...
Each one is going to be detailed in the next paragraphs.
1.1.1.1 Create a new account, the
...
wizard way (
...
automatic activation)
The "plain wizard way" is a completely manual creation of the account. In this way you control any feature of the account, but you also need to configure the user's client manually. This way is the opposite of the automatic activation.
Warning |
---|
This is the way for creating valid accounts for the SNOM devices. |
the new method for creating accounts. It's made for easing the load on the service manager's shoulder, letting him/her focusing on the service configuration without having to bother about the installation and configuration of the client.
In the Account List page (
) you can see an empty list of accounts. To create a new Sip User you have to click on the New AccountAccount (Activation Wizard) button in the top of the page.You can create both PGSM ( Xref AnchorName sip users table Brand
brand | client |
---|
1.1.1.1.1 PGSM
Subtitle | ||||||
---|---|---|---|---|---|---|
| ||||||
The Create Account page will show a form with many fields. Mandatory ones are:
Username
Password/Repeat Password
Virtual Phone Number
Account Type
Security Model
Obfuscation Mode
Obfuscation Key
Keep-alive Enabled
Username/Password
Username field is automatically generated as a random numeric value and you are not required to change it. Type in a password and repeat it in the proper fields.
Warning |
---|
If you manually edit Username field, keep in mind that it MUST be unique, as Virtual Phone Number! |
Virtual Phone Number
...
| |
You'll see the "Edit Account page" with a precompiled, non-editable username as in
. Xref AnchorName new account by wizard
Please set a Virtual Phone Number and choose a Provisioning Profile.
Warning |
---|
If you do not insert the international prefix before the real phone number then you cannot use the automatic activation features |
If not differently configured, the default values for the Obfuscation are fine. The other fields are optional.
Note |
---|
In this mode the password is automatically chosen by the system and it's not editable |
Compile all necessary fields of the new account, select a Provisioning Profile and click on "Create". Now jump to paragraph 1.1.4 for activate the user.
Warning |
---|
In the "wizard way" the user's account are DISABLED until the automatic activation is performed! |
1.1.1.2 Create a new account, the plain way (manual configuration)
The "plain way" is a completely manual creation of the account. In this way you control any feature of the account, but you also need to configure the user's client manually. This way is the opposite of the automatic activation.
Warning |
---|
This is the way for creating valid accounts for the SNOM devices. |
In the Account List page (
) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account button in the top of the page. Xref AnchorName sip users table
You can create both PGSM (
) or SNOM accounts and they do differ a while. Brand brand client
1.
...
Warning |
---|
Mobile phone numbers must be formatted with international prefix and + sign, before the real phone number, eg: +391234567890. If you do not use international format, it will not be possible to use automatic activation features. |
Automatic Activation is not meant for SNOM devices. You need a
Brand | ||
---|---|---|
|
Note |
---|
It's still possible to perform an Automatic Activation or to send the installation URL on iPads or devices without phone features using the Provisioning Messages. |
Account Type
To configure a
account select "PGSM" by the drop down menu in "Account Type".Brand brand client To configure a SNOM account select "SNOM" by the drop down menu in "Account Type".
Obfuscation Mode
The Obfuscation mode is a simple but quite efficient trick to let the VoIP pass without being recognized by network equipment intended to block or censor VoIP traffic.
It's not known to be a perfect mask and it aims not to be one, still it works fine up to now and our suggestion is to keep it enabled as by default,
Obfuscation Key
The key used by the obfuscator can be an arbitrary one, still "9" is the default value. It doesn't matter which number you put in here as long as it is the very same one you set up on the client side.
Warning |
---|
If the Obfuscation Key value is not the same on both client's account and server's one, then the call won't be placed properly and it might end suddenly voiceless. |
Xrefanchor | ||
---|---|---|
| ||
Keep-alive Enabled |
In order to receive secure phone calls,
client must set up an always-on connection to Brand brand client
. Each client sends a "keep alive" request to the server it is connected to, in order to keep up the socket. This is necessary as the TCP socket has an idle timeout after which the socket is closed. Some aggressive network equipment can shorten the standard timeout, less than 10 minutes. This behavior is particularly critical with IOS devices. Brand brand server
In order to avoid the socket break caused by such aggressive network equipment, you can enable a server side "keep alive" request. In this way you can be sure that the socket and thus the connection would remain up and stable under every circumstances.
Note |
---|
The downside of this option is that there will be some more traffic on the socket (each passage of the request is 1.8 KiloByte, thus you can count almost 3.6 KB of traffic) |
Warning | ||
---|---|---|
| ||
This option can afflict the battery life since more traffic means more radio transmission and on same devices the radio wouldn't have a proper timeout for going idle. |
The actual default value for the keep-alive interval is 60 seconds. You can configure the general keep-alive timeout in the NAT configuration form. Please read PSAM 2.4 Asterisk advanced configurations to get informations about it.
Warning | ||||
---|---|---|---|---|
| ||||
All the |
Virtual Phone Number (secondary)
This field is optional and rarely used, still it can prove itself quite useful if you need the account to be reachable by two different phone numbers on the same device. The secondary virtual number can't substitute the primary one, meaning that this field alone won't be accepted as a valid phone number. You still need to configure the primary phone number if you intend to make use of the secondary one.
Info | ||||
---|---|---|---|---|
Some example for using the secondary phone number are this scenarios:
|
1.1.1.1.2 SNOM
In the Account List page (
) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account button in the top of the page. Xref AnchorName sip users table
Subtitle | ||||||
---|---|---|---|---|---|---|
| ||||||
There are some few but still important differences between the
and the Xref AnchorName account creation form SNOM
: security model, obfuscation Mode and Obfuscation Key fields are gone and instead you can read Deny and Permit. Due to the type of hardware underlying the SNOM account, we do assume that the hardware would be wired connected on a desktop. Also no obfuscation is possible because the device doesn't allow it. Instead the wired channel can provide us an easy to go access list, based on the LAN IP addresses. We can create both one White-List and one Black-List in order to bind the user's access to one specific device which can be identified by the LAN IP address. The different option shown are: Xref AnchorName account creation form
- Deny
- Permit
Deny
Deny represent the blacklist based on the IP address and the net mask we want to deny when associated to the current user. You have to write this in the form: <ipaddress>/<network mask>
Examples:
- 192.168.0.38/255.255.255.255 : Denies traffic from this IP address
- 0.0.0.0/0.0.0.0 : Denies every address
Permit
Permit is the exact opposite of the Deny option. It represent the whitelist based on the IP address and the net mask we want to have access. You have to write this in the form: <ipaddress>/<network mask>
Example:
- 192.168.0.38/255.255.255.0 : Allows traffic from this Network
Tip | ||
---|---|---|
| ||
You may have multiple rules for masking traffic. Combining together the Deny and the Permit option let you have a fine grain rule of access for any single user's account. Please keep in mind that the access rules are processed from the first to the last, meaning that the Deny will be used first and then will be analysed the Permit one. So: Deny: 0.0.0.0/0.0.0.0 Permit: 216.27.242.66/255.255.255.255 Deny every address except for the only one allowed. |
1.1.1.1.3 Actually create the Account
After you filled in the form (either the PGSM or the SNOM one), please click on the Create icon at the page's bottom.
Subtitle | ||||||
---|---|---|---|---|---|---|
| ||||||
Tip |
---|
An information line advice the operation just performed. |
You'll get back the Account List page and the table shows now your new user (
). Xref AnchorName new sip account
Note |
---|
Using this way makes the account enabled by default. |
To use the automatic activation even in the plain way go reading the 1.1.4 Automatic Activation.
1.1.1.2 Create a new account, the wizard way (automatic activation)
The "wizard way" is the new method for creating accounts. It's made for easing the load on the service manager's shoulder, letting him/her focusing on the service configuration without having to bother about the installation and configuration of the client.
In the Account List page (
) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account (Activation Wizard) button in the top of the page. Xref AnchorName sip users table
Subtitle | ||||||
---|---|---|---|---|---|---|
| ||||||
You'll see the "Edit Account page" with a precompiled, non-editable username as in
. Xref AnchorName new account by wizard
Please set a Virtual Phone Number and choose a Provisioning Profile.
Warning |
---|
If you do not insert the international prefix before the real phone number then you cannot use the automatic activation features |
If not differently configured, the default values for the Obfuscation are fine. The other fields are optional.
Note |
---|
In this mode the password is automatically chosen by the system and it's not editable |
Compile all necessary fields of the new account, select a Provisioning Profile and click on "Create". Now jump to paragraph 1.1.4 for activate the user.
...
1.1.2.1 PGSM
Subtitle | ||||||
---|---|---|---|---|---|---|
| ||||||
The Create Account page will show a form with many fields. Mandatory ones are:
Username
Password/Repeat Password
Virtual Phone Number
Account Type
Security Model
Obfuscation Mode
Obfuscation Key
Keep-alive Enabled
Username/Password
Username field is automatically generated as a random numeric value and you are not required to change it. Type in a password and repeat it in the proper fields.
Warning |
---|
If you manually edit Username field, keep in mind that it MUST be unique, as Virtual Phone Number! |
Virtual Phone Number
Set a Virtual Phone number as a numeric value of your choice. Please consider that the Virtual Phone Number is the number to be dialed to call the Account (and also the number shown as the caller, when the Account dials a call). We suggest a three character number such as "111" or "123" for SNOM devices and actual mobile phone number for
Brand | ||
---|---|---|
|
Warning |
---|
Mobile phone numbers must be formatted with international prefix and + sign, before the real phone number, eg: +391234567890. If you do not use international format, it will not be possible to use automatic activation features. |
Automatic Activation is not meant for SNOM devices. You need a
Brand | ||
---|---|---|
|
Note |
---|
It's still possible to perform an Automatic Activation or to send the installation URL on iPads or devices without phone features using the Provisioning Messages. |
Account Type
To configure a
account select "PGSM" by the drop down menu in "Account Type".Brand brand client To configure a SNOM account select "SNOM" by the drop down menu in "Account Type".
Obfuscation Mode
The Obfuscation mode is a simple but quite efficient trick to let the VoIP pass without being recognized by network equipment intended to block or censor VoIP traffic.
It's not known to be a perfect mask and it aims not to be one, still it works fine up to now and our suggestion is to keep it enabled as by default,
Obfuscation Key
The key used by the obfuscator can be an arbitrary one, still "9" is the default value. It doesn't matter which number you put in here as long as it is the very same one you set up on the client side.
Warning |
---|
If the Obfuscation Key value is not the same on both client's account and server's one, then the call won't be placed properly and it might end suddenly voiceless. |
Xrefanchor | ||
---|---|---|
| ||
Keep-alive Enabled |
In order to receive secure phone calls,
client must set up an always-on connection to Brand brand client
. Each client sends a "keep alive" request to the server it is connected to, in order to keep up the socket. This is necessary as the TCP socket has an idle timeout after which the socket is closed. Some aggressive network equipment can shorten the standard timeout, less than 10 minutes. This behavior is particularly critical with IOS devices. Brand brand server
In order to avoid the socket break caused by such aggressive network equipment, you can enable a server side "keep alive" request. In this way you can be sure that the socket and thus the connection would remain up and stable under every circumstances.
Note |
---|
The downside of this option is that there will be some more traffic on the socket (each passage of the request is 1.8 KiloByte, thus you can count almost 3.6 KB of traffic) |
Warning | ||
---|---|---|
| ||
This option can afflict the battery life since more traffic means more radio transmission and on same devices the radio wouldn't have a proper timeout for going idle. |
The actual default value for the keep-alive interval is 60 seconds. You can configure the general keep-alive timeout in the NAT configuration form. Please read PSAM 2.4 Asterisk advanced configurations to get informations about it.
Warning | ||||
---|---|---|---|---|
| ||||
All the |
Virtual Phone Number (secondary)
This field is optional and rarely used, still it can prove itself quite useful if you need the account to be reachable by two different phone numbers on the same device. The secondary virtual number can't substitute the primary one, meaning that this field alone won't be accepted as a valid phone number. You still need to configure the primary phone number if you intend to make use of the secondary one.
Info | ||||
---|---|---|---|---|
Some example for using the secondary phone number are this scenarios:
|
1.1.1.2.2 SNOM
In the Account List page (
) you can see an empty list of accounts. To create a new Sip User you have to click on the New Account button in the top of the page. Xref AnchorName sip users table
Subtitle | ||||||
---|---|---|---|---|---|---|
| ||||||
There are some few but still important differences between the
and the Xref AnchorName account creation form SNOM
: security model, obfuscation Mode and Obfuscation Key fields are gone and instead you can read Deny and Permit. Due to the type of hardware underlying the SNOM account, we do assume that the hardware would be wired connected on a desktop. Also no obfuscation is possible because the device doesn't allow it. Instead the wired channel can provide us an easy to go access list, based on the LAN IP addresses. We can create both one White-List and one Black-List in order to bind the user's access to one specific device which can be identified by the LAN IP address. The different option shown are: Xref AnchorName account creation form
- Deny
- Permit
Deny
Deny represent the blacklist based on the IP address and the net mask we want to deny when associated to the current user. You have to write this in the form: <ipaddress>/<network mask>
Examples:
- 192.168.0.38/255.255.255.255 : Denies traffic from this IP address
- 0.0.0.0/0.0.0.0 : Denies every address
Permit
Permit is the exact opposite of the Deny option. It represent the whitelist based on the IP address and the net mask we want to have access. You have to write this in the form: <ipaddress>/<network mask>
Example:
- 192.168.0.38/255.255.255.0 : Allows traffic from this Network
Tip | ||
---|---|---|
| ||
You may have multiple rules for masking traffic. Combining together the Deny and the Permit option let you have a fine grain rule of access for any single user's account. Please keep in mind that the access rules are processed from the first to the last, meaning that the Deny will be used first and then will be analysed the Permit one. So: Deny: 0.0.0.0/0.0.0.0 Permit: 216.27.242.66/255.255.255.255 Deny every address except for the only one allowed. |
1.1.1.2.3 Actually create the Account
After you filled in the form (either the PGSM or the SNOM one), please click on the Create icon at the page's bottom.
Subtitle | ||||||
---|---|---|---|---|---|---|
| ||||||
Tip |
---|
An information line advice the operation just performed. |
You'll get back the Account List page and the table shows now your new user (
). Xref AnchorName new sip account
Note |
---|
Using this way makes the account enabled by default. |
To use the automatic activation even in the plain way go reading the 1.1.4 Automatic Activation.
1.1.1.3 Create a new account, the batch way
The "batch way" is an account creation mode designed specifically for large number of users to be created quickly.
...