The FireBrick can be used for VoIP by being a VoIP gateway (FBSIP). Your local (or remote) SIP devices register against the FireBrick, and the FireBrick registers to your SIP provider, in a sense the Firebrick acts as a back-to-back SIP gateway.
You can have multiple SIP provider (carrier) accounts, and incoming calls can be routed to internal extensions and these extensions can be individual phones or a group which can then ring multiple phones in various ways. An advantage of using the FireBrick in this way is where you are forced to use RFC1918 IP addresses (private) on your LAN and the FireBrick is NATing traffic. Typically the FireBrick will be connected to the ISP by PPP itself and will have a public IP address, therefore the SIP is not being put through NAT. (SIP and NAT don't work well together)
Taking an example of a single SIP account with AAISP, and a couple of SIP phones, a FireBrick can be configured as follows.
We'll set this up so that incoming calls route to a 'ring group', which in turn will route to a number of internal extensions. Outgoing calls from the local phones will all go out via the single SIP account with the service provider.
SIP and NAT
First, a few comments about SIP, NAT and the FireBrick...
The FireBrick maps ports and IPs for NAT but provides no ALG for SIP or any other protocol. SIP is notoriously difficult with any sort of NAT, with or without ALGs. AAISP will be happy to route a block of IP addresses for use with VoIP phones, and the FireBrick can be configured to use these, and even allocate phones from the same manufacturer the correct IP by DHCP.
We have seen SIP work with FireBricks in this case, where the end device and the SIP call server both do things in just the right strange and non standard way to cope with the mapping, but it is rare. It also usually requires that UDP sessions be configured to be open for a long time on the FireBrick (ongoing-timeout setting on the firewall rules).
In general we would never suggest using SIP with NAT for this reason, and it is partly why the FireBrick itself includes a full back to back SIP gateway allowing SIP registrations in and out and a-law RTP via the FireBrick. Used in this way it can avoid any NAT issues, but does specifically need configuring to meet your needs.
Having said this, the a FireBrick acting as a SIP server that itself is not behind NAT will try to cope with SIP clients that are behind NAT. This means that in many cases if there are SIP phones behind NAT than they may well work when registering against the FireBrick.
Prioritising VoIP Traffic
The FireBrick has built in configuration to give priority to small packets. This would include RTP as well as DNS, SSH and other real time protocols that send small packets.
Normally there is no need to add any extra shaping to improve VoIP through a FireBrick.
Seting-up SIP on the FireBrick
Add a carrier
This is the SIP service that you're connecting to:
|Just a name for this particular carrier account
|Main Office Number
|Just for your information
|Your SIP account name as supplied by your carrier (With AAISP, it's the phone number)
|Your SIP account password with the carrier
|The SIP Registrar server, supplied by the carrier
|Not normally needed if using AAISP
|Internal extension number where incoming calls are routed to (e.g. a user or a group)
|IPs that are allowed to talk SIP to us (i.e. the carriers IPs). (Optional)
|The Name shown on the phones for incoming calls
<carrier name="AAISP" display-name="Main" allow="18.104.22.168-119" registrar="voiceless.aa.net.uk"username="01234567890" password="secret" extn="100" comment="Main Office Number"/>
If you go to Status - VoIP, you should see the Carrier listed with an expiry - this shows that the FireBrick is registered to the server.
If you have further SIP accounts with carriers then add those too.
Next create some users
These will be your local SIP user accounts that your telephones use to register against the FireBrick with. Go to: Config - Edit - Setup - Edit VoIP config Add new VoIP user:
|The name for this user
|Displayed a part of the CLI
|The SIP account username that the phone will use
|The SIP account password that the phone will use
|IPs that are allowed to register, put in your LAN ip addresses, e.g.,
|The full number for this user, i.e. same as the carrier's number assigned to you.
|John's internal extension number, can be anything really
|This will be the carrier John uses to dial out on
|If you just want to make 1 call at a time with this account (Optional)
<telephone name="John" display-name="John" username="john" password="secret" allow="192.168.1.0/24" ddi="+441234567890" extn="101" carrier="AAISP" max-calls="1"/>
You can repeat this process for your other users, changing the extn each time, e.g. 102, 103 etc. At this point you can configure your SIP phones to register to the FireBrick with the credentials you've specified above. You can then test by calling each other using the extn numbers assigned. You will also be able to dial out. If you go to Status - VoIP, you should see the Telephones listed with an expiry, IP and the SIP user agent details - this shows that the SIP phones have registered to the FireBrick. Incoming calls will not work yet, as the Carrier above is set to send calls to extension 100, which we've not created... yet...
Create a Ring Group
Ring groups are optional, and allow multiple extensions to be called at once. Here we will create our ring group for incoming calls so that our main number rings all our phones.
Go to: Config - Edit - Setup - Edit VoIP config Click Add New
|Just a name for this group
|The name that will display on the phone, e.g.
|This is the extension number for this group, used in the Carrier section above
|the telephone number.
|101 102 103
|space separated list of the internal extension numbers to ring
|This is the ring type, e.g. to ring all at once etc.
<group name="Main" display-name="Main" extn="100" ddi="+441234567890" ring="101 102 103" type="all"/>
You will need to open the firewall if you are actually fire-walling traffic to the FireBrick - often people just firewall traffic to the LAN, and therefore all traffic to the FireBrick is allowed.
SIP and RTP traffic will need to be allowed into the FireBrick. This will need to be from the carrier, but also from external SIP phones if you have any. Take a look at this wiki page for more info: FireBrick and VoIP Firewall