Okay, first blog. I wanted to put down a record of the voip work we are doing so that later when the dust has settled and the sobbing has stopped, we can all look back and see what happened and when.
And who knows, somebody, sometime might find this useful!
It all started when an existing client of ours, for whom we have done a lot of work in the past, wanted us to look at their telephony capabilities. They are using a very old telephone switch and they wanted a number of modern capabilities.
At the same time Juniper declared end of life on its SSG series, which unfortunately is what we are using in our offices.
We decided to kill two birds with one stone and build a proof of concept for our client using our own offices. We also wanted to introduce VOIP for a number of reasons:
A number of our people work abroad and they currently log in through a VPN to the system at our head office. But calls are over mobiles, can be quite difficult to manage conferencing and video-conferencing and these are functionalities that VOIP can give us.
The Juniper successor is the SRX series and we decided a SRX220 would be more than enough for our needs.
So first of all we wanted to look at who could give us SIP trunking. Our ISP – Zen, was able to provide us with SIP trunking and a number of dedicated lines. Excellent!
But they do not do any configuration of the PBX. They’ll get the signal to our front door but what we do about it after that is the next question. In addition, like any digital data transfer, SIP can be interfered with or hacked. Not a good place to be. To prevent that, we need SBC – Session Border Control – a kind of firewall/helper.
But the SRX does not come with SBC, it comes with SIP ALG and this is not a real contender when it comes to VOIP security.
So we put that question aside and started to look at the PBX. Asterisk is the predominant software PBX and it is open source. Hooray! Er, actually not. It may be open source but each time we looked at training, support or even configuration documentation, we came across a paid structure. Stealth invoicing! Time to start looking at paid offerings.
So we eventually came across 3CX. They do a windows product which has a lot of good things said about it and is to some extent based on Asterisk but without the pain. And when we were talking to our networking specialists, they mentioned that 3CX also do a SBC software component.
Sweet! We also needed a radius server and we started looking at the choices available to us. It turns out that Windows Server 2008 onwards already has a Radius Server component providing EAP-TLS, PEAP with MS-CHAP v2 and PEAP-TLS. [What does this mean? No idea yet, only that PEAP-TLS will need certificates]. We already have windows servers so brilliant. Let us use them.
So we now have a flow of internet sourced inbound calls coming into the SRX which routes it to the SBC which routes it to the PBX which routes it to the registered smart/soft/ip phones for that number.
Outbound calls are the same in reverse. Registered IP phone makes a call to the PBX to the SBC to the SRX to the internet.
Great! We now have all the lego components. All we need to do is put them together and get them talking to each other. How difficult can this be?