of a business communication system.
The post Softclients are a Critical Component of a Unified Communications Solution appeared first on Sangoma Technologies.
WebRTC used to be about capturing some media and sending it from Point A to Point B. Machine Learning has changed this. Now it is common to use ML to analyze and manipulate media in real time for things like virtual backgrounds, augmented reality, noise suppression, intelligent cropping, and much more. To better accommodate this […]
The post Real-Time Video Processing with WebCodecs and Streams: Processing Pipelines (Part 1) appeared first on webrtcHacks.
In today’s world, it’s imperative to have access to information from any device, anytime and anywhere. However, this has led to the growth and complexity of the networks that connect everything, making them increasingly challenging to manage.
The two main types of networks are Local Area Networks (LANs) and Wide Area Networks (WANs). LANs connect devices within a local office, while WANs connect offices across different locations globally. Without WANs, businesses would be restricted to communicating within their local offices, preventing them from accessing the broader online world, the internet.
SD-WAN, the latest evolution of WAN technology, has recently emerged as a game-changing innovation. SD stands for “software-defined,” and while the concept is not new, it has become a focal point, particularly in infrastructure and networking. SD-WAN essentially leverages software to make IT smarter, faster, and more cost-effective. It is a revolutionary way to construct and manage long-distance networks, providing better bandwidth optimization and ensuring the delivery of real-time applications with improved user experiences.
Traditional WANs typically have a large number of routers that communicate with each other over extended distances. Within each router is a data plane and a control plane, with the data plane holding the information transmitted or received, and the control plane determining the route the data should take. However, someone needs to program the control plane with rules on how to handle network traffic on the data plane. This is typically done by entering a series of commands into each router’s command line interface, or CLI, by a network administrator. This can be a very manual, time consuming and error prone process. For example, let’s say there is a large business with 100 locations that needs to deploy a new application across all these locations. Let’s assume that each location has one router which needs 20 new commands to implement the correct configurations for the new application. With 100 locations, that’s 2000 (20 x 100) commands and if each command took 40 seconds of time that’s roughly 22 hours of work just to deploy a single application for the business. Also, the CLI can be error prone. Imagine a mistake was made on one of those commands and having to hunt down that error or troubleshoot the application. Staff and IT resources would be impacted and could potentially paralyze the business! To overcome this tedious process, network admins will try to automate this process using programming tools and scripts, however, these tools and procedures add more layers of complexity as well as even more CLI commands with more variables that could compound existing problems.
With SD-WAN, this process is simplified, as the control plane is centralized, where changes can be grouped and managed simultaneously across the entire WAN, from a centralized management portal. Businesses can use specific rules to automate the process and distribute configurations instantly, eliminating the complexity and errors inherent in the old manual method.
One of the most significant benefits of SD-WAN is the ability to leverage broadband internet connections, reducing the need for expensive private MPLS networks, lowering costs and increasing performance. Moreover, the software-defined capabilities of SD-WAN enable network admins to change characteristics of their entire network from a central management portal, such as:
Once these rules or policies are set, they can be automatically distributed and implemented across the organization in seconds.
So, with SD-WAN, configuring new or existing networking infrastructure is much easier than the old way of fragile command lines and manual updates.
Here are three key takeaways for businesses regarding SD-WAN:
Agility: SD-WAN enhances agility by simplifying network policy configuration and management.
Performance: SD-WAN provides higher performance by leveraging multiple paths intelligently, including broadband connections.
Cost: SD-WAN lowers IT operational costs by simplifying WAN infrastructure and providing a more efficient network.
Setting up and managing a WAN has never been easier, provided that it’s software-defined. But taking it a step further, businesses can take advantage of a Managed SD-WAN, where a vendor handles the entire network for them, including deployment, maintenance, updates and technical support. To learn more about this zero-touch network infrastructure get in touch with one of our Managed SD-WAN specialists for more info.
The post Exploring SD-WAN – The Advanced Evolution of Business Networks appeared first on Sangoma Technologies.
Channel partnerships are the way Sangoma does business. We understand the value the channel partnerships bring to Sangoma and, ultimately, to the end-user customers who need business communication solutions. As such, we work hard to ensure our channel programs bring value to our channel partners, that what we offer our channel partners is unique, and ultimately that it is worthwhile for the channel partner to invest their time with Sangoma solutions.
If you want to learn more, a few ways are coming up where you can meet us and hear more from us:
We’d love to meet you and show you why Sangoma would be a great option to help you service your customers with the best business communication solutions.
The post The Importance of Channel Partnerships appeared first on Sangoma Technologies.
In the mid-2000’s, VoIP Innovations pioneered SIP trunking services for an emerging number of non-facilities-based, value-added resellers and managed service providers. Back then, VoIP for business-use was less common. Today, there are over 40,000 VAR’s/MSP’s and VoIP has replaced POTS lines in the large majority of businesses nationwide.
As enterprises have all but done away with in-house telecommunications departments, these VAR’s/MSP’s have more heavily relied upon rebilling the tailored services provided by VoIP Innovations. Now known as Sangoma Wholesale Carrier Services, the legacy of innovations continues with Compliant Service Solutions for this continually growing market segment.
Not only are clients’ technical expectations on VAR’s and MSP’s heightened, so too are the FCC’s expectations and requirements on these non-facilities-based voice service providers.
For example, In December 2021, the FCC pushed out the Small Provider Order Fourth Report and Order pertaining to STIR SHAKEN. This order is specifically for non-facilities-based, small voice service providers to be in compliance by the revised deadline of June 30, 2022.
Our many Compliance-as-a-Service solutions provide the tools you need to take care of your SHAKEN requirements yourself. Other compliance-related solutions include SMS Campaign Registry, e911 Dynamic Location Routing, Hosed Billing with comprehensive tax calculations, and HIPAA compliant fax solution services. We have found that the more seamlessly our products work for our VAR’s and MSP’s, the more easily they can customize their services to more profitably meet the needs of their end-users.
As our reseller partners’ demands are ever evolving, we continue to innovate our products mix to keep up with the FCC’s more demanding requirements.
Check out another recent blog post Brian Smiley, our VP of Wholesale, created to learn more about reselling the most trusted, best-in-industry, carrier communications services for your clients.
If you are attending ITEXPO Feb 14-17, please come to booth 617 to meet Brian and/or consult with a Sangoma Wholesale Carrier Sales SME about our innovative solutions.
Or visit our website at carrierservices.sangoma.com. Stay tuned for more exciting, innovative offerings coming soon!
The post Sangoma Wholesale: Compliance-as-a-Service appeared first on Sangoma Technologies.
In a December blog, I wrote at a high level about a paper from the Eastern Management Group regarding the benefits of utilizing different types of cloud services, which basically boil down to the following organizational benefits:
Today, according to that paper, I will highlight just a few of the benefits of using Managed SD-WAN services. Software Defined Wide Area Network (SD-WAN) is a virtual WAN architecture that allows enterprises to leverage any combination of transport services – including MPLS, LTE, and broadband internet services – to connect users to applications securely. It creates a network managed through cloud software rather than disparate hardware systems. A significant benefit of using SD-WAN is:
Managed SD-WAN utilizes a third party to oversee the implementation, continued monitoring, and updates of the SD-WAN service. Major benefits include:
If you are looking for more information on Sangoma’s Managed SD-WAN offering, please go here. If you want to read the full report now, please go here.
The post Overall Managed SD-WAN Benefit Review appeared first on Sangoma Technologies.
More than 15 years in the making, the VI Communication Services portal leads all other SIP trunk providers’ portals in the industry for features and capabilities. As VI Communications is now Sangoma Wholesale Carrier Services, our legacy of innovations continues both in network expansion and portal enhancements.
The BackOffice Portal is our customer portal for ordering and managing DIDs. And, the end-user portal is our brandable, extensible portal for our customers to pass on some of the powerful capabilities, such as number porting, to their end-users.
Our award-winning portal simply does more than anyone else’s. And, our industry-leading service further separates us from the competition. At Sangoma Wholesale Carrier Services, customers can always talk to a live person 24/7.
Often emulated for its ease-of-use, our portals are unrivaled for their comprehensive capabilities.
What else would you expect from the company known for leading the industry in innovations?
A true multi-tenancy portal for resellers to organize multiple customer profiles, provisioning, and managing telephone numbers. Our integrated billing platform will exceed expectations for what is possible. Easily process taxes and even other carrier’s call detail records (CDR’s).
We are so much more than just Trunking as a Service with a great portal. We are your one-stop source for the compliance solutions that you need which are integrated into our nation-wide carrier network.
Learn about our Hosted Billing and integrated Tax Solutions. Manage SPAM and fraud before it affects your customers. Stay ahead of all the new STIR SHAKEN requirements for VoIP resellers. Keep on top of the changes with Campaign Registry for SMS. And, your customers can remain connected even in emergencies with our e911 Dynamic Location Routing solutions.
Check out another recent blog post that Brian Smiley, our VP of Wholesale, created to learn more about reselling the most trusted, best-in-industry, carrier communications services for your clients.
If you are attending ITEXPO Feb 14-17, please come to booth 617 to meet Brian and/or consult with a Sangoma Wholesale Carrier Sales SME about our innovative solutions.
The post Sangoma Wholesale: Power of the Portal appeared first on Sangoma Technologies.
VI Communications has been the carrier services division of Sangoma since being acquired in 2019. Otherwise known as Sangoma Wholesale Carrier Services, this division is integrated yet operates as an autonomous business unit.
There is one primary reason for this autonomy. We primarily service and support the important “middleman” or value-added resellers.
Nationwide, approximately 40,000 managed service providers typically support multiple end-customer businesses’ IT and communication service needs. We have provided wholesale services to these value-added resellers for over 15 years.
As the wholesale arm of Sangoma, it could be perceived as competing for the same end customer. Our distribution model is designed to be trusted and complement our customers’ unique offerings and expertise.
Our wholesale division exists to provide value-added resellers access to the best industry products and services possible at a discounted rate to service aggregators. And we follow stringent CPNI (customer proprietary network information) rules to ensure privacy and the protection our customers expect.
Our reliably engineered network is the foundation for our product and carrier services offerings. Our award-winning BackOffice and End-Client portals with industry-leading, FCC-compliant features are offered in an a la carte manner where you only pay for what your customers use.
Sangoma Wholesale Carrier Services continues a legacy of innovations in product development, the expansion of our core networks and technological capabilities, and value-added resellers thrive as communications service providers.
We are so much more than just Trunking as a Service. We are your one-stop source for the compliance solutions you need, which are integrated into our nationwide carrier network.
Learn about our Hosted Billing and integrated Tax Solutions. Manage SPAM and fraud before it affects your customers. Stay ahead of all of the new STIR SHAKEN requirements for VoIP resellers. Keep on top of the changes with the Campaign Registry for SMS. And your customers can remain connected even in emergencies with our e911 Dynamic Location Routing solutions.
Check out another recent blog post Brian Smiley, our VP of Wholesale, created to learn more about reselling your clients’ most trusted, best-in-industry carrier communications services.
If you are attending ITEXPO Feb 14-17, please come to booth 617 to meet Brian and/or consult with a Sangoma Wholesale Carrier Sales SME about our innovative solutions.
Or visit our website at carrierservices.sangoma.com. Stay tuned for more exciting, innovative offerings coming soon.
The post Sangoma Wholesale: Empowering Value-Added Resellers appeared first on Sangoma Technologies.
A couple of months ago, I wrote about being selected, again, for the 9th year in a row, to the Gartner UCaaS Magic Quadrant. It never gets old, just like football teams that consistently get to the playoffs! I’m pleased to announce that we’ve also been designed a Leader in the Frost and Sullivant FROST RADAR
North American UCaaS Market for this year.
It’s very nice to honored like this by key analyst companies. It makes all the hard work, by the entire company, mean something. The recognition is nice.
We know we can’t just sit still and not innovate if we want to keep getting this recognition. The market is continually changing, and the competition changes as well. I mean who would have thought 9 years ago that video meetings and collaboration would be key features in a UCaaS platform now? But they are. Business phone systems are just different now, in a way that benefits the customers.
Change is still coming though. If you read the report (and the report can be found here on our website), you‘ll see it mentions that “Integrated platforms delivering UCaaS, CCaaS and CPaaS are at the foundation of next-generation business communications solutions”.
Sangoma certainly agrees with that statement and we have been driving this on our roadmaps for a while. We have or own CCaaS and CPaaS platforms, that are integrated with our UCaaS. And we are using our CPaaS to create apps that augment our UCaaS solution, whether that be with integrations to other software systems, or productivity improvement apps that supplement UCaaS.
As Elka Popova, VP of Connected Work Research, ICT of Frost and Sullivan says “Sangoma continues to strategically augment and diversify its extensive UCaaS portfolio and partner network, more recently via the acquisition of Star2Star and NetFortris. Sangoma consistently prevails within the industry as a one-stop shop for complete communications solutions, including UCaaS, CPaaS, SD WAN and communications devices.”
We certainly intend to continue to offer the best one-stop shop cloud communications solutions, intend to continue to innovate, and thus continue to be recognized as leaders!
The post Sangoma as a Frost and Sullivan FROST RADAR™ North American UCaaS Market Leader appeared first on Sangoma Technologies.
It’s been a while. For both an in-person AstriCon and an ITEXPO during its “rightful” time in mid-February in southeast Florida. And they are both converging and happening in a few weeks in Fort Lauderdale.
The last time we had an in-person AstriCon was in 2019. This will be the first one since Covid. We decided to co-locate it with ITEXPO since, at the last AstriCon, we did not have members of the ecosystem (such as phone vendors that support Asterisk and FreePBX). The ecosystem exists in force at ITEXPO, so it made sense to run AstriCon as a co-located event. To register, please go to this link: https://www.itexpo.com/east/astricon.aspx
And Sangoma will also have a booth at ITEXPO. Since the last time we did a show, we changed our logo, so you will surely notice that. Sangoma has the widest range of business-focused communication services, and we won’t be able to demonstrate all of them. But we will showcase our UCaaS platforms, phones, MSP Services, Open-Source products (Asterisk and FreePBX), and wholesale carrier services (i.e., VoIP Innovations) offerings.
We’re looking forward to catching up with you, so please stop by our booth (617)!
The post Going to ITEXPO and AstriCon appeared first on Sangoma Technologies.
New coturn project leads Gustavo Garcia and Pavel Punsky give an update on the popular TURN server project, what's new in STUN and TURN standards, and the roadmap for the project
The post coturn: No Time to Die – Q&A with new project leads appeared first on webrtcHacks.
VI Communications is Sangoma Wholesale Carrier Services. Known initially as VoIP Innovations, Sangoma Wholesale was built on over 15 years of Trunking as a Service expertise. Sangoma Wholesale continues the legacy of innovations within its award-winning user and end-client portals.
Sangoma Wholesale Carrier Services’ innovative solutions are industry-leading and delivered on its own reliably engineered network.
Ideal for VoIP resellers and communication service providers, wholesale customers can buy unbundled services on an a la carte basis. A full-featured, extensible SIP Trunking platform puts number ordering, management, and provisioning all in your administration or directly into the hands of your end-users. This multi-tenant environment allows for customizable parent-child account relationships. And our integrated Hosted Billing options are popular, complementary add-on services for their ease of use.
Sangoma Wholesale is much more than a one-stop shop for your carrier services like VoIP, SMS, fax, and video collaboration solutions. Check out our array of Compliance Solutions. Whether it is STIR SHAKEN, Tax Calculation, SMS Campaign Registration, Kari’s Law for e911 Dynamic Location Routing, or Fax solutions that meet all the requirements for HIPAA – we have what you need for resale.
And likewise, as consumers demand heightened detection and protection from SPAM and Fraudulent calling, we have services you can trust.
If you are attending ITEXPO Feb 14-17, please come to booth 617 to consult with a Sangoma Wholesale Carrier Sales SME about our innovative solutions.
Remember, VI Communications is Sangoma Wholesale Carrier Services.
Visit us at booth 617 at ITEXPO or learn more at https://carrierservices.sangoma.com/.
The post VI Communications is Sangoma Wholesale Carrier Services appeared first on Sangoma Technologies.
In December, I did a podcast with Isha Mukherjee, our Asia-Pac marketing wiz. We talked about a bunch of things, ranging from our new logo, to what happened to UC in 2022, to my thoughts on UC in 2023.
If you want listen to whole podcast, just go here.
For this blog, though, I just want to focus on my thoughts for UC in 2023. I encapsulated my thoughts into the term “Smart Business”. This could mean multiple things, such as making your business smarter through using UC. And I certainly see that. In the Frost and Sullivan blog from a few weeks ago, I talked about the integration of contact center, unified communications, and CPaaS. And I certainly see that moving quite far along in 2023, even bringing in some aspects of AI that’s already in the contact center towards UC. And utilizing CPaaS apps to augment the UC system, so that the UC system is “smart” for your business. In other words, it does what you need it to do.
And that brings us to another meaning of Smart Business, which is doing business in a smart way. I think we’ll see more one-stop shopping with cloud communications in general. If there is a global slowdown, then businesses unfortunately may not be able to keep the same number of employees. There would likely be retrenchment. And this means you need to do business smarter in order to keep the same level of service, and to even grow. One way to do that, is to get your cloud communications from one provider. One bill, one place to talk to, many less headaches. Focus your people on growing the business, not the back-end that runs the business. UCaaS, Contact Center, Augmentation Apps, Collaboration, Video Meetings, and MSP services – all from one vendor, servicing you well. That is Sangoma.
The post UCaaS Futures Musings Podcast appeared first on Sangoma Technologies.
Sangoma recently partnered with Eastern Management Group regarding a report reviewing the end-customer benefits of Sangoma’s various Communications as a Service offerings. The full report can be found here, and it covers all of Sangoma’s Communications as a Service offerings:
While each one of these has specific customer benefits, at a high level the value to the end-user of using any managed communications service comes down to the following:
In the next couple of weeks, I will go a more in-depth into some of the Sangoma cloud services, and explore more specific end-user customer benefits of the cloud service discussed that week. If you want to read the full report now, please go here. Otherwise, stay tuned here and I’ll provide a few quick updates for you.
The post Overall SaaS Benefit Review appeared first on Sangoma Technologies.
Hey there Fellow Jitsters!
Have you ever considered adding telephony to your Jitsi Meet self-hosted instance?
Up until now you only had the option to run Jigasi and deal with telephony yourself. Many of our users do this every day, but when we asked we learned that there was interest in offloading that part. Could someone else host it?
Today we’re launching a new way to quickly connect to the public telephone network and offer dial-in capabilities to your users without the need for hosting and managing the entire telephony infrastructure: JaaS components. You can give it a try today!
Are you running Jitsi Meet on a Debian instance or are you using Docker? Either way, you can opt-in for this feature and it will be automatically set up. A new JaaS account will be created for you and you’re good to… call.
If you’re running Jitsi Meet on Debian all you need to do is to answer ‘Yes’ to this question and you will have dial-in capability on your Jitsi instance.
Note: A Let’s Encrypt certificate is required and the email address used to generate the certificate will be used also for creating your new JaaS account.
If you’re running Jitsi Meet on Docker you’ll need to set the following variables on your .env file:
Now you can restart your setup with `docker-compose up –force-recreate`
An email will be sent to you, asking you to set up a password for the JaaS admin account:
From the JaaS admin console you can manage your account, see the overall activity and upgrade to another plan if needed.
You’re all set up now! Let’s make a phone call! Join a call on your Jitsi Meet instance and notice how the dial-in option becomes available when trying to invite participants. You can now dial-in to one of the phone numbers provided in the list and you’ll be connected to the meeting.
Get started today, a free trial is available! Please check the JaaS components website for details on pricing.
Jigasi is the first Jitsi component offered as a service, with more to come. Stay tuned!
Your personal meetings team.
Author: Oana Emilia Ianc
The post Self-hosting a fully-featured Jitsi Meet instance just got as easy as pie appeared first on Jitsi.
Last week you may have noticed that Gartner, Inc. positioned Sangoma in the 2022 Gartner® Magic Quadrant for Unified Communications as a Service. Sangoma is one of only twelve other companies placed in 2022 and one of six to appear consecutively for the last eight years.
“We are thrilled to be recognized again in this year’s Gartner UCaaS Magic Quadrant,” said Sangoma Chief Marketing and Product Officer Jim Machi. “It’s gratifying to be independently recognized for vision and execution. Sangoma has grown its position in the top tier of cloud communications companies. Sangoma offers the widest set of cloud communication services in the industry, all engineered in-house, to offer partners and customers a single-source, business-oriented cloud-native communications portfolio. UCaaS is the centerpiece of this strategy, but this complete vision goes beyond that to include CCaaS, Video Meetings as a Service, Collaboration, CPaaS, etc., so this recognition is exciting for Sangoma, our partners, and our customers.”
To read the full report, fill out the form on this page.
The post Sangoma is Recognized in the Gartner UCaaS Magic Quadrant appeared first on Sangoma Technologies.
It’s been a while since we introduced End-to-End Encryption (E2EE) over two years ago. Back then we started with a simple model consisting of a passphrase everyone needed to type and later migrated to a model with randomly generated keys per participant. Each have different characteristic and we ultimately chose to stick with the latter. Today we are introducing a missing piece in the E2EE puzzle: user verification.
User verification was not previously possible in Jitsi Meet. Just like our core E2EE we are basing our implementation on the Matrix protocol. Matrix’s libolm / vodozemac provide a Short Authentication String (SAS) mechanism implementation which developers can use. They even have great documentation on how it works, thanks Matrix!
First, you’d gather in a meeting and turn E2EE on.
Now you’ll see a new option for each participant in their tile menu that allows you to verify them:
After choosing to verify a user a dialog will open with a list of emojis:
.
Wait what? Emoji? These emojis conform the SAS. They have been carefully chosen to avoid ambiguity and make the process more user friendly than comparing random numbers. You can find more information in the Matrix spec. You must verbally compare them with the other participant and if they match, mark it as verified.
Once a user is verified this will be reflected in the user information tooltip:
At this point you can be sure that not only your data is encrypted end-to-end, but also that there is no man-in-the-middle (MITM) attach happening.
User verification is currently available in Jitsi Meet master and deployed in beta. It will be part of the next stable release, but expect more improvements specially in the UX front.
We’d like to thank Robertas Maleckas (ETH Zurich), Prof. Kenny Paterson (ETH Zurich) and Prof. Martin Albrecht (Royal Holloway, University of London) for their work researching Jitsi Meet’s E2EE and encouragement, and Matrix for their tools, which make implementing E2EE a much better experience.
Please note that we still consider our E2EE experimental and are still working on improvements. Please make sure you check out our post on how end-to-end encryption in general does NOT offer a meaningful level of trust and protection when it comes to modern meetings services.
Your personal meetings team.
The post Trust, but verify: introducing user verification appeared first on Jitsi.
Trying to explain something to someone and they just don’t get it? If an image is worth a thousand words how about a diagram? Today we’re excited to announce the availability of whiteboards in Jitsi Meet – the missing piece for all those seeking an educational meeting solution and not only!
We decided to stand in the shoulders of giants on this one. The core implementation comes from Excalidraw, an excellent whiteboarding piece of software, which is Open Source, of course. We made some tweaks and adjustments to have it fit in with our vision. We seek to provide an easy to use feature that enables participants to share ideas and brainstorm without having to seek a third party solution. From now on, meeting moderators can open a whiteboard and have everyone in the call sketch away.
The interface supports a number of tools and settings that keep the collaboration interesting and effective. During a meeting, changes that a participant makes locally via the whiteboard are sent to a server to then distribute those updates only to devices of other participants in the meeting. The whiteboard content can be exported as a png or svg at any time during the meeting, so all that hard work doesn’t go to waste.
If you’re using meet.jit.si, you can go ahead and play with the whiteboard in your meetings right away! For those self-hosting, it can be enabled from the config file, and you’ll need to deploy this simple backend.
As you might already know, we’re firm believers in the power of Open Source, we seek to collaborate with other communities to build solutions everyone can use and we’re excited to bring more to this feature in the future!
Your personal meetings team.
Author: Mihaela Dumitru
The post Introducing whiteboards in Jitsi Meet appeared first on Jitsi.
Sangoma is very proud and honored to be able to service multi-location businesses with our UCaaS system and MSP services. A common dialing plan among the different physical businesses, physical phones that are tightly tied to the UC system, mobile and desktop clients to augment the desk phone, and having a CPaaS system that can enable multi-location business unique requirements to be added to our UCaaS solution has enabled Sangoma to service these businesses well with our UCaaS solutions.
Beyond UCaaS, though, Sangoma, through its acquisition of NetFortris, now offers connectivity and security services that can be tailored to bring the best connectivity solution to the needs of the overall multi-location business and each of the specific physical buildings. It is hard to manage what is the best connectivity solution, which provider to get it all from, all the different bills, etc. That’s understandable, for sure. The IT department needs to be expert at everything, and that’s downright impossible.
Someone like Sangoma can determine the best price, the best type of connectivity solution, and the best provider for each location and manage the network for you. You likely do not need the same bandwidth for each building, and the network provider may most likely offer a different economical service all around. Let someone else figure that all out for you and take care of all that for you.
As your UCaaS provider, it makes sense to get all this from us. We understand the networks, and we’re monitoring the UCaaS anyway, so why not have us manage and monitor your internet connectivity as well?
And we can also offer you SD-WAN services with this connectivity so that you can get the most efficient routing, a more stable internet (because of the use of multiple connections), and cost savings. And, of course, monitoring by Sangoma. Learn more about our MSP services here.
The post Multi-Location UCaaS and Multi-Location Connectivity Services appeared first on Sangoma Technologies.
A few months ago, the FCC released a public notice reminding non-facilities-based “small voice service providers”, that they must implement the STIR/SHAKEN caller ID authentication framework in their Internet Protocol networks no later than June 30, 2022.
Is this a surprise to you? Well perhaps, considering a 2 year extension was granted to small VPS (those with 100,000 or fewer voice access lines) from the original deadline of June 30th, 2021. So why the sudden change in deadline? What happened was an overwhelming amount of robocalls were observed to be originating from these small VSP from the time that deadline was announced, so much so, the FCC decided to cut the extension by 1 year, significantly moving up the deadline.
In summary, as a small voice service provider you are no longer subject to a two year extension and must update your certifications and associated filings in the Robocal Mitigation Database (RMD) and implement the authentication framework by June 30, 2022 (which of course has passed at this point in time) or be subject to ”appropriate enforcement action” by the FCC.
We know that it’s a lot of work, time, and money spent to become compliant. To implement STIR/SHAKEN into your voice network, you’ll likely need to provision a cost-prohibitive session border controller (SBC) or a SIP proxy, which can significantly alter the way you route traffic to your partners. This can create unexpected consequences for you, such as billing, for instance, not to mention the network maintenance and monitoring that’s required for these new points of failure.
The deadline for compliance has already passed for non-facilities-based providers. Don’t risk waiting for the FCC to contact you and be put under extreme pressure. We have a Zero-maintenance call signing solution for you!
VI Communication Services’ Call Signing Services help you become compliant, simply by sending your phone calls to our voice network. On our side, we will provision a dedicated server to host your unique certificate and sign calls on your behalf, using the attestation rules that you yourself configured. That’s all! No additional hardware or network maintenance required. We take care of everything for you so that you can focus on running your business. View our product slick.
The post As a Voice Service Provider, How Has the FCC’s Updated Deadline on STIR/SHAKEN Compliance Affected Your Business? appeared first on Sangoma Technologies.
I interviewed mediasoup’s co-founder, Iñaki Baz Castillo, about how the project got started, what makes it different, their recent Rust support, and how he maintains a developer community there despite the project’s relative unapproachability. mediasoup was one of the second-generation Selective Forwarding Units (SFUs). This second generation emerged to incorporate different approaches or address different use cases a few years after the first generation of SFUs came to market. mediasoup was and is different. It is node.js-based, built as a library to be part of a serve app, and incorporated the Object-oriented approaches used by ORTC – the alternative spec to WebRTC at the time. Today, mediasoup is a popular SFU choice among skilled WebRTC developers. mediasoup’s low-level native means this skill is required.
The post Revealing mediasoup’s core ingredients: Q&A with Iñaki Baz Castillo appeared first on webrtcHacks.
A managed IT service is an information technology (IT) task provided by a third-party service provider and delivered to a business customer.
“Managed services” refers to outsourcing information technology (IT) processes and functions to improve operations and reduce expenses. It’s a way to augment your company IT staff with access to specialized expertise and not worry about the cost and complexities of hiring and staffing for 24/7/365 critical business functions.
Managed services are ideal for companies that:
Businesses outsource a plethora of IT-related services to managed IT solutions providers, including:
In a managed service arrangement, the managed service provider (MSP) is responsible for the functionality of IT services and equipment for the client, who typically pays on a monthly retainer basis.
Companies that offer managed services are called managed service providers (MSPs). MSPs are third-party companies that remotely manage IT infrastructure and systems. Small and medium businesses (SMBs), nonprofits, government agencies, and enterprises across various industry verticals leverage MSPs to deploy and manage technology solutions.
Typically, an MSP delivers applications and management services through the Internet under a contractual service-level agreement (SLA). The SLA details qualitative and quantitative performance metrics that govern the MSP and customer engagement.
MSPs handle complex or repetitive tasks required to maintain a client’s IT infrastructure and typically are engaged in managing the following activities:
Businesses of all sizes typically offload the management of select IT services for these key reasons:
Sangoma makes it painless to access a complete suite of managed networking, security, and business communications solutions customizable to your organization’s unique needs.
The post What are Managed IT Services? appeared first on Sangoma Technologies.
Jitsi today supports life-streaming conferences to large audiences through our Jibri tool – this tool renders all the media from the conference, and forwards it to a streaming service such as YouTube.
This approach works, but it has limitations. In addition to being computationally expensive, it also introduces substantial latency to the media. This can be a problem when interaction is needed between the participants in the conference and the audience, for example for a text-based question-and-answer session.
This article will describe a new approach to live-streaming media, which uses Jitsi’s builtin functionality, without transcoding, to reach potentially very large audiences with latency comparable to that of a live conference.
The basic approach to media distribution for this solution is straightforward – simply forward media to all the audience members in the same way that they are forwarded today to conference participants – i.e. as individual RTP streams over WebRTC. This can re-use Jitsi’s existing well-tested technology to distribute the media and have it arrive at receivers and be played out to viewers.
The challenge, of course, is to scale Jitsi’s back-end services so they can support sending media to very large numbers of viewers, potentially in the hundreds of thousands or more. The rest of this article will discuss some of the architectural enhancements we need to make to Jitsi to support this.
The first insight that will make this possible is to realize that in a streaming scenario, while the conference’s active participants need to know that they are being watched by an audience, they don’t need to know all the audience members’ identities or presence in real-time; nor do the audience members need to know about each other. Thus, the system can be modified such that presence information about individual audience members is not sent to other conference participants, or to unnecessary parts of the backend; this reduces the amount of signaling traffic substantially.
The second substantial change that we are making to the backend is to be able to have more sophisticated topologies for the Jitsi Videobridges to relay media among them. Currently, when more than one Jitsi Videobridge is used in a conference (in Jitsi’s Octo/Relay technology), the bridges are connected to each other in a full mesh. This topology minimizes the latency for media, but would not scale to very large conferences, where e.g. hundreds of thousands of participants might need several hundred bridges. If every bridge in such a conference were connected to every other one, the bridges could be overloaded just sending media out.
Instead, we are developing technology that can arrange bridges into more elaborate topologies. In particular, our plan for very large conferences is to still have the conference’s active participants be connected to bridges which are arranged in a mesh; but the audience members would then be connected to bridges whose interconnection forms a tree extending from various nodes of the core mesh, so that the core media servers would only need to send media out to a limited number of connections to the audience’s bridges, which would then be forwarded out to the audience, possibly relaying through multiple bridges on the way.
Finally, changes need to be made for the signaling servers used by the Jitsi back-end. While information about audience members only needs to be propagated to selected back-end infrastructure servers, information about a conference’s active participants needs to be forwarded to the entire audience. The existing XMPP servers that the Jitsi back-end uses aren’t designed for this level of load. Thus, we are developing solutions such that this participant information can be mirrored from one XMPP server to another, allowing each server to handle only a manageable number of client connections while still getting the information to the entire audience quickly.
Stay tuned!
Your personal meetings team.
Author: Jonathan Lennox
The post Low-latency conference streaming to very large audiences appeared first on Jitsi.
In my last blog, I wrote about a customer just wanting basic PBX features from “25 years ago” and whether it was possible to buy a business phone system today that would be able to effectively replace one of these older systems.
The answer is “of course you can get a phone system” that handles the PBX feature requirements from 25 years ago. And it will do exactly what you want it to do, and are used to doing, in terms of calling and call routing and audio conferencing and voice mail, etc. And it can still be on-premises if you wish, but it can also run in the cloud. And you can use a handset just like your current system has. If this is what you want, we have it.
But it will also come with other features, or the ability to add these features, because that is what many customers want today:
So don’t be confused and don’t be afraid to upgrade because of the marketing buzzwords used today. You’ll have all your old features, but you’ll be able to use these new features as well. For instance, the mobility feature allows your business phone number to follow you around on your laptop and Smartphone – it will make you “look bigger” to your customers since you’ll be reachable more easily.
Upgrade so you don’t put your business at risk because of a potentially failing old system. Come talk to us and we’ll be happy to help. PBXs are there today, just in different clothing.
The post UCaaS as PBX Replacement: Part 2 appeared first on Sangoma Technologies.
We proudly announce that Business Voice+ was named the Cloud Computing Product of the Year Award, presented by Cloud Computing Magazine.
Business Voice+ is Sangoma’s pure cloud deployment platform. Designed for businesses who want peerless call quality, communications flexibility, and exceptional system support, Business Voice is the perfect, zero-hardware option. With Business Voice, your business can leverage the power of a complete, end-to-end system from an intuitive, browser-based interface.
The Cloud Computing Product of the Year Award honors vendors with the most innovative, practical, and beneficial cloud products and services deployed within the past year.
Learn more about Business Voice+!
The post Business Voice+ Named Cloud Computing Product of the Year by Cloud Computing Magazine appeared first on Sangoma Technologies.
Education requires total commitment, and for good reason. After all, it involves nothing less than preparing young people for lifelong personal and professional success. Considering the stakes, school systems should prioritize high-quality and worry-free communications, but all too often they face challenges implementing and supporting the latest in telephony. Let’s explore why.
School administrators are often confronted with funding shortfalls and end up scrapping IT investments. If that isn’t bad enough, many schools don’t have a permanent IT professional on staff, which means critical communications infrastructure goes unmaintained and improvements fall to the wayside.
On top of this, user-friendliness inhibits the successful implementation of next-generation communications systems. Educators need systems they can easily pick up and run with, especially given the fact that “13.8 percent of U.S. teachers are either leaving their school or the profession altogether.” With this in mind, it’s clear that successful systems can’t require a steep learning curve. Educators need a solution that lets them focus on what matters most: teaching!
Thankfully, there is a solution that overcomes these not-so-insignificant barriers: Unified Communications as a Service (UCaaS).
Educators require an easy way to interact with parents, administrators, students, and coworkers. Many schools have answered that call by discarding existing telephony for cutting-edge voice over internet protocol (VoIP) solutions that pair high-quality voice with unified communication (UC) tools to create UCaaS systems. Uniting technologies like voice, video conferencing, instant messaging, email, SMS, and fax into a single platform, UCaaS is an affordable and customizable system that adapts to the needs of any school network. It can also have hugely positive implications for an organization’s overall effectiveness and culture, with recent survey data showing UCaaS translating to better productivity for 72% of respondents, higher collaboration for 91%, and faster problem solving for 88%.
“Parent notes” are a critical tool for keeping parents informed, but how often are they left in backpacks, found on the floor of the bus, or worse – eaten by the dog? With UCaaS in an educator’s corner, teachers can ditch these types of archaic communication methods in favor of crystal-clear voice or high-resolution video. Whether it be a one-on-one call with a co-worker or student, or a group video conference with parents, the flexibility maximizes the effectiveness of a school’s messaging by supporting whichever channel works best for the stakeholders involved. And this is just one example; the possibilities are practically endless when technology is on your side.
As a seasoned IT vendor successfully equipping schools with the best communication solutions for years, Sangoma has discovered an ideal way forward. By striking a much-needed balance through “must have” features while also remaining affordable, we ensure that schools will never be “out for the summer” or any other season when they work with us.
“It looks like we are saving about $400 a month so far,” said Sadie O’Brien, IT director for the Shiocton School District, after deciding to transition to [Sangoma] Switchvox.
By eliminating up-front costs, Sangoma UC expertly walks the fine line between offering advanced communication features without straining an institution’s IT funding. Additional savings are gained from low annual fees, and the solution operates through an all-inclusive pricing model. This fixed, consistent, subscription-style billing structure fits comfortably within school system budgets.
Sangoma UC doesn’t just solve problems created by sparse technology budgets, it also addresses the administrative challenges faced by these institutions. The system can be administered via a single computer connected to the network – with no coding required. Everything is geared toward lowering the learning curve and easing the burden for education professionals right from the get-go. Let’s take a closer look at how it can impact some of the primary stakeholders within a given school district:
IT Professionals: IT support staff gain major advantages with Sangoma UC in that it requires no special software, hardware, or license keys – meaning there’s nothing to download or install. The entire system can be managed through a single pane of glass with customizable views and widgets. With a subscription-based model, dealing with lengthy updates or cumbersome maintenance becomes a thing of the past, instead transitioning to the vendor’s responsibility.
Teachers: The typical teacher is overworked and overwhelmed, meaning that any technology they use must always help, never hinder. Sangoma UC is simple and intuitive enough that teachers can simply pick it up and immediately start taking advantage of its mobility features, dedicated conference rooms, and more.
Administrators: Administrators within school districts have a lot on their plates – from tracking absences, to managing calls from parents and staff, to sending out alerts and emergency messages. Sangoma streamlines these workflows considerably with a full suite of easy-to-learn features, such as IVR, auto attendant, receptionist console, mobile and desktop apps, and RAY BAUM compliance.
As a 100% web-based system, Sangoma UC centralizes communications and ensures access to all messages, applications, and tools, regardless of where users are or what device they’re using.
Having equipped more than 1,000 schools, we’re well aware of the communication challenges faced by school districts. This includes chronic problems with funding, adequate IT support, and the pressing need for high-quality anytime/anywhere connections between students, teachers, and parents. However, through our UCaaS system, schools can equip themselves with cutting-edge communications that provide comprehensive benefits for less time and effort.
Want to learn more about Sangoma and how it can transform your district? Download our free eBook today!
The post UCaaS and the Education Industry: Equip Your School with Cutting-Edge Communications appeared first on Sangoma Technologies.
Yes, there are still business systems called “PBX’s” out there. These are on-premises business phone systems that basically just did calling in and out of a building, offered voice mail, could perform an audio conference call, could forward a call, and had a some ‘advanced” calling features like ring groups, or sending group messages (i.e. recording a message, and then sending it to a group of people – like an email but you recorded the email), or call screening. The phone system that ran the business if you will.
And they ruled the roost at one time. You learned many of the intricacies of these systems to be the most effective communicator out there, augmenting your email with these phone systems features.
These systems are out there still. Not all have been upgraded yet. But they are old, and many of these systems are even out of maintenanace. Still chugging along…until they are not….
As VoIP marched on and the internet networks became faster, other communication modes such as chat and video entered the fray, and the need to have the systems on-premises dissipated. Today’s UCaaS systems were born.
And with it it came newfangled terminology. No more analog and digital. Seats, bandwidth, Unified Communications, trunking, hosted, cloud, multi-tenant, single-tenant, collaboration, single sign-on, UCaaS, mobility, and CPaaS are now typical words used.
But this doesn’t mean the requirements of the PBXs of 25 years ago are different. The need to have a phone system that “runs the business” is still there. And I’ve had some prospects / customers kind of wondering what is going on – “can’t we just get a phone system?”. And these prospects have not upgraded since it’s kind of confusing to them. They want to, because they know the “chugging along” at some point will simply stop, but they don’t want to make a mistake, or buy something they won’t be able to work well.
The answer is “of course you can get a phone system”. I’ll talk about this more in my next blog.
The post UCaaS as PBX Replacement: Part 1 appeared first on Sangoma Technologies.
WebRTC blackbox reverse engineering experts Gustavo and Fippo take a look at Cloudflare's new WebRTC implementation, how Cloudflare uses the new WebRTC-based streaming standards WHIP and WHEP, and the bold pronouncement that they can be a replacement to open source solutions.
The post How Cloudflare Glares at WebRTC with WHIP and WHEP appeared first on webrtcHacks.
Back in June, I wrote a blog about hot desking. And I wrote at the time “But is hot desking of a physical phone an obsolete concept with Unified Communications? Does it even need to be in RFPs anymore? Because with UC, you can make and take phone calls with your work extension from your computer, or from your smartphone, via a UC client. I can do that no matter where I sit in the office.”
Now, 4 months later, I got an email from a reader asking if I wanted to take that back because with the return to the office, many companies are going to hybrid models. Hybrid, to many, in addition to working both in the office and at home, means there are fewer offices. Because companies have downsized the physical space to save money.
And now when you show up to the actual office, instead of going to a specific office or cubicle, you might just have to go find a place to sit. And so the phone at the “place to sit” is not hard wired with your extension. What I wrote is still valid and maybe even more-so if this is what hybrid means.
What I will acknowledge, though, is that maybe there are some specific jobs where the company wants you on a deskphone, instead of on your smartphone, or the UC app. Security issues, for instance might come into play. So yes, I can see this being a part of RFPs with a hybrid environment if the use demands a physical phone while at the office.
But if the UC client is used when working from home, what’s the difference if you are at home or in the office? Mobility is mobility. That’s all I’ll say.
The post Let’s Revisit Hot Desking appeared first on Sangoma Technologies.
WebRTC had its peaks during the pandemic, but how is it doing now? Did all those new projects die, putting the community back at pre-pandemic “normal” levels or is WebRTC still going strong? I built and analyzed a dataset from over a million GitHub’s events since 2019 to help answer are there many new WebRTC-related repos, how many new users is WebRTC attracting, is the community coding as much as it used to, how are new API's like Insertable Streams and WebCodecs doing?
The post Post-Peak WebRTC Developer Trends: An Open Source Analysis appeared first on webrtcHacks.
MARKHAM, Ontario, Oct. 03, 2022 (GLOBE NEWSWIRE) — Sangoma Technologies Corporation (TSX: STC; Nasdaq: SANG) (“Sangoma” or the “Company”), a trusted leader in delivering cloud-based Communications as a Service solutions for companies of all sizes, today announced several executive appointments to help position the company for ongoing growth.
Mr. Larry Stock, the Company’s former Chief Corporate Officer, has been appointed Chief Financial Officer effective October 3, 2022. He succeeds Mr. David Moore, who is transitioning into the role of EVP, Corporate Development, to lead Sangoma’s merger and acquisition efforts. And Mr. Jamie Minner has been named Sangoma’s new Chief Revenue Officer.
“I would like to congratulate Larry, David and Jamie on their new executive appointments,” said Bill Wignall, Sangoma’s President and Chief Executive Officer. “With David’s contributions to our growth over several years, his deep knowledge of Sangoma, and his M&A experience, we are counting on him to lead our acquisition efforts. Larry’s appointment as CFO is one of the many steps we are taking to deepen our executive team, in order to prepare for our continued growth as a dual-listed public company. And I am very confident that Jamie will really drive that growth, in his new role as Sangoma’s CRO.”
Larry Stock was the CFO of Star2Star when it was acquired by Sangoma in March 2021 and prior to that, had a 22-year career at Jabil (NYSE: JBL), a company with over $20 billion in revenue, where he held a number of executive finance and leadership roles including Chief Audit Executive, Divisional Chief Financial Officer, VP of Risk & Assurance, and Chief Risk Officer. David Moore has been with Sangoma for over a decade in his capacity as Sangoma’s CFO, contributing to the company’s exceptional progress. And Jamie Minner joined the Sangoma family through the NetFortris acquisition, prior to which he held executive sales and leadership roles in the cloud communications industry for over 20 years with such companies as TPx Communications, Momentum Telecom, Comcast, and Cbeyond.
About Sangoma Technologies Corporation
Sangoma Technologies is a trusted leader in delivering value-based Communications as a Service (CaaS) and Managed Service Provider (“MSP”) solutions for businesses of all sizes. Sangoma’s cloud-based communication services include Unified Communication (UCaaS) business communications, Contact Center as a Service (CCaaS), Video Meetings as a Service (MaaS), Collaboration as a Service (Collab aaS), Communications Platform as a Service (CPaaS), Trunking as a Service (TaaS), Fax as a Service (FaaS), Device as a Service (DaaS), and Access Control as a Service (ACaaS). In addition, Sangoma offers a full line of communications Products, including premise-based UC systems, a full line of desk phones and headsets, and a complete connectivity suite (gateways/SBCs/telephony cards). Sangoma’s products and services are used in leading UC, PBX, IVR, contact center, carrier networks, office productivity, and data communication applications worldwide. Sangoma is also the primary developer and sponsor of Asterisk and FreePBX, the world’s two most widely used open-source communication software projects.
Sangoma Technologies Corporation is publicly traded on the Toronto Stock Exchange (TSX: STC) and Nasdaq (Nasdaq: SANG). Additional information on Sangoma can be found at: www.sangoma.com.
CONTACT: Sangoma Technologies Corporation
Samantha Reburn
General Counsel
(905) 474-1990 ext. 4134
sreburn@sangoma.com
The post Sangoma Announces Several Executive Appointments Including Chief Financial Officer Transition appeared first on Sangoma Technologies.
After upgrading to Ubuntu Jammy and Asterisk 18.10, I saw the following messages in my logs:
WARNING[360166]: loader.c:2487 in load_modules: Module 'chan_sip' has been loaded but was deprecated in Asterisk version 17 and will be removed in Asterisk version 21.
WARNING[360174]: chan_sip.c:35468 in deprecation_notice: chan_sip has no official maintainer and is deprecated. Migration to
WARNING[360174]: chan_sip.c:35469 in deprecation_notice: chan_pjsip is recommended. See guides at the Asterisk Wiki:
WARNING[360174]: chan_sip.c:35470 in deprecation_notice: https://wiki.asterisk.org/wiki/display/AST/Migrating+from+chan_sip+to+res_pjsip
WARNING[360174]: chan_sip.c:35471 in deprecation_notice: https://wiki.asterisk.org/wiki/display/AST/Configuring+res_pjsip
and so I decided it was time to stop postponing the
overdue migration
of my working setup from
chan_sip
to
res_pjsip
.
It turns out that it was not as painful as I expected, though the conversion script bundled with Asterisk didn't work for me out of the box.
Before you start, one very important thing to note is that the SIP debug
information you used to see when running this in the asterisk console
(asterisk -r
):
sip set debug on
now lives behind this command:
pjsip set logger on
The first thing I migrated was the config for my two SIP phones (Snom 300 and Snom D715).
The original config for them in sip.conf
was:
[2000]
; Snom 300
type=friend
qualify=yes
secret=password123
encryption=no
context=full
host=dynamic
nat=no
directmedia=no
mailbox=10@internal
vmexten=707
dtmfmode=rfc2833
call-limit=2
disallow=all
allow=g722
allow=ulaw
[2001]
; Snom D715
type=friend
qualify=yes
secret=password456
encryption=no
context=full
host=dynamic
nat=no
directmedia=yes
mailbox=10@internal
vmexten=707
dtmfmode=rfc2833
call-limit=2
disallow=all
allow=g722
allow=ulaw
and that became the following in pjsip.conf
:
[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0
external_media_address = myasterisk.dyn.example.com
external_signaling_address = myasterisk.dyn.example.com
local_net = 192.168.0.0/255.255.0.0
[2000]
type = aor
max_contacts = 1
[2000]
type = auth
username = 2000
password = password123
[2000]
type = endpoint
context = full
dtmf_mode = rfc4733
disallow = all
allow = g722
allow = ulaw
direct_media = no
mailboxes = 10@internal
auth = 2000
outbound_auth = 2000
aors = 2000
[2001]
type = aor
max_contacts = 1
[2001]
type = auth
username = 2001
password = password456
[2001]
type = endpoint
context = full
dtmf_mode = rfc4733
disallow = all
allow = g722
allow = ulaw
direct_media = yes
mailboxes = 10@internal
auth = 2001
outbound_auth = 2001
aors = 2001
The different direct_media
line between the two phones has to do with how
they each connect to my Asterisk
server
and whether or not they have access to the Internet.
For some reason, my internal calls (from one SIP phone to the other) didn't
work when using "aliases". I fixed it by changing this blurb in
extensions.conf
from:
[speeddial]
exten => 1000,1,Dial(SIP/2000,20)
exten => 1001,1,Dial(SIP/2001,20)
to:
[speeddial]
exten => 1000,1,Dial(${PJSIP_DIAL_CONTACTS(2000)},20)
exten => 1001,1,Dial(${PJSIP_DIAL_CONTACTS(2001)},20)
I have not yet dug into what this changes or why it's necessary and so feel free to leave a comment if you know more here.
Once I had the internal phones working, I moved to making and receiving phone calls over the PSTN, for which I use VoIP.ms with encryption.
I had to change the following in my sip.conf
:
[general]
register => tls://555123_myasterisk:password789@vancouver2.voip.ms
externhost=myasterisk.dyn.example.com
localnet=192.168.0.0/255.255.0.0
tcpenable=yes
tlsenable=yes
tlscertfile=/etc/asterisk/asterisk.cert
tlsprivatekey=/etc/asterisk/asterisk.key
tlscapath=/etc/ssl/certs/
[voipms]
type=peer
host=vancouver2.voip.ms
secret=password789
defaultuser=555123_myasterisk
context=from-voipms
disallow=all
allow=ulaw
allow=g729
insecure=port,invite
canreinvite=no
trustrpid=yes
sendrpid=yes
transport=tls
encryption=yes
to the following in pjsip.conf
:
[transport-tls]
type = transport
protocol = tls
bind = 0.0.0.0
external_media_address = myasterisk.dyn.example.com
external_signaling_address = myasterisk.dyn.example.com
local_net = 192.168.0.0/255.255.0.0
cert_file = /etc/asterisk/asterisk.cert
priv_key_file = /etc/asterisk/asterisk.key
ca_list_path = /etc/ssl/certs/
method = tlsv1_2
[voipms]
type = registration
transport = transport-tls
outbound_auth = voipms
client_uri = sip:555123_myasterisk@vancouver2.voip.ms
server_uri = sip:vancouver2.voip.ms
[voipms]
type = auth
password = password789
username = 555123_myasterisk
[voipms]
type = aor
contact = sip:555123_myasterisk@vancouver2.voip.ms
[voipms]
type = identify
endpoint = voipms
match = vancouver2.voip.ms
[voipms]
type = endpoint
context = from-voipms
disallow = all
allow = ulaw
allow = g729
from_user = 555123_myasterisk
trust_id_inbound = yes
media_encryption = sdes
auth = voipms
outbound_auth = voipms
aors = voipms
rtp_symmetric = yes
rewrite_contact = yes
send_rpid = yes
timers = no
The TLS method
line is needed since the default in Debian OpenSSL is too
strict. The timers
line is to prevent outbound calls from getting dropped after 15 minutes.
Finally, I changed the Dial()
lines in these extensions.conf
blurbs from:
[from-voipms]
exten => 5551231000,1,Goto(2000,1)
exten => 2000,1,Dial(SIP/2000&SIP/2001,20)
exten => 2000,n,Goto(in2000-${DIALSTATUS},1)
exten => 2000,n,Hangup
exten => in2000-BUSY,1,VoiceMail(10@internal,su)
exten => in2000-BUSY,n,Hangup
exten => in2000-CONGESTION,1,VoiceMail(10@internal,su)
exten => in2000-CONGESTION,n,Hangup
exten => in2000-CHANUNAVAIL,1,VoiceMail(10@internal,su)
exten => in2000-CHANUNAVAIL,n,Hangup
exten => in2000-NOANSWER,1,VoiceMail(10@internal,su)
exten => in2000-NOANSWER,n,Hangup
exten => _in2000-.,1,Hangup(16)
[pstn-voipms]
exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _1NXXNXXXXXX,n,Dial(SIP/voipms/${EXTEN})
exten => _1NXXNXXXXXX,n,Hangup()
exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _NXXNXXXXXX,n,Dial(SIP/voipms/1${EXTEN})
exten => _NXXNXXXXXX,n,Hangup()
exten => _011X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _011X.,n,Authenticate(1234)
exten => _011X.,n,Dial(SIP/voipms/${EXTEN})
exten => _011X.,n,Hangup()
exten => _00X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _00X.,n,Authenticate(1234)
exten => _00X.,n,Dial(SIP/voipms/${EXTEN})
exten => _00X.,n,Hangup()
to:
[from-voipms]
exten => 5551231000,1,Goto(2000,1)
exten => 2000,1,Dial(PJSIP/2000&PJSIP/2001,20)
exten => 2000,n,Goto(in2000-${DIALSTATUS},1)
exten => 2000,n,Hangup
exten => in2000-BUSY,1,VoiceMail(10@internal,su)
exten => in2000-BUSY,n,Hangup
exten => in2000-CONGESTION,1,VoiceMail(10@internal,su)
exten => in2000-CONGESTION,n,Hangup
exten => in2000-CHANUNAVAIL,1,VoiceMail(10@internal,su)
exten => in2000-CHANUNAVAIL,n,Hangup
exten => in2000-NOANSWER,1,VoiceMail(10@internal,su)
exten => in2000-NOANSWER,n,Hangup
exten => _in2000-.,1,Hangup(16)
[pstn-voipms]
exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _1NXXNXXXXXX,n,Dial(PJSIP/${EXTEN}@voipms)
exten => _1NXXNXXXXXX,n,Hangup()
exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _NXXNXXXXXX,n,Dial(PJSIP/1${EXTEN}@voipms)
exten => _NXXNXXXXXX,n,Hangup()
exten => _011X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _011X.,n,Authenticate(1234)
exten => _011X.,n,Dial(PJSIP/${EXTEN}@voipms)
exten => _011X.,n,Hangup()
exten => _00X.,1,Set(CALLERID(all)=Francois Marier <5551231000>)
exten => _00X.,n,Authenticate(1234)
exten => _00X.,n,Dial(PJSIP/${EXTEN}@voipms)
exten => _00X.,n,Hangup()
Note that it's not just replacing SIP/
with PJSIP/
, but it was also
necessary to use a format supported by
pjsip
for the channel since SIP/trunkname/extension
isn't supported by pjsip.
JMP offers VoIP calling via XMPP, but it's also possibly to use the VoIP using SIP.
The underlying VoIP calling functionality in JMP is provided by Bandwidth, but their old Asterisk instructions didn't quite work for me. Here's how I set it up in my Asterisk server.
After signing up for JMP and setting it up in your favourite XMPP client,
send the following message to the cheogram.com
gateway contact:
reset sip account
In response, you will receive a message containing:
First of all, I added the following to my /etc/asterisk/pjsip.conf
:
[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0
external_media_address = myasterisk.dyn.example.com
external_signaling_address = myasterisk.dyn.example.com
local_net = 192.168.0.0/255.255.0.0
[jmp]
type = registration
contact_user = 5554561000
transport = transport-udp
outbound_auth = jmp
client_uri = sip:5554561000@jmp.cbcbc7.auth.bandwidth.com:5008
server_uri = sip:jmp.cbcbc7.auth.bandwidth.com:5008
[jmp]
type = auth
password = three secret words
username = 5554561000
[jmp]
type = aor
contact = sip:5554561000@jmp.cbcbc7.auth.bandwidth.com:5008
[jmp]
type = identify
endpoint = jmp
match = jmp.cbcbc7.auth.bandwidth.com
[jmp]
type = endpoint
context = from-jmp
dtmf_mode = rfc4733
disallow = all
allow = ulaw
allow = g729
auth = jmp
outbound_auth = jmp
aors = jmp
rtp_symmetric = yes
rewrite_contact = yes
send_rpid = yes
timers = no
and for reference, here's the blurb for my Snom 300 SIP phone:
[2000]
type = aor
max_contacts = 1
[2000]
type = auth
username = 2000
password = password123
[2000]
type = endpoint
context = full
dtmf_mode = rfc4733
disallow = all
allow = g722
allow = ulaw
mailboxes = 10@internal
auth = 2000
outbound_auth = 2000
aors = 2000
I checked that the registration was successful by running asterisk -r
and
then typing:
pjsip set logger on
before reloading the configuration using:
reload
Once I got registration to work, I hooked this up with my other extensions so that I could send and receive calls using my JMP number.
In /etc/asterisk/extensions.conf
, I added the following:
[from-jmp]
include => home
exten => s,1,Goto(2000,1)
where home
is the context which includes my local SIP devices and 2000
is the extension I want to ring.
Then I added the following to enable calls to any destination within the North American Numbering Plan:
[pstn-jmp]
exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <username>)
exten => _1NXXNXXXXXX,n,Dial(PJSIP/${EXTEN}@jmp)
exten => _1NXXNXXXXXX,n,Hangup()
exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <username>)
exten => _NXXNXXXXXX,n,Dial(PJSIP/1${EXTEN}@jmp)
exten => _NXXNXXXXXX,n,Hangup()
Here username
is my bwsip numerical username. When calls are placed, this gets
automatically swapped in by my real JMP phone number, but Bandwidth appears to
require its users to use their username in there caller ID string.
For reference, here's the rest of my dialplan in /etc/asterisk/extensions.conf
:
[general]
static=yes
writeprotect=no
clearglobalvars=no
[public]
exten => _X.,1,Hangup(3)
[sipdefault]
exten => _X.,1,Hangup(3)
[default]
exten => _X.,1,Hangup(3)
[internal]
include => home
[full]
include => internal
include => pstn-jmp
exten => 707,1,VoiceMailMain(10@internal)
[home]
exten => 2000,1,Dial(PJSIP/2000,20)
exten => 2000,n,Goto(in2000-${DIALSTATUS},1)
exten => 2000,n,Hangup
exten => in2000-BUSY,1,VoiceMail(10@internal,su)
exten => in2000-BUSY,n,Hangup
exten => in2000-CONGESTION,1,VoiceMail(10@internal,su)
exten => in2000-CONGESTION,n,Hangup
exten => in2000-CHANUNAVAIL,1,VoiceMail(10@internal,su)
exten => in2000-CHANUNAVAIL,n,Hangup
exten => in2000-NOANSWER,1,VoiceMail(10@internal,su)
exten => in2000-NOANSWER,n,Hangup
exten => _in2000-.,1,Hangup(16)
Finally, I opened a few ports in my firewall by putting the following in
/etc/network/iptables.up.rules
:
# SIP and RTP on UDP (jmp.cbcbc7.auth.bandwidth.com)
-A INPUT -s 67.231.2.13/32 -p udp --dport 5008 -j ACCEPT
-A INPUT -s 216.82.238.135/32 -p udp --dport 5008 -j ACCEPT
-A INPUT -s 67.231.2.13/32 -p udp --sport 5004:5005 --dport 10001:20000 -j ACCEPT
-A INPUT -s 216.82.238.135/32 -p udp --sport 5004:5005 --dport 10001:20000 -j ACCEPT
Wow, we just shipped our one millionth phone! Over 10 years ago, Sangoma (and Digium) decided that having a seamless end-to-end Unified Communication system was important. And at that time, end to end system meant just the phone and the UC systems. So, we decided to release our own phones.
These days, a UC system includes Sangoma’s UCaaS service (or on-premises version), the desk phone, mobile and desktop client software, Sangoma’s collaboration-as-a-service client (TeamHub), and Sangoma’s video meetings service (Sangoma Meet).
The UC industry has come quite a long way in 10 years, but the phone is still part of the system, especially for brick-and-mortar businesses. And we are proud to serve all of these customers.
As I said in the press release about this news, “Many of our customers use both desk phones as well as our mobile and desktop clients to communicate. And since we manufacture our own desk phones and develop our own cloud communications software, we are able to provide deep integration between our phones and our cloud communications services, in a way that other phone manufacturers or UCaaS companies simply cannot do. This kind of integration has contributed to the successful growth of this important product line at Sangoma, differentiating us from our competitors and leading to this one-million-unit milestone.“
So, thank you to all the users of these phones, the distributors who fulfilled these phones, and the resellers who put our solutions into the end-user businesses. Let’s count the next million.
The post Sangoma Announces Shipment of Its One Millionth Desk Phone appeared first on Sangoma Technologies.
In order to fix the following error after setting up SIP TLS in Asterisk 16.2:
asterisk[8691]: ERROR[8691]: tcptls.c:966 in __ssl_setup: TLS/SSL error loading cert file. <asterisk.pem>
I created a Let's Encrypt certificate using certbot:
apt install certbot
certbot certonly --standalone -d hostname.example.com
To enable the asterisk
user to load the certificate successfuly (it
doesn't have permission to access the certificates under /etc/letsencrypt/
),
I copied it to the right directory:
cp /etc/letsencrypt/live/hostname.example.com/privkey.pem /etc/asterisk/asterisk.key
cp /etc/letsencrypt/live/hostname.example.com/fullchain.pem /etc/asterisk/asterisk.cert
chown asterisk:asterisk /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
chmod go-rwx /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
Then I set the following variables in /etc/asterisk/sip.conf
:
tlscertfile=/etc/asterisk/asterisk.cert
tlsprivatekey=/etc/asterisk/asterisk.key
The machine on which I run asterisk has a tricky Apache setup:
This meant that the certbot domain ownership checks would get blocked by the firewall, and I couldn't open that port without exposing the private webserver to the Internet.
So I ended up disabling the built-in certbot renewal mechanism:
systemctl disable certbot.timer certbot.service
systemctl stop certbot.timer certbot.service
and then writing my own script in /etc/cron.daily/certbot-francois
:
#!/bin/bash
TEMPFILE=`mktemp`
# Stop Apache and backup firewall.
/bin/systemctl stop apache2.service
/usr/sbin/iptables-save > $TEMPFILE
# Open up port 80 to the whole world.
/usr/sbin/iptables -D INPUT -j LOGDROP
/usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/usr/sbin/iptables -A INPUT -j LOGDROP
# Renew all certs.
/usr/bin/certbot renew --quiet
# Restore firewall and restart Apache.
/usr/sbin/iptables -D INPUT -p tcp --dport 80 -j ACCEPT
/usr/sbin/iptables-restore < $TEMPFILE
/bin/systemctl start apache2.service
# Copy certificate into asterisk.
cp /etc/letsencrypt/live/hostname.example.com/privkey.pem /etc/asterisk/asterisk.key
cp /etc/letsencrypt/live/hostname.example.com/fullchain.pem /etc/asterisk/asterisk.cert
chown asterisk:asterisk /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
chmod go-rwx /etc/asterisk/asterisk.cert /etc/asterisk/asterisk.key
# Commit changes to etckeeper and restart asterisk.
pushd /etc/ > /dev/null
/usr/bin/git add letsencrypt asterisk
DIFFSTAT="$(/usr/bin/git diff --cached --stat)"
if [ -n "$DIFFSTAT" ] ; then
/usr/bin/git commit --quiet -m "Renewed letsencrypt certs." letsencrypt asterisk
echo "$DIFFSTAT"
/bin/systemctl restart asterisk.service
fi
popd > /dev/null
Here is the setup I put together to have two SIP phones connect together over an encrypted channel. Since the two phones do not support encryption, I used Asterisk to provide the encrypted channel over the Internet.
First of all, each VoIP phone is in a different physical location and so I installed an Asterisk server in each house.
One of the server is a Debian stretch machine and the other runs Ubuntu
bionic 18.04. Regardless, I used a fairly standard configuration and simply
installed the asterisk
package on both machines:
apt install asterisk
The two phones, both Snom 300,
connect to their local asterisk server on its local IP address and use the
same details as I have put in /etc/asterisk/sip.conf
:
[1000]
type=friend
qualify=yes
secret=password1
encryption=no
context=internal
host=dynamic
nat=no
canreinvite=yes
mailbox=1000@internal
vmexten=707
dtmfmode=rfc2833
call-limit=2
disallow=all
allow=g722
allow=ulaw
The extension number above (1000
) maps to the following configuration
blurb in /etc/asterisk/extensions.conf
:
[home]
exten => 1000,1,Dial(SIP/1000,20)
exten => 1000,n,Goto(in1000-${DIALSTATUS},1)
exten => 1000,n,Hangup
exten => in1000-BUSY,1,VoiceMail(1000@mailboxes,su)
exten => in1000-BUSY,n,Hangup
exten => in1000-CONGESTION,1,VoiceMail(1000@mailboxes,su)
exten => in1000-CONGESTION,n,Hangup
exten => in1000-CHANUNAVAIL,1,VoiceMail(1000@mailboxes,su)
exten => in1000-CHANUNAVAIL,n,Hangup
exten => in1000-NOANSWER,1,VoiceMail(1000@mailboxes,su)
exten => in1000-NOANSWER,n,Hangup
exten => _in1000-.,1,Hangup(16)
the internal
context
maps to the following blurb in /etc/asterisk/extensions.conf
:
[internal]
include => home
include => iax2users
exten => 707,1,VoiceMailMain(1000@mailboxes)
and 1000@mailboxes
maps to the following entry in
/etc/asterisk/voicemail.conf
:
[mailboxes]
1000 => 1234,home,person@email.com
(with 1234
being the voicemail PIN).
In order to create a virtual link between the two servers using the
IAX protocol, I
created user credentials on each server in /etc/asterisk/iax.conf
:
[iaxuser]
type=user
auth=md5
secret=password2
context=iax2users
allow=g722
allow=speex
encryption=aes128
trunk=no
then I created an entry for the other server in the same file:
[server2]
type=peer
host=server2.dyn.fmarier.org
auth=md5
secret=password2
username=iaxuser
allow=g722
allow=speex
encryption=yes
forceencrypt=yes
trunk=no
qualify=yes
The second machine contains the same configuration with the exception of the
server name (server1
instead of server2
) and hostname
(server1.dyn.fmarier.org
instead of server2.dyn.fmarier.org
).
Finally, to allow each phone to ring one another by dialing 2000
, I put
the following in /etc/asterisk/extensions.conf
:
[iax2users]
include => home
exten => 2000,1,Set(CALLERID(all)=Francois Marier <2000>)
exten => 2000,2,Dial(IAX2/server1/1000)
and of course a similar blurb on the other machine:
[iax2users]
include => home
exten => 2000,1,Set(CALLERID(all)=Other Person <2000>)
exten => 2000,2,Dial(IAX2/server2/1000)
Since we are using the IAX protocol instead of SIP, there is only one port
to open in /etc/network/iptables.up.rules
for the remote server:
# IAX2 protocol
-A INPUT -s x.x.x.x/y -p udp --dport 4569 -j ACCEPT
where x.x.x.x/y
is the IP range allocated to the ISP that the other
machine is behind.
If you want to restrict traffic on the local network as well, then these ports need to be open for the SIP phone to be able to connect to its local server:
# VoIP phones (internal)
-A INPUT -s 192.168.1.3/32 -p udp --dport 5060 -j ACCEPT
-A INPUT -s 192.168.1.3/32 -p udp --dport 10000:20000 -j ACCEPT
where 192.168.1.3
is the static IP address allocated to the SIP phone.
On my Asterisk server, I happen to have two on-board ethernet boards. Since I only used one of these, I decided to move my VoIP phone from the local network switch to being connected directly to the Asterisk server.
The main advantage is that this phone, running proprietary software of unknown quality, is no longer available on my general home network. Most importantly though, it no longer has access to the Internet, without my having to firewall it manually.
Here's how I configured everything.
On the server, I started by giving the second network interface a static IP
address in /etc/network/interfaces
:
auto eth1
iface eth1 inet static
address 192.168.2.2
netmask 255.255.255.0
On the VoIP phone itself, I set the static IP address to 192.168.2.3
and
the DNS server to 192.168.2.2
. I then updated the SIP registrar IP address
to 192.168.2.2
.
The DNS server actually refers to an unbound daemon running on the Asterisk server. The only configuration change I had to make was to listen on the second interface and allow the VoIP phone in:
server:
interface: 127.0.0.1
interface: 192.168.2.2
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.1/32 allow
access-control: 192.168.2.3/32 allow
Finally, I opened the right ports on the server's firewall in
/etc/network/iptables.up.rules
:
-A INPUT -s 192.168.2.3/32 -p udp --dport 5060 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p tcp --dport 5060 -j ACCEPT
-A INPUT -s 192.168.2.3/32 -p udp --dport 10000:20000 -j ACCEPT
In order for the phone to update its clock automatically using NTP, I installed chrony on the Asterisk server:
apt install chrony
then I configured it to listen on the private network interface and allow access from the VoIP phone by adding the following to /etc/chrony/conf.d/asterisk-local.conf
:
bindaddress 192.168.2.2
allow 192.168.2.3
Finally, I opened the right firewall port by adding a new rule to /etc/network/iptables.up.rules
:
-A INPUT -s 192.168.2.3 -p udp --dport 123 -j ACCEPT
Now that the VoIP phone is no longer available on the local network, it's not possible to access its admin page. That's a good thing from a security point of view, but it's somewhat inconvenient.
Therefore I put the following in my ~/.ssh/config
to make the admin page
available on http://localhost:8081
after I connect to the Asterisk server
via ssh:
Host asterisk
LocalForward localhost:8081 192.168.2.3:80
Because this local device is not connected to the local network
(192.168.1.0/24
), it's unable to negotiate a direct media connection to
any other local (i.e. one connected to the same Asterisk server) SIP device.
What this means is that while calls might get connected successfully, by
default, there will not be any audio in a call.
In order for the two local SIP devices to be able to hear one another, we
must enforce that all media be routed via Asterisk instead of going directly
from one device to the other. This can be done using the directmedia
directive (formerly
canreinvite
) in
sip.conf
:
[1234]
directmedia=no
where 1234
is the extension of the phone.