Retour au blog
Tech

IP-based authentication is not dead yet

Published on:

June 30, 2015

Usually every domain needs their own telephone number or numbers that link the world of VoIP with the good old telecom industry. This is done using SIP trunks. While it is possible to share a SIP trunk with several domains, most hosted providers prefer one trunk per domain. But how does the SIP trunk provider know which trunk is being addressed when there is a call coming in?

Hamlet Collado

Running multiple instances on a single IP address has a lot of benefits, especially when you are still on IPV4. Many clients can share the same host similar to what is standard today on web servers that can have hundreds and thousands of domains on a single server.

Usually every domain needs their own telephone number or numbers that link the world of VoIP with the good old telecom industry. This is done using SIP trunks. While it is possible to share a SIP trunk with several domains, most hosted providers prefer one trunk per domain. But how does the SIP trunk provider know which trunk is being addressed when there is a call coming in?

The SIP RFC provides several ways to identify where the call comes from on the SIP side. The caller-ID itself is not very useful as it can be spoofed easily, so it does not really count. Most service providers use a simple registration with the right password and a somehow unique contact in the SIP request to figure out where the request comes from.

Thinks get tricky on a multi-tenant PBX when the trunk identification is based on the IP address and the port. If it is only based on the IP address, then the potentially hundreds of domains can use only one telephone number, practically putting that SIP trunk provider out of business for that hosted PBX. Some trunk providers also consider the port, then it would be possible to open another port on the host for that trunk, so that all communication inbound and outbound run on that port.

This is what we have just added to the Vodia PBX. With the next version (post 5.2.6) it will be possible to use SIP service providers that solely rely on the IP address and port for the authentication. All you need to do to make this happen is to add another port to the list of SIP UDP ports on the PBX admin level and then mention that port number in the trunk setting. Then when that port is really available, the PBX will prefer that port for sending traffic from that trunk.

This feature is possible because the PBX is able to deal with a list of ports, not just one port for IPv4 and for IPv6. The performance implications are modest as long as there are not hundreds of those ports. The new open ports also slightly increase the exposure to SIP attacks; however realistically if you have already port 5060 open an attacker would not have any reason to try non-standard ports anyway.

The whole story reminds me a little bit about H.323, where a lot of the backbone VoIP traffic was sent based on the IP address for authentication. Let’s hope hackers don’t find an easy way to put themselves into the middle of that traffic and use this primitive authentication method to their advantage.

Derniers articles

Voir tous
Webinar

Integrating OpenAI's Realtime API with Vodia PBX: Webinar Recording Now Available

In our recent webinar, "Integrate OpenAI’s Realtime API with Vodia PBX," we explored how integrating AI with your communication systems can revolutionize the way your business operates. From automating repetitive tasks to improving workflow efficiency, the webinar covered how the collaboration between Vodia PBX and OpenAI’s Realtime API can streamline operations, enhance collaboration - especially for Microsoft Teams users - and provide intelligent automation to stay ahead in a competitive landscape. If you missed the live session or want to revisit the insights, the recording is now available for you to access.

December 18, 2024
Webinar

Unlock the Power of OpenAI’s Realtime API with Vodia PBX: Join Our Exclusive Webinar!

Join our exclusive webinar to explore how Vodia PBX seamlessly integrates with OpenAI’s Realtime API, unlocking powerful new capabilities for your communication systems. This session will showcase how AI-driven features can streamline workflows, improve operational efficiency and elevate the PBX experience for both general users and those on Microsoft Teams. Whether you’re looking to stay ahead of the competition or leverage the latest AI trends, this webinar offers practical knowledge and actionable strategies. Register now to secure your spot and take the first step toward transforming your telecom infrastructure with AI innovation!

December 4, 2024
Tech

Connecting to OpenAI Realtime API

This document details the beta version of the Vodia PBX that connects to the OpenAI realtime API, enabling users to interact with a chatbot via telephone. The backend JavaScript code facilitates the connection, handling audio input and output, and the WebSocket connection to the OpenAI API. The setup requires a Vodia PBX version 69.5.3 or higher, an API key, and a license with an IVR node. The demo can be accessed by editing the ivrnode.js template and creating an IVR node in the tenant. The system supports various VoIP devices and offers good voice quality. Future improvements include voice activity detection and the ability to take actions based on OpenAI responses.

November 26, 2024