a way to share and reference emails, rants, thoughts and musing to help our customers. These are official ring-u wiki pages, but actual full customer names, IP addresses, etc may be edited.

Polycom Dial Map Woes

Many Polycom phones can not dial internal 3 digit numbers that start with 10 or 11 due their Dial Map. It's the rules that say what you can and can not dial. You can change this via the Web Interface under Settings→SIP. It should look like the image on the right.

Original default test:

  [2-9]11|0T|011xxx.T|[0-1][2-9]xxxxxxxxx|[2-9]xxxxxxxxx|[2-9]xxxT|**x.T|+x.T

New version, 1 character different:

  [2-9]11|0T|011xxx.T|[0-1][2-9]xxxxxxxxx|[2-9]xxxxxxxxx|[0-9]xxxT|**x.T|+x.T
2019/10/15 14:26 · admin

DHCP Required

By design, the Hello Hub needs a DHCP server to tell it how to live within your network and firewall. There is not way to effectively assign it a static address. Luckily, in 2019 this is how everything is done. Well. Most things anyway.

Below is a slightly edited version of one of those times.

The Letter

Chad,

The ring-u Hello Hub requires DHCP to properly live on your network. It has a backup static address of 192.168.99.9, without a router, DNS and a gateway out, it's only used for emergencies, and in the almost 3 years of ring-u, that's only been a couple of times. In other words, it can't be used for the phone system. 

Every other customer has had a DHCP server that assigns addresses to various devices. Modern DHCP servers are an excellent way to reserve an address for consistent addressing (and we recommend it at Reliability and Stability). As the Hello Hub is, like many devices, a Linux based system, technically there are ways to assign an address by editing a text file on the system, the next system update would overwrite those configs. Essentially: the configs for the many outweigh the configs of the few.  Other “smart” devices like Chromecasts, Alexa's, Doorbells, Thermostats etc.. expect a DHCP server as well. Sometimes there are ways to circumvent that, but the added threat/attack surface of such an interface is a problem for us.   I'm an old network guy, I like on-device manual IP addressing for some things, but I'm afraid this is not going to be one of those cases. You will need a DHCP server, with at least one available address for the Hello Hub.  If you'd like to yell at me personally for that, I'm that guy and I'm available. Extension 122 or my mobile: 423-xxx-xxxx

2019/10/14 16:32 · admin

Port Forwarding Geek Out

This is the version of an email sent out about once a week it seems. It was the reason I started the Blog portion of the wiki. It's less formal but a much more conversational mode of information exchange. I hope it helps answer some questions.

The email

Eric, Brad,

I'm the “chief geek” at ring-u, figured I'd jump in directly and help. I'm apologizing in advance for the “geek-out”…

Just to make sure this is needed: External Port Forwarding is only needed if you are trying to use external phones (phones outside of your internal network).

For our typical customers, a simple port forward is “reaching for the stars” and solves their needs with a minimal security risk. The Hello Hub itself has a good adaptive firewall that blocks IP's on failed login and communications attempts. If you are curious, a list of these is maintained and updated in real time: https://portal.ring-u.com/portal/dashboard/noc - You may notice most of this is ipV4 addresses, we do see scans from and block IPv6, but they rarely make the hit list you'll see there.

It's possible to limit the external IP for ports 5060 and 5061, but you may have to change those if the upstream VoIP servers change (happens rarely but possible). Ports 10,000-20,000 source addresses change for almost every call. You (and us) would have to maintain a “whitelist” of every VoIP/Telecom provider endpoint. It's a big list.

When using external phones (a mobile phone with an “App” on it or a physical phone) they may connect from just about anywhere on the planet. We have customers using remote phones on other continents. Even locally, this is a wide range of addresses.

Lets go to serious paranoid geek mode:

Option #1: VPN

Use a VPN. OpenVPN specifically (I use it a lot) works very well. The office Hello Hub will not need ports forwarded to it. The fun part is: Now you have a VPN to manage, all endpoints will need a VPN client, and you need a VPN Server, probably a part of your firewall. That's a decent amount of work, unless you need it for other things as well. This solution also works well for remote offices with multiple phones.

Option #2: Hybrid

We setup a hybrid cloud system. the Hello Hub on-site manages the local phones, and the main PBX is hosted. We charge $25 per month for that hosted PBX, but we don't charge per phone connected to it. All phones, even the external ones, use the hosted PBX for VoIP traffic, no port forwarding is required. Caveat: like all hosted system each phone is constantly communicating to the cloud system and there may be noticeable (but extremely minor) differences.

Option #3: 2nd Net

Consider the phone network “untrusted” (not a bad idea anyway) and put it on it's own internal network. We have a lot of customers that do this using the “Opt” or “DMZ” or other assignable ports on their firewall/gateway.

Option #4: Why?

Re-assess the need for full on VoIP external phones instead of just call forwards to cell phones.

References:

2019/09/25 14:05 · admin