STIR/SHAKEN 302 redirect setup for Freepbx?

We have our on token and sign every call that leaves our networks and verify all inbound signed calls. It’s not very enjoyable and a lot of hoops over a year ago to get setup.

Yeah, but you own entities that require this. Someone connecting to VI with FreePBX as their “switch/SBC” isn’t the same level. Asterisk is a B2BUA not a Session Border Controller, so if you are using FreePBX as your “switch” to route calls to other FreePBX systems that’s not having an SBC or a softswitch. That does not check the “I use an SBC” box.

So ClearlyIP is not something that can be compared to. ClearlyIP owns entities that have their own SPIDs and can have numbers ported to them directly, not another carrier on their behalf.

Gonna be flat out honest here, VoIP Innovations is not a place someone with an OCN/SPID and having blocks assigned to them is going to go “Oh yeah, we need them to round this out”. It’s a bunch of people either connecting their PBXes directly on VI’s platform or routing it to a FreePBX system that is the “main system” for their customers. If you have to port your numbers to an existing OCN like Bandwidth, Intelliquent, etc. then you are not someone that needs to be signing calls since the numbers aren’t yours.

But again, I will follow up with compliance and Bandwidth tomorrow to get this sorted out. It would be strange that I would have to be required to sign my own calls using Bandwidth DIDs to send the call over Bandwidth. I mean I guess Bandwidth could be cool with me having a third party sign calls with their DIDs and then send them out another carrier.

You do not need number authority to get a token. That was waived over a year ago. All you need is a OCN and be a 499 filer.

The problem here is technically under the FCC mandate I can only sign calls that are placed by a customer I have a direct relationship with. Deep talks we have have with our own Telcom legal team and compliance have all come up with the same conclusion VI is stating here, which is if my customer is a reseller and they are selling to a end user I am 2 layers away from the customer and technically can not sign their call as I do not have a direct relationship with the entity that is making the call.

These mandates are not just for carriers. They are for all VoIP interconnects which is as per the FCC every single company who resells VoIP.

Even if your are de-minis for USF you still have to be setup as a 499 filler and file the annual report. It just means you do not have to pay in for USF until you reach the 10k min. And remember you still have to collect that USF as once you hit 10k in annual USF you have to pay that 10k in. To many reseller miss this part and spend the 10k or do not collect it and then have problems once it becomes due. Also remember the USF de-minis only covers USF. You still have to collect and pay in the other 3 Federal level Telcom taxes. Another point most people forget about.

Like I said, I’ll talk to the needed parties on my end about this.

A very pertinent point from @tonyclewis

Those of us with 'legal departments ’ would best take their advice (might take a buck or two, also might not be good advice, (BTDT) ). Those without , well take your pick when it comes to advice here, it is ‘varied’ !

Pragmatically I see so far the whole concept , good as it was intention-ed, has been a dismal failure. Spam still gets through, the big guys just refuse to comply, and the lawyers still get to profit , unfortunately, until some advice here ''formalizes" many might well be penalized before Verizon or AT&T arefor mon-compliance . . .

If one sells a ‘bundled service’ for $x.nn per seat are you intrinsically selling a ‘voip’ service ? (another one for the lawyers maybe)

Well we know for sure selling a hostedPBX or UCaaS or whatever flavor of the day name is being used this year 100% qualifies as interconnected VoIP. If you allow connecting to or from the PSTN you are considered interconnect VoIP. This has been settled by the FCC and courts with people trying to fight it and loosing.

Per the FCC

The FCC has defined “interconnected VoIP service” as those VoIP services that: 1) enable real-time, two-way voice communications; 2) require a broadband connection; 3) may require IP-compatible customer equipment; and 4) permit subscribers to receive calls from and place calls to the Public Switched Telephone Network.

Pretty well damning for most everyone, No ?

One would think so. It’s been settled for quite a long time.

Settled but perhaps not yet fully absorbed here. Time will out . . .

All the latest post’s by Tony are correct. The issue that has arisen, and the one I’m trying to deal with, is technically how to comply? Transnexus has offered a solution and supposedly their lead engineer is actually on the board advising the FCC on STIR/SHAKEN. This solution however it appears does not work with Asterisk based phone systems and therefore I suspect is useless for a huge part of the PBX install base.

There is this on their website: ClearIP In-Line Proxy | TransNexus

If I understand this, the problem is people using FreePBX “off label”, as a central office switch for small, second level customers.

Define “Off Label”

I’m using FreePBX as the PBX for my clients. They all have their own dedicated FreePBX system.

Yes, that’s them. Been talking/testing with them for a little over a week now.

I understand that, but the specific page I linked is for an inline proxy for things which don’t support the 302. It’s linked from the main ClearIP page.

Correct… Issue is… it still doesn’t work as designed from what I’ve been able to see working with them. I have their proxy set up for testing but it doesn’t exactly work as they diagram on the website according to the doc and invite path they sent me directly.

In fact in order for it to work as they show on that website, I’d need to tell the inline proxy where to send the calls after token tagging. There’s noting in the proxy setup to set the provider trunks up.

Clearly someone is missing something somewhere…

I’d understand that as being a central office switch, possibly a centrex one, not a PABX, which I’d understand as being exclusive to the using organisation (or possibly the building - not that FreePBX is suited to multi-tenant).

you understand that incorrectly.

EACH of my clients has their own PBX. My clients are the end users. Small business doctor’s, lawyers, vets, automotive repair shops, accountants, etc…

These are not mutli-tenent PBX installs.

But again, the issue isn’t the PBX necessarily, it’s the FCC’s definition of who can sign traffic. If I’m reselling sip to their PBX I have to sign the traffic. Unfortunately I have no physical way of doing that since I literally have no SBC or network equipment.

I resell the Sip trunks but the PBX connects directly to VI.

The only equipment I have access to is the PBX itself and there’s not mechanism for signing the tokens at that level.

Yet, by the letter of the law, this is what the FCC requires because the customer is mine, not VI’s.

I’m on a first name basis with all my clients, I’m not a big “provider.” But since VI is one layer removed they can’t legally sign any traffic from my clients.

pulling from my original post (linked above in the thread) this is the invite path they sent me that contradicts what they have on their website for the inline-proxy product.

PBX ==Invite==>In-line Proxy
In-line Proxy =======Invite=======> Vendor (adds SHAKEN token to header)
In-line Proxy <====403 Forbiden==== Vendor
PBX <=====404 No Route Found======== In-ine Proxy
PBX =============Invite (with new header intact) ===============> SIP Provider

also, if you read through their inline-proxy setup instructions on that site, nowhere is there anywhere to tell the inline proxy how to direct calls to your provider… So it can’t possibly work.

My sangoma rep told me today we don’t have to do anything if we are using VI. I’m so confused lol

1 Like