Tech Blog

FreePBX and Trunk Settings for Germany / Deutschland and some VoIP-Provider

FreePBX 2.11.0.43 - Asterisk 11.21.0 - initially installed from Elastix Image and updated with yum updaTE

Easybell Business Basic:

Easybell wants all Numbers in the format 004928319779560
To get outgoing Number signaling working, you need to change settings In their Interface:
Eigene easybell-Rufnummer anzeigen: Art der Rufnummernübertragung (CLIP No Screening): 

Outbound Trunk -> Peer Detail:

username=USERNAME
type=peer
secret=PASSWORD
registertimeout=300
qualify=yes
nat=yes
insecure=port,invite
host=sip.easybell.de
fromdomain=sip.easybell.de
disallow=all
canreinvite=no
caninvite=no
authuser=USERNAME
allow=ulaw&alaw
#fromuser=USERNAME if set, this number will be signaled !

USER Context: USERNAME
Outbound Trunk -> USER Details:

type=user
secret=PASSWORD
registertimeout=300
qualify=yes
fromuser=USERNAME
fromdomain=sip.easybell.de
authuser=USERNAME

Register String: 
USERNAME:Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!:5064/USERNAME


Sipgate.de - Sipgate Trunk 2

Sipgate needs Numbers in this Format: 028319779560
maybe they also accept 004928319779560 (not tested)

Outbound Trunk -> PEER Details:

username=USERNAME
type=friend
secret=PASSWORD
registertimeout=300
qualify=yes
outboundproxy=sipconnect.sipgate.de
nat=force_rport,comedia
insecure=port,invite
host=sipconnect.sipgate.de
fromuser=USERNAME
fromdomain=sipconnect.sipgate.de
dtmfmode=rfc2833
canreinvite=no

USER Context: USERNAME

Outbound Trunk -> USER Details:

type=user
secret=PASSWORD
host=sipconnect.sipgate.de
fromdomain=sipconnect.sipgate.de

Register String: 
USERNAME:Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!/USERNAME


QSC IPfonie-SIP-Trunk

QSC needs all numbers in the format: +4928319779560

Outbound Trunk -> PEER Details:

username=NUMMER
type=friend
secret=PASSWORD
qualify=yes
pedantic=yes
insecure=port,invite
host=sipconnect.qsc.de
fromdomain=sipconnect.qsc.de
dtmfmode=rfc2833
disallow=all
allow=alaw&ulaw
canreinvite=no

USER Context: USERNAME

Outbound Trunk -> USER Details:

type=user
secret=PASSWORD
host=sipconnect.qsc.de
fromuser=NUMMER
fromdomain=NUMMER

Register String: 
USERNAME:Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!/USERNAME


Easybell, Sipgate, QSC Trunk Configuration for FreePBX - Outgoing Number Signaling, CLIP NO SCREENING

AppRoad-Warriers of one of my customers who use Phones and Tabletts to access an SSL-secured Web-Shop built with Magento complained about diverse SSL-Errors.
So I went into investigation and decide to set up the SSL Cipher Suites, PFS Security and TLS from scratch...

To check my efforts and for quality assurance, I used SSL Checker from SSLLabs and checked against Mozilla Config Generatot

Common Problems found and fixed:

  • Upgrade Apache2 and Openssl on the webserver.
    • Root-CA and Intermediate Cert missingDownload your intermediate Certificates and Root-cert from your Trustcenter and install it:
SSLEngine On
SSLCertificateFile /etc/apache2/apache2.pem
SSLCACertificateFile /etc/apache2/root.ca
SSLCertificateKeyFile /etc/apache2/apache2.key
SSLCertificateChainFile /etc/apache2/intermediate.cert
  • Weak Diffie-Hellman Key for TLS regenerate new DH-Keys with and append the generated Text to your certificate 
    openssl dhparam -out /etc/ssl/dhparams.pem 2048

    append it to your Cert:

    cat /etc/ssl/dhparams.pem >> apache2.pem
    • and - of course - check and reload apache config:
    apache2ctl configtest ; apache2ctl graceful

     

    After applying all of these Steps, my customers Site reached Grade A on Qualis SSL Checker. The config snippet of the host config:

    SSLEngine On
    SSLCertificateFile /etc/apache2/apache2.pem
    SSLCACertificateFile /etc/apache2/root.ca
    SSLCertificateKeyFile /etc/apache2/apache2.key
    SSLCertificateChainFile /etc/apache2/intermediate.cert
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    # Only for Apache2 newer than 2.4.7
    # SSLOpenSSLConfCmd DHParameters "/etc/ssl/dhparams.pem"
    SSLHonorCipherOrder     on

     

Cookies erleichtern die Bereitstellung unserer Dienste. Mit der Nutzung unserer Dienste erklären Sie sich damit einverstanden, dass wir Cookies verwenden.