mattscott.org Matt’s Blog

4Oct/090

AT&T Uverse vs. Aastra 55i

Several months ago we switched from AT&T DSL to AT&T Uverse at my home. It offered "cable" TV and quick Internet for a price that worked or us. Uverse also offers its own VoIP service but we declined that part of the service in favor of using a 3CX remote extension using a Sipura SPA3000 that I bought a few years back.In my experience so far, Uverse is not a Voip-friendly provider unless you use their service. For one, you are stuck with their gateway box. Yes, you can use the "DMZPlus" mode to add your own firewall into the mix but it's far from perfect. I did manage to get my SPA3000 to work. The Aastra 5xi series of phones doesn't have as many NAT traversal options however so it wasn't quite as easy.

First I went to the Global SIP screen and set things up in the usual way so that the phone had the information needed to register to the PBX, etc.

This would work great if the phone could route directly to the PBX and back again but with Network Address Translation occurring on my end throws a monkey wrench into the works when it comes to SIP and RTP.

So next I looked on the Network settings. This is where all of the NAT options live. With typical cable or DSL service, I'd just set a STUN server, maybe check the Rport box and go. In the case of the Uverse 2Wire Residential Gateway, however no combination of these options that I tried worked.

So in the end it seemed necessary to take a look at the available settings on the 2Wire device and see what my options were. There weren't many.

I ended up explicitly allowing the UDP ports that the phone uses. On the Uverse gateway. Here are the steps:

First I went to the Firewall tab and then Firewall Settings. I selected the phone from the Computer drop down and selected "Allow individual application(s)" like so.

Next, I clicked Add a new user-defined application and created a user-defined app as below.

The phone sends and receives RTP traffic on ports beginning with UDP 3000. I opened up ten ports allowing for five simultaneous calls. This seemed like more than enough for my purposes.

When I was done I clicked "Add Definition" and then the new user-defined app was ready to go. I Selected it on the following page, clicked Add, and then Done. After that the phone worked great.

What I did find odd is that I didn't need to define a stun server on this phone to get it to work in this situation. The 2Wire residential gateway must do some sort of manipulation of SIP packets because from what I could tell all of the fields looked correct with the appropriate public IPs in the right places.

It's unfortunate that the phone couldn't be made to work without making changes to the firewall. But something with the way that the 2Wire handles RTP seems to make it necessary.

Enjoy!

Matt

28May/081

Automatic Proxy Detection/wpad.dat

I recently had the opportunity to setup Automatic Proxy Detection for a customer. I'd never taken the time to figure it out before. It worked in both IE and Firefox and was kinda neat.

It turns out that when you start your web browser and you have automatic proxy detection enabled it attempts to find a file at the URL http://wpad.yourdomain.tld/wpad.dat. In my case it would try for http://wpad.mattscott.org/wpad.dat. If that file is found it runs the javascript in it and sets the proxy settings to however they are defined in the wpad.dat file. Here's what we did. I'm using example.com as my domain to protect the guilty.

Create a DNS Record

We created a CNAME for wpad.example.com that pointed to a web server. In this case a Microsoft Small Business Server 2003 running IIS. An A record would work okay too but given the fact that this will probably never be a server's primary name record a CNAME made sense to me.

Create wpad.dat

Now you need to create your wpad.dat file. We found several examples on the web. Here's an example. Google can help you find more:

function FindProxyForURL(url, host)

{

if (shExpMatch( host, "192.168.1.*" )

|| shExpMatch( host, "127.*" )

|| shExpMatch( host, "localhost" )

|| shExpMatch( host, "*.example.com" )

|| isPlainHostName( host )

|| dnsDomainIs( host, ".example.com" )) {

return "DIRECT";

}

return "PROXY proxy.example.org:8080;";

}
The first section inside the if block tells the browser to connect to the destination server directly if one of those conditions are met. You'd normally do this to bypass your proxy for a host on the local LAN. The second section is where you define the proxy for use with everything else. It's just a javascript function so you could probably go pretty crazy with the thing if you wanted to.

Once you've created your file copy it to the root of your web server. One thing that we noticed was that IIS wouldn't server the file initially because it didn't have a mime type for a .dat file. So we added a mime type of application/x-ns-proxy-autoconf for .dat files and we were good to go.

Create a DHCP Scope Option

The last thing we did was create an option in our DHCP scope to define where your wpad.dat file is. I don't believe his isn't strictly necessary since a machine should generally attempt to connect to a host called wpad in its own domain. I see it as a good idea though because you might run into issues if you ever have guest machines on your network or if you are using some sort of split DNS tunneling over a VPN client or something like that. It was a recommended step so we did it in DHCP on a Windows Small Business Server 2003.

Create an Option 252 Entry in DHCP

To create an Option 252 entry in DHCP, do the following.

1.

Click Start, point to Programs, point to Administrative Tools, and then click DHCP.

2.

In the console tree, right-click the applicable DHCP server, click Set Predefined Options, and then click Add.

3.

In Name, type WPAD.

4.

In Code, type 252.

5.

In Data type, select String, and then click OK.

6.

In String, type http://Computer_Name:Port/wpad.dat where:

Computer_Name is the fully qualified domain name of the web server computer.

Port is the port number on which automatic discovery

\information is published. You can specify any port number. By default it uses port 80.

7.

To add the option to the scope right-click Scope options,under the scope you want to add it to and then click Configure options.

8.

Confirm that the Option 252 check box is selected.

Unless I left something out, that about does it. All you should have to do is to check the Automatic Proxy Detection box in your browser and you should be good to go. In Internet Explorer you can sort of push this setting down via GPO. Of course it's one of those whacked out policies that users can mess with if they know how. In Firefox I am not aware of a way to automate this but I'm sure somebody's written something.

Enjoy!