Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7
1553 posts

Uber Geek
+1 received by user: 311

Lifetime subscriber

  Reply # 1958193 14-Feb-2018 18:00
Send private message quote this post

hio77:
gregmcc:

 

chevrolux:

 

 

 

To get a router working you need maybe three to five settings. There are a hell of a lot more to set up a SIP registration and make it work properly - the tones alone there are twenty-odd to set.

 

 

 

 

 

 

 

 

 

 

It's not that hard, done it myself with no problems.

 

 

 

 

 

 

 

IMO it's all about locking a customer in, force them to buy the VF modem (or commit to a fixed term contract), so no matter how bad the service gets the customer still has to pay every month.

 

 

 

Best advice is to ditch the VF modem and the VF VOIP, buy your own modem and go with 2 talk, heaps of features for a very reasonable base price.

 

 

 

 

 


Mike has posted earlier modems should be provided free of charge and with no required resign.

 

You would be better off steering clear of the VF supplied modems full stop. the modify the firmware and cause so many other bugs.

 

 

 

 


3451 posts

Uber Geek
+1 received by user: 1212

Subscriber

  Reply # 1958196 14-Feb-2018 18:18
Send private message quote this post

gregmcc:

 

chevrolux:

 

To get a router working you need maybe three to five settings. There are a hell of a lot more to set up a SIP registration and make it work properly - the tones alone there are twenty-odd to set.

 

 

 

 

It's not that hard, done it myself with no problems.

 

 

 

IMO it's all about locking a customer in, force them to buy the VF modem (or commit to a fixed term contract), so no matter how bad the service gets the customer still has to pay every month.

 

Best advice is to ditch the VF modem and the VF VOIP, buy your own modem and go with 2 talk, heaps of features for a very reasonable base price.

 

 

 

 

The fact a geekzone user can set up an ATA doesn't mean much. Mass market SIP has challenges, the biggest one being configuration. The single best way to deal with it auto-provision for which you need a platform to do so and matching hardware to suit.

 

It's barely lock in at all. If anything it would be the opposite, look at the out cry on here for starters.

 

Frankly, lock in is what I do for a job by selling a specific PBX platform which requires the customer to purchase phones/licensing from me. And then I won't support the hardware if you don't use my SIP and broadband services. VF are providing an analogue service designed to emulate the original POTS connection.

 

Edit: and for the record I don't like sticking up for VF. They make my day job hard.


84 posts

Master Geek
+1 received by user: 2


  Reply # 1958198 14-Feb-2018 18:19
Send private message quote this post

hio77: Mike has posted earlier modems should be provided free of charge and with no required resign.

 

 

But that is an ISP provider modem. Recently whenever you read about router based botnet it is one of the brands that is given out for free by the ISPs. On the border want a router that gets security updates and doesn't expose ports to the WAN for remote admin. Also don't want the ISP with a login a device which can see the LAN.

 

 

My experience with ISP provided routers is that they are slack, if at all, on the security updates. They offer remote admin to the ISP. They do odd things like only show a WiFi client list and not the wired client list.

26496 posts

Uber Geek
+1 received by user: 6038

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1958199 14-Feb-2018 18:22
Send private message quote this post

karit:

 

So had a quick skim over the thread.

 

By the looks VF won't release the SIP config details because they believe in security through obscurity? And scared if people know the config details they could be stolen and misused? I don't actually understand that argument and I work in IT security.

 

 

If you don't understand the argument you clearly no nothing about VoIP so have pretty much invalidated your argument. There are very good reasons for locking down VoIP settings, the simplest being the thousands of VoIP devices right now wide open on the internet that can easily be compromised.

 

Vodafone also deliver a fully managed end to end solution. This guarantees voice quality and that the setup will just work. If you're not happy with this then there are providers will give you the settings so you'd be best to go with one of them.


84 posts

Master Geek
+1 received by user: 2


  Reply # 1958201 14-Feb-2018 18:31
Send private message quote this post

sbiddle:

karit:

 

So had a quick skim over the thread.

 

By the looks VF won't release the SIP config details because they believe in security through obscurity? And scared if people know the config details they could be stolen and misused? I don't actually understand that argument and I work in IT security.

 

 

If you don't understand the argument you clearly no nothing about VoIP so have pretty much invalidated your argument. There are very good reasons for locking down VoIP settings, the simplest being the thousands of VoIP devices right now wide open on the internet that can easily be compromised.

 

Vodafone also deliver a fully managed end to end solution. This guarantees voice quality and that the setup will just work. If you're not happy with this then there are providers will give you the settings so you'd be best to go with one of them.

 

 

They ones I have seen exploited boil down to:

 

* Open ports to the net

 

* No or bad creds

 

* Not installing security updates

 

* Not using TLS on WiFI so creds in the clear

 

 

I have never seen a VoIP system exploited because the general config is public.

 

 

There is a difference between having a secure setup and hiding the settings. The only part of a config that needs to be secret is the key material.

79 posts

Master Geek
+1 received by user: 34


  Reply # 1959024 16-Feb-2018 11:07
One person supports this post
Send private message quote this post

If, and when their VOIP service is compromised and they incur a few thousand dollars in bills, guess who they are going to call and complain? 


26496 posts

Uber Geek
+1 received by user: 6038

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1959038 16-Feb-2018 11:13
One person supports this post
Send private message quote this post

karit:
sbiddle:

 

karit:

 

So had a quick skim over the thread.

 

By the looks VF won't release the SIP config details because they believe in security through obscurity? And scared if people know the config details they could be stolen and misused? I don't actually understand that argument and I work in IT security.

 

 

If you don't understand the argument you clearly no nothing about VoIP so have pretty much invalidated your argument. There are very good reasons for locking down VoIP settings, the simplest being the thousands of VoIP devices right now wide open on the internet that can easily be compromised.

 

Vodafone also deliver a fully managed end to end solution. This guarantees voice quality and that the setup will just work. If you're not happy with this then there are providers will give you the settings so you'd be best to go with one of them.

 

They ones I have seen exploited boil down to: * Open ports to the net * No or bad creds * Not installing security updates * Not using TLS on WiFI so creds in the clear I have never seen a VoIP system exploited because the general config is public. There is a difference between having a secure setup and hiding the settings. The only part of a config that needs to be secret is the key material.

 

Giving people their configuration allows people to configure their own hardware. That my nature makes it insecure when people who don't know how to correctly secure their hardware leave it exposed.

 

Sure you might know how to. That doesn't mean the other 99 people who want the details do.

 

At the day the goal of any PSTN replacement service should be to offer a fully managed end to end solution that will work correctly in every aspect and be compliant and more importantly can be supported. VoIP is my job, and if I counted up every SIP device I'd ever played with it'd be into the hundreds. Most routers with SIP stacks are all very different and not necessarily compatible with other SIP stacks, even routers from the same vendor using different chipsets can act differently.

 

If you want a provider who will let you use your own hardware then my recommendation would be to move to one who does.

 

 


'That VDSL Cat'
7962 posts

Uber Geek
+1 received by user: 1631

Trusted
Spark
Subscriber

  Reply # 1959039 16-Feb-2018 11:14
Send private message quote this post

karit:
hio77: Mike has posted earlier modems should be provided free of charge and with no required resign.
But that is an ISP provider modem. Recently whenever you read about router based botnet it is one of the brands that is given out for free by the ISPs. On the border want a router that gets security updates and doesn't expose ports to the WAN for remote admin. Also don't want the ISP with a login a device which can see the LAN. My experience with ISP provided routers is that they are slack, if at all, on the security updates. They offer remote admin to the ISP. They do odd things like only show a WiFi client list and not the wired client list.

 

you would be in a small subset of customers who are better off going with a provider suited to your needs.

 

 

 

Remote administration done right, is actually quite a useful feature for joe blogs.

 

often the ISP provided device is actually pretty solid - EG, the HG659b. This is hands down for pricepoint the best RGW for Gig connections. It will route the full speed unlike anything else that compares at the same pricepoint.

 

 

 

That's not to say the firmware or implementation is the greatest, but That's for the RSP's to manage and seek out improvements.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


'That VDSL Cat'
7962 posts

Uber Geek
+1 received by user: 1631

Trusted
Spark
Subscriber

  Reply # 1959043 16-Feb-2018 11:17
Send private message quote this post

sbiddle:

 

Giving people their configuration allows people to configure their own hardware. That my nature makes it insecure when people who don't know how to correctly secure their hardware leave it exposed.

 

 

to point out one example here

 

 

 

The fritzboxes, Amazing devices. but at one point there was a flaw in myfritz.

 

This allowed attackers to login to the device and make phonecalls.

 

 

 

https://www.geekzone.co.nz/forums.asp?forumid=85&topicid=148602

 

 

 

While is nolonger an issue, this sort of thing would be easily manageable by the RSP, when third party comes into it.... your up sh!t creak.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


26496 posts

Uber Geek
+1 received by user: 6038

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1959046 16-Feb-2018 11:18
One person supports this post
Send private message quote this post

karit:
hio77: Mike has posted earlier modems should be provided free of charge and with no required resign.
But that is an ISP provider modem. Recently whenever you read about router based botnet it is one of the brands that is given out for free by the ISPs. On the border want a router that gets security updates and doesn't expose ports to the WAN for remote admin. Also don't want the ISP with a login a device which can see the LAN. My experience with ISP provided routers is that they are slack, if at all, on the security updates. They offer remote admin to the ISP. They do odd things like only show a WiFi client list and not the wired client list.

 

Capabilities exposed via TR-069 depend entirely on the chipsets. Some older Broadcom chipsets for example can't differentiate between wired and wireless clients whereas newer ones can.

 

As for remote access TR-069 is secure when implemented properly, and the catch 22 being you can't really argue against remote access and complain about lack of updates in the same sentence because without TR-069 remote access updates of CPE isn't possible.

 

 


84 posts

Master Geek
+1 received by user: 2


  Reply # 1959309 16-Feb-2018 19:44
Send private message quote this post

Ok all that aside then,

 

 

Have environments where I don't make ISP choice etc.

 

 

If plug the VF router (it's WAN port) downstream of router on the border with the phone ports work? Or for the phone to work does the VF router need to be on the border?

'That VDSL Cat'
7962 posts

Uber Geek
+1 received by user: 1631

Trusted
Spark
Subscriber

  Reply # 1959391 16-Feb-2018 23:14
Send private message quote this post

karit: Ok all that aside then,

Have environments where I don't make ISP choice etc.

If plug the VF router (it's WAN port) downstream of router on the border with the phone ports work? Or for the phone to work does the VF router need to be on the border?


In most cases this Does work. Juzt remember to handle qos.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


26496 posts

Uber Geek
+1 received by user: 6038

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1959455 17-Feb-2018 08:12
Send private message quote this post

And just like that the *perfect* example of why full end to end control and autoprovisioning of VoIP is important comes along..

 

111 fails when needed in an emergency because somebody who's configured 2talk on their Fritzbox hasn't configured the approximately 15 settings (some of which aren't accessible from the GUI) to ensure the device works optimally.

 

https://www.geekzone.co.nz/forums.asp?forumid=43&topicid=230291

 

 


26496 posts

Uber Geek
+1 received by user: 6038

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1959456 17-Feb-2018 08:14
Send private message quote this post

hio77:
karit: Ok all that aside then,

Have environments where I don't make ISP choice etc.

If plug the VF router (it's WAN port) downstream of router on the border with the phone ports work? Or for the phone to work does the VF router need to be on the border?


In most cases this Does work. Juzt remember to handle qos.

 

And ensure all SIP ALG settings are disabled in the primary router.

 

 


4851 posts

Uber Geek
+1 received by user: 1508


  Reply # 1959460 17-Feb-2018 08:18
Send private message quote this post

And here's why Vodafone have the whole thing managed end to end

 

https://www.geekzone.co.nz/forums.asp?forumid=43&topicid=230291

 

Call failure calling 111.

 

EDIT, beaten to it by @sbiddle


1 | 2 | 3 | 4 | 5 | 6 | 7
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07


All or Nothing: New Zealand All Blacks arrives on Amazon Prime Video
Posted 2-Jun-2018 16:21


Innovation Grant, High Tech Awards and new USA office for Kiwi tech company SwipedOn
Posted 1-Jun-2018 20:54


Commerce Commission warns Apple for misleading consumers about their rights
Posted 30-May-2018 13:15


IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.