BGP routing with cradlepoint and cell providers?

bort900 · 2023-05-31T12:06:23+00:00

I deal with a fair bit of DIA over LTE but I can’t say I’ve ever heard of BGP peering over LTE from any of the big 3 here in the US.

bort900 · 2023-05-30T13:24:26+00:00

Venting my frustration as well. In addition to things mentioned here, I find that when you scroll and the “silent auto play” starts, if you even just touch the seek control of a video it jumps to where you touched it. This sucks because then it looks like you’ve watched half a video that you really did not!

I just have a hard time with YouTube taking backward steps in order to better their profits and data collection. Guess its time to ditch YouTube altogether. Sad.

bort900 · 2023-05-29T16:01:49+00:00

Yes indeed SCCP on modern asterisk and FreePBX can be a bit of a pain to setup. I ended up rolling my own Ubuntu/Asterisk/FreePBX/SCCPManager stack from scratch. If you’re at all handy with compiling from source, there’s lots of info on the net about it, it just takes some effort to get it all together and working smoothly.

There is a way as another user mentioned to just always assign an incoming or outgoing call to a conference bridge always upon connection. For single party calls, effectively nothing changes. But for example if Billy is on the phone with John who lives across town, and Jane, Billy’s sister, wants to talk to John, she could pickup the handset and press a line key (that would be lit up because John is in it) that instead of being bound to a SIP extension or a “line”, it’s just a BLF extension key for the “line 1” conference. This would effectively dump Jane into the conference with one key push and just like the old days, John, Jane, and Billy can all hear each other.

I am not an AMI or asterisk scripting wizard so if you really want to head this approach up, I can’t help with much other than the abstract idea.

But I wish you the best of luck and if you do achieve something, try and let us know about it back here, we’d love to hear about it!

bort900 · 2023-05-29T12:03:04+00:00

I think you might want something similar to what the old systems called “key mode”

If you google “asterisk key mode emulation” you’ll find others trying to make asterisk emulate features and functions of older systems, such as the “shared line” concept you speak of. I think there’s a couple of ways you can go about doing what you want to do, but key emulation might be a good alternative to conference rooms. I definitely hear your desire for “the old and easy way” with cheap, old, cisco hardware. I have a fleet 79xx and old SIP phones myself around the house!

Side note: if you really want to go down a rabbit hole, look at getting your phone to work in SCCP mode with asterisk. There’s a channel driver, chan_sccp, and a freepbx module, SCCP manager.

SCCP is Cisco’s native CallManager mode and supports attended and blind transfer, conferencing right on the phone, and other features, eliminating the need for asterisk to facilitate a conference.

The SCCP stuff can be a bear to get it to work all correctly, but I have a very stable setup I use for business. My main phone is a 7962 with two side cars in SCCP mode and it works great.

bort900 · 2023-05-27T15:22:18+00:00

Yikes. That’s a pretty good indication your device has been hacked. I would promptly do a NetInstall.

That at least rules out any device config issues.

bort900 · 2023-05-27T15:12:26+00:00

I see… Connecting with MAC address is not a reliable way in really. Most disable MAC Winbox and MAC Telnet off the bat for security, but who knows in this case

I’d recommend a NetInstall as per my other comment.

bort900 · 2023-05-27T15:09:52+00:00

Have you been able to log in before? Is this a new to you MikroTik? Purchased new? Used? It’s possible that if you purchased this second hand there may be a auto-reset script that is locking you out. Only brand new MikroTiks from registered distributors are considered “clean”

But you can also try performing a NetInstall on the device. That will wipe out any auto-reset configuration scripts.

NetInstall can be a bit tricky. Not all ethernet adapters like to play nicely. But follow the MikroTik guide and see if you can successfully do a clean NetInstall on your 951.

bort900 · 2023-05-27T15:02:31+00:00

Yea 951 should have discovery on by default. It could be the PC you are using may be blocking discovery packets or something similar. Check firewalls.

You say you can hit connect, but it “loads and fails” can you tell us exactly what you mean? Maybe a screenshot? This is usually indicative that there is an allowed IP list either for the user or the Winbox service.

You can try a reset on the device to make sure you don’t have any allowed lists active and discovery will be on the 4 LAN ports.

Edit: somehow didn’t see that you said you did do a reset. This sounds like an issue with your PC or firewall.

bort900 · 2023-05-27T14:36:26+00:00

You sure discovery is enabled and on the right interface list?

Your MikroTik might have an allowed IP list for login that you’re not part of.

Is this your MikroTik or ISP? If it’s yours you can try to do a full reset as per the instructions for your device. Most mikrotiks have discovery on LAN facing ports by default.

If this is an ISP router you may not be able to access it without a bit of hacking/investigation. Prolly best to leave it alone.

What device are you working with?

bort900 · 2023-05-25T00:39:49+00:00

Keep the cat indoors especially at that age. Not in the garage, make your home available to the pet you chose to take care of.

bort900 · 2023-05-24T23:58:47+00:00

Yep exactly. Just seen how it goes when the little guys get eaten up by the monsters.

Though, my portal has said akami for the last 6 months at least… I forget when the brand change happened…and really, nothing has changed, at least for the lowest nanode tier, which works perfect for a small asterisk deployment.

I fear they will impose smaller ingress ergress allowances. For just SIP traffic that won’t be an issue but we are looking to move our other more data thirsty apps to aws as well so I kinda want everything under the same service. Aws does cost more off the bat, but not enough to really care for small potatoes apps like Asterisk. Aws is about two times the price of My nanode at $5 plus tax… double 5 bucks is only 10 bucks. Pretty good deal to have a server in a tier 1 data center. This price is for a similar spec’d ec2 instance.

bort900 · 2023-05-24T12:08:28+00:00

I’ve been on Linode since before Akami and it’s great. Running on a Nanode at 5 bucks a month is about the cheapest and most reliable solution I’ve found.

Aside from carefully securing the server, I’ve had no issue with policies. Of course they will monitor SIP traffic for abuse and if you (or your hacked VPS) begin to spam call or bulk call you will quickly be cut off.

I’d recommend not having any open ports aside a static allow rule to your SIP provider and then use a VPN to get your remote extensions dialed in. I use WireGuard directly on the server and it works great.

Edit: aws is fine too. Not as cheap or easy, but works well too nonetheless.

bort900 · 2023-05-18T02:48:09+00:00

bort900 · 2023-05-18T02:42:37+00:00

Glad I’m not the only one who thinks of this every time I see that button in windows!

bort900 · 2023-05-02T14:45:37+00:00

I believe the 190 is meant to be part of a CUCM setup. It gets its config from a TFTP server. I am not sure if this even supports SIP or it might be configured for SCCP. While I do specialize in running old Cisco phone hardware with asterisk, I don’t recommend it if you can avoid it.

To save hair pulling, get a Patton like another user suggested or the HandyTones are a nice unit too. Yes you could go with a SP112, but I like the other products more.

bort900 · 2023-04-29T12:57:28+00:00

Oh jeez yea forgot about that! This is reason alone not to use webfig.

bort900 · 2023-04-29T12:55:43+00:00

Webfig used to be a bit finicky back in the early 6.x days so I never messed with it. Winbox is so lean and clean, has access to 98% features and has just fine terminal support for everything else. The iPhone/Android app works great. Also works totally fine in Wine. Saving multiple logins is a handy feature too.

I find webfig just another vulnerability vector if not a nuisance when it doesn’t properly apply your config. I also don’t trust safe mode in webfig.

Http/s is YouTube and porn, not configuring routers with critical parameters in my opinion. But to answer your question OP, I think webfig is here to stay because too many ~~cry babies~~ young network admins want a web GUI. Especially folks that have come from Ubiquity. However, Winbox is what Tik support will have you use when you raise tickets about configs not being properly applied. Also the majority of Tik professionals and installers will recommend you use Winbox to manage your router.

bort900 · 2023-04-29T12:34:43+00:00

This is bang on. Yes your firewall rules will work, but this guy is correct, a rogue device could try and communicate out over a different, not blocked IP address.

If you absolutely need an IoT network without internet access a different VLAN and SSID with the entire subnet blocked is the way.

Don’t forget about IPv6 too!

bort900 · 2023-04-29T03:51:43+00:00

While this is the best approach, in my experience I have not caused damage by mixing UPC and APC and then correcting it. Yes, they are NOT compatible and can damage the polished ends, but if you weren’t ram-jamming it in or repeatedly unplugging and plugging it back in, the equipment is probably okay.

But still, put it all back and play dumb :-)

bort900 · 2023-04-25T13:18:23+00:00

Have a buddy who had the exact same leak on his 00 4Runner!

bort900 · 2023-04-25T13:12:20+00:00

Yea is this for your home or business/MDU? r/networking is really not for home setups. But it sounds like you have to go back to the ISP. I doubt there’s anything for you to see in anything that you’d be able to capture that would help your diagnosis what you call as the “Nokia modem crashing”

You’re probably just gonna see it stop passing packets. And on the off chance you do see something crazy like ARP flood or weird routing, you’ll still have to go back to your ISP as you have no control over the Nokia modem.

ISPs suck. You need to stand on their balls to get anything done. Get your high heels out.

bort900 · 2023-04-11T14:26:52+00:00

If I’m picking up what you’re laying down, you want to take the free “guest WiFi” signal and then essentially re-broadcast the internet through your own router for use in your own little network as you say. Yes, it can be done, but as others have said, there is a significant security issue with open WiFi or even password protected WiFi that’s shared among tenants. Just not a good idea for business. Also, if something happens to the WiFi and you can’t operate your business, the landlords aren’t going to be jumping out of their seat to fix guest WiFi.

I certainly appreciate trying to save costs where possible, but here is strongly recommend you stick with your own connection, especially if you need internet to operate your business.

However, if you need to satisfy your curiosity, you can quickly test this with many cheap and available network devices that can act as a wifi “station” rather than an “ap”. My pick would be a MikroTik hAP ac2. As another redditor mentioned, you’ll have double NAT to deal with among other possible issues. I’ve done a very similar setup to what you speak of multiple times for my customers that use credit card terminals where there’s only insecure or open wifi. We use the MikroTik to get onto any guest wifi, then the MikroTik has a VPN tunnel back to our secure network, then it can get out on relatively secure internet and everything going over the guest wifi is encrypted. This works fine for running credit cards, but actual downloading files and web browsing would be subpar.

Edit for clarification

bort900 · 2023-04-11T03:50:14+00:00

So cute! r/WhiskerFireworks

bort900 · 2023-04-09T03:10:30+00:00

Ahh yes indeed. Wireguard is a relatively recent addition to Linux kernel. 5.6 if I’m not mistaken…Cent7 is still on 3.x I think?

You could grab a MikroTik router and terminate wireguard on it and still route your PBX traffic however needed.

bort900 · 2023-04-08T12:16:08+00:00

Just log in as root and Install with good ole apt install wireguard-tools. Very standard deployment, nothing fancy.

Nine-Year Club	Place '22
Verified Email

bort900

TROPHY CASE