Review of Atcom AG-188N IAX+SIP ATA (VoIP adapter) – Part 4 – Setting up SIP, and securing the adapter

Note: This review was originally posted on the Michigan Telephone, VoIP and Broadband blog

After yesterday’s installment we had pretty much configured the VoIP side of the Atcom AG-188N (sold in North America by CIGear) using the IAX protocol. Of course, even though IAX is the superior protocol for getting audio through difficult firewalls, there are still many reasons someone might need to use SIP — perhaps the most compelling reason being that many commercial VoIP providers only offer connections using SIP protocol.

Fortunately, setting up the SIP configuration on this unit is pretty straightforward. Just click on SIP Config (not SIP) in the left-hand menu, and this screen appears:

Atcom AG-188N SIP configuration screen

If you’re connecting to an Asterisk or FreePBX server, you probably only need to fill in the following:

• Register Server Addr — this is the address of your server, such as 192.168.0.100 or myserver.dyndns.com
• Register Server Port — the SIP port number of the server — note that while the default of 5060 is most common, there may be cases where a different port is used, so it pays to check.
• Register Username — just use your extension number here, unless you are instructed otherwise.
• Register Password — the same as the Asterisk “secret” for your extension.
• Phone Number — your extension number (again).
• Display Name — The name you want to appear in the other party’s Caller ID display if you ever do a direct SIP-to-SIP call. FreePBX and most providers will ignore this, instead using the name associated with your account.
• Enable Register – Always check this box, to enable SIP registration, if you plan to use SIP.
• SIP(Default Protocol) — This sets the default protocol to SIP for outgoing calls. If you check this box, it automatically unchecks the box that makes IAX the default protocol on the IAX setup screen.

As long as you haven’t changed any of the default settings (as shown on the above screenshot), everything will very likely work. You should try a test call and see if you can connect. If so, I then recommend that you try changing the Register Expire Time — the manual says the default on this is 600 seconds, but as you can see from the screenshot above, it’s actually set to 60 seconds, which means it re-registers once per minute, which may generate a lot of unnecessary traffic between you and the server. The manual also says that the AG-188N “will auto configure this expire time to the server recommended setting if it is different from the SIP server.” Huh? In any case, I’d try setting the registration higher – you can try the 600 second default, but many adapters go even higher (a 3600 second re-registration is not uncommon). However, if you pick up the phone and find you don’t get dial tone sometimes, or if your callers get a congestion signal sometimes, you may need to go for a lower value. I can tell you from personal experience that some users served by a DSL line might need a shorter re-registration interval.

Here’s what the other settings are for. You probably won’t need to change any of these from the default, unless your system administrator or provider specifically tells you to do so:

• Proxy Server Addr, Proxy Server Port, Proxy Username, Proxy Password — in almost all cases these will be the same as the equivalent Register values, and that’s what the AG-188N assumes if you leave these blank, so very few users would have any need to fill these in.
• Domain Realm — if you leave this blank, the AG-188N will use the proxy server address as the SIP domain, which in most cases is fine. However, if you are using a dotted IP address (such as 192.168.0.100) as the server address, and the server is misconfigured, you (very rarely) might need to put the server’s external address (such as myserver.dyndns.com) here.
• Detect Interval Time — this is only applicable if you check the Auto Detect Server checkbox, in which case the AG-188N will try to detect whether the SIP server is available at the interval specified here. I had originally thought that perhaps, if the server could not be detected (or the network connection was lost), the AG-188N would stop delivering dial tone. But nooooo — in my testing it made absolutely no difference. What it actually does is let you use a second, “fallback” SIP account if your first account goes down! See the note on the “Auto Detect server” checkbox below.
• Encrypt Key — the manual is silent on this, but if the server supports encryption on SIP connections, then I would guess you’d put the key here.
• DTMF Mode — with SIP connections you have three different ways of sending touch tones to the server: RFC2833, DTMF_RELAY (inband audio), and SIP info. In most cases you’ll leave this at RFC2833, but in some cases, particular if you are having issues with distant systems not recognizing your touch tones, you may want to try a different method. Inband audio should probably be your last choice, but I have seen cases where it’s the only thing that would work. Note that the way the server is configured can also have an effect on how tones are passed – even if you send the tones inband, your server may be converting them to RFC2833 before sending them “upstream.”
• Local SIP port — the local SIP registeration port, which defaults to 5060, which is almost always what you want to use.
• RFC Protocol Edition — according to the manual, you would only need to set this to RFC 2543 if you are trying to communicate to devices (such as a CISCO 5300) using the SIP 1.0 protocol. The default is RFC 3261, and unless specifically instructed otherwise, that’s the setting you should use.

AG-188N Server types in SIP configuration screen

• Server Type — leave this on “common” unless you happen to be connecting to one of the “uncommon” servers shown in the dropdown (pictured at right).
• User agent — much as your web browser sends a User Agent string to identify itself, VoiP adapters also send an identification string. By default, the AG-188N sends the rather boring “Voip Phone 1.0” but you can change that here, although about the only person who would ever see it is the system administrator of the system you’re connecting to. While you could possibly put something more interesting in here (I’ll leave it to your imagination!), I wouldn’t advise it if the system administrator is not known to have any discernible sense of humor.

The AG-188N manual is mostly silent with regard to the checkboxes we’ve not already mentioned. In fact, it only mentions these three:

• Enable Register — Enable or Disable SIP registration. The AG-188N won’t attempt to register with the SIP server if this isn’t checked, so leave it checked as long as you’re using SIP.
• Auto Detect server — Okay, here’s how the manual describes this one: “co-work with Server Auto Swap and Detect Interval Time. Enable this option, AG-188N will periodically detect whether the public SIP server is available, if the server is unavailable, the AG-188N will switch to the back-up SIP sever, and continue detecting the public sip server. AG-188N will switch back to the primary SIP server if the server is available again.” Yes, folks, this device lets you use TWO sip accounts, and fallback to the second if the first goes down! Interestingly, although the manual makes reference to a “Server Auto Swap” checkbox, I’m sure not seeing it anyhere on this page.
• Enable Via rport — checked by default, this configures support for RFC 3581. If you really want to know, see this FAQ. If you don’t, just leave it checked.

What about the other checkboxes? Here’s my best guesses, supplemented by additional information from Atcom manuals for some of their other products. I’d leave all of these at the default setting unless you really know what you are doing:

• Enable PRACK — read this — the phrase “Numerous implementation problems seen in the field” is enough to discourage me from checking this box! Another Atcom manual offers this: “enable the PRACK in SIP which is mainly used in special ring tone, recommend to keep the default setting.” Do you need any other reasons to avoid it?
• Enable Keep Authentication — feel free to check this if you like, but the unit seems to stay registered without it. A manual for a different Atcom device says that this enables “registration with authentication request to be sent to sever together”, while yet another Atcom manual says that it enables “registering signal together with the authentication information. If enable it, the server will confirm the registering and send back the confirmation massage directly instead of requesting the terminals to send authentication information if needed.” Yeah, that clears it right up for me!
• Signal Encrypt, RTP Encrypt — if your server supports encryption, and you have filled in the Encrypt Key field, you almost certainly need to check these to make it work.
• Enable Session Timer — a session timer is a way to determine whether a call session is still active. Apparently this “enables RFC4028 to refresh the SIP sessions”, according to another Atcom manual.
• Answer With Single Codec — other Atcom manuals say, “only answer the call with a certain Codec.” My best guess here would be that this will only use your “preferred” codec when answering a call. If the server doesn’t support your preference, you probably won’t receive any calls.

Now, above I mentioned that you can actually have two active SIP accounts on this device, in addition to an active IAX account, presumably in addition to having a landline plugged into the PSTN port. I suppose that means that potentially, one phone could receive calls from, or place calls to as many as four different sources! I doubt many people will actually use the device with more than one account, but it’s interesting nonetheless that this adapter has this capability!

I will note that things may not always work quite as you’d hope in a multi-account configuration. I set it up so that there would be one SIP account and one IAX account active on the unit. When I had an active call in progress on one account, I’d try calling the other and I always got a busy signal, even though call waiting is enabled. I had rather hoped that if you were using one account and a call came in on anther, it would activate call waiting, although since I am among those that would probably never have a reason to use this device with multiple accounts, that’s kind of a non-issue for me. Call waiting DOES work if another call comes in on the same account while you are on a call, and there may be situations where it would work across multiple accounts (I didn’t test with two SIP accounts, for example).

The manual seems to confirm my suspicions that IAX and SIP don’t work together as well as one might hope:

How many SIP servers may AG-188N register simultaneously?
AG-188N support 2 SIP servers and a IAX server. The Default server is SIP. If you want to use the IAX server you must set IAX as default protocol in the IAX config page. IAX and SIP can register simultaneously but not work simultaneously. If you set 2 SIP servers in the SIP setting page, you can choose the route (server) by dialing plan which is edited by you. Please see “How to use the dial rule?” for detail.

Before you get too perturbed by this, ask yourself how many other devices let you use multiple accounts from the same phone. And if you’re wondering how you would select which account to use for a particular call when multiple accounts are available, that sort of thing is accomplished in the Dial-Peer screen, which we briefly covered yesterday. You probably will need to read the manual to learn how to set it up.

You might be wondering how you’d set up that second SIP account. That’s accomplished by looking in the “Advance” section of the left-hand menu, and clicking on SIP. When you do that you get this screen:

Atcom AG-188N Advanced SIP configuration screen

As you can see, it’s pretty much a duplicate of the other SIP configuration screen, but without as many settings, and with the word “Private” inserted into many of the description texts (not sure why they chose the word “Private” to describe the second account, but oh well). Really, there are only five new settings here:

• STUN Server Addr — If you use a STUN server, enter its address here
• STUN Server Port — If you use a STUN server, enter the port number here. The default STUN server port is 3478.
• STUN Effect Time — a different Atcom manual is far less confusing on this item: “STUN detect NAT type interval time. If NAT found a link inactive for a certain time, it will close the link so you need to send a packet within a interval time to keep the link alive.”
• Enable URI Convert — convert # into %23 when sending URI (from a different Atcom manual, since it’s not in the one for the AG-188N).
• Enable SIP Stun — A different Atcom manual sums this STUN stuff up nicely: SIP STUN is used for NAT transverse. When you config STUN server’s address and port (default 3478) and enable it, then you can use the normal SIP server to make the IP phone transverse NAT.

I will point out that more than likely, if you define a STUN server on this page, the AG-188N will be able to utilize it whether you are using the primary SIP account, or the “Private” account defined on this page. So it’s just slightly confusing that although at first glance this appears to be the settings for the second account, there are a few items here that could affect the ability of both accounts to penetrate NAT firewalls.

By the way, if you want to know more about STUN you can always try Wikipedia, and if you need to find a public STUN server, just Google public stun servers, and your desire should be met! That said, I’ve never had much luck trying to use a STUN server, and in most cases you won’t need to use one, which perhaps is why these settings were placed on this page.

If you’re starting to see that in many ways this device is more full-featured than some other VoIP adapters that are out there (and probably easier to configure), you can understand why I really like this unit – well, for the most part. And that brings me to the subject of security.

When you first access the unit, you have to login, and that’s to be expected. While some competing adapters don’t force you to use a username and password, they basically only have two accounts — user and admin. The AG-188N has those (well, actually, guest and admin) by default, but you can add more. If you click on “Account Management” in the left-hand menu, it brings you to the screen shown below, minus the entry fields at the bottom — those only come up when you press Add, to add an account:

Atcom AG-188N Account configuration page

It’s probably obvious that this is also the page you’d go to if you wanted to change a user’s password, or to delete an account.

There are two user levels possible, Root and General. General users only get to see a limited subset of the pages: WAN Config, LAN Config, Audio Settings, WEB Update, FTP/TFTP Update, Auto Provisioning, and Logout & Reboot. I’m not sure why you’d need to add additional users, but you can. Anyway, it appears you have to set a User name and Password for all users.

And normally that would not be any problem at all, except that while writing this review I’ve had to go back into the interface several times to look at the configuration, and if I haven’t done anything in there for a few minutes it apparently logs me off, and then I’m forced to login all over again! While I suppose this is really a good thing — if you happen to leave your browser open to this device and then leave, some mischief-maker can’t come along half an hour later and start changing settings on you — it’s still kind of a pain when you are doing something like this. Oh, well, I guess it really is a good thing!

For those that want extra security, you can go to the “MMI Filter” page and set a filter by address range:

Atcom AG-188N MMI Filter screen

When the MMI filter is enabled, only IP addresses between the start IP and the end IP can access the AG-188N. It’s a good dose of extra security, but be careful not to lock yourself out — and remember, if you ever take your adapter with you when you travel, whatever network you happen to land upon may not be using the same IP range as your home network. So I don’t think I’d advise setting this if you travel a lot, but at least the AG-188N gives you the option, something that some other adapters do not.

What’s next? Well, we haven’t even really touched on the networking functions in this unit. Stay tuned for the next installment!

Disclosure: CIGear provided me with an Atcom AG-188N for review purposes, and allowed me to keep it after I was finished writing this series, and for that I am most grateful.

Previous Installment | Next Installment

Articles in the series: Review of Atcom AG-188N IAX+SIP ATA (VoIP adapter)

Part 1 – The unboxing
Part 2 – Initial setup using IAX
Part 3 – Setting the time and configuring outbound dialing
Part 4 – Setting up SIP, and securing the adapter
Part 5 – Networking and Internal Router
Part 6 – Final Thoughts and Summary Review
Part 7 – Addendum

The post Review of Atcom AG-188N IAX+SIP ATA (VoIP adapter) – Part 4 – Setting up SIP, and securing the adapter appeared first on VoIP Blog by VoipSuperstore.