Fritz 7590 not register with Voip Provider

esgs

Neuer User
Mitglied seit
23 Mrz 2022
Beiträge
4
Punkte für Reaktionen
0
Punkte
1
Hi all, I need to add a voip provider with tls transport. My voip provider support only TLS1.0 and said me to register without verification. Is that possible from 7590? As I see from Frits OS 7.10 TLS1.0 is not supported is possible to find an older firmware?
 
SIP-over-TLS has been supported since FRITZ!OS 7.2x only. It was not present before. Therefore, can you elaborate on why you mentioned older FRITZ!OS versions like FRITZ!OS 7.1x. As your provider pointed out, the SIP client of AVM supports only TLS 1.1 upwards (whyever, I filed a bug report for that).

Furthermore, certificate verification cannot be disabled either. At least, I found no way to do so. Therefore, I filed another bug report because you cannot edit/add TLS trust anchors yourself as of today.
voip provider support only TLS1.0
Whom exactly? Doesn’t he offer UDP besides TLS?
He should upgrade to the TLS cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and therefore offer TLS 1.2 – that was specified more than 14 years ago in RFC 5289. 14 years. Usually, that is just a configuration change today. Sometimes it is a minor source patch.
without verification
If you provide the server address (publicly or via a private message), I could double-check whether this is required. Again, it costs no 15 €/year to get a valid working TLS certificate. Actually, with Let’s Encrypt, it would cost nothing (but the one-time setup might be a bit more complex).
Is that possible from 7590?
Not directly. You could go for a SIP-B2BUA, for example, Digium Asterisk or SignalWire FreeSWITCH. I tested that, and this works. Not tested, but you even might be able to use a TLS tunnel, for example, stunnel. If you need help with that, just say so, then I double-check whether this works.
I am curious: Why do you want to use a FRITZ!Box exactly?
You could use other DECT-SIP adapters as IP client behind your DSL router, which offer TLS 1.0 and allow any TLS certificate.
 
  • Like
Reaktionen: esgs
Hi, thank you for your reply. I need the BRI out from Fritz for an old ISDN PBX, because my client do not want to change his PBX for now.In my mind I would setup Fritz in simple IP client mode behind the company's router. Voip Provider that I cooperate with support connections with UDP or TLS (If I setup by UTP they need static IP or FQDN, On TLSv1.0 they need the Do not Verify option checked). From my side I didn't check if Fritz is what I need. I said him that replacing PBX is the best way but he decide.
 
Well, your VoIP/SIP provider should move because he is the one 14 years behind best practices, security related best practices.
if I setup by UDP they need static IP or FQDN
A bit unusual either. Some providers require the SIP header Contact to send a public IP address. This can be achived with a FRITZ!OS as IP client by using STUN. Furthermore, the UDP port is kept open by sending Double-CRLF, if you enable that option in FRITZ!OS. With that, the UDP address/port is reachable all time.

That does not work, only if your provider is using something bad designed non-transparent load balancing (and calls you from different IP addresses). In that case, you have to go for a port forwarding in your routers/firewalls.

In other words, UDP should do. Did you double-check already?
I need the BRI out from Fritz for an old ISDN PBX
Here in Germany, we have two alternatives for that:
  • Bintec-Elmeg be.ip (plus)
    also sold by Telekom Deutschland as
    • Digitalisierungsbox Standard
    • Digitalisierungsbox Smart, and
    • Digitalisierungsbox Premium.
  • Lancom All-IP Option, for example, the Lancom 1784VA
Both are available via eBay quite cheap. They allow the import of your own TLS trust anchor, optionally do not verify the certificate, and still offer TLS 1.0 if you like to. Furthermore, those provide two ISDN BRIs – the Lancom 1784VA even four – giving you more concurrent calls. And those can be used as IP clients exactly like a FRITZ!Box. In other words, you do not have to use their DSL modem as WAN.
 
Ok we don't have this options here in Greece and I will try to order from ebay the first one "Digitalisierungsbox Standard" for my tests as is quite cheap. I hope this will not be locked with Telekom Deutschland so I can use it for my purposes.
Do you know if this is stable with BRI?
In Greece Providers offer an Oxygen gateway but many times they need reboot when no calls arrive on PBX.
 
not be locked with Telekom Deutschland so I can use it for my purposes
Yes, it is not locked. I use a Digitalisierungsbox Smart with my own Digium Asterisk. However, the configuration was a bit nasty. I used this guide … adding a ISDN phone wasn’t that straight forward easy either. If you face any issue, just ask when it arrived.
Do you know if this is stable with BRI?
Works here with ISDN devices for Germany. Those boxes are used as media gateway for ISDN installations all over Germany. Then, they are used as DSL modem+router+VoIP. However, here in the board we see sometimes reports, usually related not being the main+first router … anyway, works here too.
they need reboot when no calls arrive on PBX
Sounds like the device is behind a firewall: Port binding / keep-alive timeout?
 
Thank you very much sonyKatze for your support, I'll try with "Digitalisierungsbox Standard" and if I stuck I will ask you again.
 
Holen Sie sich 3CX - völlig kostenlos!
Verbinden Sie Ihr Team und Ihre Kunden Telefonie Livechat Videokonferenzen

Gehostet oder selbst-verwaltet. Für bis zu 10 Nutzer dauerhaft kostenlos. Keine Kreditkartendetails erforderlich. Ohne Risiko testen.

3CX
Für diese E-Mail-Adresse besteht bereits ein 3CX-Konto. Sie werden zum Kundenportal weitergeleitet, wo Sie sich anmelden oder Ihr Passwort zurücksetzen können, falls Sie dieses vergessen haben.