NEW T-Mobile 5G Home Internet Service & Home Automation

[dallas]

it will connect to the PBX using SIP (I assume registration happens)

Can you check this in the logs. Without registration he won't be able to receive calls but I'm surprised he can't make calls.
This is where I'd start my troubleshooting.

 

[cosmic]

Can you check this in the logs. Without registration he won't be able to receive calls but I'm surprised he can't make calls.
This is where I'd start my troubleshooting.

What I mean is I see occasional messages in the log that say "Contact (extension number) is now reachable" but it really isn't. If he attempts to place a call, the log shows nothing because Tmobile is not passing the sip traffic. If I attempt to place a call to him, the log shows the call attempt and shows where it thinks it is ringing his phone, but his phone doesn't ring, and eventually it goes to voicemail. Again, this is because Tmobile is not passing the sip traffic. Which is why I asked about SIP TLS.

You are suggesting that the failure of plain vanilla SIP to work over Tmobile is a problem that can be fixed by finding something in the log, or doing some other troubleshooting. But it can't. Many people have tried, no one has succeeded so far. But apparently that changes if you use TLS, but I don't know how to use TLS, which is why I was asking if anyone has written up a how-to on the subject. Sorry if I'm not interested in following up on your question, but I can't see the point in beating a dead horse. Unless Tmobile changes something, plain SIP is never going to work for their home Internet customers, because they are doing something that blocks the traffic. My suspicion is they are blocking UDP traffic on port 5060 and other known SIP ports, but since TLS uses TCP that's not getting blocked - but I may be completely wrong about that, after all IAX works and I think that is UDP. But VERY few ATA's or phones have ever supported IAX protocol; I don't even think any of Polycom's current crop of phones support IAX.

 

[dallas]

We need more information here.
1. A detailed description of the architecture.
2. A copy of the asterisk log file when he tries to register.
3. Any other relevant information.

 

[cosmic]

We need more information here.
1. A detailed description of the architecture.
2. A copy of the asterisk log file when he tries to register.
3. Any other relevant information.

NO, you don't need ANY of that TO ANSWER THE QUESTION I ASKED!

Since you apparently didn't take the hint the first time, let me be blunt - PLEASE stop replying to this. You are wanting to fix the plain SIP connection and that simply cannot be done with Tmobile in the mix. I am asking for information (specifically, links to information), not for you to troubleshoot a connection that will NEVER, EVER work. Unless you can provide a link to the information I requested, PLEASE stop replying. Your type of "help" is not wanted in this situation! I'm sorry I have to be that rude but you just don't seem to be understanding that a plain SIP connection WILL NOT WORK over Tmoble's home internet, so it is an absolute waste of time to try and get it to work, and I'm not going to indulge your fantasy that you can somehow make it work by asking me to produce "more information."

Now, if you happen to have links to videos or tutorials that show how to make an Obihai device function as an Asterisk extension using SIP TLS, by all means please feel free to pass those along, but if you are just going to keep attempting to make plain SIP work by asking irrelevant questions, I'm just going to ignore you.

 

[dallas]

Then good luck in you quest. I'm done!

 

[ostridge]

After 8 months, we finally got an invitation to sign up for T-Mobile's new $50 a month unlimited 5G Home Internet Service. You basically get a router with an antenna that you can take anywhere T-Mobile has 4G and 5G coverage. Hardware should arrive tomorrow so we'll keep you posted.

View attachment 3716

Looks like a BIG lump of plastic for your 'overnight bag'

 

[kenn10]

@cosmic I understand your frustration but yelling at a forum member at 1:00am Eastern time doesn't enhance your chances of getting help. IncrediblePBX users rarely use TLS on their systems so there does not appear to be a lot of knowledge about it on this forum -- including from me.

One apparent fact is that SIP trace tools do not work with TLS so SNGREP is not going to be helpful in analysis. Another fact is that TLS alone does not obfuscate voice traffic from the internet snoopers but it can help get past SIP blockage by transport providers.

I have also been researching TLS implementation on FreePBX and have a lot of unanswered questions. There seem to be various things required depending on the type of phone it is being deployed with. I also have questions about whether a new certificate/key needs to be generated since we already have a default one that comes with IncrediblePBX. @wardmundy might be able to shed some light on this.

Over on the FreePBX forums, there is a discussion in 2019 talking about TLS and @billsimon was trying to help someone with Polycom phones. I don't know if the problem was ever resolved.

It would be great if @billsimon , @Tonyclewis or other forum members could help with a definitive guide for deploying TLS because I have not yet found anything that is really helpful. I'd like to see a "FreePBX and TLS for Idiots" guide that goes through settings in Asterisk, FreePBX and the phones.

 

[KNERD]

I suggest you get a router which supports OpenVPN, setup OpenVPN server on the PBX, and connect all the needed telephones to that router. No more headaches.

 

[billsimon]

One apparent fact is that SIP trace tools do not work with TLS so SNGREP is not going to be helpful in analysis.

There are a couple ways you can diagnose TLS connections. "pjsip set logger on" will output all SIP messages to the console, including TLS. You can also enable res_hep (https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Configuration_res_hep), point it to some unused port on localhost, and then listen to that port with sngrep.

This is the right place to start: https://wiki.freepbx.org/display/phon/tls+and+srtp

It assumes a Sangoma phone. Once you have the TLS parts enabled on FreePBX you can connect another type of phone.

I also have questions about whether a new certificate/key needs to be generated since we already have a default one that comes with IncrediblePBX.

Most phones won't like connecting to a self-signed certificate. You will have to use Certificate Manager to acquire a legitimate one affiliated with your FQDN. You can use Let's Encrypt for a free one.

 

[cosmic]

I suggest you get a router which supports OpenVPN, setup OpenVPN server on the PBX, and connect all the needed telephones to that router. No more headaches.

That would be a great idea but there is one problem, for some reason I can't figure out he now says that he wants to also be able to use a softphone on his desktop computer, and I don't know of any way to set up a VPN so that ONLY the traffic from the softphone would flow through it. Also, I don't know much about VPN's and he knows even less than I do, and I would not trust that he could set up a VPN that would only allow traffic from his softphone and not all his web searches and other traffic. And he is geographically too far away to go set it up for him, but even if I could he's the type that would monkey with it and change the settings after I left.

I had actually read somewhere that it is possible to use an Obihai phone with OpenVPN and I had given some thought about maybe trying to set it up just for the phone, until he informed me that he also really wants the softphone to work. Anyway, I'll have to give some more thought to all of this but at this point my enthusiasm for trying to make it work is considerably dampened.

 

[dicko]

As to sngrep not working with tls ( -k option), that is easily correctable. . .

GitHub - irontec/sngrep: Ncurses SIP Messages flow viewer

Ncurses SIP Messages flow viewer. Contribute to irontec/sngrep development by creating an account on GitHub.

github.com

If you read through then i suggest this a perfect one for @ward on one of his 'nothing to do days' to add to his various releases

99% of all dentists say preferring TLS over UDP/5060 will reduce frustration and hair/money loss

(Although IANAD , I would agree )

 

[dicko]

I will also opine, that if you actually use TLS and have control over your certificates , then the chances of a successful penetration will approach zero . . . .

If you disagree with this, please explain why,

If you implemented it and have a documented penetration, then I would say "holy Shit!!' let's see that" ;-)

 

[wardmundy]

Dropping to $30 on May 10 when bundled with Magenta Max. Check availability here.

T-Mobile Ratchets Up the Competition, Will Offer Bundled $30 Fixed Wireless Home Internet

T-Mobile Internet Freedom promotions include a free 15-day trial of the service and half-off for streaming service YouTube TV

www.telecompetitor.com

 

[KNERD]

That would be a great idea but there is one problem, for some reason I can't figure out he now says that he wants to also be able to use a softphone on his desktop computer, and I don't know of any way to set up a VPN so that ONLY the traffic from the softphone would flow through it. Also, I don't know much about VPN's and he knows even less than I do, and I would not trust that he could set up a VPN that would only allow traffic from his softphone and not all his web searches and other traffic. And he is geographically too far away to go set it up for him, but even if I could he's the type that would monkey with it and change the settings after I left.

I had actually read somewhere that it is possible to use an Obihai phone with OpenVPN and I had given some thought about maybe trying to set it up just for the phone, until he informed me that he also really wants the softphone to work. Anyway, I'll have to give some more thought to all of this but at this point my enthusiasm for trying to make it work is considerably dampened.

Actually, that is not a problem. You can still use a modem for all traffic. Just do not sent all traffic through the VPN. For the telephones, you can put the IP address of the PBX set for the VPN server on the PBX. FOr example 10.8.0.1 could be the IP address of the VPN server internally, and have the PBX also lsiten on that address, then set the telephones to connect to 10.8.0.1. Anything else not using that IP address will continue to use the router as normal.

 

[ext-104]

Just signed up for T-Mobile 5G unlimited "Business" internet.

Same price as the Home Internet $50.00 a month. No contracts, free router, etc.

The Business Internet allows the addition of a static IP address for $3.00 a month.

I'm hoping the business version will not have the issues with the network level CGNAT / IP pooling
that happens on the Home version. We'll see. I'll be testing in a few days.

To qualify...
Business Credit Check
Businesses EIN
Business Address
Business Phone number (live call verified)

 

[billsimon]

Just signed up for T-Mobile 5G unlimited "Business" internet.

Same price as the Home Internet $50.00 a month. No contracts, free router, etc.

The Business Internet allows the addition of a static IP address for $3.00 a month.

As one who has been using my T-Mobile 5G Home Internet service for business purposes (permitted in their terms of service for freelancers, sole proprietors, single-person LLC types) I am intrigued... please follow up on this and let us know about the equipment and network configuration when you get your service established. Would they really deliver static IPv4 without the 464XLAT? I didn't even think it was possible on their 5G network. Or are they going to give you a static IPv4 at the far end of their 464XLAT... static but you still have your traffic going through that NAT. (What would be the point of that?)

I see the service listed on their site (is it new?) but I can't find any details about the static IP add-on.

edit: https://www.t-mobile.com/news/devic...-deliver-5g-fixed-wireless-internet-solutions

 

[ext-104]

I couldn't find any info either on static ip's until I called and asked multiple times
and was reassured that it was possible.

Not sure how they are going to do it. Best guess? Maybe some sort
of tunnel extension from their gateway to the router?

Order specifics.....
Wavemaker™ 5G Indoor Router FX2000
Static IP Business and PS IPV4MI

 

[wardmundy]

Not sure why they couldn't employ the same technique as many routers by reserving a DHCP address based upon the MAC address of the device. They may call it a static IP, but it's probably just a reserved DHCP address.

 

[billsimon]

@wardmundy and others who have this service, have you done any speed tests lately? My area must have gotten a service upgrade recently, because previously we were around 150Mbps. Now nearly 450Mbps. Wow!

Speedtest by Ookla - The Global Broadband Speed Test

Use Speedtest on all your devices with our free desktop and mobile apps.

www.speedtest.net

 

[wardmundy]

Can't wait for expansion. Being gypsies, we have multiple locations where we'd love to give Comcast the .