5. Initial System Configuration

5.1. Network Configuration
5.2. Apply Configuration Changes
5.3. Start Securing Your Server
5.4. Configuring the Email Server
5.5. Advanced Network Configuration
5.5.1. Audiocodes devices workaround
5.5.2. Extra SIP listening ports
5.6. What’s next?

After the installation went through successfully, you are ready to adapt the system parameters to your needs to make the system work properly.

5.1. Network Configuration

If you have only one network card inside your system, its device name is eth0, it’s configured and only IPV4 is important to you then there should be nothing to do for you at this stage. If multiple network cards are present, your network card does not use eth0 for its device name or you need IPv6 then the only parameter you need to change at this moment is the listening address for your SIP services.

To do this, you have to specify the interface where your listening address is configured, which you can do with the following command (assuming your public interface is eth0):

ngcp-network --set-interface=eth0 --ip=auto --netmask=auto
ngcp-network --move-from=lo --move-to=eth0 --type=web_ext --type=sip_ext --type=rtp_ext --type=ssh_ext

If you want to enable IPv6 as well, you have to set the address on the proper interface as well, like this (assuming you have an IPv6 address fdda:5cc1:23:4:0:0:0:1f on interface eth0):

ngcp-network --set-interface=eth0 --ipv6='fdda:5cc1:23:4:0:0:0:1f'
[Tip]

Always use a full IPv6 address with 8 octets, leaving out zero octets (e.g. fdda:5cc1:23:4::1f) is not allowed.

If you haven’t fully configured your network interfaces, do this by adapting also the file /etc/network/interfaces:

vim /etc/network/interfaces

Add or adapt your interface configuration accordingly. For example, if you just want to use the system in your internal network 192.168.0.0/24, it could look something like this:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 1.2.3.4
        netmask 255.255.255.0
        gateway 1.2.3.1
        dns-nameservers 8.8.8.8
        dns-search yourdomain.com
/etc/init.d/networking restart

5.2. Apply Configuration Changes

In order to apply the changes you made to /etc/ngcp-config/config.yml, you need to execute the following command to re-generate your configuration files and to automatically restart the services:

ngcpcfg apply
[Tip]

At this point, your system is ready to serve.

5.3. Start Securing Your Server

During installation, the system user cdrexport is created. This jailed system account is supposed to be used to export CDR files via sftp/scp. Set a password for this user by executing the following command:

passwd cdrexport

The installer has set up a MySQL database on your server. You need to set a password for the MySQL root user to protect it from unauthorized access by executing this command:

mysqladmin password <your mysql root password>

For the Administrative Web Panel located at https://<your-server-ip>:1443/, a default user administrator with password administrator has been created. Connect to the panel (accept the SSL certificate for now) using those credentials and change the password of this user by going to SettingsAdministrators and click the Edit when hovering over the row.

5.4. Configuring the Email Server

The NGCP installer will install mailx (which has Exim4 as MTA as a default dependency) on the system, however the MTA is not configured by the installer. If you want to use the Voicemail-to-Email feature of the Voicebox, you need to configure your MTA properly. If you are fine to use the default MTA Exim4, execute the following command:

dpkg-reconfigure exim4-config

Depending on your mail setup in your environment (whether to use a smarthost or not), configure Exim accordingly. In the most simple setup, apply the following options when prompted for it:

  • General type of mail configuration: internet site; mail is sent and received directly using SMTP
  • System mail name: the FQDN of your server, e.g. ce.yourdomain.com
  • IP-addresses to listen on for incoming SMTP connections: 127.0.0.1
  • Other destinations for which mail is accepted: the FQDN of your server, e.g. ce.yourdomain.com
  • Domains to relay mail for: leave empty
  • Machines to relay mail for: leave empty
  • Keep number of DNS-queries minimal (Dial-on-Demand)? No
  • Delivery method for local mail: mbox format in /var/mail/
  • Split configuration into small files? No
[Important]

You are free to install and configure any other MTA (e.g. postfix) on the system, if you are more comfortable with that.

5.5. Advanced Network Configuration

You have a typical test deployment now and you are good to go, however you may need to do extra configuration depending on the devices you are using and functionality you want to achieve.

5.5.1. Audiocodes devices workaround

As reported by many users, Audiocodes devices suffer from a problem where they replace 127.0.0.1 address in Record-Route headers (added by the sip:provider CE’s internal components) with its own IP address. The problem has been reported to Audiocodes but as of end 2012 the fixed firmware is not available yet so supposedly the whole range of Audiocodes devices, including but not limited to the MP202, MP252 CPEs as well as Audiocodes media gateways, is malfunctioning. As a workaround, you may change the internal IP address from 127.0.0.1 to some dummy network interface. Please execute the following command (in this example 192.168.2.2 is a new internal IP address):

ifconfig dummy0 192.168.2.2 netmask 255.255.255.0

Adapt your /etc/network/interfaces file accordingly:

auto dummy0
iface dummy0 inet static
address 192.168.2.2
netmask 255.255.255.0

Update the network configuration in the sip:provider CE:

ngcp-network --set-interface=dummy0 --ip=auto --netmask=auto
ngcp-network --move-from=lo --move-to=dummy0 --type=sip_int --type=web_int

Refer to the Network Configuration chapter for more details about the ngcp-network tool.

Apply configuration:

ngcpcfg apply

5.5.2. Extra SIP listening ports

By default, the load-balancer in sip:provider CE listens on the UDP and TCP ports 5060 (kamailiolbport) and TLS port 5061 (kamailiolbtlsport). Should you need to setup one or more extra non-standard listening ports in addition to those standard ports, please edit the kamailiolbextra_sockets option in your /etc/ngcp-config/config.yml file.

The correct format consists of a label and value like this:

    extra_sockets:
      port_5064: udp:10.15.20.108:5064
      test: udp:10.15.20.108:6060

The label is shown in outbound_socket peer preference (if you want to route calls to specific peer out via specific socket); the value must contain a transport specification as in example above (udp, tcp or tls).

[Important]

The media relay uses one main primary external IP address. You should make sure it is reachable to all of your subscribers and peers (or disable the media relay for subscribers by checking the never_use_rtpproxy preference if they have routable IP addresses) - refer to the Security and Maintenance chapter for more details on firewalling.

Apply configuration:

ngcpcfg apply

5.6. What’s next?

To test and use your installation, you need to follow these steps now:

  1. Create a SIP domain
  2. Create some SIP subscribers
  3. Register SIP endpoints to the system
  4. Make local calls and test subscriber features
  5. Establish a SIP peering to make PSTN calls

Please read the next chapter for instructions on how to do this.