Patrick’s Blog(2)

This week I updated the FreeSWITCH test box and decided to hook up a Cisco 7961G phone. To my surprise the 7961G would not register to the FreeSWITCH box. Further investigation showed that the 7961G with firmware 8.3.5 sends the following register to the FreeSWITCH box:

REGISTER sip:10.9.123.36 SIP/2.0
Via: SIP/2.0/UDP 10.4.11.25:5060;branch=z9hG4bK8b5670ec
From: <sip:1000@10.9.123.36>;tag=0016467650c80002ed42b648-ff2b3abc
To: <sip:1000@10.9.123.36>
Call-ID: 00164676-50c80002-86027558-17f7cc0c@10.4.11.25
Max-Forwards: 70
Date: Tue, 15 Apr 2008 21:21:55 GMT
CSeq: 101 REGISTER
User-Agent: Cisco-CP7961G/8.3.0
Contact: <sip:1000@10.4.11.25:5060;transport=udp>;+sip.instance<urn:uuid:00000000-0000-0000-0000-0016467650c8>”;+u.sip!model.ccm.cisco.com=”30018″
Supported: (null),X-cisco-xsi-6.0.2
Content-Length: 0
Expires: 3600

What’s totally wrong with this register is the following line:

Supported: (null),X-cisco-xsi-6.0.2

The “(” and “)” are not allowed there and break the register method. So Cisco’s 8.3.5 SIP firmware is non-RFC compliant.

A correct Supported line looks something like this:

Supported: 100rel, timer, precondition, path

The 7961G register is not even close. I could not believe that Cisco would release firmware with such a bad bug in it so I started to search for anything wrong in the 7961G config files. I couldn’t find anything. Then I decided to downgrade the 7961G to firmware release 8.3.3. Same problem. Finally I decided to downgrade the 7961G even further to firmware release  8.2.1. And guess what. The 7961G sends a correct register request and subsequently registers fine with the FreeSWITCH box.

So what’s going on here? How could Cisco’s quality control miss this one? Or couldn’t they care less about SIP because they use SCCP with their Callmanager product? I don’t know but it sure seems like a good idea to steer clear from Cisco phones when using them with a non-Cisco VoIP PBX. Seems the general opinion in the Open Source VoIP community that you better buy Polycom, Aastra or Snom holds in this case.

New Scientist has an interesting article about the vulnerability of encrypted VoIP packets: “Security researchers at Johns Hopkins report that a variable bit-rate compression scheme being rolled out on VoIP systems leaves encrypted calls vulnerable to bugging. Simpler syllables are squeezed into smaller data packets, with more complex ones taking up more space; the researchers built software that uses this to spot phrases of interest in encrypted calls simply by measuring packet size.”. Time to disable those VBR codecs when making TLS/SRTP calls.

FreeSWITCH 1.0.0 “Phoenix” has been released. Congratulations to Anthony, Mike, Brian and everybody who has contributed to make this happen! For quite some time I have witnessed FS in the making on irc and the mailinglist. The amount of effort that has gone into creating FS is quite astonishing. It’s all too easy to take great Open Source projects like FreeSWITCH for granted but let’s not forget about the time and money the team has sunk into this project. It would be great if the Community starts helping out (more) with documenting things on the Wiki, bugfixes, testing etc. I look forward to give FreeSWITCH another whirl and see what has changed since last time I messed with it.

A while back the excellent Dutch ISP Xs4all introduced a VoIP service for its subscribers. Here is the configuration to make Asterisk 1.2 work with Xs4all. But before we go into the config one remark. There is a problem with Asterisk and how the Cirpack switch that Xs4all uses sends DTMF tones. You have to patch the file rtp.c of the Asterisk source and rebuild Asterisk. If you use Fedora, RHEL or CentOS then you can use these (S)RPMs that already have this problem solved.

Search in rtp.c for the following lines:

[34] = {1, AST_FORMAT_H263},
[103] = {1, AST_FORMAT_H263_PLUS},
[97] = {1, AST_FORMAT_ILBC},
[101] = {0, AST_RTP_DTMF},
[110] = {1, AST_FORMAT_SPEEX},

and add this line:
[96] = {0, AST_RTP_DTMF},

Now let’s get on with the configuration.

In sip.conf add the following lines. Obviously you need to replace 08787xxxxx with your number and replace ******** with your password.

register => 08787xxxxx:********@sip.xs4all.nl/08787xxxxx

[xs4all-in]
type=friend
username=08787xxxxx
fromuser=08787xxxxx
fromdomain=sip.xs4all.nl
secret=********
host=sip.xs4all.nl
insecure=invite
context=from-xs4all
canreinvite=no
dtmfmode=inband
disallow=all
allow=alaw


In extensions.conf add something like the following (adjust to your needs):

[from-xs4all]
exten => 08787xxxxx,1,Dial(SIP/100,30,t)
exten => 08787xxxxx,n,Hangup()

I did not need to use “nat=yes” although my Asterisk box is behind nat. It may depend on the modem. This setup works with a Thomson SpeedTouch 716.

Tony Mountifield recently found out that the inband detection of DTMF in Asterisk 1.2 was broken when the tones were not perfect. Check the bug report here. Because Asterisk 1.2 is in security maintenance mode only, Tony’s fix will not be committed to the Asterisk 1.2 code tree. Either get the patch from the bugreport or if you are on an RPM based system get the upcoming respin of the RPMs at http://www.laimbock.com/asterisk/.