Digium Phones, More Secure and Better Sounding

By Malcolm Davenport
Share this:Share on Facebook33Tweet about this on TwitterShare on LinkedIn9Pin on Pinterest0

Digium IP Phones

Fridays are typically the worst days for software releases, but when AstriCon’s afoot, it’s usually the only day we can sneak stuff out before the conference starts. So, last Friday, we pushed new versions of Digium phone firmware and the Digium Phone Module for Asterisk (DPMA).

They’ve got some new goodies in them. None of these new capabilities are currently available in Switchvox, but some of them might be seen in future versions.

What’s new in phones?

 

We’ve been working on two phone fronts lately:

  1. Security
  2. Audio

Security – 802.1X

Towards security, we spent a lot of time this summer completing our 802.1X project for our new D6x model phones. 802.1X is a standard for port-based network access control. Simply put, it’s what prevents someone from walking into your office, plugging their laptop into an open Ethernet port on the wall, and joining your network. With 802.1X, that means someone has to authenticate first.

With all phones, we introduced 802.1X pass-through support to allow a laptop to connect through the switched port; 802.1X auth-logoff support to allow the phone to simulate a logoff command on behalf of your laptop – if you close the lid and walk away, for example; and EAP-MD5 authentication, the basic username+password security mechanism for 802.1X.

With our D6x model phones, we introduced some additional authentication methods for the phones themselves:

  • EAP-PEAPv0/MSCHAPv2
  • EAP-TLS
  • EAP-PEAPv0/EAP-GTC
  • EAP-TTLS/EAP-MSCHAPv2
  • EAP-TTLS/GTC

With this, Digium’s D6x model phones should be in great shape for any 802.1X-equipped network. To learn more about setting up 802.1X authentication on Digium’s phones, see the Digium Phones and 802.1X wiki page.

Security – Signaling and Media Encryption

Users of DPMA have always been privy to secure provisioning of Digium’s phones – DPMA’s great at that. Now, users of Digium’s D6x model IP phones can also secure regular call signaling using TLS, so no one knows who you’re calling or who’s calling you, and the call’s media using SDES SRTP, so no one knows what you’re talking about – it’s all static to anyone capturing the packets.

You’ll need Asterisk 13.11 or greater to be able to take advantage of this capability with DPMA (in addition to the new 3.2 release of DPMA). To learn more about setting it up, visit the Digium Phones and Secure Calling wiki page.

Audio – New codecs

We’ve also been hard at work adding some new audio tricks to Digium’s D6x model phones. At launch, they supported G.711 a-law, G.711 u-law, G.726, G.729a and G.722. Now, there are a few more options.

First, we’ve added support for an additional narrowband codec, iLBC. iLBC is a no-royalty, low bit-rate (13.33kbit/s) codec that provides better sound quality than that provided by G.729. It’s also one of the WebRTC codecs. It’s been supported in Asterisk for many years.

Next, we added support for two very fancy codecs – G.722.1 Siren7 and G.722.1C Siren14, licensed by Polycom©. G.722.1 is a wideband codec, 16kHz, like G.722. But, G.722.1 does what G.722 does, at half the bandwidth. Where G.722 needs 64kbit/s to give wideband audio, Siren7 does it in 32kbit/s, without a whole lot of processor overhead. The Siren14 codec is one better. It’s an ultrawideband codec – 32kHz. With Siren14, you’ll hear richer bass and clearer highs than with regular wideband codecs. Siren14 is also relatively low CPU overhead, and it does it at 48kbit/s – also better than G.722’s 64kbit/s. Support for G.722.1 and G.722.1C in Asterisk requires the use of two codec modules. You can download them from Digium’s codecs download page. Or directly from the downloads server.

Finally, and perhaps most interestingly (though I’m personally partial to Siren14 for high-quality networks), we added support for Opus, another of the WebRTC codecs. Digium’s D6x model phones now support both narrowband, 8kHz at 12kbit/s, and wideband, 16kHz at 20kbit/s, Opus. Opus is a lovely codec and is particularly robust during adverse network conditions. Your network’s got 5% packet loss? Not a problem for Opus. 10%? Still good. 20%? Your users still might not notice. It’s really amazing technology. To use Opus with Asterisk, you’ll need Asterisk 14.0.1 (today) or a new version of Asterisk 13 (coming in a few weeks). When installing Asterisk, you’ll see an option from the menuselect utility to install Opus. Or, you can download the codec module directly from the downloads server.

For more details on the codecs support for Digium’s phones, visit the Codecs info block on the wiki.

No Comments Yet

Get the conversation started!

Add to the Discussion

Your email address will not be published. Required fields are marked *

About the Author

Malcolm Davenport

Digium lifer, celebrator of 16 Digium birthdays, and Digium employee #4. "I like te-lephony and I cannot lie. You other vendors can't deny; When a call comes in with MOS so you can't hear and some echo in your ear you get angry!" - Sir Mix-a-Malcolm

See All of Malcolm's Articles