SipDevicesAcrobitsGroundwire
Version 17 (Adrian Georgescu, 08/05/2013 06:43 pm) → Version 18/20 (Pro Backup, 08/05/2013 08:18 pm)
[[SipDevices]] »
h1. Acrobits Groundwire
Goal is to create a reliable and secure configuration for inbound calls, where the account is shared with another desktop (Snom) SIP-phone.
h2. Account
h3. User Details
|Username| 2233XXXXXX|
|Domain|sip2sip.info|
|Display Name|<empty>|
h3. Advanced settings
|Incoming Calls|On with Backgrounding|
|NAT Traversal|ICE|
|Proxy|proxy.sipthor.net:443|
|Auth User Name|<empty>|
|Transport Protocol|tls (sips)|
|VoiceMail Number|<empty>|
|Expires|86400|
|Caller ID|<empty>|
|Caller Id Method|From Username|
_Sets caller ID headers of outgoing INVITE messages. Most VoIP providers will ignore these headers though._
|SIMPLE|Off|
_Enables SIP/SIMPLE messages to be sent and received._
h4. Backgrounding Options
|Host|<empty>|
|Transport Protocol|tls (sips)|
|Expires|86400|
|Track Errors|On|
h4. NAT Traversal
|Media|ICE|
|Send Media Back|Off|
_Ensures that media streams are sent to the IP:port they are received from._
|STUN Server|stun1.dns-hosting.info:3478|
|TURN Username|<empty>|
|TURN Password|<empty>|
|Ignore Symmetric NAT|Off|
|Discover Global IP|Internal|
_For providers requiring global IP discovery use External. For others you should be safe with Static or Internal. Static uses a faked private IP:port pair to solve issues when you are behind NAT and your provider groups registrations based on the full Contact URI. This option prevents changes in Contact header when network conditions change. To specify your own IP:port pair go to the Hacks section._
|Send keepalives|Off|
_Send keepalive packets to keep the NAT ports open. Set if you have troubles getting incoming calls._
|Outbound Proxy Enabled|Off|
_Optionally set to a proxy that performs some traffic manipulation e.g. TLS to UDP translation. This proxy is usually not related to the SIP provider. If regular proxy is specified as well, the SIP traffic will be routed to the proxy on the second hop.
Use the Outbound Proxy to route all SIP traffic through one server._
h4. Codecs for WiFi
# Opus Wideband
# G.722
# Opus Narrowband
# iLBC
# G.711 u-Law
# G.711 a-Law
# G.729a
# GSM
|Packet Time|20ms|
|Force Packet Time|Off|
_Higher packet times save bandwidth, but make the call quality more sensitive to packet loss. Bigger lost packets will make longer, more audible dropouts._
|Honor Remote Codecs|On|
_If set, local codec order will be ignored and the first supported codec from the list sent by remote will be used._
h4. Codecs for 3G
# iLBC
# Opus Narrowband
# GSM
# G.729a
# G.711 u-Law
# G.711 a-Law
# Opus Wideband
# G.722
|Packet Time|20ms|
|Force Packet Time|Off|
|Honor Remote Codecs|Off|
h4. DTMF Mode
h5. Enabled DTMF Modes
# RFC2833
# SIP INFO
# audio
|Send All Enabled|Off|
_When turned on all enabled DTMF methods are sent simultaneously. If pressing a single digit results in multiple presses on the receiver side, just turn this switch off._
h4. Secure Calls
h5. SDES (RFC 4568)
|Incoming Calls|Enabled|
|Outgoing Calls|Best Effort|
_A secure signaling channel is required for SDES. I.e. the protocol needs to be set to TLS. Due to security concerns it's also disabled for pushed calls. Please note SDES is prone to man-in-the-middle attacks and is largely dependant on the behavior of proxies along the SIP path. There may be hops between which the keys are transfered in clear text. If you would like to use SRTP over an insecure signaling channel you should try ZRTP instead._
h5. ZRTP
|Incoming Calls|Enable|
|Outgoing Calls|Disable|
_ZRTP is a media path key exchange method for SRTP. It can be used to secure calls even over insecure signaling channel (e.g. UDP). As opposed to SDES, it prevents eavesdropping opportunities at proxies. You will be able to accept ZRTP encrypted calls, however to initiate them you need to purchase the ZRTP add-on._
h4. Hacks
|RTP Port Start|10000|
|RTP Port End|65535|
|SIP Port|<empty>|
_The listening port for SIP._
h5. Forced Contact
|Contact IP:port|<empty>|
_Fake fixed local IP and port can help if you are behind NAT and your provider groups registrations based on the full Contact URI. This setting prevents changes in Contact header when network conditions change. You should pick an IP from RFC 1918 range. E.g. 192.168.1.100:44444. Make sure to set Discover Global IP to Static to use this field._
h5. Authorization
|Send On Request|Off|
_Some providers do not like getting the Authorization header unless requested._
|URI Scheme|sip:|
_The default scheme for numerical URIs is sip: or sips:. You can select tel: to enable support for RFC 3966 tel: URIs._
h5. Nortelnetworks
|Proxy-Require|Off|
_Some setups need Proxy-Require: com.nortelnetworks.firewall header to successfully traverse NAT._
h5. SRTP
|Prefer 80-bit Tags|Off|
_Prefer 80-bit authentication tags over 32-bit tags._
h5. Registration State
|Reuse|On|
|Adjust Via|Off|
_The new registration will reuse the same Call-ID, CSeq sequence and rinstance as the previous one. We try to unregister stale contacts when network change. It's possible to alter Via headers to reflect Contact being unregistered._
h5. Well-known codecs
|Use rtpmap|Off|
_It's not necessary to include rtpmap attributes for well known codecs, but some providers erroneously require it._
h1. Acrobits Groundwire
Goal is to create a reliable and secure configuration for inbound calls, where the account is shared with another desktop (Snom) SIP-phone.
h2. Account
h3. User Details
|Username| 2233XXXXXX|
|Domain|sip2sip.info|
|Display Name|<empty>|
h3. Advanced settings
|Incoming Calls|On with Backgrounding|
|NAT Traversal|ICE|
|Proxy|proxy.sipthor.net:443|
|Auth User Name|<empty>|
|Transport Protocol|tls (sips)|
|VoiceMail Number|<empty>|
|Expires|86400|
|Caller ID|<empty>|
|Caller Id Method|From Username|
_Sets caller ID headers of outgoing INVITE messages. Most VoIP providers will ignore these headers though._
|SIMPLE|Off|
_Enables SIP/SIMPLE messages to be sent and received._
h4. Backgrounding Options
|Host|<empty>|
|Transport Protocol|tls (sips)|
|Expires|86400|
|Track Errors|On|
h4. NAT Traversal
|Media|ICE|
|Send Media Back|Off|
_Ensures that media streams are sent to the IP:port they are received from._
|STUN Server|stun1.dns-hosting.info:3478|
|TURN Username|<empty>|
|TURN Password|<empty>|
|Ignore Symmetric NAT|Off|
|Discover Global IP|Internal|
_For providers requiring global IP discovery use External. For others you should be safe with Static or Internal. Static uses a faked private IP:port pair to solve issues when you are behind NAT and your provider groups registrations based on the full Contact URI. This option prevents changes in Contact header when network conditions change. To specify your own IP:port pair go to the Hacks section._
|Send keepalives|Off|
_Send keepalive packets to keep the NAT ports open. Set if you have troubles getting incoming calls._
|Outbound Proxy Enabled|Off|
_Optionally set to a proxy that performs some traffic manipulation e.g. TLS to UDP translation. This proxy is usually not related to the SIP provider. If regular proxy is specified as well, the SIP traffic will be routed to the proxy on the second hop.
Use the Outbound Proxy to route all SIP traffic through one server._
h4. Codecs for WiFi
# Opus Wideband
# G.722
# Opus Narrowband
# iLBC
# G.711 u-Law
# G.711 a-Law
# G.729a
# GSM
|Packet Time|20ms|
|Force Packet Time|Off|
_Higher packet times save bandwidth, but make the call quality more sensitive to packet loss. Bigger lost packets will make longer, more audible dropouts._
|Honor Remote Codecs|On|
_If set, local codec order will be ignored and the first supported codec from the list sent by remote will be used._
h4. Codecs for 3G
# iLBC
# Opus Narrowband
# GSM
# G.729a
# G.711 u-Law
# G.711 a-Law
# Opus Wideband
# G.722
|Packet Time|20ms|
|Force Packet Time|Off|
|Honor Remote Codecs|Off|
h4. DTMF Mode
h5. Enabled DTMF Modes
# RFC2833
# SIP INFO
# audio
|Send All Enabled|Off|
_When turned on all enabled DTMF methods are sent simultaneously. If pressing a single digit results in multiple presses on the receiver side, just turn this switch off._
h4. Secure Calls
h5. SDES (RFC 4568)
|Incoming Calls|Enabled|
|Outgoing Calls|Best Effort|
_A secure signaling channel is required for SDES. I.e. the protocol needs to be set to TLS. Due to security concerns it's also disabled for pushed calls. Please note SDES is prone to man-in-the-middle attacks and is largely dependant on the behavior of proxies along the SIP path. There may be hops between which the keys are transfered in clear text. If you would like to use SRTP over an insecure signaling channel you should try ZRTP instead._
h5. ZRTP
|Incoming Calls|Enable|
|Outgoing Calls|Disable|
_ZRTP is a media path key exchange method for SRTP. It can be used to secure calls even over insecure signaling channel (e.g. UDP). As opposed to SDES, it prevents eavesdropping opportunities at proxies. You will be able to accept ZRTP encrypted calls, however to initiate them you need to purchase the ZRTP add-on._
h4. Hacks
|RTP Port Start|10000|
|RTP Port End|65535|
|SIP Port|<empty>|
_The listening port for SIP._
h5. Forced Contact
|Contact IP:port|<empty>|
_Fake fixed local IP and port can help if you are behind NAT and your provider groups registrations based on the full Contact URI. This setting prevents changes in Contact header when network conditions change. You should pick an IP from RFC 1918 range. E.g. 192.168.1.100:44444. Make sure to set Discover Global IP to Static to use this field._
h5. Authorization
|Send On Request|Off|
_Some providers do not like getting the Authorization header unless requested._
|URI Scheme|sip:|
_The default scheme for numerical URIs is sip: or sips:. You can select tel: to enable support for RFC 3966 tel: URIs._
h5. Nortelnetworks
|Proxy-Require|Off|
_Some setups need Proxy-Require: com.nortelnetworks.firewall header to successfully traverse NAT._
h5. SRTP
|Prefer 80-bit Tags|Off|
_Prefer 80-bit authentication tags over 32-bit tags._
h5. Registration State
|Reuse|On|
|Adjust Via|Off|
_The new registration will reuse the same Call-ID, CSeq sequence and rinstance as the previous one. We try to unregister stale contacts when network change. It's possible to alter Via headers to reflect Contact being unregistered._
h5. Well-known codecs
|Use rtpmap|Off|
_It's not necessary to include rtpmap attributes for well known codecs, but some providers erroneously require it._