Critical Maintenance for CPU Vulnerabilities

Critical Maintenance for CPU Vulnerabilities

Maintenance is required for all virtual servers in our cloud system. We will reboot all our servers in 2018-01-19 7:00:00 AM UTC. You can prepare your VoIP networks for this mantenance.

This action affects the underlying infrastructure that your virtual server resides on and will not affect the data stored within your virtual server

During the maintenance window, your virtual server will be cleanly shut down and will be unavailable while we perform the updates. A two-hour window is allocated, however the actual downtime should be much less.

We regret the short notice and the downtime required for this maintenance. However, due to the severity of these vulnerabilities, we have no choice but to take swift and immediate action to ensure the safety and security of our customers. For these reasons, we must adhere to a strict timetable, and will not be able to reschedule or defer this maintenance.

If you experience any issues following the maintenance, please feel free to reach out to us and we will be happy to assist.

Connect to sonetel

Connect to sonetel

“sonetel.com” is a VoIP carrier who can provide local phone numbers. We can add “external line” to work with their servers. According to its description, there are some special items need to be cared:

  • Sonetel uses email address as SIP account and
  • It deploys SBC or proxy to process all incoming SIP messages.

Here we give a simplel example to describe how to work with Sonetel. We assume the SIP account is “abc@gmail.com”.

In MSS, please cilck menu “data > external line” to add a record.

Configure Sonetel lline
Configure Sonetel lline

In “Basic” tab, the line type should be “Connect to peer VoIP server”, the Account should be “abc” and the Domain is “gmail.com”.

By the way, the Password is the password you sign up in Sonetel, not your own email password.

Since all SIP messages are processed by sonetel SBC/Proxy, we need configure “outbound” information in the “Outgoing call” tab. Please refer to following figure.

Sonetel SBC
Sonetel SBC

The Sonetel proxy address is “sip.sonetel.com” which should be described in the email sent by sonetel.

V32 (stable) is pre-released

V32 (stable) is pre-released

V32 (stable) has been tested in most scenarios and we are proud to release it today!

As you can see, this V32 is in stable branch. When we finish all test scenarios and get enough response messages from customers, it will be upgraded to LTS branch and the new LTS will be released finally in the begin of next year.

Please download it from our website directly.

https://www.myvoipapp.com/download/

Hope you can enjoy it!

Say goodbye to V24

Say goodbye to V24

It has been two years since the first V24 was released. It is the second LTS version of MSS. Now it is time to say goodbye. The latest LTS version will be V32 and we will provide five years support for it.

V32 will base on current stable version which is V31. We hope to do enough test on V31 as much as we can, so we decide to remove V24 linker from download page and only keep V31 linker. According to our test and customers’ experiences, V31 is very stable now. It will be a good choice to install or upgrade previous MSS to this version.

V32 is on the way and will be released in the beginning of 2018.

Final V31

Final V31

We released the final V31, that means we will be focus on next very important version V32 which will be our next LTS version to replace V24.

In fact, lots of features have been merged into the latest V31, and we will stay with V31 for several months since it is the base line of V32.  Please refer to following sections for more details about the key points.

Tools upgraded

In Windows platforms, we upgrade several important tools for V31.  The VC++ is upgraded to VC2010, so new MSS is using VC2010 run-time libraries. It could be powerful and better than previous VC2008 which has several manifest problems in customers’ environments.

The basic SSL library is migrated from OpenSSL to LibreSSL in MSS for windows. In Linux system, we still keep OpenSSL at this time and will move to LibreSSL in future. LibreSSL provides official windows library and we think it is optimized to be better than OpenSSL. If you are deploying “SIP over TLS”, this modification could be much better and safer then previous versions.

SIP stack upgraded

In recent days, we work with several customers to process scenarios with different IMS networks. We have to say we met several strange and very old SIP call flows. That’s ok, V31 is refined to fit these requirements.

“18X with/without SDP” flows are supported. “18X” means 180 or 183, so you can see several possibilities, such as “180 with SDP”, “180 without SDP”, “183 with SDP”, “183 without SDP”, and so on, and their orders are different. Sometimes we receive 180 firstly, sometimes we receive 183 firstly. In most scenarios, these messages are used to play different ring-back tone, so it is not only something with SIP stack but also something with media connections which means MSS inner MG module is upgraded too.

Another key point is SIP-UPDATE. Some IMS networks don’t use 18x to bring ring-back tone media information, they use SIP-UPDATE messages.  In another IMS network, we find it use “SIP-UPDATE without SDP” to keep alive in dialog. It is an interesting topic and we hope to write another blog to describe these scenarios carefully. Anyway, V31 is upgraded to support part of SIP-UPDATE to work with such IMS networks. We don’t implement all features about SIP-UPDATE and MSS will not invoke SIP-UPDATE flow by itself. If MSS wants to change media, it always invokes reINVITE procedures.

“tel” number format is supported in V31. Traditional soft-switch networks could transfer this format to MSS when they work with PSTN networks. We don’t understand why these soft-switch don’t convert it to SIP URL. Now V31 can accept that. Of course, MSS will never send out such number format.

Work with Chinese CTC IMS network

Work with Chinese CTC IMS network

Yesterday, we helped a Chinese customer to deploy MSS to work with CTC IMS network. In this scenario, CTC IMS network has ZTE soft-switch (according to User-Agent header in SIP messages) , we need be careful to cooperate with it.

Since CTC provides user name and password for authorization, we configure “external line” in MSS to do that. Following sections will illustrate some key points.

Authorization user name

By default, we often use “External line (account)” as authorization user name, but ZTE softswitch requires full URI format, so we need configure “The authorization ID should include address information” in external line. Please refer to following figure for more details.

Authorization user name
Authorization user name

For example, if this item is selected, the authorization name will be “+8612345678@gd.ctcims.cn” according to above figure.

If it is not full format, IMS network will return “403 Forbidden” messages to reject it. In fact, we think it is a bug in ZTE softswitch since there is “realm” and “domain” parameters in SIP authorization header. No matter the user name is full format or not, the device should pass it according to successful authorization itself.

Anyway, if you have same problem to cooperate with other IMS networks, please pay attention to it and configure such item to take a try.

Proxy

In Chinese CTC-IMS network, its “SIP server” is logic domain, not a real SIP device and cannot be visited. In above scenario, “gd.ctcims.cn” is its domain, not its real address. SIP messages should be routed to another device (we think it is a SBC or proxy), so we need configure “Via” address in MSS external line configuration. Please refer to following figure.

SIP proxy in IMS
SIP proxy in IMS
miniSIPServer on Debian 9

miniSIPServer on Debian 9

It is a good news to see that the latest Debian 9 is released. We have downloaded and tested it in our lab.

Debian 9 is very interesting. Since it is a stable version, it is important for us to run miniSIPServer on this system. We have to find that so many libraries and softwares have been changed or upgraded. Previous MSS versions cannot work on it by default.

We did lots of work to fix these conflict and upgrade MSS to V31 (build 20170621). And we are exciting to announce that the latest versions can still work on previous Debian systems, such as Debian 7 and Debian 8. Everything is perfect now!

If you want to try Debian 9, please upgrade MSS to the latest V31. And please refresh the document for more details about libraries.

RFC3262

RFC3262

RFC3262 defines a method to provide reliable provisional response messages in SIP dialog. Simply, it uses a new message which is PRACK to response “response” messages. We don’t think it is a good idea, and most traditional VoIP devices don’t following this RFC document.

But now in some interoperability scenarios with the PSTN, it is required to provide RFC3262 capability. Specially in some 4G-IMS networks, for example, in China telcom markets, mobile carriers’ networks will reject SIP calls if they don’t have this capablity.

So we upgrade MSS to V31 to support RFC3262. New MSS will add ‘100rel’ in outgoing calls to update peer sides or SIP phones that it has RFC3262 capability, they can decide to invoke it by themselves. For incoming calls, MSS will not invoke RFC3262 procedures automatically unless peer sides or SIP phones require that.

If you have problem to work MSS with your local ISP networks, please try the latest MSS and hope you can enjoy it.

Concurrent calls of SIP trunk

Concurrent calls of SIP trunk

By default, MSS previous versions don’t limit concurrent calls of SIP trunk. That means you can make or receive calls as much as you can. If peer sides don’t have enough resources, they will reject calls by themselves. But now in some scenarios, customers hope MSS can handle concurrent calls and limit them automatically.

To fit this requirement, we upgrade MSS to provide concurrent calls configurations in SIP trunk. Too much calls will be rejected by MSS itself. Please refer to following figure for more details about these items.

Concurrent calls of SIP trunk
Concurrent calls of SIP trunk

Please pay attention to these.

(1) These items are independent. You can configure different values for them to limit different concurrent calls for outgoing calls and incoming calls.

(2) If one of them is zero, in fact all them can be zero, that means only incoming calls can be received, or can only make outgoing calls outsides.

Modification of “one number” service

Modification of “one number” service

We upgraded miniSIPServer V30 today to change “one number, multi-devices” service in local user’s configuration. In previous versions, we don’t need configure anything to enable this feature in local user since it was enabled by default. Customers think it is good idea to reduce configuraiton workload, but it brings new management problem. In fact, they hope to be able to control which local users can have this feature. In most scenarios, only some local users have several phones with same number, others are not permit to do that.

To fit this requirement, we add a new optional item in local user’s configuration. Please refer to following figure for more details. By default, this service is not enabled now until you configure it obviously.

One number service right in local user's configuration.
One number service right in local user’s configuration.

This modification is applied to cloud MSS too.