eir Fibre to the Home and SIP Inbound calls…

Posted on November 26, 2019 by Liam

So frustratingly, I haven’t posted in waay too long here, but been busy with work ‘n stuff!

This year (in January) I was lucky enough to upgrade my traditional DSL @ 30Mbps to FTTH (Fiber to the Home) @ 300Mbps, and it’s crazy fast! I love it (I cannot say this enough! I love it to bits!!) It makes working at home such a pleasure. However one frustrating thing about the solution is that they migrate away from your traditional copper telephone line, to a SIP trunk across the fiber.

Now, I don’t play well with provider supplied modems, and the Huawei modem supplied, while it would work, doesn’t give me any control over content available at my house (i.e. protect my kids online activities, keeping their eyes away from things they should never see at their ages!)

I played with the idea of dragging an old Cisco ATA out of storage and loading the SIP image to it and fudging it until it worked (Cisco ATA’s were a b*tch to configure even back in the day when i was working with VoIP), so i had a brain fart – why not put the supplied Huawei modem behind my own firewall of choice – Sophos XG.

While this kindof worked – for the first few minutes all was well, until i discovered that inbound calls started failing – it seems the SIP registration was going stale, and inbound SIP calls disappeared into the ether. They wouldn’t work until you kicked an outgoing call off to re-register, open whatever ports on the firewall etc, until they closed again, and nobody would ring you!

This is where things got desperate – eir in all their wisdom, don’t use standard SIP ports, so unfortunately Sophos XG’s SIP awareness was kicked into blindness. And it’s SIP awareness is not configurable. D’oh, why oh why eir, why oh why!

OK, so after some digging, (there’s not much out there in googleland, other than a few helpful pointers on Reddit and boards.ie) and some tcpdumps to see what was going on on my firewall, it seems that i needed to create some inbound NAT translations to the external IP (the WAN address) of my supplied Huawei router. Here’s what i did.

  1. Give the WAN address a static IP, maintaining the eir DNS servers (otherwise nothing works!) – also remember to disable the VLAN ID, as this is only required when connected directly to the FTTH box installed at your home.
  2. DNS Servers for eir are: 159.134.0.1 and 159.134.0.2
  3. Configure gateway etc as you require at your house.
  4. In Sophos XG, create a new firewall ‘business application rule’ using the template ‘DNAT/Full Nat/Load Balancing’
  5. Name it to your demanding standard naming convention – i chose ‘Allow SIP from eir to Internal’ – imaginative i know! Create this rule at the top of your ruleset.
  6. Source: WAN; Allowed Client Networks: Any
  7. Destination host/network: Select your Wan Port; Services: Eir_Sip (Detail below – create your own custom service)
  8. Forward To Protected Server(s): Create a host entry with your Huawei Wan address (you configured a static IP for this earlier in step 1); Protected Zone: LAN
  9. Leave all else as default, you can choose to enable logging for this rule if required. Save!!.

Services Custom Definition:

I created a custom definition for the service, it’s created as follows:

Name: Eir_SIP

Type: TCP/UDP

Protocol        Source Port       Destination Port

TCP                1:65535              6050

UDP                1:65535              6050

TCP                1:65535              10000:10100

UDP                1:65535              1000:10100

 

Credit for this goes to boards.ie user cnocbui at this post:

https://www.boards.ie/vbulletin/showpost.php?p=110875525&postcount=9622

So far, so good. It’ s been reliable for the last 24 hours and anyone can ring me now 🙂 Though they probably won’t, they have my mobile number anyway !!

Hope this post helps anyone out there, let me know if it has!
Liam.

Posted in FTTH | 4 Comments

Dell Clearpass Upgrade process

Posted on March 7, 2016 by Liam

I recently had the pleasure (?) of upgrading a couple of Dell clearpass CP-5K-HW appliances in my network wireless lab, and i came across a few anomalies.

The version 6.2.2 which came out of the box on the hardware refused regardless of any coaxing on the system to download any update list from the clearpass.dell-pcw.com website.

I bit the bullet, and downloaded the 6.2 update 6 patch (~560 MB) and manually imported this to the system, followed by installig the patch.

Low and behold, once the system had come back up, it was able to refresh the updates and patches list so i could directly install from the software updates menu.

Just thought i’d share 🙂

Hope this has been useful for someone.

Posted in Uncategorized | Leave a comment

Do you run a network at home? How do you know what’s going on in it?

Posted on June 19, 2014 by admin

For a long time I’ve had multiple devices running on my network – e.g. a couple of switches, a firewall, wlan controller and a number of machines / laptops / toys!

I recently had something of a bandwidth hog, that was uploading 5-6GB of data daily, and I couldn’t figure it out.

My firewall is an open source highly adept and flexible solution from PFSense. Running freebsd as it’s underlying OS, there’s nothing I’ve thrown at it that it hasn’t been able to handle.

From dual wan links to content filtering, it’s all there as an option. However one feature I’ve been frustrated at is reporting on bandwidth usage – just what is eating away at my bandwidth. I found a ‘pflowd’ plugin for pfsense, which is essentially a netflow plugin, allowing the pfsense firewall to output flows to a netflow server.

But what to output to? There’s a lot of ‘free netflow’ receiver software out there (solarwinds etc) but one I found fits the bill very nicely. Paessler offers a free 10 sensor license for it’s PRTG network management suite. I’ve used this to great success, and it shows me my netflow from PFSense in a clear and concise way, just what i was looking for. As a bonus, you also get status alerts for interfaces and more!

I’d suggest if you’re like me (a bit of a geek / nerd) that you check it out. I highly recommend it!

www.paessler.com

 

Posted in Uncategorized | Leave a comment

New Job!

Posted on June 19, 2014 by admin

Long time no chat.

Since my last post almost three years ago (where does time fly) I have been very busy in my role in Dell. However just over a month ago, I was successful in my application for a promotion.

I’m now a Design Engineer for Dell, architecting (is that a word?) new solutions for the corporate networks within Dell worldwide.

It’s an exciting opportunity, and I’m exhausted already!!

Posted in Uncategorized | Leave a comment

New job!

Posted on August 6, 2011 by admin

It’s been a while since I’ve been blogging, but most of that is because I have been busy in my new Job working in Dublin for Dell Computers as a senior network advisor for the EMEA Network Backbone Engineering team!
So far I’ve been enjoying the challenge!

Liam

Posted in Uncategorized | Leave a comment

Renault Megane II Electric Window Headaches

Posted on August 6, 2011 by admin

Okay, it’s not quite networking, but let’s get distracted for a bit!

So my wife has an ’05 renault megane, and I have had the headache of trying to keep up with the regular failing of the windows due to the complete lack of waterproofing by Renault, and crap electrics!

I had tried the only solution (besides paying up to €300 for a new unit) that was available on the internet (that I could find), and it was a pretty valid one, and did work. That was to open the individual window control units and replace a capacitor on the circuit board which would get water damaged by the water ingress. So this does work, is a lot of effort, and doesn’t last long as the water still damages the circuits after you put it all back together.

So I sat down with an electronic engineer buddy of mine and discussed the problem, and we felt the control unit could be replaced with something simple and cheap.

And we were right!!

He came up with a very simple design that uses two 40A automotive relays to control the window motor, removing the control unit altogether!

I have now replaced two of the control units to the motors in the car, and so far so good. The windows go up, and they go down. WooHoo!

The only downside is that we’ve lost some features of the windows, like the one-click open/close function, and the safety feature that prevents getting your hand or head stuck in the window (it used to stop automatically when there was resistance to the window closing). Also because the buttons on the doors have a ‘two-step’ function, only the first step works now.

But it works!

So here you all go folks, here’s the circuit diagram for your perusal.

Enjoy! Oh, and if you like it, then leave a message!

Liam

Megane Window Control Unit Circuit Diagram

Posted in Renault Megane Electric Windows | Leave a comment

Reading Microsoft IAS (Radius) Log files

Posted on January 12, 2011 by Liam

I’ve battled long and hard with Microsoft IAS log files and coming from a Cisco perspective, they’re simply unreadable compared to Cisco’s ACS Server logs. This makes debugging login problems with e.g. Wireless LAN 802.1x authentication almost impossible.

However I came across a useful utility available from Microsoft’s Technet site called ‘Iasparse’ which will take the comma-seperated logs and present them as something readable. To that end I created a simple wrapper that would make reading in log files and outputting the results somewhat easier, and so here it is!

You are free to take it and modify it, all I ask is that you send me a copy of your alterations,  and that you don’t remove my name from the header!

To run the wrapper, simply create two folders, e.g. c:\iasparse for the executables, wrapper and raw log file, and an output folder, e.g. c:\logdump for the formatted logs. Then all you need to do is run the wrapper, and follow the on-screen instructions.

Enjoy,

Liam

IASParse

Posted in AAA Authentication | Leave a comment

Asterisk and Chan-SCCP Installation

Posted on November 25, 2010 by Liam

I’ve worked a little on Asterisk and have a bit of interest on getting Chan-SCCP working so a Cisco 79XX series IP phone will run natively with it as a very cost affective VoIP Pbx.

I’ve put together a small howto on the initial configuration steps that are recommended (primarily for myself so I don’t have to re-learn it the next time I build one!) for both security and the inclusion (compiling) of the current release of Chan-SCCP (which is at V3-RC3 as I write).

Attached is the Howto and some sample configuration files for Asterisk.

Asterisk Trixbox Initial Configuation, Security and Chan_SCCP

sccp samples

Posted in Asterisk VoIP | Leave a comment

Hello world!

Posted on November 24, 2010 by admin

Welcome to my new Blogs webpage.

I am a network engineer, based in Dublin, Ireland. I work for the national telecommunications company eircom in the corporate markets area, specialising in Cisco and Nortel Networking, both Voice and Data and a lot of Wireless LAN’s thrown in for good measure.

I will be posting various howto’s etc on this blog page as I write them or useful links to various wonderful websites that help me day to day.

Thanks for looking!

Liam.

Posted in Uncategorized | Leave a comment