Technical Discussion
  >> VoIP (e.g. BT Digital Voice, Sky Internet Calls, etc.)


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | >> (show all)   Print Thread
Standard User AGinWorcs
(newbie) Mon 16-Jan-23 14:20:31
Print Post

A&A VOIP settings for Grandstream ATA


[link to this post]
 
Hi all,

I wonder if anyone can help me with the settings for a Grandstream HT801 being used with Andrews & Arnold VOIP service on a single residential line. I've got it working for incoming and outgoing calls, but I'm not sure all the settings are right (eg call tones), and of more pressing concern every so often the phone rings, there's no incoming number shown and sometimes the handset shows Grandstream on the CLID display, and sometimes SIPVICIOUS, in both cases there's no caller on the line. I'm pretty sure this is something in the Grandstream config, but there's so much that can be meddled with I'd rather lean on somebody who's got a similar setup working. Apologies if this info is posted elsewhere and I've not found it, and thanks for any ideas.

Regards, Andrew
Standard User ferretuk
(committed) Mon 16-Jan-23 15:49:14
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: AGinWorcs] [link to this post]
 
Have you seen this page?

https://support.aa.net.uk/VoIP_Phones_-_Grandstream_...

The linked page for UK settings is no longer active, but is in The Way Back Machine. Here's a suggestion from there:

Navigate to the BASIC SETTINGS page:
Time Zone: GMT (London, Great Britain)
Self-Defined Time Zone: GMT0BST,M3.5.0/1,M10.5.0
Navigate to the ADVANCED SETTINGS page:
System Ring Cadence: c=400/200-400/2000;
Dial Tone: f1=350@-19,f2=440@-22,c=0/0;
Ringback Tone: f1=400@-20,f2=450@-20,c=400/200-400/2000;
Busy Tone: f1=400@-20,c=375/375;
Reorder Tone: f1=400@-20,c=400/350-225/525-0/0;
Confirmation Tone: f1=1400@-10,c=0/0;
Call Waiting Tone: f1=400@-20,c=100/2000;
Prompt Tone: f1=350@-19,f2=440@-22,c=0/0;
Conference Party Hangup Tone: f1=400@-20,c=0/0;
Special Proceed Indication Tone: f1=350@-19, f2=440@-22, c=750/750-0/0;
NTP Server: uk.pool.ntp.org
Navigate to the PROFILE 1/2 (FXS PORT on HT813) page(s):
MWI Tone: Special Proceed Indication Tone
Dial Plan: { 10[015] | 11[129] | 999 | 11[68]xxx | 1[45]7[1-2] | 08001111 | 0845464x | 0[1235789]xxxxxxxxx | 1410[1235789]xxxxxxxxx | 14700[1235789]xxxxxxxxx | 00xxx. | x+ | \+x+ | *x+ | *xx*x+ }
SLIC Setting: UK
Caller ID Scheme: SIN 227 - BT
Hook Flash Timing: Minimum: 60 Maximum: 200
Ring Frequency: 25
Ring Tone 1: c=400/200-400/2000;
Ring Tone 2: c=400/200-400/2000;
Ring Tone 3: c=400/200-400/2000;
Ring Tone 4: c=400/200-400/2000;
Ring Tone 5: c=400/200-400/2000;
Ring Tone 6: c=400/200-400/2000;
Ring Tone 7: c=400/200-400/2000;
Ring Tone 8: c=400/200-400/2000;
Ring Tone 9: c=400/200-400/2000;
Ring Tone 10: c=400/200-400/2000;
Call Waiting Tone 1: f1=400@-20,c=100/2000;
Call Waiting Tone 2: f1=400@-20,c=100/2000;
Call Waiting Tone 3: f1=400@-20,c=100/2000;
Call Waiting Tone 4: f1=400@-20,c=100/2000;
Call Waiting Tone 5: f1=400@-20,c=100/2000;
Call Waiting Tone 6: f1=400@-20,c=100/2000;
Call Waiting Tone 7: f1=400@-20,c=100/2000;
Call Waiting Tone 8: f1=400@-20,c=100/2000;
Call Waiting Tone 9: f1=400@-20,c=100/2000;
Call Waiting Tone 10: f1=400@-20,c=100/2000;
Remember to click on the "Update" and "Apply" buttons located at the bottom of every page to save and activate the changes.

Aquiss FTTP BQM | AAISP VOIP | Ubiquiti UDM Pro | 2x Unifi AC-Lite & 1x AC-LR Wifi AP
Standard User Thinker27
(learned) Mon 16-Jan-23 17:15:57
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: AGinWorcs] [link to this post]
 
SIPVICIOUS is something to do with hacking software...


Register (or login) on our website and you will not see this ad.

Standard User jpm
(experienced) Mon 16-Jan-23 17:35:07
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: AGinWorcs] [link to this post]
 
Receiving SIPVICIOUS calls would indicate that at least your SIP signalling ports are open to the Internet, which is not advised.
Standard User AGinWorcs
(newbie) Mon 23-Jan-23 14:23:32
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: jpm] [link to this post]
 
Thank you to ferretuk, Thinker27 and jpm for their responses. I've established that the ghost calling aspect is indeed IP calls or port scanning, and has been resolved by setting (under FXS Port) Check SIP User ID for incoming INVITE to Yes, and setting Allow Incoming SIP Messages from SIP Proxy Only to Yes. These have completely stopped all the ghost calling.

Ferretuk's idea of using the Way Back Machine was smart, and I've used most of the suggested call settings, although as a note that may help others, leave the Dial plan as the Grandstream defaults unless you want to implement detailed control of what's dialled from your landline.

In respect of other settings:

1) When setting up your Grandstream, set a strong admin password as the first thing you do.
2) Leave most settings at Grandstream defaults
3) Set your A&A settings: https://support.aa.net.uk/VoIP_Phones_-_Generic_Client
4) Set UK GMT time zone
5) You can play with IPv6 if you want, works perfectly with IPv4, so I didn't bother
6) If you don't know what a setting does, don't touch it

And a final observation - the Grandstream small ATA units come with stuff all instructions and the interface looks complex - anybody thinking about using this, don't be put off, you only need to change a tiny number of the settings. If it all goes wrong, do a pinhole reset on the Grandstream and start again. In this case, write down each thing you've changed, apply the changes and check incoming and outgoing calls still work before changing anything else.

Regards

Andrew
Standard User Pheasant
(knowledge is power) Mon 23-Jan-23 17:00:59
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: AGinWorcs] [link to this post]
 
Chap. All good, but ensure you follow @jpm’s guidance above.

Exposed (internet)ports with SIP are a guaranteed recipe to disaster. Please put your box behind a decent firewall or even just a NAT’d router.

There’s too many [censored] out there that will climb into your SIP box otherwise and the consequences are big bills.

Edited by Pheasant (Mon 23-Jan-23 17:01:42)

Standard User shaunhw
(experienced) Sun 29-Jan-23 17:31:10
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: ferretuk] [link to this post]
 
I'd also like to thank ferretuk for the list of settings. I originally had these UK settings for the device from the same link and had saved a file from the device to restore them, after I'd set it up. Guess what - the restore simply did NOTHING, and I had to set up everything again. Of course the AA link didn't work either, and I've spent all day trying to set it up for the UK with little success until now. I never thought about the Wayback Machine!

As you can tell by now, I've got one of these Grandstreams, (HT801) also used with AAISP's fabulous VOIP service, and I've got another piece of advice for the OP and anyone else who has got one:

PLEASE change the devices configuration password to a much more secure one, if you are using the default admin one!!

This morning I woke up to an email from A&A telling me that there was a new device using my VOIP account with them. I investigated, logged into A&A's site, and the call log showed they were trying to dial all over the world, and also some UK mobile and landline numbers.

So, it was time to investigate - I tried to log in with the admin/admin and couldn't get in. I know, I should have set a new password! But honestly I had no idea the device could be somehow configured from outside. The only people who live here are me and my Michelle, and she doesn't mess around with my setups at all.

The first thing the intruders had done was to lock me out of my VOIP device. It cost me a small amount in calls, but not so much as international calls were disabled on the A&A site's settings for my account there.

I've a good mind to call that 020 number he rang to see who he rang with my account though!

I wonder how they got the A&A SIP password out of the box to use in their device? Is it in the config settings, they might have downloaded encrypted with some dumb scheme do you think? They should leave that one out of the restore file. Especially as (at least for me) it never worked anyway!! After restore they could put a message on the screen that you need to enter it again.

I've now locked all outgoing calls to the static IP address I have.

Edited by shaunhw (Sun 29-Jan-23 17:39:36)

Standard User jchamier
(eat-sleep-adslguide) Sun 29-Jan-23 17:35:18
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: shaunhw] [link to this post]
 
In reply to a post by shaunhw:
So, it was time to investigate - I tried to log in with the admin/admin and couldn't get in. I know, I should have set a new password! But honestly I had no idea the device could be somehow configured from outside.


Did you put your ATA in a DMZ from your router? If so that is how. AAISP dislike NAT and recommend a full IP with firewalling, but unless you use them as an ISP, this is not possible with most ISPs.

Keeping behind NAT is essential, as long as your router handles STUN transparently it should "just work". My old Cisco 112 ATA worked okay from my Asus router, until I gave up for a mobile app. (which works perfectly, even over 3G/4G/5G which are all NAT'd).

23 years of broadband connectivity since 1999 trial - Live BQM
Standard User shaunhw
(experienced) Sun 29-Jan-23 17:54:38
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: jchamier] [link to this post]
 
Yes, I'm afraid I did.

I've recently changed ISPs and am now with Aquiss FFTP and 8 ips, and was using the Grandstream on an IP of it's own, as AA seem to want people to do, and it seems the firewall in this new router (a Zyxel EX3301) doesn't seem to be all that good, but I've not had much time to look into it deeply as yet. I guess the protocols are the thing to look at there.

I did have some firewall rules set up in my Draytek 2862 but that was dumped (I still have it) because the thing was too slow when using IPV6 on a 900mb/second connection. It doesn't seem to want to run much past 300Mbs on IPV6!


But why can't any configurable interfaces in these devices just be be optionally block themselves unless they are being accessed via a local IP range? 192.168.x.x or 10.x.x.x etc?

I can put it back on a Nat IP. I'll try it tomorrow. The local IP it was using was translated. But under the DMZ with all ports open as you rightly guessed, and I'm not sure the firewall will apply rules to IPs which are separately translated on this thing.

Nothing however explains how they got the AA SIP password out of the box. Something seems to be _very_ wrong here other than my sheer idiocy! Even if they could get into the thing, mess up all my settings and completely lock me out, they should NOT have been able to retrieve that password.

Edited by shaunhw (Sun 29-Jan-23 18:04:49)

Standard User jchamier
(eat-sleep-adslguide) Sun 29-Jan-23 18:11:32
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: shaunhw] [link to this post]
 
In reply to a post by shaunhw:
But why can't any configurable interfaces in these devices just be be optionally block themselves unless they are being accessed via a local IP range? 192.168.x.x or 10.x.x.x etc?
That's the role of a firewall, not the device. Also it wouldn't work if it couldn't receive SIP signalling and RTSP audio streams from the VoiP provider.

I can put it back on a Nat IP. I'll try it tomorrow. The local IP it was using was translated. But under the DMZ with all ports open as you rightly guessed, and I'm not sure the firewall will apply rules to IPs which are separately translated on this thing.


I'm not familiar with your Zyxel box, but static mapping to a public IP is great, but you ALSO need to use firewalling to block any external access to the ATA from any IP that is not AAISPs. If the Zyxel can't do this, then perhaps you need to upgrade, a NAT would be a workaround.

No internet service should expose anything other than the ports it needs (e.g. HTTP/HTTPS 80 & 443) and to the IP ranges it needs. If the firewall can't let you limit then the firewall is not 'fit for purpose' for the use of 8 static IPs I would say, worth talking to your new ISP. Many home hosted services limit to IP ranges such as UK or Europe, blocking other countries, even before the protocol.

Nothing however explains how they got the AA SIP password out of the box. Something seems to be _very_ wrong here other than my sheer idiocy! Even if they could get into the thing, mess up all my settings and completely lock me out, they should NOT have been able to retrieve that password.

If they could log in using default admin/admin credentials, can the not read the password out?? T

23 years of broadband connectivity since 1999 trial - Live BQM
Standard User ferretuk
(committed) Mon 30-Jan-23 08:47:28
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: shaunhw] [link to this post]
 
In reply to a post by shaunhw:
I've recently changed ISPs and am now with Aquiss FFTP and 8 ips, and was using the Grandstream on an IP of it's own, as AA seem to want people to do
I use A&A VOIP and I have had 4 VOIP devices registered and working (including a couple of HT801s) behind a NAT router with no port forwarding at all.

Aquiss FTTP BQM | AAISP VOIP | Ubiquiti UDM Pro | 2x Unifi AC-Lite & 1x AC-LR Wifi AP
Standard User shaunhw
(experienced) Mon 30-Jan-23 11:05:26
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: jchamier] [link to this post]
 
I take your points... But the Grandstream does appear to have some options for wan side configuration access, including white and blacklisted IPs... So I'll look at those at some point.
If they could log in using default admin/admin credentials, can the not read the password out??

No, all you can see is an empty blank field for entering a new password, with a comment:
"(purposely not displayed for security protection)" at the right side. of it.

Edited by shaunhw (Mon 30-Jan-23 11:26:03)

Standard User shaunhw
(experienced) Mon 30-Jan-23 11:19:44
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: ferretuk] [link to this post]
 
In reply to a post by ferretuk:
In reply to a post by shaunhw:
I've recently changed ISPs and am now with Aquiss FFTP and 8 ips, and was using the Grandstream on an IP of it's own, as AA seem to want people to do
I use A&A VOIP and I have had 4 VOIP devices registered and working (including a couple of HT801s) behind a NAT router with no port forwarding at all.


Yes I'm going to take everyones advice and stick the thing back under the main NAT IP address range, rather than a DMZ translated address of another public IP. I'm still mystified how they got the SIP password (since changed) out of the device. My guess is that it must be in the config file with some poor encryption.

It's my fault for not realizing that the thing could be easily accessed from outside, and not setting a decent password on it. I should really know better!

Thanks again for the UK config list, it made it much easier for me to completely recover from this.

Edited by shaunhw (Mon 30-Jan-23 11:21:48)

Standard User jchamier
(eat-sleep-adslguide) Mon 30-Jan-23 11:28:10
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: shaunhw] [link to this post]
 
In reply to a post by shaunhw:
I take your points... But the Grandstream does appear to have some options for wan side configuration access, including white and blacklisted IPs... So I'll look at those at some point.
Good idea, I just don't trust devices themselves to protect themselves, always look at something else like a home router. smile

23 years of broadband connectivity since 1999 trial - Live BQM
Standard User kitcat
(fountain of knowledge) Mon 30-Jan-23 13:29:04
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: shaunhw] [link to this post]
 
shaunhw

You may find that the original password is the same on every box! It could also be a set sequence so they are all different but are findable just by trying the series. The culprit was not interested in your box specifically just a box they could hack for free calls. So they may have tried thousands of password / IP combinations.

This is why the major suppliers VIOP offerings are all locked down to be much more secure. This prevents them from having to continually be crediting customers accounts for calls they haven't made.
Standard User shaunhw
(experienced) Tue 31-Jan-23 08:45:20
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: kitcat] [link to this post]
 
In reply to a post by kitcat:
shaunhw

You may find that the original password is the same on every box! It could also be a set sequence so they are all different but are findable just by trying the series. The culprit was not interested in your box specifically just a box they could hack for free calls. So they may have tried thousands of password / IP combinations.


I'm not sure. I'm actually concerned about how they got the Voip SIP password out once they did get in there.

This SIP password is the one I generated for my account on the A&A portal by simply pressing a button on the webpage. Here, the user has to use whatever text is generated for the password - the user cannot choose their own text. But they can generate a new string anytime. The act of generating it, automatically applies it to the SIP server for their account and they then have to update thier client box, as I did when I set mine up. To use my SIP account on some other device, the hackers must have somehow remotely got that A&A SIP password back out from my HT 801 hardware device.

Edit:
The device used by the hackers was reported by A&A as being this:
PolycomVVX-VVX_410-UA/5.2.2.1522
I wonder if this might accept the same config file which they could have downloaded from my device?
It's a long shot as my own config file saved some time ago, didn't even work when I tried it after resetting my device.
End Edit.

I do of course accept that they got in there due to me stupidly not changing the default password for the HT801 config access. After they got in, they locked me out, requiring a full reset and start over.

Edited by shaunhw (Tue 31-Jan-23 09:10:35)

Standard User Ancient_Mariner
(eat-sleep-adslguide) Tue 31-Jan-23 10:08:51
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: shaunhw] [link to this post]
 
I have been using A&A VoIP for almost 12 months now. Prior to having them take over my BT number, I took out a VoIP account on a random number to "play with" for a few months to see if all would be ok; which it was.

Regarding the SIP password, yes you can get the portal to generate one, but you can also input your own into the portal, which I have done.

I have a fixed IP and have limited the access accordingly.

This works. A week or so back I took my ATA to a friends house and forgetting this, found that I could not make calls. When I arrived back home there was an email from A&A advising of this and giving the IP address that had attempted the call blush

Cheers!

Clive

Andrews & Arnold Home::1 FTTC DrayTek Vigor 2762ac Cisco ATA191 for A&A VoIP together with a HUAWEI E5776 with O2 Data SIM
Standard User Pheasant
(knowledge is power) Thu 02-Feb-23 00:45:18
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: shaunhw] [link to this post]
 
In reply to a post by shaunhw:
The device used by the hackers was reported by A&A as being this:
PolycomVVX-VVX_410-UA/5.2.2.1522
I wonder if this might accept the same config file which they could have downloaded from my device?
It's a long shot as my own config file saved some time ago, didn't even work when I tried it after resetting my device.
End Edit.

I do of course accept that they got in there due to me stupidly not changing the default password for the HT801 config access. After they got in, they locked me out, requiring a full reset and start over.

The 2 schoolboy VoIP howlers you made were exposing the box to the open internet and secondly not changing the default password. Hackers paradise for free calls!

The device used by them was merely the device used to henceforth login to your A&A SIP account to make calls. It’s just the device-ID returned as part of the SIP registration. Nothing to do with config. files.

Let me assure you if they figured out how to hack your box they didn’t need a “cookie cutter” guide to help them figure out how to setup their own sip endpoint 😀

Have a little read:

https://www.secforce.com/blog/exploiting-grandstream...
Standard User TimF2
(newbie) Sun 16-Apr-23 10:31:43
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: Pheasant] [link to this post]
 
I wonder if anyone can help me please?

I have an active A&A voip account with registered number, a Grandstream HT802, Plusnet Fibre (Hub 2) and some Panasonic Kx-tg8321e 'phones.

Having tried for 5/6 hours now it is proving a problem to get them all to play nicely!

I have followed the guide here: https://support.aa.net.uk/VoIP_Phones_-_Grandstream_... and also the posts above but am still running into problems.

At first I was unable to register the HT802 in the A&A GUI - it just said no registered devices and the Grandstream GUI STATUS page confirmed the same on the FX port.

I then had some limited success by applying a STUN in Grandstream GUI. It then showed the HT802 in the A&A account as registered and also in the Grandstream STATUS page.

This was also confirmed by the blue lights (x3) lit on the HT802. However, if I try and make or receive a call I get no ring tone and it just cuts off.

Any further altering of settings in the Grandstream GUI causes the FX port to become unregistered and the blue FX light goes OFF.

I have checked on the Plusnet router and SIP ALG is disabled.

Would really appreciate some help if anyone is able!

Tia

Edited by TimF2 (Sun 16-Apr-23 10:33:07)

Standard User Pheasant
(knowledge is power) Sun 16-Apr-23 17:45:36
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: TimF2] [link to this post]
 
Can you register, make and receive calls normally if you use a soft phone client in lieu of the ATA?
Standard User TimF2
(newbie) Sun 16-Apr-23 19:44:45
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: Pheasant] [link to this post]
 
Thanks Pheasant.

I tried Voiper earlier and couldn't get that to work and have just tried PortSip Softphone (for Mac OS).
In both cases I get a 403 Forbidden error.
PortSip says:
Could not register with voiceless.aa.net.uk
The error was: "403 Forbidden"


I'm using a Plusnet Hub 2 on FTTP.

Many thanks for any assistance.
Standard User Pheasant
(knowledge is power) Sun 16-Apr-23 19:52:17
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: TimF2] [link to this post]
 
Check your username and password are correct.
Standard User TimF2
(newbie) Sun 16-Apr-23 20:12:52
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: Pheasant] [link to this post]
 
Using +44xxxxxxxxx as the username (or SIP User ID & Authenticate ID as termed in the HT802)
Password is the SIP one generated on the control pages.

As per this image??
Standard User jchamier
(eat-sleep-adslguide) Sun 16-Apr-23 20:21:36
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: TimF2] [link to this post]
 
I use Acrobits Softphone on my iPhone with AAISP’s VOIP service.

The username is your number in +44xxxx format, and the password is the one you have identified.

The server needs to be voiceless.aa.net.uk and make sure you don’t have any spaces before or after the username or password ?

23 years of broadband connectivity since 1999 trial - Live BQM
Standard User Pheasant
(knowledge is power) Sun 16-Apr-23 20:22:21
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: TimF2] [link to this post]
 
Have you tried regenerating the SIP password, and using that in the soft phone client?
Standard User TimF2
(newbie) Sun 16-Apr-23 20:42:03
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: Pheasant] [link to this post]
 
In reply to a post by Pheasant:
Have you tried regenerating the SIP password, and using that in the soft phone client?

Just tried and no joy.
I also downloaded Zoiper onto my iPad, that also won't register and returns a 403 Forbidden!

I'm thinking there must be something in the Plusnet router settings (firewall?) that is preventing the connection.

Edited by TimF2 (Sun 16-Apr-23 20:43:10)

Standard User Pheasant
(knowledge is power) Sun 16-Apr-23 20:43:14
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: TimF2] [link to this post]
 
Check with them in the morning. The account may be disabled or suspended.
Standard User TimF2
(newbie) Sun 16-Apr-23 20:44:48
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: Pheasant] [link to this post]
 
In reply to a post by Pheasant:
Check with them in the morning. The account may be disabled or suspended.

Probably the best idea - I'm getting mightily pee'd off having spent a large proportion of the day trying to solve it!
Will let you know how I go.

Cheers
Standard User SampleX
(newbie) Mon 20-Nov-23 21:02:28
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: TimF2] [link to this post]
 
Hi all,

Sorry to be reviving an old thread, but I'm lost with this exact problem and getting close to beating my head against a wall.

I've just moved from Plusnet to UNO Fibre which has been a fantastic move.

However for various reasons I needed to keep my old copper phone number alive and I was recommended to AAnet as a way of keeping it going.

So the migration to AAnet went perfectly and the old Plusnet copper is now terminated.

Based on recommendation I got the HT801 ATA.

I followed the linked instructions for configuring the device (also reproduced in this thread) to the letter and I'm getting confirmation from both the control panel for the Grandstream and the control panel at AAnet (and confirmed by AAnet Tech) that the connection is 'registered'.

The Grandstream CP is telling me I have Unknown NAT.

My network is a fibre ONT which is connected as the Gigabit WAN port on a Watchguard XTM5 box running the latest release of pfSense.

At this point I should explain that I'm by no means any kind of expert at networking and network security and I can just about grasp basics and config according to instructions with some confidence.

My network has been built this way (previously using a PCEngines Alix box) for over a decade and has been generally flawless and low maintenance and it was set up by a friend of mine who was much more technically competent in this field, but who passed away from COVID extremely unexpectedly. I've been tinkering and maintaining ever since but this issue is proving to be a touch beyond me.

I have played with VOIP/SIP previously, mostly self-taught using config guides, having once set up PBXinaFlash and Trixbox servers behind my network with Cisco phones. That was a long time ago, though.

So it seems the one area that AAnet aren't up to speed with tutorials and hands on skills is configuring pfSense to work with their SIP setups.

The pfSense box has a very private, very secure SERVER subnet which I run a home hosted email/groupware server from which again requires little maintenance, it just runs and runs. It also has a dedicated WIFI subnet which essentially feeds an ASUS AX series wireless router in access point mode. And then there's the LAN subnet, on which all my statically addressed devices are preconfigured.

And this is where the Grandstream now resides, manually configured.

I can access it for admin login and it is set to exclusively use IPv4 for simplicity.

My UNO connection is an '8 IP' option but I haven't learned how to use that yet so the WAN is set to the principal IP address of the internet connection which also has rDNS configured for my mail server.

So here I am with this 'registered' ATA.

I have tried the best I can to configure the firewall rules recommended in the linked AAnet settings guide, by configuring them on the WAN port and setting up an alias for the Grandstream as the destination.

I'm guessing that there could be something wrong in these settings.

AAnet Tech have claimed I should just disable the firewall rules and the Grandstream will find its own way through the firewall, their concern being that their system is not guaranteed to work with NAT. That, of course, leaves me concerned about security for reasons I'll come to momentarily.

I HAVE had very limited and problematic success with the ATA and the Panasonic cordless phone (4 handset) that's plugged into it.

If I pick a handset up and turn it on I HAVE HAD but do not always have a dialling tone. I can't figure out what I'm doing or not doing at the time that this chooses to work or not work.

The ATA CP recognises on hook/off hook status.

This is where it gets really weird.

I HAVE HAD calls from outside coming in to the ATA/Phone. I have called the line from my mobile and occasionally had that 'I'm ringing' tone in the mobile earpiece with the on screen message that the phone is connecting. And when I get that tone I usually get ringing on the ATA/Phone and can answer the phone and even conduct a perfectly serviceable call with myself.

It's just that the box doesn't maintain that capability for very long, and most of the time if I dial in from my mobile I get the screen saying 'connecting' but not the 'I'm ringing' dial tone.

Even more strange is that a lot of the time I don't get the dial tone or the 'I'm ringing' tone on the Panasonic handset but - stranger still - on the recipient's phone the line will ring three times and disconnect but leave CID.They then cannot ring me back, and end up calling me on my mobile.

So I've been frustrated and doing a lot of powering off the ATA and powering it on again, which doesn't seem to restore functionality but if I log into the ATA as admin and change some setting and then apply and save, it sometimes pops back into life.

So I've been miserable trying to spend the last five days researching and hoping to get instructions more detailed than the ones already discussed.

But then when I just left it, strange things started happening...

While I had the firewall rules disabled (AAnet advice) we would randomly receive a call to the landline showing a CID of 100 which was literally a dead call. It happened at 2am and nearly gave us a heart attack.and I just pulled the plug on the box. A bit more research led me to the conclusion these were malevolent probes to SIP port, so I enabled those firewall rules and I guess something about them was right because we've not had those random 100 calls since.

I could really use the help of someone who has a nearly identical setup fully working to share advice with me, and ideally also someone who knows pfSense inside out who could tell me how to write the port forwarding if that is necessary, and anyone who knows other tweaks for AAnet connections and the Grandstream box like 'keep alives' or 'stun' or 'proxy servers' or server priorities or anything else that might miraculously get this all working so I can stop stressing and just use the stupid thing.

I would really appreciate your help.

Thanks
Standard User Michael_Chare
(knowledge is power) Tue 21-Nov-23 12:25:35
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: SampleX] [link to this post]
 
Did Uno supply you with a router, and if so does the HT801 ATA work properly when connected to it?

Generally there is no need to configure a router to facilitate VOIP.

Michael Chare
Standard User SampleX
(newbie) Tue 21-Nov-23 12:42:24
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: Michael_Chare] [link to this post]
 
No, a router from UNO would be redundant because I use the Watchguard XTM 5 running pfSense to run my network and that then connected to the ONT.

I'm spinning from the amount of contradictory advice I keep getting that the router and port forwarding needs to be conffigured all the way through to 'it should just be plug and play.'
Standard User WelshPaul
(newbie) Tue 21-Nov-23 12:55:57
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: SampleX] [link to this post]
 
Silent calls with CLI's such as 100 are the result of port scans etc.

Disable those firewall rules again but this time enable the option for “Accept Incoming from SIP Proxy Only" found within the Grandsream's GUI. This will stop any ghost calls coming through to your Grandstream!

I posted the following on the Vodafone community forums. You might find it useful too..

Purchased a Grandstream telephone adapter?
If you have purchased a Grandstream telephone adapter (ATA), it will come configured for the US telecom system as standard. As such, it will play back US style tones, sounds and some UK phone features may not work correctly unless you make some configuration changes via the devices web based GUI.

What are the UK regional settings for the Grandstream telephone adapters and how do I implement them?
Login to your Grandstream telephone adapters web based GUI by typing the IP address of the device into your web browser. (There is no need to enter "http://" before the IP address.) If prompted enter the username and password to complete the process, you should now have access to the devices Web based GUI, from here you can configure your device with the correct regional configuration settings for use in the UK.

As an example, on the Grandstream HT812 configure with the following:

Navigate to the BASIC SETTINGS page:

> Time Zone: GMT (London, Great Britain)
> Self-Defined Time Zone: GMT0BST,M3.5.0/1,M10.5.0

Navigate to the ADVANCED SETTINGS page:

> System Ring Cadence: c=400/200-400/2000;
> Dial Tone: f1=350@-19,f2=440@-22,c=0/0;
> Ringback Tone: f1=400@-20,f2=450@-20,c=400/200-400/2000;
> Busy Tone: f1=400@-20,c=375/375;
> Reorder Tone: f1=400@-20,c=400/350-225/525-0/0;
> Confirmation Tone: f1=1400@-10,c=0/0;
> Call Waiting Tone: f1=400@-20,c=100/2000;
> Prompt Tone: f1=350@-19,f2=440@-22,c=0/0;
> Conference Party Hangup Tone: f1=400@-20,c=0/0;
> Special Proceed Indication Tone: f1=350@-19, f2=440@-22, c=750/750-0/0;
> NTP Server: uk.pool.ntp.org

Navigate to the PROFILE 1/2 (FXS PORT on HT813) page(s):

> MWI Tone: Special Proceed Indication Tone
> Dial Plan: { 10[015] | 11[129] | 999 | 11[68]xxx | 1[45]7[1-2] | 08001111 | 0845464x | 0[1235789]xxxxxxxxx | 1410[1235789]xxxxxxxxx | 14700[1235789]xxxxxxxxx | 00xxx. | x+ | \+x+ | *x+ | *xx*x+ }
> SLIC Setting: UK
> Caller ID Scheme: SIN 227 - BT
> Hook Flash Timing: Minimum: 60 Maximum: 200
> Ring Frequency: 25
> Ring Tone 1: c=400/200-400/2000;
> Ring Tone 2: c=400/200-400/2000;
> Ring Tone 3: c=400/200-400/2000;
> Ring Tone 4: c=400/200-400/2000;
> Ring Tone 5: c=400/200-400/2000;
> Ring Tone 6: c=400/200-400/2000;
> Ring Tone 7: c=400/200-400/2000;
> Ring Tone 8: c=400/200-400/2000;
> Ring Tone 9: c=400/200-400/2000;
> Ring Tone 10: c=400/200-400/2000;
> Call Waiting Tone 1: f1=400@-20,c=100/2000;
> Call Waiting Tone 2: f1=400@-20,c=100/2000;
> Call Waiting Tone 3: f1=400@-20,c=100/2000;
> Call Waiting Tone 4: f1=400@-20,c=100/2000;
> Call Waiting Tone 5: f1=400@-20,c=100/2000;
> Call Waiting Tone 6: f1=400@-20,c=100/2000;
> Call Waiting Tone 7: f1=400@-20,c=100/2000;
> Call Waiting Tone 8: f1=400@-20,c=100/2000;
> Call Waiting Tone 9: f1=400@-20,c=100/2000;
> Call Waiting Tone 10: f1=400@-20,c=100/2000;

Remember to click on the "Update" and "Apply" buttons located at the bottom of every page to save and activate the changes.

Purchased a Grandstream HT813 telephone adapter?
The HT813 is an analog telephone adapter that features 1 analog telephone FXS port and 1 PSTN line FXO port in order to offer backup lifeline support using a PSTN line. Additional UK regional settings are required for this model and I have included them below.

Navigate to the FXO PORT page:
> Caller ID Scheme: SIN 227 - BT
> FSK Caller ID Seizure Bits: 96
> FSK Caller ID Mark Bits: 55
> PSTN Disconnect Tone: f1=400@-30,f2=400@-30,c=0/0;
> Country-based: UK
> Impedance-based: COMPLEX3 -- 370 ohms + (620 ohms || 310nF)

Edited by WelshPaul (Tue 21-Nov-23 13:01:26)

Standard User SampleX
(newbie) Tue 21-Nov-23 13:18:40
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: SampleX] [link to this post]
 
One further thought...

I've stumbled across a set of forum posts over at Plusnet related to someone with a Gigaset base station connecting up an old set of DECT Panasonic phones to an AAnet SIP line, and they were having issues with one end or another of a call not ringing audibly or connecting properly while the SIP trunk was registering calls as normal, and the advice they were given was that the RJ11 cable being used to connect the phone appliance was incorrectly wired.

Does anyone know if that might be a relevant problem for me?

There were NO cables supplied with my new Grandstream HT801 purchased via Amazon.co.uk and my old phone was connected to the old BT socket via a BT to RJ11 cable which I simply swapped with the first spare RJ11-RJ11 cable that I could find in my salvaged cables stash which I suspect came from the Openreach 'modem' that ran my Plusnet FTTC broadband until I got my UNO FTTP ONT a month or so ago...

Could it be an incorrect cable and if so how do I get the correct cable?
Standard User SampleX
(newbie) Tue 21-Nov-23 14:53:53
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: WelshPaul] [link to this post]
 
Thanks for that. It's sounding like I need to factory reset the Grandstream and try to find the set up guidelines for AAnet and do it all from scratch.

AAnet have confirmed that they see the calls attempting to be being made and that there's something in the hardware at my end that just isn't passing requests through to the hardware properly.

Setting up a Softphone INSIDE my LAN gets the same duff result.

Switching it to mobile data suddenly turns it into a working phone on that line.
Standard User Terry74
(newbie) Wed 22-Nov-23 08:51:01
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: SampleX] [link to this post]
 
I did something similar recently.
Used an adapter to connect the phone to the ATA - bought from Amazon - "Kenable RJ11 4 wire to BT Telephone Female Socket US to UK 6P4C 10cm"
In my case the phone was a BT Premium with inbuilt call blocker, this being the reason I went the ATA route.
I followed the changes to the ATA that "WelshPaul" advocated for UK compatibility.
The ATA is plugged into one of the ethernet outputs from my BT router. No other changes to the router. No extra firewall settings.
I found this would work for around 3 or 4 days and then disconnect.
Then followed advice from "Pezzy" on "Whirlpool" website forum - 'Aussie Broadband - VOIP using grandstream ht801'
quote "i think i've fixed it. changed nat traversal settings under the fxs port tab to keep alive. makes sense since the manual instructs to turn this on if your gateway is behind a firewall on a private network."

Now works like a dream.

Hope this helps.
Terry


BT ADSLmax then BT 30 Mb/s FTTC then Pulse8 30Mb/s FTTC now BT 500Mb/s FTTP
Standard User pompey_steve
(member) Thu 28-Mar-24 15:50:58
Print Post

Re: A&A VOIP settings for Grandstream ATA


[re: Terry74] [link to this post]
 
Hi all,

Apologies for highjacking this thread, sort of.

Firstly, thanks for all the useful info in this thread.

I have signed up with A&A voip to give it a go. I have a tp-Link ac1600(vr600) v2 router and a grandstream ht812.

I configured it as above, without a DMZ or part forwarding, just relying on NAT. It seems to be fine for calls in both directions

I started getting ghost calls so activated the options to check invites for auth ID and also to only accept messages from the proxy. I also switched off the SIP ALG in the tp-link router (I'm not sure if I needed to do this or not).

The ghost calls have stopped.

Is there anything else I should do? (I have changed the HT812 admin password, and only allowed outgoing calls from my IP address in the A&A config page)

Isn't NAT supposed to block stuff like this if the connection wasn't initiated locally? Or is this exactly what the ATA does, ask for that specific port to be opened?

Regards,
Steve

Edited by pompey_steve (Thu 28-Mar-24 17:14:25)

Pages in this thread: 1 | 2 | 3 | 4 | >> (show all)   Print Thread

Jump to