Call From Cell Phone but Appear as Company Number

Has anyone developed an App, Web Code etc that would allow a user to initiate a call from their cell phone that will appear as/call from a Company Number (SIP trunk connected to a FreePBX Server)?

The Ask
What I envision is our users connect to an authenticated web page/app of some sort. When they login the system knows what “cell phone” they are on (based on read-only admin-populated fields) and what number(s) they are allowed to dial out from.

From there, they can enter a number they want to call. When the user presses call, the phone server initiates a call to them and to the other party and bridges them together.

Is this possible? Has it already been done?

The Background
We use Twilio for our SIP trunks. There is an App that someone created using the Twilio API called TwiDial to do this. It essentially does the same as the Google Voice app and creates a Conference Bridge between the Caller and the Callee. Both users receive a call from the phone system and when they answer, the calls are bridged together. The Twilio app could work for us, however, it is like $0.03 per minute and we cannot easily limit either side of the call (choice of company numbers or destination numbers).

Further Information
I understand there is some security implications of triggering calls from a web interface/App. This is why we want to limit the “outbound” call to an “approved cellphone number (read-only)” and require the user authenticate before being allowed to press “dial”

I know that we could set them up with a Softphone on their cellphones, but we currently do not allow any “public” IP phones. Any Softphones in use have to be connected over VPN. This was a security choice to limit attack vectors.

Our users frankly would find it too complicated to connect to VPN and then open a Softphone App. I know it seems trivial but it is not for them.

Thoughts
I suppose we could dedicate a virtual extension to the user that has “follow me” enabled with their cell phone number, and then user something like the below code to trigger a call from that extension.Its a little more management on our side to keep track of, update and manage virtual extensions as users move around, but it could work.

Have you explored “DISA” as a dialing strategy? Like your “log on through the VPN” problem, it does require a double-step to get connected, but it works very well and can be controlled through a series of security steps (PINs and CID Matches, for example).

Click to dial might be able to work, but you run several risks, not the least being it requires the caller to bring up a webpage to make a call.

Thank you Dave. I have not explored DISA on FreePBX/Asterisk.

The last time I used (ran from) DISA was in the Nortel days. I remember being so scared of it because it was relatively easy to spoof phone numbers and then relay. Since then, I have avoided it.

However, based on your recommendation, I will do some poking around.

It may still frighten you. It depends on your comfort levels and how you implement it. DISA these days is much more robust and using dual authentication, you should be able to get it working for you pretty easily.

DISA combined with a Callback basically eliminates the issue of hacking by spoofing CID.
https://wiki.freepbx.org/display/FPG/Callback+Module+User+Guide
https://wiki.freepbx.org/display/FPG/DISA+User+Guide

DISA via callback should work, especially if the user can program pauses and DTMF in to their cell phone’s speed dial. Press one speed dial, wait a couple seconds, and get a call from the PBX. Then, dial your destination number.

Thank you @lgaetz and @TechGuyMike

With the Callback feature (was not familiar with it) a pin code may not even be required for DISA, which would simplify the user experience. if we were getting spoofed, the worst it would do is drive the user nuts who continued to receive hack attempt calls.

Now the only challenges would be the user dialing the destination number, which hopefully is doable. Sometimes DTMF is an issue on our side. People have to dial our IVR options a couple times (we have some 6 digit + # IVR dial options)

Would you have the user dial the destination number on DISA or on Callback? Would there be any issue of potential exploits by allowing a user do dial an outbound number through callback? We do not allow external transfers in our IVRs/voicemails/etc to prevent relaying

@lgaetz @TechGuyMike

I played with the Callback and DISA tonight. It works very well and takes almost no effort to setup. This will definitely create a simple way for our users to make masked calls.

With callback, do you still recommend using a Pin code on DISA? If I can avoid something else our staff have to remember, that would be good. But If there are serious security risks, I want to avoid.

The only ask that cannot be accomplished with this method is if a user needs to have access to multiple outbound CIDs. I guess we could setup multiple Dial-in numbers, or an IVR prior to triggering callback.

Thoughts?

As long as nobody can get to the DISA by spoofing or wardialing, then a PIN is probably not necessary. Still not a bad idea tho.

You can create outbound routes with dial prefixes for presenting different outbound CID or you can get the paid commercial module Caller ID Management to keep things really simple:

Thank you Lorne.

I am going to test tomorrow with one of our staff and see how it goes. We have used the Dial Prefix method for CID internally. I guess this could easily be extended to mobile users with a little training.

Thank you again

1 Like

FWIW, I have a data plan with our cellular carrier. I have installed SIP clients on our roving pocket Cell devices. The roving SIP client should always be connected to the server. I put a so called “hairpin” loop in our main router, so that we connect to our Asterisk via the same static IP when out and about or at home on the wifi. The user should not need to do anything to connect. Call routing will not change when at home, or when visiting an international destination. The call will be received and routed in the same way. I happen to use Zoiper as a client on the pocket devices. When making an outbound call, caller ID is set to what used to be our land line number. If you call it back, you get a greeting inviting you to enter a user extension number. This is a residential system, so we no longer get junk calls. Ha.

Outbound caller ID could be set on a per user basis. As well, you could set up office desk SIP phones with the same extension or DID number(s). Whatever works best for you.

I’ve tried this approach (as have others) and the results are kind of a mixed bag. Sometimes it works great. Other times, it doesn’t work at all. The rest of the times are somewhere in the middle.

If you can get a SIP client to work reliably, then you should by all means do that. The DISA approach is a little more predictable and works reliably for people that only want to make outbound calls. Since the cell isn’t on a continuous connection, the phone won’t necessarily be an extension, so there are advantages and disadvantages (depending on whether you are the person calling or carrying the phone).

It’s just another approach. If you can get them both to work, you have the best of all worlds.

I agree with Dave. The trouble with SIP on cell phones is that it requires a very stable data connection and can also be a big drain on battery. I’ve personally found it more reliable to forward an extension to a cell number and use DISA for outgoing, but I’m glad it’s worked for you, Jeremy!

To improve cell phone performance both battery and availability, use tcp NOT udp

1 Like

Thank you all for your suggestions. So far the Callback + DISA is working pretty well. The only real challenge has been having the number available to dial when the DISA Callback happens.

Most people (including me) are in a habit of saving numbers to our Digital Address Books. If we want to make a call and appear from the company, we have to jot down the number prior to calling.

The SIP Client/Softphone approach is viable especially with NAT Redirection for internal users. However, with internal NAT Redirection, it would mean all SIP traffic that was using that feature (public IP internally) would have to go through the firewall and back to the SIP Server. Though it works, it is not ideal for us. We also do not want our SIP Servers publicly available. I know it has been done for years by others but keeping them out of public space is just one more attack vector we don’t have to worry about.

Separate question:
@dicko When you use TCP instead of UDP, do you notice an increased audio delay? People talking over each other etc? or is it pretty similar to UDP? For those of us on the team that do use VPN and Softphone (I.T. Staff) this could be helpful

UDP is connectionless, that is, the client needs to continuously “poll” the server to get it’s ‘state’, thusly VPN’s over UDP (the default) or sip connections over UDP (also the default) are continuously sending traffic both ways and that is a drain on the battery , TCP works on IP/port pairs of connections, default re-registration occurs every 2 minutes but that is adjustable , so if there are no active calls there is minimal traffic although both ends “know” the connection state as of the last registration, calls from the phone would reopen a disrupted connection if possible, calls to the phone might get a busy if the connection is currently disrupted.

Audio delay is not directly connected to the protocol used between endpoints, just the latency intrinsic between them over the “inner tubes” , so ‘talking over’ is a problem if the latency goes much above 100ms, there is nothing that can be done to change the laws of physics that can reduce an already present time shift.

Not sure why no one mentioned this.
In FreePBX 13 UCP, you can enter any number to originate calls, and it will call your followme list, once you answer the call it’ll call the number you entered in UCP. (see attached picture at the bottom)

Make sure to have Call confirmation enabled, otherwise if your voicemail answers it will call the number you entered and give that person your cellphones voicemail…

If you want to secure this… you can set up dyn clients on your mobile devices which will update your phones IP on your firewall, so you don’t open UCP to the WWW.

Or… you can code a custom webpage which the user can originate calls from and will call the users follow me list. you can even build this on a separate server and connect it with Asterisk Manager Users.

EDIT: In FreePBX 14 you can only originate calls to your contacts, recent calls etc. you cannot enter a random number. It must be stored in the PBX prior wanting to originate the call.

1 Like

Thank you for this explanation @dicko

Just to clarify, when you refer to TCP, You are referring to the SIP control packets, not the actual conversation packets? The Conversation is probably still happening over UDP (RTP, SRTP) correct?

For our Setup, all clients are setup to use TLS for SIP control communication, which I believe inherently uses TCP.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.