CircleNet would like to introduce ourselves to the Obi world

[Sam_from_CircleNet]

Sorry we can't port in numbers we are an outbound only service.

I don't have any affiliation or agreement with them at all but I personally recommend future-nine for your inbound service. I've heard good things from some of my customers that are also there customers and they seem very honest and straight forward with their pricing.

Sam

[rawsis]

I'm finally registered.  Need to write out all the needed info so I don't forget how it did it. 

I just registered with Callcentric for incoming calls.  If this doesn't work out, I'll check futurenine. 

[ToddAllen]

After 1st setting up my Obi100 to use CircleNet and CallCentric, I wanted more flexibility and installed FreeSWITCH on a Linux box I leave on as a home file server.  I switched the Obi to register via SIP with the new FreeSWITCH PBX which handles the connections to CircleNet and CallCentric.

Each time I place an outbound call via CircleNet I start receiving a lot of suspicious looking traffic to a great variety of ports: 22, 23, 1900, 5000, ... and on and on from a great variety of IP addresses from all over the world although a good percentage are from China Telecom, Guangdong.  It starts as a flood and subsides to a trickle but continues on for many hours.  My router is configure to drop all this traffic and log it.  I use port forwards with remapping and only have two ports open for sip 5060 & 5080 internal both remapped to much higher external port numbers.  I have a cable modem with a dynamic IP and if I change my router's WAN MAC address and reboot I get a new IP address and the crazy inbound traffic stops.  Until I place another phone call.

In addition to this suspicious traffic it also looks like I'm dropping what might be desirable traffic from IPs that are registered to CircleNet because it is on a different port number from the one I've sent on.  Most of the time my outbound calls are handled correctly, though there have been times when audio only works in one direction and sometimes my calls are dropped usually around 90 seconds.  I don't know what is causing all of the undesirable inbound traffic and I'm wary to open up any additional ports until I have a clearer understanding of what is going on.  I've tried monitoring all traffic in/out of my router, both successful and dropped and I don't think my router or server has been compromised/virused and am guessing the problem is my unencrypted communications to/from CircleNet are somehow being snooped on by hackers and it triggers some sort of automated probing looking for ways to gain access to the computer running my PBX.

The FreeSWITCH documentation covers a variety of encryption option such as TLS, ZRTP, SSL, SRTP, etc. and I'm guessing I should enable one or more of these and that might stop the deluge of unwanted inbound traffic after each phone call.  However, I don't see any documentation on the CircleNet website regarding encryption so I'm not sure what if any of these encryption options they will support.  I'm fairly new to all of this, so any suggestions of how I should configure FreeSWITCH and my router to minimize trouble would be much appreciated.

[voiper1]

After 1st setting up my Obi100 to use CircleNet and CallCentric, I wanted more flexibility and installed FreeSWITCH on a Linux box I leave on as a home file server.  I switched the Obi to register via SIP with the new FreeSWITCH PBX which handles the connections to CircleNet and CallCentric.

Each time I place an outbound call via CircleNet I start receiving a lot of suspicious looking traffic to a great variety of ports: 22, 23, 1900, 5000, ... and on and on from a great variety of IP addresses from all over the world although a good percentage are from China Telecom, Guangdong.  It starts as a flood and subsides to a trickle but continues on for many hours.  My router is configure to drop all this traffic and log it.  I use port forwards with remapping and only have two ports open for sip 5060 & 5080 internal both remapped to much higher external port numbers.  I have a cable modem with a dynamic IP and if I change my router's WAN MAC address and reboot I get a new IP address and the crazy inbound traffic stops.  Until I place another phone call.

In addition to this suspicious traffic it also looks like I'm dropping what might be desirable traffic from IPs that are registered to CircleNet because it is on a different port number from the one I've sent on.  Most of the time my outbound calls are handled correctly, though there have been times when audio only works in one direction and sometimes my calls are dropped usually around 90 seconds.  I don't know what is causing all of the undesirable inbound traffic and I'm wary to open up any additional ports until I have a clearer understanding of what is going on.  I've tried monitoring all traffic in/out of my router, both successful and dropped and I don't think my router or server has been compromised/virused and am guessing the problem is my unencrypted communications to/from CircleNet are somehow being snooped on by hackers and it triggers some sort of automated probing looking for ways to gain access to the computer running my PBX.

The FreeSWITCH documentation covers a variety of encryption option such as TLS, ZRTP, SSL, SRTP, etc. and I'm guessing I should enable one or more of these and that might stop the deluge of unwanted inbound traffic after each phone call.  However, I don't see any documentation on the CircleNet website regarding encryption so I'm not sure what if any of these encryption options they will support.  I'm fairly new to all of this, so any suggestions of how I should configure FreeSWITCH and my router to minimize trouble would be much appreciated.

Hi, you may want to try emailing CircleNet directly.  Your post looks more like a FreeSwitch ad.  I am sure if Sam can help he will, but really this looks out of place in this thread.  So far CircleNet works fine for most people.

Cheers... 

[swg0101]

After 1st setting up my Obi100 to use CircleNet and CallCentric, I wanted more flexibility and installed FreeSWITCH on a Linux box I leave on as a home file server.  I switched the Obi to register via SIP with the new FreeSWITCH PBX which handles the connections to CircleNet and CallCentric.

Each time I place an outbound call via CircleNet I start receiving a lot of suspicious looking traffic to a great variety of ports: 22, 23, 1900, 5000, ... and on and on from a great variety of IP addresses from all over the world although a good percentage are from China Telecom, Guangdong.  It starts as a flood and subsides to a trickle but continues on for many hours.  My router is configure to drop all this traffic and log it.  I use port forwards with remapping and only have two ports open for sip 5060 & 5080 internal both remapped to much higher external port numbers.  I have a cable modem with a dynamic IP and if I change my router's WAN MAC address and reboot I get a new IP address and the crazy inbound traffic stops.  Until I place another phone call.

In addition to this suspicious traffic it also looks like I'm dropping what might be desirable traffic from IPs that are registered to CircleNet because it is on a different port number from the one I've sent on.  Most of the time my outbound calls are handled correctly, though there have been times when audio only works in one direction and sometimes my calls are dropped usually around 90 seconds.  I don't know what is causing all of the undesirable inbound traffic and I'm wary to open up any additional ports until I have a clearer understanding of what is going on.  I've tried monitoring all traffic in/out of my router, both successful and dropped and I don't think my router or server has been compromised/virused and am guessing the problem is my unencrypted communications to/from CircleNet are somehow being snooped on by hackers and it triggers some sort of automated probing looking for ways to gain access to the computer running my PBX.

The FreeSWITCH documentation covers a variety of encryption option such as TLS, ZRTP, SSL, SRTP, etc. and I'm guessing I should enable one or more of these and that might stop the deluge of unwanted inbound traffic after each phone call.  However, I don't see any documentation on the CircleNet website regarding encryption so I'm not sure what if any of these encryption options they will support.  I'm fairly new to all of this, so any suggestions of how I should configure FreeSWITCH and my router to minimize trouble would be much appreciated.

Calls dropped after 90 seconds usually means that pings going back to your device has timed out, and therefore your calls are terminated for non-response. You should make sure that your external SIP and RTP IPs are set correctly, and since you are using NAT for your Freeswitch, I suggest you look here:
https://wiki.freeswitch.org/wiki/NAT_Traversal
and under the "FreeSWITCH behind NAT" section for instructions on how to setup STUN.

Traffic to ports you mentioned are quite common, and I would consider them "background noise." Anytime you are on the Internet directly connected to the modem, you should expect to see some of these "scanner type traffic" to your device. These are harmless and I wouldn't consider them an attack unless you are not adequately protected (or if they saturate your link).

As far as encryption goes, I don't really see many providers actually supporting these. Some providers would allow you to tunnel into their network(s) via OpenVPN, although I don't think CircleNet offers this at the moment.

[Sam_from_CircleNet]

Good Morning ToddAllen,
We proxy all of the audio through our servers so the only traffic that you should see from circlenet should be comming from our sip server in Atlanta or Fremont CA. None of the traffic you are seeing from China Telecom is from us. We don't pass your IP address to any of our upstream carriers either so I can't see any way anyone outside of our network would see you?

Please open a ticket on this one and if possible send a screenshot of the router output to support@circlenet.us or even better a wireshark pcap if you can. I'm wondering if it is possible with your FW config that the listening port isn't open until after the first call is placed and your just not seeing the constant background scanning?

On the second issue the 90 second disconnect/audio issues, please open a ticket on these and if possible give us a specific called number and time when the problem occurred and we'll look into it and see if we can help.


As to encryption we don't do any kind of encryption outside of our network for the audio channels currently. If you are looking to encrypt your traffic between you and the provider I suggest callwithus, they have a VPN service that I think will do what your looking for.
Sam

[ToddAllen]

Thanks, I opened a ticket regarding the dropped calls and will work on putting together the info for a 2nd ticket regarding the inbound IP traffic I'm concerned about.  Is support@circlenet.us an email address?  Would you prefer I cut and paste samples from a router log directly into the ticket or should I email a log file?  I want to do wireshark captures but it will take some time as I don't currently have wireshark installed and the last time I used it I remember it was non-trivial to get working and that was just to monitor LAN traffic.  This time I'll need to catch the traffic being dropped by the router's WAN interface and I'll have to look into how to do that.

I think you are right about some of the traffic being background noise, especially after it slows to a trickle.  Perhaps that would start up on its own if I force a new IP and waited a sufficient amount of time without placing a call, but I haven't specifically tried that yet and only started vigilantly monitoring router traffic after installing the PBX software and encountering difficulties.  But the traffic immediately after a call is more concerning as there can be a lot of it and some of it is from IPs registered to CircleNet and I don't understand why CircleNet's traffic would be on the various ports I'm seeing.

As for the comment from voiper1 suggesting my post might be an inappropriate attempt to promote FreeSWITCH, I only brought it up as I made a few calls ok when I used the Obi100 directly to CircleNet but after making the Obi100 an extension on the PBX I encountered the issues described.  There's little reason to promote FreeSWITCH as it is a free open source project.  I previously tried SipWitch which didn't seem to have the features I wanted or much documentation and Asterisk for which I failed to find sufficient noob friendly configuration guidance and couldn't get working properly.  It would have been easier if I had just upgraded to a more expensive Obi with more trunks though long term the free software solution has advantages.  And I chose to bring it up here as I wasn't sure it was an appropriate issue for CircleNet's ticket system, I had already been communicating through this forum and it seemed there were some fairly knowledgeable folks here who might have insight and advice.

Good Morning ToddAllen,
We proxy all of the audio through our servers so the only traffic that you should see from circlenet should be comming from our sip server in Atlanta or Fremont CA. None of the traffic you are seeing from China Telecom is from us. We don't pass your IP address to any of our upstream carriers either so I can't see any way anyone outside of our network would see you?

Please open a ticket on this one and if possible send a screenshot of the router output to support@circlenet.us or even better a wireshark pcap if you can. I'm wondering if it is possible with your FW config that the listening port isn't open until after the first call is placed and your just not seeing the constant background scanning?

On the second issue the 90 second disconnect/audio issues, please open a ticket on these and if possible give us a specific called number and time when the problem occurred and we'll look into it and see if we can help.


As to encryption we don't do any kind of encryption outside of our network for the audio channels currently. If you are looking to encrypt your traffic between you and the provider I suggest callwithus, they have a VPN service that I think will do what your looking for.
Sam

[Sam_from_CircleNet]

ToddAllen,
If you'd like to paste directly into the ticket that would be awesome, if you have issues with that or if you need to attach a binary file like a pcap the email address is fine we check them both.

The audio traffic from calls made on our  network might come to you on lots of high number ports. Our SIP servers use port 5060 for setup and RTP and ports 10,000 to 20,000 for transporting the actual audio. NAT can cause problems with this if the NAT is also firewalling or performs PAT (port address translation). Often when we see half-duplex audio a NAT/firewall device is performing PAT or dropping one of the udp audio streams based on a firewall rule. I sometimes wish SIP behaved more like IAX (One port) but it doesn't.

If you are very security conscious about your inbound traffic and want to keep a default deny policy (And if you have a PBX believe me I understand why you would be!) you could send calls directly to one server cluster (for example atl.circlenet.us) and then white list just that IP with a permit any/any type rule. This has two downsides however, first if that cluster fails you will not reroute to another one and secondly there isn't a guarantee that we won't change it's IP address in the future.

Sam

[voiper1]

As for the comment from voiper1 suggesting my post might be an inappropriate attempt to promote FreeSWITCH, I only brought it up as I made a few calls ok when I used the Obi100 directly to CircleNet but after making the Obi100 an extension on the PBX I encountered the issues described.  There's little reason to promote FreeSWITCH as it is a free open source project.

Its ok, I completely understand where you are coming from.  It just seemed out of place.  But glad Sam helped you.  His email gets replied to rather quickly.  It is amazing what the Obi can do as well as working with something free like FreeSwitch.  But many post things just to promote something or tear it down.  Posting about FreeSwitch and saying security issues with CircleNet seemed odd.  NO worries! Take it easy.

Cheers... 

[baxtr]

Well, I finally bit the bullet and replaced GV with CircleNet on SP1. Voip.ms is on SP2 and I left it alone. I had not touched the OBI110 setup in several years and forgot everything about provisioning. I finally did it from the OBi Dashboard

Approved Service Providers --> Next --> Generic Service Provider:

Generic Service Provider: CircleNet
Primary Line for Outgoing Calls --> Checked
Service Provider Proxy Server: outbound.circlenet.us
Service Provider Proxy Server Port: 5060
Outbound Proxy Server: outbound.circlenet.us
User Name: Your assigned user name from CircleNet
Password: Your CircleNet password
URI: Blank

I initially had problems with the server, west.circlenet.us not registering (completing the call). When I changed it to outbound.circlenet.us, everything proceeded smoothly. This also happened with the Zoiper softphone on a Nokia Lumia 521. Sam_from_CircleNet may wish to look into this issue. Other posts say registration is not necessary and I do not see any place to explicitly register in the setup.

The quality of calls via OBI with CircleNet seems about on par with Voip.ms. Zoiper on a cellphone has sporadic quality issues with both CircleNet and Voip.ms  When placing a call  via OBI, I do notice a slightly longer delay with CircleNet from the time the call is placed until connection is made when compared with Voip.ms. This may be related to the server location. I am located in the Los Angeles area and using a Voip.ms LA server.

I intend to support CircleNet. I like their business plan; e.g. no bull s..t pay in advance plans, just keep a positive balance and you are good-to-go. Also, their minutes are about half the price of Voip.ms. In my case, this is largely irrelevant because I don't make many calls.

[Sam_from_CircleNet]

Hmm the no bull s..t telco, I like that :-) thanks baxtr. I did some research on your account (Atleast I'm 95% sure it's your account) and I think early on you might have bounced your password on the west server to many times and it fire walled you please try it now.

Also I'm hoping to make some changes this Saturday that will reduce the post dial delay.
Sam

[vtsnaab]

Just chiming in as yet another very happy CircleNet user here !!
I am working it in as parts of both my home as well as mobile VOIP plans and fully agree with Baxtr in that this provider is good & deserving of support.

The details of what I've done thus far are posted in this thread if anyone is curious to know about it:
http://www.obitalk.com/forum/index.php?topic=7997.0

Thanks and Best Wishes to Sam & Company !!!

[jazzy]

So far I find Circlenet to be working just fine as an outgoing service. I use Circlenet on a VG to call out on.

When calling international numbers from the USA using Circlenet, what is the prefix to use?
Is it "011", followed by country code, then number?

If anyone has made an international call from the USA using Circlenet, what prefix was used when calling out?

Thanks!

[Sam_from_CircleNet]

Jazzy dial 011 just like a call overseas from a traditional US land line.

Also thanks for the comments guys! We like to hearing from all of our customers but when happy customers tell others about our service it is a huge help to CircleNet.

We are engineers and we're really are terrible at marketing so we hope to focus on our service quality and to continue expanding our business mainly by word of mouth and community involvement like this. We have twice the customers now then what we had targeted in our business plan by this date and about 175% of the revenue projection.

So far so good!!!   .

Sam

[baxtr]

I think early on you might have bounced your password on the west server to many times and it fire walled you please try it now.

Also I'm hoping to make some changes this Saturday that will reduce the post dial delay.
Sam

All is good ... I just placed a call with Zoiper using the west.circlenet.us server from my Lumia 521 to another cellphone and it connected just fine. I also called my home phone which is hooked to an OBI using CircleNet as the primary outgoing line with server, outbound.circlenet.us and it also connected. Great, prompt support, Sam and thanks.

We need to bump CircleNet up into the list of Service Provider Accounts on the OBiTalk page.

[Jumbo]

azrobert.. need your expertise in suggesting a way to route only international calls - starting with 011 or digits > 11 to use voice gateway and local calls through the configured SP. Is there a way to specify so that I can use a different voip provider for international calls.

Thanks in advance!

Quick followup question on this.. if CallCentric is registered as SP2 and if I want to use CircleNet as outbound on SP2, what changes do I need to make?

Appreciate the help, thanks!

You can share an SP trunk with 2 services by using a Voice Gateway.
Voice Gateways are used with outbound only providers that don't need to register.
CircleNet fits this category.

Keep GV on SP1.
Define Callcentric on SP2

Define CircleNet on Voice Gateway 1:
Voice Services -> Gateways and Trunk Groups -> Voice Gateway1
Name: CircleNet
AccessNumber: sp2(outbound.circlenet.us)
DigitMap: (<8:>1xxxxxxxxxx|<8:1>xxxxxxxxxx|<8:1aaa>xxxxxxx|<8:>011xxxxxx.S3)
AuthUserID: Your_CircleNet_ID (10 digit ID)
AuthPasssword: Your_CircleNet_Password

aaa is your local area code. This is used for 7 digit dialing.

Add to the beginning of the Phone Port OutboundCallRute:
{(Mvg1):vg1},

Continue to use GV as you are currently.

To use CircleNet dial as follows:
814805551212  or
84805551212  or
85551212  or
8011............

After May 15th change the Voice Gateway DigitMap to:

(1xxxxxxxxxx|<1>xxxxxxxxxx|<1aaa>xxxxxxx|011xxxxxx.S3)

Dial without the "8" prefix to use CircleNet.

[/quote]

[azrobert]

Voice Gateway 1 DigitMap:
(011xxxxxxxxxx.S3|xxxxxxxxxxxxx.S3)

Add to the beginning of the Phone Port OutboundCallRoute:
{(Mvg1):vg1},

International or calls with 12 or more digits will be routed Voice Gateway1.
All other calls will be routed out your Phone Port Primary Line.

[Jumbo]

Thanks azrobert!

Voice Gateway 1 DigitMap:
(011xxxxxxxxxx.S3|xxxxxxxxxxxxx.S3)

Add to the beginning of the Phone Port OutboundCallRoute:
{(Mvg1):vg1},

International or calls with 12 or more digits will be routed Voice Gateway1.
All other calls will be routed out your Phone Port Primary Line.

[azrobert]

Thanks azrobert!

I forgot something.

Add the following AFTER the beginning parenthesis of the Phone Port DigitMap:
(Mvg1)|

[Sam_from_CircleNet]

Hello Obi community,
CircleNet put in some major code changes under the hood early this morning with the goal of reducing the amount of time between when you dial a number and that number begins ringing. Please let us know if these changes are helpful!
Thanks,
Sam