Browsed by
Category: Docs & FAQ

MyVoipApp documents and FAQ

Work with Chinese CTC IMS network

Work with Chinese CTC IMS network

Yesterday, we helped a Chinese customer to deploy MSS to work with CTC IMS network. In this scenario, CTC IMS network has ZTE soft-switch (according to User-Agent header in SIP messages) , we need be careful to cooperate with it.

Since CTC provides user name and password for authorization, we configure “external line” in MSS to do that. Following sections will illustrate some key points.

Authorization user name

By default, we often use “External line (account)” as authorization user name, but ZTE softswitch requires full URI format, so we need configure “The authorization ID should include address information” in external line. Please refer to following figure for more details.

Authorization user name
Authorization user name

For example, if this item is selected, the authorization name will be “+8612345678@gd.ctcims.cn” according to above figure.

If it is not full format, IMS network will return “403 Forbidden” messages to reject it. In fact, we think it is a bug in ZTE softswitch since there is “realm” and “domain” parameters in SIP authorization header. No matter the user name is full format or not, the device should pass it according to successful authorization itself.

Anyway, if you have same problem to cooperate with other IMS networks, please pay attention to it and configure such item to take a try.

Proxy

In Chinese CTC-IMS network, its “SIP server” is logic domain, not a real SIP device and cannot be visited. In above scenario, “gd.ctcims.cn” is its domain, not its real address. SIP messages should be routed to another device (we think it is a SBC or proxy), so we need configure “Via” address in MSS external line configuration. Please refer to following figure.

SIP proxy in IMS
SIP proxy in IMS
Concurrent calls of SIP trunk

Concurrent calls of SIP trunk

By default, MSS previous versions don’t limit concurrent calls of SIP trunk. That means you can make or receive calls as much as you can. If peer sides don’t have enough resources, they will reject calls by themselves. But now in some scenarios, customers hope MSS can handle concurrent calls and limit them automatically.

To fit this requirement, we upgrade MSS to provide concurrent calls configurations in SIP trunk. Too much calls will be rejected by MSS itself. Please refer to following figure for more details about these items.

Concurrent calls of SIP trunk
Concurrent calls of SIP trunk

Please pay attention to these.

(1) These items are independent. You can configure different values for them to limit different concurrent calls for outgoing calls and incoming calls.

(2) If one of them is zero, in fact all them can be zero, that means only incoming calls can be received, or can only make outgoing calls outsides.

Modification of “one number” service

Modification of “one number” service

We upgraded miniSIPServer V30 today to change “one number, multi-devices” service in local user’s configuration. In previous versions, we don’t need configure anything to enable this feature in local user since it was enabled by default. Customers think it is good idea to reduce configuraiton workload, but it brings new management problem. In fact, they hope to be able to control which local users can have this feature. In most scenarios, only some local users have several phones with same number, others are not permit to do that.

To fit this requirement, we add a new optional item in local user’s configuration. Please refer to following figure for more details. By default, this service is not enabled now until you configure it obviously.

One number service right in local user's configuration.
One number service right in local user’s configuration.

This modification is applied to cloud MSS too.

Block anonymous calls

Block anonymous calls

We can use “system black list” feature to block anonymous calls. Please click menu “services – system black list” and add a record:

caller number prefix = anonymous
called number prefix = *
rate = 100

This record means: 100% calls from caller “anonymous” should be blocked.

Invalid CSeq number

Invalid CSeq number

One of our customers reported a problem that his external line was always offline with a voip provider. That’s very strange because “external line” is a very basic function of MSS and it works perfectly with lots of voip providers.

We captured the log and found the voip provider returned “400 Bad Request” message with following cause:

P-Registrar-Error: Invalid CSeq number

We checked the REGISTER messages, and think it is no problem in CSeq header. Following items are from MSS:

==>
REGISTER sip:sip.xxx.com SIP/2.0
...
Call-ID: 18BF67854AE23D6D2CD772AFMSS002A0001.
CSeq: 13 REGISTER
...

<==
SIP/2.0 401 Unauthorized
...
Call-ID: 18BF67854AE23D6D2CD772AFMSS002A0001.
CSeq: 13 REGISTER
...

==>
REGISTER sip:sip.xxx.com SIP/2.0
...
Call-ID: 18BF67854AE23D6D2CD772AFMSS002A0001.
CSeq: 14 REGISTER
...

<==
SIP/2.0 400 Bad Request
...
Call-ID: 18BF67854AE23D6D2CD772AFMSS002A0001.
CSeq: 14 REGISTER
P-Registrar-Error: Invalid CSeq number
...

We checked RFC3261 to find “CSeq” in SIP-REGISTER procedures:

A UA MUST increment the CSeq value by one for each REGISTER request with the same Call-ID.

Obviously we are right. But why did peer side reject MSS’ messages?

Finally, we tried to send SIP-REGISTER with different ‘call-id’, and the problem was resolved! That made us confused again because in RFC3261 we can find the details of “call-id” in SIP-REGISTER procedures:

All registrations from a UAC SHOULD use the same Call-ID header field value for registrations sent to a particular registrar.

We think the voip provider is unprofessional. Unfortunally, it is hard for them to upgrade their system. So we have to add a switch varant to control MSS to fit this kind of situation.

[sip]
gVarSipRegSameDialog=0

If you have the same problem with some voip providers, please add above parameter into “mss_var_param.ini” file and restart your MSS to enable it.

No-answer timer in external line

No-answer timer in external line

In the external line “outgoing calls” configuration, we add an item “no-answer timer”. This item is used to limit the no-answer timer value when make outgoing calls. Please refer to attached figure.

No-answer timer value
No-answer timer vaule in outgoing calls of external line.

By default, its value is zero that means the line will use system default no-answer timer value. If it is set a value, the line will use it firstly.

For example, if it is set to be “15”, then the line will force to release the call in 15 seconds if peer side doesn’t answer the call.

Anti SIP scanning

Anti SIP scanning

One of our customers reported that his extensions have been cracked. We checked its MSS CDR records. It seems someone has cracked one extension’s password and used this extension number to make lots of calls.

Obveriously, it is a very dangerous problem. We think this “hacker” might send lots of SIP messages to MSS to try such extension’s password. MSS previous version doesn’t consider this scenario and always permit the SIP phone to keep trying its password until it is authorized.

To stop this, we upgrade V26 to support “fail to ban (F2B)” feature. Once SIP phone has failed to check authorization for several times in one minute, MSS will detect it as “scanning” and ban its IP address for several hours. All SIP messages from such address will be rejected directly. Then it is impossible for “hacker” to crack SIP passwords.

This feature is enabled by default and need configure nothing for it.

Some virtual servers changed

Some virtual servers changed

Some virtual servers in cloud-MSS system have been changed, please pay attention to these items.

STUN server

Each virtual SIP server will enable STUN feature. For example, if the SIP server address is “1234.s1.minisipserver.com”, its STUN server can also be the same address. That means “1234.s1.minisipserver.com” is also its STUN server address.

Now we suggest “stun.minisipserver.com” by default. It is a simple public STUN server for all virtual SIP servers. Of course, you can still configure your virtual SIP server address as your STUN server.

SMTP server

In voice-mail feature, we need a SMTP server to send emails with attached audio files. Each virtual SIP server can be configured with customers’ own SMTP servers. But we find it could make several problems. For example, most customers try to use Gmail SMTP server. Gmail SMTP server requires that you need enable POP/SMTP firstly, and grand other access. Most customers don’t know how to do that.

So we disable SMTP server configurations. All voice mails will be sent from our own SMTP server.  Most important is that you will need check your spam box if you cannot find voice email in ‘inbox’.

IP address authorization

IP address authorization

This feature was merged to the latest V25 (build 20160126).

Some special SIP devices, for example embeded devices in automaticated system, don’t have full SIP capabilities, they can make or receive simple SIP calls without account and password authorization. They even cannot send REGISTER messages to MSS to update their own status.

Yep, we can configure them as “SIP trunk” in MSS. but it will lost several key features, such as ringing-group. In some scenarios, customers hope to ring all such devices together, so we have to treat them as “local users”.

To fit these requirements, we add “IP address authorization” in local user’s configuration. That means MSS will not require SIP phones/devices to register them firstly, and will not check their account and password if their messages are from specific or configured IP addresses. Please refer to below figure for more details.

IP address authorization
IP address authorization

By the way, we update openAPI document according to the latest V25. If you are interesting in it, please refer to openAPI document.