Howto:Setup SIP Federation with innovaphone AG V9
Applies To
This information applies to innovaphone systems V9 and later.
More Information
Problem Details
With the innovaphone myPBX UC Client it is not only possible to communicate with the persons within your company, but also possible to use the unified communication features like presence etc. also with external companies.
Our company, innovaphone AG, provides an interface for the SIP federation with our partners and customers. this article describes how to setup your innovaphone PBX to be able to communicate with innovaphone AG using UC features.
Prerequisites
Make sure you have following:
- innovaphone PBX System with the recent V9 or V10 firmware
- licenses for myPBX
- access to your public DNS server, to be able to configure required DNS record
- access to the internet from the PBX or other innovaphone gateway
Configuration
PBX
System Name
The System Name of the PBX must be set according the DNS domain name used for federation. In case of innovaphone AG this is innovaphone.com.
The option Use as Domain must be active.
File:Setup SIP Federation with innovaphone AG PBX system name.png
Visibility
In order to give innovaphone AG the access to your presence and on-line status, the Access on the PBX User Object must be configured. This can be done for the complete domain @innovaphone.com or to a specific person bob@innovaphone.com.
File:Setup SIP Federation with innovaphone AG access.png
Gateway Object
Create a Gateway Object without number. Place the Long Name of this object to the Route Root-Node External Calls to filed of the PBX General configuration page:
File:Setup SIP Federation with innovaphone AG PBX external.png
In case this option already used to route calls to another PBX in a loop in scenario, make sure to route the calls first to the SIP interface configured for the federation, ant than to the 3rd Party PBX.
SIP Interface
The SIP interface is required to be able send and accept SIP calls and presence subscriptions to the federation partners. The mode of the SIP interface should be Open Federation.
This SIP interface must be reachable from the internet via TCP port 5061 and must be registered at the Gateway Object in the PBX used for federation.
Important: Make sure to enable Interworking(QSIG,SIP) on the routes from and to this interface.
You can use an additional innovaphone gateway to offload the SIP interface for federation from the PBX gateway and place it in the DMZ.
Depending on your network configuration (NAT, Firewall etc.) it is useful to enable Media-Relay on the SIP interface to be able to make voice calls.
DNS Entries
The SIP Federation mechanism relies on the DNS to resolve the domain name of the federation partner and find out the IP address to send the SIP messages.
Following DNS entries form you as federation partner are required:
- SRV record
_sips._tcp.yourcompany.exampleor_sipfederationtls._tcp.yourcompany.examplepointing to an IP address or host name of the innovaphone gateway that hosts the SIP interface for federation - in case SRV record points to a host name, the host name must be resolved to the IP address of the innovaphone gateway that hosts the SIP interface for federation
For example, following DNS entries are configured for federation with the innovaphone AG:
_sips._tcp.innovaphone.com IN SRV 5061 sip.innovaphone.com
sip.innovaphone.com IN A 145.253.157.4
Certificates
The innovaphone gateway, that hosts the SIP interface for federation must have a certificate with a CN that matches your domain name. You can use a self signed one, generated directly on the box.
If you try to federate with innovaphone AG for the first time, your certificate will be rejected, cause it will be not on our trust list.
To get on the trust list at our federation gateway, please contact presales and provide the domain name and the certificate data.
You have also to trust a certificate, provided by innovaphone:
Subject C=Germany, ST=BW, L=Sindelfingen, O=innovaphone AG, OU=Techserv, CN=innovaphone.com DNS=innovaphone.com DNS=sip.innovaphone.com IP=145.253.157.4 Issuer C=Germany, ST=BW, L=Sindelfingen, O=innovaphone AG, OU=Techserv, CN=innovaphone.com
Serial number FBA06716
Not before 22.08.2013 09:26:00 GMT
Not after 22.08.2023 09:26:00 GMT
CA yes
Path length 0
Key usage digital_signature key_encipherment key_cert_sign
Subject key ID 79:E8:1A:D0:4F:3E:3A:2E:13:DD:BB:9F:76:68:6B:00:2B:97:37:6C
Authority key ID 79:E8:1A:D0:4F:3E:3A:2E:13:DD:BB:9F:76:68:6B:00:2B:97:37:6C
--------
Type X.509 v3
Public key 1024-bit RSA
SHA1 27:E1:9A:19:A2:EC:E3:0E:9F:F6:96:75:49:90:AC:55:F5:36:3C:70
MD5 08:AB:5C:DE:D0:6E:90:E2:8E:81:00:F7:06:A2:41:18
Usage
To add somebody on your favourites list, go to the myPBX and place the e-mail address of the person into the search field. Then press on the star symbol.
File:Setup SIP Federation with innovaphone AG add buddy list.png
In case the federation was configured correctly and access rights are configured to be able to see presence and on-line status, the save button for an External URI will appear.
Troubleshooting
The best way to troubleshoot the SIP federation is to make an RPCAP Wireshark trace on the gateway with the SIP interface used for federation.
Check the trace for following:
- a DNS request and reply resolving the SRV record
- establishing of the TLS connection
- SIP subscribe and notify requests (visible only in the innovaphone log part if SIP tracing is enabled)