Just received this from broadvoice, anyone know if this patch will
become part of the CVS tree?
------------------
THIS PATCH MUST BE APPLIED WITHIN 5 DAYS OF RECEIVING THIS E-MAIL OR YOU
WILL RISK THE POSSIBLE SUSPENSION OF YOUR BROADVOICE SERVICE. WE
APOLOGIZE FOR ANY INCONVENIENCE THIS MAY CAUSE BUT REQUIRE THIS PATCH IN
ORDER TO MAINTAIN UNINTERRUPTED OPERATION.
Dear Asterisk-Using BroadVoice Customer,
BroadVoice has been working very hard in recent months to become a
market leader in VoIP service.? As a part of that effort, we have made a
concerted effort to facilitate interoperability with as many different
SIP devices as possible -- including Asterisk.? While BroadVoice does
not directly support Asterisk and will not be able to field specific
question on your Asterisk set-up we are doing our best to assist.
Unfortunately, the SIP channel in Asterisk has a number of serious
issues which make it very difficult for BroadVoice to accommodate
Asterisk.? One of these issues, a bug with the Asterisk registration
system, is causing an unacceptable load our systems.
BroadVoice has hired Olle Johansson and Steve Sokol (the AstriCon team)
to work out a solution to the issue.? Attached is a patch that, when
applied, will reduce the undue strain on the BroadVoice systems by
properly handling registration for Asterisk servers located behind NAT
gateways.? We ask that you take a few minutes and patch your server
using the following instructions.
This patch applies both to the current CVS Head and the Stable 1.0
versions of Asterisk.? If you are running an older version of Asterisk,
please update your system to at least 1.0 prior to applying this patch
(or you can hack the patch into place in the old chan_sip.c if you feel
like it).
Note that this patch will be incorporated into the Asterisk CVS at the
earliest opportunity.? However, due to the serious nature of the issue
we ask that you patch your servers immediately.
-= Patch Instructions =-
1.? Copy the patch to /usr/src/asterisk/channels/ (or wherever you store
your Asterisk source image.
# cp /usr/bob/sip_patch.diff /usr/src/asterisk/channels/
2.? Apply the patch using the following command:
# cd /usr/src/asterisk/channels
# patch chan_sip.c sip_patch.diff
3.? Re-compile the SIP channel by executing 'make' in the /etc/asterisk
directory.
# cd /usr/src/asterisk
# make
4.? Install the newly compiled SIP channel with the 'make install'
command.
# make install
5.? Restart Asterisk to enable the patch as follows:
# asterisk -rx "restart when convenient"
This patch will update the Asterisk channel to cache and properly handle
registration messages.? Please review the code and, if you have any
suggestions, send comments to the author at oej@edvina.net
-= BroadVoice Configuration Notes =-
Because Asterisk does not have outbound proxy support, you need to make
a few other changes to make Asterisk work well with BroadVoice.
1.? Find the closest BroadVoice proxy using the 'ping' utility.
proxy.dca.broadvoice.com??????? 147.135.0.128
proxy.lax.broadvoice.com??????? 147.135.8.128
proxy.mia.broadvoice.com??????? 147.135.4.128
# ping proxy.lax.broadvoice.com
PING proxy.lax.broadvoice.com (147.135.8.128) 56(84) bytes of data.
64 bytes from proxy.lax.broadvoice.com (147.135.8.128): icmp_seq=1
ttl=47 time=41 ms
64 bytes from proxy.lax.broadvoice.com (147.135.8.128): icmp_seq=2
ttl=47 time=31 ms
64 bytes from proxy.lax.broadvoice.com (147.135.8.128): icmp_seq=3
ttl=47 time=58 ms
# ping proxy.dca.broadvoice.com
PING proxy.dca.broadvoice.com (147.135.0.128) 56(84) bytes of data.
64 bytes from proxy.dca.broadvoice.com (147.135.0.128): icmp_seq=1
ttl=47 time=141 ms
64 bytes from proxy.dca.broadvoice.com (147.135.0.128): icmp_seq=2
ttl=47 time=312 ms
64 bytes from proxy.dca.broadvoice.com (147.135.0.128): icmp_seq=3
ttl=47 time=258 ms
Which ever proxy is closer (has a shorter ping time) is the proxy you
want to use.
2.? Make the proxy your default by adding it to your /etc/hosts file.
cd /etc
vi hosts
If say dca is closest add a host entry that looks like:
147.135.0.128?????? sip.broadvoice.com
of course replace 0.128 with the ip of the "closer" proxy
3.? Configure Asterisk to connect to BroadVoice:
?From the sip.conf file:
register => 8165551212:MyPa55w07d@sip.broadvoice.com/8165551212
[broadvoice]
type=friend
username=8165551212
fromuser=8165551212
secret=MyPa55w07d
host=sip.broadvoice.com
port=5060
context=broadvoice
fromdomain=sip.broadvoice.com
canreinvite=no
dtmfmode=inband
insecure=very
permit=147.135.0.128/32????? ; or of closer proxy
qualify=yes
Note that having the IP address in the host file alters the way SIP
recognizes incoming calls from BroadVoice (before, Asterisk would not
tie incoming BroadVoice calls to the BroadVoice peer).? For this reason
you have to add the "insecure=very" to allow Asterisk to accept calls,
then add the permit=147.135.X.128/32 to limit calls to only the valid
proxy.
Calls from BroadVoice will end up in the 'broadvoice' context in
extensions.conf.? You will need to add an entry for your own phone
number in the context and direct that to whatever device you want:
[broadvoice]
exten => 8165551212,1,Dial(SIP/100|30)
exten => 8165551212,2,VoiceMail(u100@default)
exten => 8165551212,102,VoiceMail(b100@default)
Alternately you can leave the phone number off the end of the 'register'
statement in sip.conf and Asterisk will set it to 's' automatically.? In
that case you would want the following:
exten => s,1,Dial(SIP/100|30)
exten => s,2,VoiceMail(u100@default)
exten => s,102,VoiceMail(b100@default)
Send outbound PSTN calls to your BroadVoice account as follows:
[outgoing-context]
exten => _.,1,Dial(SIP/broadvoice/${EXTEN})
exten => _.,2,Congestion()
Thanks for helping to make Asterisk and BroadVoice work together, and
thank you for your business.
Sincerely,
The BroadVoice Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sip_patch.tar
Type: application/x-tar
Size: 20480 bytes
Desc: sip_patch.tar
Url :
http://lists.digium.com/pipermail/asterisk-users/attachments/20041110/dd579ce5/sip_patch.tar
I was just about to ask a similar question having just received the message. I'm more concerned about someone trying to spread a virus or something like that. You have to admit that the URGENT, INSTALL THIS message with an attachment pretty much screams virus, even if its not. I tried calling Broadvoice support but they want me to leave a message for them to call me later. Can anyone comment on the validity of this message? thanks, Ryan Wilkins On Nov 10, 2004, at 2:54 PM, brian@fcu.com wrote:> Just received this from broadvoice, anyone know if this patch will > become part of the CVS tree?
I've applied the patch (after scanning over the file). No issues with *. BV still works, too. -Tim -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Ryan Wilkins Sent: Wednesday, November 10, 2004 1:59 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Broadvoice asterisk patch I was just about to ask a similar question having just received the message. I'm more concerned about someone trying to spread a virus or something like that. You have to admit that the URGENT, INSTALL THIS message with an attachment pretty much screams virus, even if its not. I tried calling Broadvoice support but they want me to leave a message for them to call me later. Can anyone comment on the validity of this message? thanks, Ryan Wilkins On Nov 10, 2004, at 2:54 PM, brian@fcu.com wrote:> Just received this from broadvoice, anyone know if this patch will > become part of the CVS tree?_______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
They send patches out by email? Who thought of this brilliant idea? "Hmm,
let's teach our users not to be cautious."
/me wonders when someone on linux is gonna install a "patch" that
compromises their system cause some email said so....
-Michael
-----Original Message-----
From: asterisk-users-bounces@lists.digium.com
[mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of brian@fcu.com
Sent: Wednesday, November 10, 2004 1:54 PM
To: asterisk-users@lists.digium.com
Subject: [Asterisk-Users] Broadvoice asterisk patch
Just received this from broadvoice, anyone know if this patch will
become part of the CVS tree?
------------------
THIS PATCH MUST BE APPLIED WITHIN 5 DAYS OF RECEIVING THIS E-MAIL OR YOU
WILL RISK THE POSSIBLE SUSPENSION OF YOUR BROADVOICE SERVICE. WE
APOLOGIZE FOR ANY INCONVENIENCE THIS MAY CAUSE BUT REQUIRE THIS PATCH IN
ORDER TO MAINTAIN UNINTERRUPTED OPERATION.
Dear Asterisk-Using BroadVoice Customer,
BroadVoice has been working very hard in recent months to become a
market leader in VoIP service.? As a part of that effort, we have made a
concerted effort to facilitate interoperability with as many different
SIP devices as possible -- including Asterisk.? While BroadVoice does
not directly support Asterisk and will not be able to field specific
question on your Asterisk set-up we are doing our best to assist.
Unfortunately, the SIP channel in Asterisk has a number of serious
issues which make it very difficult for BroadVoice to accommodate
Asterisk.? One of these issues, a bug with the Asterisk registration
system, is causing an unacceptable load our systems.
BroadVoice has hired Olle Johansson and Steve Sokol (the AstriCon team)
to work out a solution to the issue.? Attached is a patch that, when
applied, will reduce the undue strain on the BroadVoice systems by
properly handling registration for Asterisk servers located behind NAT
gateways.? We ask that you take a few minutes and patch your server
using the following instructions.
This patch applies both to the current CVS Head and the Stable 1.0
versions of Asterisk.? If you are running an older version of Asterisk,
please update your system to at least 1.0 prior to applying this patch
(or you can hack the patch into place in the old chan_sip.c if you feel
like it).
Note that this patch will be incorporated into the Asterisk CVS at the
earliest opportunity.? However, due to the serious nature of the issue
we ask that you patch your servers immediately.
-= Patch Instructions =-
1.? Copy the patch to /usr/src/asterisk/channels/ (or wherever you store
your Asterisk source image.
# cp /usr/bob/sip_patch.diff /usr/src/asterisk/channels/
2.? Apply the patch using the following command:
# cd /usr/src/asterisk/channels
# patch chan_sip.c sip_patch.diff
3.? Re-compile the SIP channel by executing 'make' in the /etc/asterisk
directory.
# cd /usr/src/asterisk
# make
4.? Install the newly compiled SIP channel with the 'make install'
command.
# make install
5.? Restart Asterisk to enable the patch as follows:
# asterisk -rx "restart when convenient"
This patch will update the Asterisk channel to cache and properly handle
registration messages.? Please review the code and, if you have any
suggestions, send comments to the author at oej@edvina.net
-= BroadVoice Configuration Notes =-
Because Asterisk does not have outbound proxy support, you need to make
a few other changes to make Asterisk work well with BroadVoice.
1.? Find the closest BroadVoice proxy using the 'ping' utility.
proxy.dca.broadvoice.com??????? 147.135.0.128
proxy.lax.broadvoice.com??????? 147.135.8.128
proxy.mia.broadvoice.com??????? 147.135.4.128
# ping proxy.lax.broadvoice.com
PING proxy.lax.broadvoice.com (147.135.8.128) 56(84) bytes of data.
64 bytes from proxy.lax.broadvoice.com (147.135.8.128): icmp_seq=1
ttl=47 time=41 ms
64 bytes from proxy.lax.broadvoice.com (147.135.8.128): icmp_seq=2
ttl=47 time=31 ms
64 bytes from proxy.lax.broadvoice.com (147.135.8.128): icmp_seq=3
ttl=47 time=58 ms
# ping proxy.dca.broadvoice.com
PING proxy.dca.broadvoice.com (147.135.0.128) 56(84) bytes of data.
64 bytes from proxy.dca.broadvoice.com (147.135.0.128): icmp_seq=1
ttl=47 time=141 ms
64 bytes from proxy.dca.broadvoice.com (147.135.0.128): icmp_seq=2
ttl=47 time=312 ms
64 bytes from proxy.dca.broadvoice.com (147.135.0.128): icmp_seq=3
ttl=47 time=258 ms
Which ever proxy is closer (has a shorter ping time) is the proxy you
want to use.
2.? Make the proxy your default by adding it to your /etc/hosts file.
cd /etc
vi hosts
If say dca is closest add a host entry that looks like:
147.135.0.128?????? sip.broadvoice.com
of course replace 0.128 with the ip of the "closer" proxy
3.? Configure Asterisk to connect to BroadVoice:
?From the sip.conf file:
register => 8165551212:MyPa55w07d@sip.broadvoice.com/8165551212
[broadvoice]
type=friend
username=8165551212
fromuser=8165551212
secret=MyPa55w07d
host=sip.broadvoice.com
port=5060
context=broadvoice
fromdomain=sip.broadvoice.com
canreinvite=no
dtmfmode=inband
insecure=very
permit=147.135.0.128/32????? ; or of closer proxy
qualify=yes
Note that having the IP address in the host file alters the way SIP
recognizes incoming calls from BroadVoice (before, Asterisk would not
tie incoming BroadVoice calls to the BroadVoice peer).? For this reason
you have to add the "insecure=very" to allow Asterisk to accept calls,
then add the permit=147.135.X.128/32 to limit calls to only the valid
proxy.
Calls from BroadVoice will end up in the 'broadvoice' context in
extensions.conf.? You will need to add an entry for your own phone
number in the context and direct that to whatever device you want:
[broadvoice]
exten => 8165551212,1,Dial(SIP/100|30)
exten => 8165551212,2,VoiceMail(u100@default)
exten => 8165551212,102,VoiceMail(b100@default)
Alternately you can leave the phone number off the end of the 'register'
statement in sip.conf and Asterisk will set it to 's' automatically.? In
that case you would want the following:
exten => s,1,Dial(SIP/100|30)
exten => s,2,VoiceMail(u100@default)
exten => s,102,VoiceMail(b100@default)
Send outbound PSTN calls to your BroadVoice account as follows:
[outgoing-context]
exten => _.,1,Dial(SIP/broadvoice/${EXTEN})
exten => _.,2,Congestion()
Thanks for helping to make Asterisk and BroadVoice work together, and
thank you for your business.
Sincerely,
The BroadVoice Team
Nov 10 14:52:56 NOTICE[20579]: chan_sip.c:4041 sip_reregister: --
Re-registrm
-- Responding to challenge, registration to domain/host name
sip.broadvoicem
Nov 10 14:52:56 NOTICE[20579]: chan_sip.c:6821 handle_response: Outbound
Regist)
I got this after applying the patch. I'm guessing this is normal?
-Tim
-----Original Message-----
From: asterisk-users-bounces@lists.digium.com
[mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Michael
Giagnocavo
Sent: Wednesday, November 10, 2004 2:52 PM
To: 'Asterisk Users Mailing List - Non-Commercial Discussion'
Subject: RE: [Asterisk-Users] Broadvoice asterisk patch
They send patches out by email? Who thought of this brilliant idea?
"Hmm,
let's teach our users not to be cautious."
/me wonders when someone on linux is gonna install a "patch" that
compromises their system cause some email said so....
-Michael
-----Original Message-----
From: asterisk-users-bounces@lists.digium.com
[mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of
brian@fcu.com
Sent: Wednesday, November 10, 2004 1:54 PM
To: asterisk-users@lists.digium.com
Subject: [Asterisk-Users] Broadvoice asterisk patch
Just received this from broadvoice, anyone know if this patch will
become part of the CVS tree?
------------------
THIS PATCH MUST BE APPLIED WITHIN 5 DAYS OF RECEIVING THIS E-MAIL OR YOU
WILL RISK THE POSSIBLE SUSPENSION OF YOUR BROADVOICE SERVICE. WE
APOLOGIZE FOR ANY INCONVENIENCE THIS MAY CAUSE BUT REQUIRE THIS PATCH IN
ORDER TO MAINTAIN UNINTERRUPTED OPERATION.
Dear Asterisk-Using BroadVoice Customer,
BroadVoice has been working very hard in recent months to become a
market leader in VoIP service.? As a part of that effort, we have made a
concerted effort to facilitate interoperability with as many different
SIP devices as possible -- including Asterisk.? While BroadVoice does
not directly support Asterisk and will not be able to field specific
question on your Asterisk set-up we are doing our best to assist.
Unfortunately, the SIP channel in Asterisk has a number of serious
issues which make it very difficult for BroadVoice to accommodate
Asterisk.? One of these issues, a bug with the Asterisk registration
system, is causing an unacceptable load our systems.
BroadVoice has hired Olle Johansson and Steve Sokol (the AstriCon team)
to work out a solution to the issue.? Attached is a patch that, when
applied, will reduce the undue strain on the BroadVoice systems by
properly handling registration for Asterisk servers located behind NAT
gateways.? We ask that you take a few minutes and patch your server
using the following instructions.
This patch applies both to the current CVS Head and the Stable 1.0
versions of Asterisk.? If you are running an older version of Asterisk,
please update your system to at least 1.0 prior to applying this patch
(or you can hack the patch into place in the old chan_sip.c if you feel
like it).
Note that this patch will be incorporated into the Asterisk CVS at the
earliest opportunity.? However, due to the serious nature of the issue
we ask that you patch your servers immediately.
-= Patch Instructions =-
1.? Copy the patch to /usr/src/asterisk/channels/ (or wherever you store
your Asterisk source image.
# cp /usr/bob/sip_patch.diff /usr/src/asterisk/channels/
2.? Apply the patch using the following command:
# cd /usr/src/asterisk/channels
# patch chan_sip.c sip_patch.diff
3.? Re-compile the SIP channel by executing 'make' in the /etc/asterisk
directory.
# cd /usr/src/asterisk
# make
4.? Install the newly compiled SIP channel with the 'make install'
command.
# make install
5.? Restart Asterisk to enable the patch as follows:
# asterisk -rx "restart when convenient"
This patch will update the Asterisk channel to cache and properly handle
registration messages.? Please review the code and, if you have any
suggestions, send comments to the author at oej@edvina.net
-= BroadVoice Configuration Notes =-
Because Asterisk does not have outbound proxy support, you need to make
a few other changes to make Asterisk work well with BroadVoice.
1.? Find the closest BroadVoice proxy using the 'ping' utility.
proxy.dca.broadvoice.com??????? 147.135.0.128
proxy.lax.broadvoice.com??????? 147.135.8.128
proxy.mia.broadvoice.com??????? 147.135.4.128
# ping proxy.lax.broadvoice.com
PING proxy.lax.broadvoice.com (147.135.8.128) 56(84) bytes of data.
64 bytes from proxy.lax.broadvoice.com (147.135.8.128): icmp_seq=1
ttl=47 time=41 ms
64 bytes from proxy.lax.broadvoice.com (147.135.8.128): icmp_seq=2
ttl=47 time=31 ms
64 bytes from proxy.lax.broadvoice.com (147.135.8.128): icmp_seq=3
ttl=47 time=58 ms
# ping proxy.dca.broadvoice.com
PING proxy.dca.broadvoice.com (147.135.0.128) 56(84) bytes of data.
64 bytes from proxy.dca.broadvoice.com (147.135.0.128): icmp_seq=1
ttl=47 time=141 ms
64 bytes from proxy.dca.broadvoice.com (147.135.0.128): icmp_seq=2
ttl=47 time=312 ms
64 bytes from proxy.dca.broadvoice.com (147.135.0.128): icmp_seq=3
ttl=47 time=258 ms
Which ever proxy is closer (has a shorter ping time) is the proxy you
want to use.
2.? Make the proxy your default by adding it to your /etc/hosts file.
cd /etc
vi hosts
If say dca is closest add a host entry that looks like:
147.135.0.128?????? sip.broadvoice.com
of course replace 0.128 with the ip of the "closer" proxy
3.? Configure Asterisk to connect to BroadVoice:
?From the sip.conf file:
register => 8165551212:MyPa55w07d@sip.broadvoice.com/8165551212
[broadvoice]
type=friend
username=8165551212
fromuser=8165551212
secret=MyPa55w07d
host=sip.broadvoice.com
port=5060
context=broadvoice
fromdomain=sip.broadvoice.com
canreinvite=no
dtmfmode=inband
insecure=very
permit=147.135.0.128/32????? ; or of closer proxy
qualify=yes
Note that having the IP address in the host file alters the way SIP
recognizes incoming calls from BroadVoice (before, Asterisk would not
tie incoming BroadVoice calls to the BroadVoice peer).? For this reason
you have to add the "insecure=very" to allow Asterisk to accept calls,
then add the permit=147.135.X.128/32 to limit calls to only the valid
proxy.
Calls from BroadVoice will end up in the 'broadvoice' context in
extensions.conf.? You will need to add an entry for your own phone
number in the context and direct that to whatever device you want:
[broadvoice]
exten => 8165551212,1,Dial(SIP/100|30)
exten => 8165551212,2,VoiceMail(u100@default)
exten => 8165551212,102,VoiceMail(b100@default)
Alternately you can leave the phone number off the end of the 'register'
statement in sip.conf and Asterisk will set it to 's' automatically.? In
that case you would want the following:
exten => s,1,Dial(SIP/100|30)
exten => s,2,VoiceMail(u100@default)
exten => s,102,VoiceMail(b100@default)
Send outbound PSTN calls to your BroadVoice account as follows:
[outgoing-context]
exten => _.,1,Dial(SIP/broadvoice/${EXTEN})
exten => _.,2,Congestion()
Thanks for helping to make Asterisk and BroadVoice work together, and
thank you for your business.
Sincerely,
The BroadVoice Team
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users@lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
On Wednesday 10 November 2004 07:37 pm, Michael Giagnocavo wrote:> >Which once again brings home the fact that too few people understand > >security > >in the first place. > > Damn straight. Check out the replies on that thread. > > >It's like my posting about a security list. I was wondering if anyone was > >even > >going to reply. As it is they are all replying to my email address. Which > >fine, but there are not very many. > > What's this? I didn't see anything about it. I'd definitely be interested.It was called SELinux and Asterisk.> >The reason I replied to this thread was to make make a bit of noise for > >someone at BV to notice and maybe at least consider improving their patch > >model. > > Write to Bruce Schneier at Counterpane and see if he'll doghouse them on > his blog :). > > -MichaelHehe, yes I know him. A no BS, down to earth guy who REALLY knows his stuff. -- Steve Szmidt "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." Benjamin Franklin