Finally, FreeSWITCH 1.10.1 is available in an easy way for non-Debian users (aka CentOS). Today, I have published in OKay's RPM repository RPMs for FreeSWITCH 1.10.1. FreeSWITCH is a complete VoIP switch that works on many platforms, including CentOS 6 and CentOS 7. This is one of the biggest packages I have ever done; there are more than 1800 hours of work behind to make it work (mainly because of the CentOS 6 support). When updating, you will notice it will download many libraries, most part of them not available anywhere.
In addition, these RPM's have a patch that allows the console to filter by a regular expression. If you do VoIP debugging, you will understand right away what I am talking about.
Since this release, my RPM is going to be linked against tcmalloc.
IP Authentication is the fact of linking a sip extension against a set of known IP's. Therefore, any call signalled to or from a given IP will be linked to a linked SIP account. IP Authentication is needed (not a must) if you want to configure your PBX as a Class 4 PBX. If you want to know more about the difference between Class 4 and Class 5, read the article I published some years ago in this blog.
So, our scenario is our FusionPBX (pbx-b) is the carrier of another PBX (pbx-a). The pbx-a uses pbx-b as a carrier configured without registration (IP authenticated). Users register into pbx-a. When an outbound call is done, the user signals the authenticate INVITE to pbx-a, then pbx-a forwards the SIP INVITE without authentication. Finally, pbx-b forwards the INVITE to the upstream carrier.
FusionPBX by default is shipped as a Class 5 PBX. You will need to do some web tuning to make it work as a Class 4 PBX. In this article, I will write about the SIP Authentication, which is one of the many steps you need to do.
DNS tunnelling is just another tunnelling technique. Usually, it is called VPN over DNS too, it is just naming. What it makes it very popular is that not all carriers or network administrators are aware of it or if they are, they don't know exactly how to stop it. Rogers, one of the biggest telecommunication carrier in Canada and Telcel the biggest player of mobile telephony in Mexico, both allow DNS tunnelling (I don't doubt others carriers do as well), so when you run out of data in your plan you can still connect if you configure it in your mobile. This is because smartphones need to connect to some carrier servers regardless if you have the right to 2G/3G/4G data access or not; smartphones still have access to the local DNS server. Local networks have the same symptom because DNS is used to access many IT services like the Active Directory, it is very difficult to differentiate between a true legitimate DNS query and DNS tunnelling traffic without the proper tools.
Because of this, I am going to describe how this technique works.