Well this is a bit annoying. I had been closely following the various email blasts from VOIP.MS that are intended to let customers like me know how to react to the denial-of-service attack (see recent blog posts). I had gone to quite a bit of trouble to reconfigure several phones and ATAs at several physical locations to make use of the chicago3 server instead of our usual denver2 server.
Then sort of on a whim I happened to click around on the Twitter feed of VOIP.MS. There, sort of as an aside, the people at VOIP.MS happened to let slip that each of their servers that has gotten “hardened” against the DDOS attack, and that now has a green check mark, is no longer supporting encryption. Each of the green-check-box servers is usable only on port 5060, not port 5061, and you can’t use RTSP.
This means that all of the hard work that I did to reconfigure several phones and ATAs at several physical locations to make use of the chicago3 server instead of our usual denver2 server was a waste of time. Those phones and ATAs still will not work because they are all set up to use TLS and RTSP for full encryption of the telephone calls.
Now I get to start all over again, clicking through VPNs and otherwise doing whatever is needed to log in to each of the various phones and ATAs to do about four times as much reconfiguration as I had previously understood to be necessary.
Previously I thought that all I had to do was find the screen or popup window where “denver2.voip.ms” appears and change it to the IP address of the chicago3 server. But now for the first time, only sort of by accident by clicking around in a twitter feed, I have learned that I must also:
- click around to find the screen or popup window to change “5061” to “5060” for the SIP port.
- click around to find the screen or popup window to change “TLS” to “UDP” for the SIP protocol.
- click around to find the screen or popup window to change “SRTP” to “RTP” for the audio transport protocol.
In all of my devices these settings are in three different places — a first place for the server, a second place for the SIP settings, and a third place for the audio protocol settings.
And it is not only me. Each of my staff people is going to have to go through this much more complicated reconfiguration process. Once right now to get to a “green check box” server, and again at some future time when it once again becomes possible to turn the encryption back on and to migrate back to a Denver server.
Oh and not only that. It is going to be necessary right now to turn off encryption for each of our SIP trunks (what VOIP.MS) calls “subaccounts”. And at some future time it will be necessary to turn the encryption back on for the SIP trunks.