Reference Guide

Version 6.0

IPBRICK SA

July 2014
2

Copyright c IPBRICK SA
All rights reserved. July 2014.
The information in this manual is subject to change without prior notice. The
presented explanations, technical data, configurations and recommendations are
precise and trustful. Nevertheless, they have no expressed or implied guarantees.

Reference Guide - Version 6.0 IPBRICK SA

Contents

1 Aim of this document 17

2 Before Starting 19

3 IPBrick.I 25
3.1 Machine Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.2 Machine Management . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.2.1 Mass Operations . . . . . . . . . . . . . . . . . . . . . . . . 28
3.3 User Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.4 Users Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
3.4.1 Mass Operations . . . . . . . . . . . . . . . . . . . . . . . . 36
3.4.2 XML-RPC management . . . . . . . . . . . . . . . . . . . . 37
3.4.3 User Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.4.4 User Search . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.5 Domain Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
3.5.1 Configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
3.5.2 Users Management . . . . . . . . . . . . . . . . . . . . . . . 45
3.6 File Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.6.1 Individual Work Areas . . . . . . . . . . . . . . . . . . . . . 46
3.6.2 Group Work Areas . . . . . . . . . . . . . . . . . . . . . . . 47
3.7 E-Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.7.1 Configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.7.2 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.7.3 Queue Management . . . . . . . . . . . . . . . . . . . . . . . 56
3.7.4 Users management . . . . . . . . . . . . . . . . . . . . . . . 57
3.7.5 Mailing Lists . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.7.6 Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.7.7 Anti-Virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.7.8 Anti-Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
3.7.9 POP/IMAP Server . . . . . . . . . . . . . . . . . . . . . . . 67
3.8 Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
3.9 Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
3.9.1 Remote . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

IPBRICK SA Reference Guide - Version 6.0

4 CONTENTS

4 IPBrick.C 75
4.1 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
4.1.1 Available Services . . . . . . . . . . . . . . . . . . . . . . . . 76
4.1.2 Block Services . . . . . . . . . . . . . . . . . . . . . . . . . . 77
4.2 Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
4.2.1 Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
4.2.2 Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
4.2.3 Auto-Configuration . . . . . . . . . . . . . . . . . . . . . . . 92
4.2.4 Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
4.3 VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
4.3.1 PPTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
4.3.2 SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
4.3.3 IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
4.3.4 GRE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
4.3.5 VPC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
4.4 E-mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
4.4.1 Advanced relay . . . . . . . . . . . . . . . . . . . . . . . . . 107
4.4.2 Get Mail from ISP . . . . . . . . . . . . . . . . . . . . . . . 108
4.4.3 Mail Copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
4.4.4 POP/IMAP Server . . . . . . . . . . . . . . . . . . . . . . . 110
4.5 SMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
4.5.1 Configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
4.5.2 Routes Management . . . . . . . . . . . . . . . . . . . . . . 111
4.5.3 Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
4.5.4 Sending a SMS . . . . . . . . . . . . . . . . . . . . . . . . . 114
4.6 Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
4.6.1 Creating a new site . . . . . . . . . . . . . . . . . . . . . . . 116
4.6.2 Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
4.7 FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
4.7.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
4.7.2 Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
4.8 Groupware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
4.9 VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
4.9.1 Phone management . . . . . . . . . . . . . . . . . . . . . . . 129
4.9.2 Users Management . . . . . . . . . . . . . . . . . . . . . . . 130
4.9.3 Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
4.9.4 Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
4.9.5 Routes Management . . . . . . . . . . . . . . . . . . . . . . 164
4.9.6 Music on Hold . . . . . . . . . . . . . . . . . . . . . . . . . . 173
4.9.7 Voice Prompts . . . . . . . . . . . . . . . . . . . . . . . . . 173
4.9.8 Dialplan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
4.10 IM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
4.10.1 Activating / Deactivating the IM server . . . . . . . . . . . 178
4.10.2 Chat Recording . . . . . . . . . . . . . . . . . . . . . . . . . 179

Reference Guide - Version 6.0 IPBRICK SA

CONTENTS 5

5 IPBrick.GT 181
5.1 Fax Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
5.1.1 Fax2Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
5.1.2 Mail2Fax . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
5.1.3 Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
5.1.4 Routes Management . . . . . . . . . . . . . . . . . . . . . . 191
5.2 UCoIP Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
5.2.1 UCoIP Page Management Interface . . . . . . . . . . . . . . 197

6 IPBrick.SEC 201

7 IPBrick.4CC 203
7.1 Hypervisor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
7.2 VDI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
7.3 Terminal Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 205
7.3.1 Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
7.3.2 Client configuration . . . . . . . . . . . . . . . . . . . . . . . 212
7.3.3 Broker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

8 Advanced Configurations 217

8.1 IPBRICK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
8.1.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
8.1.2 System Information . . . . . . . . . . . . . . . . . . . . . . . 219
8.1.3 Web Access . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
8.1.4 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . 223
8.1.5 High Availability . . . . . . . . . . . . . . . . . . . . . . . . 228
8.1.6 Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
8.1.7 Remote Management . . . . . . . . . . . . . . . . . . . . . . 230
8.2 Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
8.2.1 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
8.2.2 Route management . . . . . . . . . . . . . . . . . . . . . . . 234
8.2.3 QOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
8.2.4 Service Routing . . . . . . . . . . . . . . . . . . . . . . . . . 238
8.3 Support services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
8.3.1 LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
8.3.2 DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
8.3.3 DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
8.3.4 ENUM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
8.3.5 DUNDi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
8.3.6 File Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
8.4 Disaster recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
8.4.1 Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 264
8.4.2 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
8.5 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
8.5.1 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
8.5.2 Task Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 268
8.5.3 Date and Hour . . . . . . . . . . . . . . . . . . . . . . . . . 269

IPBRICK SA Reference Guide - Version 6.0

6 CONTENTS

8.5.4 System users . . . . . . . . . . . . . . . . . . . . . . . . . . 270

8.5.5 Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
8.5.6 SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
8.5.7 Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
8.5.8 Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
8.6 Telephony . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
8.6.1 Cards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
8.6.2 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
8.6.3 Failover Switches . . . . . . . . . . . . . . . . . . . . . . . . 280
8.6.4 Registered Phones . . . . . . . . . . . . . . . . . . . . . . . 280
8.6.5 Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 282
8.6.6 SIP peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
8.6.7 IAX peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
8.6.8 Auto provisioning . . . . . . . . . . . . . . . . . . . . . . . . 296
8.6.9 TLS Management . . . . . . . . . . . . . . . . . . . . . . . . 299

9 Apply Configurations 303

10 Appendix A - Join in the domain 305

10.1 Windows XP Professional Workstation . . . . . . . . . . . . . . . . 305

11 Appendix B - Configuring a VPN connection 309

12 Appendix C - Configuration of a VPN SSL connection (Open

VPN) 311
12.1 Two or more SSL certificates . . . . . . . . . . . . . . . . . . . . . . 311
12.2 Configuration of a SSL Connection for MS Windows 2000/XP and
higher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

13 Appendix D - High availability 313

13.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
13.1.1 Advantages . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
13.2 HA Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
13.3 HA Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

14 Appendix E - UCoIP 317

15 Appendix F - IPBRICK.CAFE 319

15.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
15.1.1 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
15.2 Altering the default administrative credentials . . . . . . . . . . . . 320
15.3 IPBRICK.CAFE user guide . . . . . . . . . . . . . . . . . . . . . . 321
15.3.1 Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
15.3.2 Adding Apps . . . . . . . . . . . . . . . . . . . . . . . . . . 323
15.3.3 Adding Links . . . . . . . . . . . . . . . . . . . . . . . . . . 324
15.3.4 Posting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
15.3.5 User Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
15.3.6 Change Profile . . . . . . . . . . . . . . . . . . . . . . . . . 326

Reference Guide - Version 6.0 IPBRICK SA

List of Figures

2.1 IPBrick login interface . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.2 IPBrick left panel interface . . . . . . . . . . . . . . . . . . . . . . . 21
2.3 IPBrick left panel interface 2 . . . . . . . . . . . . . . . . . . . . . . 21
2.4 IPBrick main interface . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.5 IPBrick tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.6 Two opened tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.7 Warning Icon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.8 Warnings page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.9 User’s Management - Administrator . . . . . . . . . . . . . . . . . . 23
2.10 Warning - Check button . . . . . . . . . . . . . . . . . . . . . . . . 23
2.11 Warning - Done Button . . . . . . . . . . . . . . . . . . . . . . . . 23
2.12 Warning window without the fixed alert . . . . . . . . . . . . . . . 24

3.1 Machine Groups - List . . . . . . . . . . . . . . . . . . . . . . . . . 26

3.2 Machine Groups - Example . . . . . . . . . . . . . . . . . . . . . . 26
3.3 Machines Management - Machine registration . . . . . . . . . . . . 28
3.4 Machines Management - Options . . . . . . . . . . . . . . . . . . . 28
3.5 Machines Management - List . . . . . . . . . . . . . . . . . . . . . . 28
3.6 Machines Management - Search Window . . . . . . . . . . . . . . . 29
3.7 Machines Management - Search result . . . . . . . . . . . . . . . . . 29
3.8 Machine Management - Export . . . . . . . . . . . . . . . . . . . . 31
3.9 User Groups - Group creation . . . . . . . . . . . . . . . . . . . . . 32
3.10 User Groups - Groups List . . . . . . . . . . . . . . . . . . . . . . . 32
3.11 User Groups - Users . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.12 Users Management - Insert . . . . . . . . . . . . . . . . . . . . . . . 34
3.13 Users Management - List . . . . . . . . . . . . . . . . . . . . . . . . 35
3.14 Users Management - Operations . . . . . . . . . . . . . . . . . . . . 35
3.15 Users Management - Password Policies . . . . . . . . . . . . . . . . 39
3.16 Users Management - User Policies - Modify . . . . . . . . . . . . . . 40
3.17 Users Management - Password Policies . . . . . . . . . . . . . . . . 40
3.18 Error Warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.19 User Policies link . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
3.20 Error Warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.21 Password Validity . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.22 Password Validity - NO . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.23 Users List - User with no validity in his password . . . . . . . . . . 43
3.24 Users List Search link . . . . . . . . . . . . . . . . . . . . . . . . . . 43

IPBRICK SA Reference Guide - Version 6.0

8 LIST OF FIGURES

3.25 Users List Search window . . . . . . . . . . . . . . . . . . . . . . . 44

3.26 Domain Server - Definitions . . . . . . . . . . . . . . . . . . . . . . 45
3.27 Domain server - Users Management . . . . . . . . . . . . . . . . . . 45
3.28 Work Areas - List . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.29 Work Areas - Summary of Individual Areas . . . . . . . . . . . . . 46
3.30 Work Areas - List . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
3.31 Work Areas - Group 1 . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.32 Work Areas - Group 2 . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.33 Work Areas - Group - Management . . . . . . . . . . . . . . . . . . 50
3.34 Work Areas - Group - Users Access . . . . . . . . . . . . . . . . . . 50
3.35 E-mail - Configure . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
3.36 E-Mail - Definitions 1/2 . . . . . . . . . . . . . . . . . . . . . . . . 55
3.37 E-Mail - Definitions 2/2 . . . . . . . . . . . . . . . . . . . . . . . . 55
3.38 E-Mail - Definitions - Valid internal recipients . . . . . . . . . . . . 56
3.39 E-Mail - Definitions - Invalid senders . . . . . . . . . . . . . . . . . 56
3.40 E-Mail - Queue Management . . . . . . . . . . . . . . . . . . . . . . 56
3.41 E-mail - Users Management . . . . . . . . . . . . . . . . . . . . . . 58
3.42 E-Mail - Alternative addresses, Forwarding and automatic reply . . 59
3.43 E-Mail - Mailing List - Insert . . . . . . . . . . . . . . . . . . . . . 60
3.44 E-Mail - Mailing List . . . . . . . . . . . . . . . . . . . . . . . . . . 61
3.45 E-Mail - AntiVirus - ClamAV - Main menu . . . . . . . . . . . . . . 63
3.46 E-Mail - AntiVirus - ClamAV - Definitions . . . . . . . . . . . . . . 63
3.47 E-Mail - AntiSpam - SpamAssassin - Main Menu . . . . . . . . . . 66
3.48 E-Mail - AntiSpam - SpamAssassin - General Options - Reject . . . 66
3.49 E-Mail - AntiSpam - SpamAssassin - General Options - Mark . . . 66
3.50 E-Mail - AntiSpam - SpamAssassin - Created rules . . . . . . . . . 67
3.51 E-Mail - AntiSpam - SpamAssassin - Whitelist . . . . . . . . . . . . 67
3.52 POP/IMAP Server Definitions . . . . . . . . . . . . . . . . . . . . . 68
3.53 Print Server - Inserting a network printer at IPBrick . . . . . . . . 69
3.54 Print Server - Printer configurations . . . . . . . . . . . . . . . . . . 70
3.55 Backup - Task insertion . . . . . . . . . . . . . . . . . . . . . . . . 71

4.1 Firewall - Available Services . . . . . . . . . . . . . . . . . . . . . . 76

4.2 Firewall - Block Services . . . . . . . . . . . . . . . . . . . . . . . . 77
4.3 Proxy - Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
4.4 Proxy - Content Filtering . . . . . . . . . . . . . . . . . . . . . . . 78
4.5 Proxy - Content Filtering - Default . . . . . . . . . . . . . . . . . . 79
4.6 Proxy - Content filtering - Banned . . . . . . . . . . . . . . . . . . 79
4.7 Proxy - Content filtering - Accept All . . . . . . . . . . . . . . . . . 80
4.8 Proxy - Content filtering - Edit Default Definitions . . . . . . . . . 80
4.9 Proxy - Content filtering links . . . . . . . . . . . . . . . . . . . . . 81
4.10 Proxy - Content filtering - Mime Type Edit Page . . . . . . . . . . 81
4.11 Proxy - Content filtering - Extensions Edit Page . . . . . . . . . . . 82
4.12 Proxy - Content filtering - Domain Edit Page . . . . . . . . . . . . 83
4.13 Proxy - Content filtering - URL Edit Page . . . . . . . . . . . . . . 83
4.14 Proxy - Content filtering - Blacklists Edit Page . . . . . . . . . . . 84

Reference Guide - Version 6.0 IPBRICK SA

LIST OF FIGURES 9

4.15 Proxy - Content filtering - Phrases Page . . . . . . . . . . . . . . . 84

4.16 Proxy - Content filtering - Phrases Edit Page . . . . . . . . . . . . . 85
4.17 Proxy - Content filtering - Time Edit Page . . . . . . . . . . . . . . 85
4.18 Proxy - Content filtering - Time Edit Page . . . . . . . . . . . . . . 86
4.19 Proxy - Content filtering - Members Page . . . . . . . . . . . . . . . 86
4.20 Proxy - Source groups - LDAP filter . . . . . . . . . . . . . . . . . . 87
4.21 Proxy - Remote Proxy . . . . . . . . . . . . . . . . . . . . . . . . . 87
4.22 Proxy - Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
4.23 Proxy - Rules 1/2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
4.24 Proxy - Rules 2/2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
4.25 Proxy - Other configurations 1/2 . . . . . . . . . . . . . . . . . . . 91
4.26 Proxy - Other configurations 1/2 . . . . . . . . . . . . . . . . . . . 91
4.27 Proxy - Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
4.28 Proxy - Auto-Configuration . . . . . . . . . . . . . . . . . . . . . . 92
4.29 Proxy - Auto-Configuration Modify page . . . . . . . . . . . . . . . 93
4.30 Proxy Monitoring Page . . . . . . . . . . . . . . . . . . . . . . . . . 93
4.31 Proxy Monitoring Filter Page . . . . . . . . . . . . . . . . . . . . . 93
4.32 Proxy Monitoring Configurations Page . . . . . . . . . . . . . . . . 94
4.33 Proxy Monitoring Configurations Edit Page . . . . . . . . . . . . . 94
4.34 VPN - PPTP - Users . . . . . . . . . . . . . . . . . . . . . . . . . . 95
4.35 VPN - SSL Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
4.36 VPN SSL - Client certificate configuration . . . . . . . . . . . . . . 98
4.37 VPN SSL - Access policies list . . . . . . . . . . . . . . . . . . . . . 99
4.38 VPN - IPSec Configuration 1/2 . . . . . . . . . . . . . . . . . . . . 102
4.39 VPN - IPSec Configuration 2/2 . . . . . . . . . . . . . . . . . . . . 102
4.40 VPN - GRE Configuration . . . . . . . . . . . . . . . . . . . . . . . 104
4.41 VPC - General Configurations . . . . . . . . . . . . . . . . . . . . . 105
4.42 VPC - Internet Key Exchange Configuration . . . . . . . . . . . . . 105
4.43 VPC - IPsec Configuration . . . . . . . . . . . . . . . . . . . . . . . 105
4.44 VPC - Tunnel interface configuration . . . . . . . . . . . . . . . . . 106
4.45 VPC - BGP configuration . . . . . . . . . . . . . . . . . . . . . . . 107
4.46 E-Mail - Advanced relay . . . . . . . . . . . . . . . . . . . . . . . . 107
4.47 E-Mail - Get Mail from ISP - Base menu . . . . . . . . . . . . . . . 108
4.48 E-Mail - Get mail from ISP - Servers Management . . . . . . . . . . 109
4.49 E-Mail - Mail copy . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
4.50 POP/IMAP Server Definitions . . . . . . . . . . . . . . . . . . . . . 110
4.51 SMS - Enable configuration . . . . . . . . . . . . . . . . . . . . . . 111
4.52 SMS Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
4.53 GSM Gateway Route Example . . . . . . . . . . . . . . . . . . . . . 113
4.54 Web Server - Adding sites . . . . . . . . . . . . . . . . . . . . . . . 116
4.55 Web Server - Adding sites . . . . . . . . . . . . . . . . . . . . . . . 117
4.56 Web Server - Alias 1 . . . . . . . . . . . . . . . . . . . . . . . . . . 119
4.57 Web Server - Alias 2 . . . . . . . . . . . . . . . . . . . . . . . . . . 119
4.58 Web Server - Redirect - Example 1 . . . . . . . . . . . . . . . . . . 120
4.59 Web Server - Redirect - Example 2 . . . . . . . . . . . . . . . . . . 120
4.60 Web Server - Reverse Proxy - Example 1 - Empty site created . . . 121

IPBRICK SA Reference Guide - Version 6.0

10 LIST OF FIGURES

4.61 Web Server - Reverse Proxy - Example 1 - Add . . . . . . . . . . . 121

4.62 Web Server - Reverse Proxy - Example 2 - Add . . . . . . . . . . . 121
4.63 Web Server - Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 122
4.64 FTP Server - Definitions . . . . . . . . . . . . . . . . . . . . . . . . 122
4.65 FTP Server - Insert page . . . . . . . . . . . . . . . . . . . . . . . . 123
4.66 FTP Server - Access Log . . . . . . . . . . . . . . . . . . . . . . . . 124
4.67 FTP Server - Access log filter . . . . . . . . . . . . . . . . . . . . . 124
4.68 FTP Server - Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 125
4.69 FTP Server - General Statistics . . . . . . . . . . . . . . . . . . . . 126
4.70 FTP Server - User Statistics . . . . . . . . . . . . . . . . . . . . . . 126
4.71 Groupware definitions . . . . . . . . . . . . . . . . . . . . . . . . . 126
4.72 Login Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
4.73 Logo Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
4.74 Thunderbird Plugin Settings . . . . . . . . . . . . . . . . . . . . . . 128
4.75 Groupware options . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
4.76 VoIP - Phones management . . . . . . . . . . . . . . . . . . . . . . 130
4.77 VoIP - Phone Management Search window . . . . . . . . . . . . . . 130
4.78 VoIP - Users Management . . . . . . . . . . . . . . . . . . . . . . . 132
4.79 VoIP - Users Management - User VoIP settings . . . . . . . . . . . 132
4.80 VoIP - Users Management - Access classes and call queues . . . . . 133
4.81 VoIP - Call groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
4.82 VoIP - Sequence definitions . . . . . . . . . . . . . . . . . . . . . . 136
4.83 VoIP - Attendance sequences list . . . . . . . . . . . . . . . . . . . 136
4.84 VoIP - IVR attendance configuration . . . . . . . . . . . . . . . . . 138
4.85 VoIP - Call conference insertion . . . . . . . . . . . . . . . . . . . . 139
4.86 VoIP - Dynamic call conferences . . . . . . . . . . . . . . . . . . . . 140
4.87 VoIP - Call Parking . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
4.88 VoIP - Call Parking - Modify . . . . . . . . . . . . . . . . . . . . . 140
4.89 VoIP - Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
4.90 VoIP - Scheduling Inserted . . . . . . . . . . . . . . . . . . . . . . . 142
4.91 VoIP - Scheduling - Rule . . . . . . . . . . . . . . . . . . . . . . . . 143
4.92 VoIP - DISA - Insert . . . . . . . . . . . . . . . . . . . . . . . . . . 144
4.93 VoIP - Callback any number . . . . . . . . . . . . . . . . . . . . . . 145
4.94 VoIP - Callback authorized numbers or hangup . . . . . . . . . . . 146
4.95 VoIP - Callback authorized numbers or redirect . . . . . . . . . . . 146
4.96 VoIP - Call queue definitions . . . . . . . . . . . . . . . . . . . . . . 149
4.97 VoIP - Call queue members . . . . . . . . . . . . . . . . . . . . . . 150
4.98 VoIP - Call Queues - Current Users . . . . . . . . . . . . . . . . . . 150
4.99 VoIP - Boss/Secretary Group - Insert . . . . . . . . . . . . . . . . . 151
4.100VoIP - Boss/Secretary Group - Options . . . . . . . . . . . . . . . . 151
4.101VoIP - Boss/Secretary Group - Example . . . . . . . . . . . . . . . 152
4.102VoIP - Boss/Secretary Group - Settings Saved . . . . . . . . . . . . 153
4.103VoIP - Access Classes - Insert . . . . . . . . . . . . . . . . . . . . . 154
4.104VoIP - Access Classes - Members . . . . . . . . . . . . . . . . . . . 154
4.105VoIP - Speed Dial . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
4.106VoIP - Online phones . . . . . . . . . . . . . . . . . . . . . . . . . . 155

Reference Guide - Version 6.0 IPBRICK SA

LIST OF FIGURES 11

4.107VoIP - Call Statistics - Access Management . . . . . . . . . . . . . 156

4.108Finished Call statistics . . . . . . . . . . . . . . . . . . . . . . . . . 157
4.109VoIP - Statistics filter . . . . . . . . . . . . . . . . . . . . . . . . . 158
4.110Call recording requires licensing and the UCoIP recording package . 158
4.111VoIP - Call recording definitions . . . . . . . . . . . . . . . . . . . . 159
4.112VoIP - Call recording - Phones configuration . . . . . . . . . . . . . 159
4.113VoIP - Call recording - Phone Management/Additional numbers links160
4.114VoIP - Call recording - Phone Management page . . . . . . . . . . . 160
4.115VoIP - Call recording - Additional Numbers page . . . . . . . . . . 161
4.116VoIP - Call Supervision Group . . . . . . . . . . . . . . . . . . . . . 162
4.117VoIP - Call Supervision - Supervisioned phones . . . . . . . . . . . 162
4.118VoIP - Call Supervision Group members . . . . . . . . . . . . . . . 162
4.119VoIP - Call Manager configuration . . . . . . . . . . . . . . . . . . 163
4.120VoIP - Call Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 164
4.121VoIP - Routes Management . . . . . . . . . . . . . . . . . . . . . . 165
4.122VoIP - Local Routes . . . . . . . . . . . . . . . . . . . . . . . . . . 166
4.123VoIP - Outbound route definition . . . . . . . . . . . . . . . . . . . 169
4.124VoIP - Local - Basic Options . . . . . . . . . . . . . . . . . . . . . . 169
4.125VoIP - Local - Advanced Options . . . . . . . . . . . . . . . . . . . 170
4.126VoIP - Prefix definition . . . . . . . . . . . . . . . . . . . . . . . . . 171
4.127VoIP - Codecs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
4.128VoIP - SIP server for registering . . . . . . . . . . . . . . . . . . . . 173
4.129VoIP - Music on hold . . . . . . . . . . . . . . . . . . . . . . . . . . 173
4.130VoIP - Voice Prompts . . . . . . . . . . . . . . . . . . . . . . . . . 174
4.131VoIP - Voice Prompts by default . . . . . . . . . . . . . . . . . . . 174
4.132VoIP - Insert Voice Prompts . . . . . . . . . . . . . . . . . . . . . . 175
4.133VoIP - Dialplan - Filter . . . . . . . . . . . . . . . . . . . . . . . . . 175
4.134VoIP - Dialplan - Internal . . . . . . . . . . . . . . . . . . . . . . . 176
4.135VoIP - Dialplan - Inbound . . . . . . . . . . . . . . . . . . . . . . . 176
4.136VoIP - Dialplan - Outbound Routes . . . . . . . . . . . . . . . . . . 176
4.137Add - Edit - Delete Icons . . . . . . . . . . . . . . . . . . . . . . . . 177
4.140IM - Web messenger sites blocking in firewall . . . . . . . . . . . . . 178
4.138IM - Enabling Instant Messaging Server . . . . . . . . . . . . . . . 179
4.139IM - Blocking MSN applications . . . . . . . . . . . . . . . . . . . . 179
4.141Chat recording requires licensing and the UCoIP recording package 179

5.1 Fax Server - Configure . . . . . . . . . . . . . . . . . . . . . . . . . 181

5.2 Fax Server - FAX at telephony card . . . . . . . . . . . . . . . . . . 182
5.3 Fax Server - Fax Users . . . . . . . . . . . . . . . . . . . . . . . . . 184
5.4 Fax Server - Fax Interfaces page . . . . . . . . . . . . . . . . . . . . 184
5.5 Fax Server - Fax Interfaces Insert page . . . . . . . . . . . . . . . . 185
5.6 T38 - Fax Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
5.7 T38 - Fax Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . 187
5.8 T38 - FAX Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
5.9 T38 - Outbound Routes . . . . . . . . . . . . . . . . . . . . . . . . 187
5.10 T38 - Inbound Routes . . . . . . . . . . . . . . . . . . . . . . . . . 188

IPBRICK SA Reference Guide - Version 6.0

12 LIST OF FIGURES

5.11 T38 - Final result . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

5.12 Fax Server - Current Faxes . . . . . . . . . . . . . . . . . . . . . . . 190
5.13 Routes Management . . . . . . . . . . . . . . . . . . . . . . . . . . 191
5.14 UCoIP Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
5.15 UCoIP Page Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 192
5.16 User privileges selection . . . . . . . . . . . . . . . . . . . . . . . . 193
5.17 UCoIP page parameters . . . . . . . . . . . . . . . . . . . . . . . . 194
5.18 IPBRICK.CAFE . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
5.19 CAFE login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
5.20 CAFE username . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
5.21 User Profile options . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
5.22 User Profile options 1/3 . . . . . . . . . . . . . . . . . . . . . . . . 195
5.23 User Profile options 2/3 . . . . . . . . . . . . . . . . . . . . . . . . 196
5.24 Color Palette . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
5.25 User Profile options 3/3 . . . . . . . . . . . . . . . . . . . . . . . . 197
5.26 UCoIP Page Managent Login . . . . . . . . . . . . . . . . . . . . . 198
5.27 UCoIP Page Settings Page . . . . . . . . . . . . . . . . . . . . . . . 198
5.28 UCoIP Page Settings Modify Page . . . . . . . . . . . . . . . . . . 199
5.29 UCoIP Page Style . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
5.30 UCoIP page Style Palette . . . . . . . . . . . . . . . . . . . . . . . 199
5.31 UCoIP page Style Modified . . . . . . . . . . . . . . . . . . . . . . 200
5.32 UCoIP page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200

7.1 Hypervisor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

7.2 Enable Hypervisor . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
7.3 Hypervisor enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
7.4 Share data with ACL as permissions type . . . . . . . . . . . . . . . 205
7.5 User group access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
7.6 Hypervisor enabled . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
7.7 Terminal Enable Configuration . . . . . . . . . . . . . . . . . . . . 206
7.8 Terminal Configuration 1/2 . . . . . . . . . . . . . . . . . . . . . . 209
7.9 Terminal Configuration 2/2 . . . . . . . . . . . . . . . . . . . . . . 209
7.10 Terminal Configuration - Example . . . . . . . . . . . . . . . . . . . 210
7.11 Terminal Server - Boot System configuration . . . . . . . . . . . . . 210
7.12 Terminal Server - Operating System . . . . . . . . . . . . . . . . . . 211
7.13 Terminal Server - Machines . . . . . . . . . . . . . . . . . . . . . . 211
7.14 Broker - Disabled Balancing Service . . . . . . . . . . . . . . . . . . 212
7.15 Broker - Balancing Service Modify page . . . . . . . . . . . . . . . . 213
7.16 Broker - Enabling the Balancing Service . . . . . . . . . . . . . . . 213
7.17 Broker - Modify page . . . . . . . . . . . . . . . . . . . . . . . . . . 214
7.18 Broker - Sessions Management - Machine Groups List . . . . . . . . 214
7.19 Broker - Sessions Management - Group data . . . . . . . . . . . . . 215
7.20 Broker - Sessions Management Modify page . . . . . . . . . . . . . 215

8.1 Advanced Configurations - Definitions . . . . . . . . . . . . . . . . 220

8.2 Advanced Configurations - Bonding . . . . . . . . . . . . . . . . . . 220
8.3 Advanced Configurations - System Information - 1/2 . . . . . . . . 221

Reference Guide - Version 6.0 IPBRICK SA

LIST OF FIGURES 13

8.4 Advanced Configurations - System Information - 2/2 . . . . . . . . 221

8.5 Advanced Configurations - Web Access . . . . . . . . . . . . . . . . 222
8.6 Advanced Configurations - Language . . . . . . . . . . . . . . . . . 222
8.7 Advanced Configuration - Authentication modes . . . . . . . . . . . 224
8.8 Advanced Configuration - Authentication - IPBrick Slave . . . . . . 224
8.9 Advanced Configuration - Authentication - IPBrick Client . . . . . 225
8.10 Advanced Configuration - Authentication - Servers list . . . . . . . 226
8.11 Advanced Configurations - Authentication . . . . . . . . . . . . . . 226
8.12 Compatibility Mode link . . . . . . . . . . . . . . . . . . . . . . . . 226
8.13 Modify Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
8.14 Apply Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 227
8.15 Advanced Configurations - Authentication . . . . . . . . . . . . . . 227
8.16 Authentication Page . . . . . . . . . . . . . . . . . . . . . . . . . . 227
8.17 Apply Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 228
8.18 Advanced Configuration - IPBrick - High Availability . . . . . . . . 228
8.19 High Availability - Modify . . . . . . . . . . . . . . . . . . . . . . . 229
8.20 High Availability - Alert Definitions . . . . . . . . . . . . . . . . . . 230
8.21 High Availability - Alert Definitions - Address definitions . . . . . . 230
8.22 Advanced Configurations - Update . . . . . . . . . . . . . . . . . . 231
8.23 Remote Management . . . . . . . . . . . . . . . . . . . . . . . . . . 231
8.24 Remote Management Insert page . . . . . . . . . . . . . . . . . . . 231
8.25 Test Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
8.26 Network - Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
8.27 Network - Firewall - General settings rule . . . . . . . . . . . . . . . 235
8.28 Network - Firewall - Disable access rule . . . . . . . . . . . . . . . . 235
8.29 Network - Firewall - DNAT rule . . . . . . . . . . . . . . . . . . . . 236
8.30 Network - Firewall - Order . . . . . . . . . . . . . . . . . . . . . . . 236
8.31 Network - Route management . . . . . . . . . . . . . . . . . . . . . 237
8.32 Network - QoS management . . . . . . . . . . . . . . . . . . . . . . 237
8.33 Network - QOS - General Configurations . . . . . . . . . . . . . . . 238
8.34 Network - Service Routing . . . . . . . . . . . . . . . . . . . . . . . 239
8.35 Support Services - LDAP . . . . . . . . . . . . . . . . . . . . . . . . 245
8.36 Support Services - DNS - Name resolution zones . . . . . . . . . . . 249
8.37 Support Services - DNS - SPF basic options . . . . . . . . . . . . . 251
8.38 Support Services - DNS - SPF advanced options . . . . . . . . . . . 252
8.39 Support Services - DNS - Zone Management 1/2 . . . . . . . . . . . 252
8.40 Support Services - DNS - Zone Management 2/2 . . . . . . . . . . . 253
8.41 Support Services - DNS - Reverse zone . . . . . . . . . . . . . . . . 253
8.42 Support Services - DNS - Forwarders . . . . . . . . . . . . . . . . . 254
8.43 Support Services - DNS - Name resolution . . . . . . . . . . . . . . 255
8.44 Support Services - DHCP - Subnets . . . . . . . . . . . . . . . . . . 256
8.45 Support Services - DHCP - Subnets Definition . . . . . . . . . . . . 256
8.46 Remote DHCP server form . . . . . . . . . . . . . . . . . . . . . . . 257
8.47 Support Services - DHCP - Redundancy . . . . . . . . . . . . . . . 259
8.48 Support Services - DHCP - General Options . . . . . . . . . . . . . 259
8.49 Support Services - DHCP - Dynamic DNS updates (Yes) . . . . . . 260

IPBRICK SA Reference Guide - Version 6.0

14 LIST OF FIGURES

8.50 Support Services - DHCP - Machines . . . . . . . . . . . . . . . . . 260

8.51 Support Services - DHCP - DHCP Leases . . . . . . . . . . . . . . 261
8.52 Support Services - ENUM . . . . . . . . . . . . . . . . . . . . . . . 262
8.53 Support Services - DUNDi . . . . . . . . . . . . . . . . . . . . . . . 263
8.54 Support Services - DUNDi Insert . . . . . . . . . . . . . . . . . . . 263
8.55 Support Services - File Server . . . . . . . . . . . . . . . . . . . . . 264
8.56 Support Services - File Server Edit Page . . . . . . . . . . . . . . . 264
8.57 Disaster Recovery - Replace configuration . . . . . . . . . . . . . . 265
8.58 Disaster Recovery - Download configuration . . . . . . . . . . . . . 266
8.59 Disaster Recovery - Upload configuration . . . . . . . . . . . . . . . 266
8.60 Disaster Recovery - Applications - Data backups list . . . . . . . . . 267
8.61 System - Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
8.62 System - Task Manager . . . . . . . . . . . . . . . . . . . . . . . . . 269
8.63 System - Date and Hour . . . . . . . . . . . . . . . . . . . . . . . . 270
8.64 System - System users . . . . . . . . . . . . . . . . . . . . . . . . . 270
8.65 System - Monitoring - System Logs . . . . . . . . . . . . . . . . . . 271
8.66 System - Monitoring - IPBrick logs list . . . . . . . . . . . . . . . . 272
8.67 System - Monitoring - Accesses - Management . . . . . . . . . . . . 272
8.68 System - Monitoring - Accesses - Entries . . . . . . . . . . . . . . . 273
8.69 System - Monitoring - Traffic . . . . . . . . . . . . . . . . . . . . . 273
8.70 System - Monitoring - Alerts . . . . . . . . . . . . . . . . . . . . . . 274
8.71 System - SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
8.72 System - Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
8.73 System - Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
8.74 Telephony - Cards - Insert . . . . . . . . . . . . . . . . . . . . . . . 278
8.75 Telephony - Cards list . . . . . . . . . . . . . . . . . . . . . . . . . 278
8.76 Telephony - Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 279
8.77 Telephony - Failover Switches . . . . . . . . . . . . . . . . . . . . . 280
8.78 Telephony - Failover Switches Insert . . . . . . . . . . . . . . . . . . 280
8.79 Telephony - Configurations (partial) . . . . . . . . . . . . . . . . . . 283
8.80 Telephony - Configurations (Ports) . . . . . . . . . . . . . . . . . . 287
8.81 Telephony - Configurations - Voicemail Options . . . . . . . . . . . 288
8.82 Telephony - Configurations - Agent Mobility . . . . . . . . . . . . . 288
8.83 Telephony - Configurations . . . . . . . . . . . . . . . . . . . . . . . 289
8.84 Telephony - Analog and ISDN PRI options . . . . . . . . . . . . . . 290
8.85 Telephony - ISDN BRI options . . . . . . . . . . . . . . . . . . . . 292
8.86 Telephony - Configurations - Codecs . . . . . . . . . . . . . . . . . 293
8.87 Telephony - IP PBX remote managers . . . . . . . . . . . . . . . . 294
8.88 Telephony - VoIP domain alias . . . . . . . . . . . . . . . . . . . . . 294
8.89 Telephony - SIP peers . . . . . . . . . . . . . . . . . . . . . . . . . 295
8.90 Telephony - IAX Peers . . . . . . . . . . . . . . . . . . . . . . . . . 296
8.91 Auto provisioning - Template list (partial) . . . . . . . . . . . . . . 297
8.92 Auto provisioning - Insert a new configuration for a phone . . . . . 297
8.93 Auto provisioning - Full template list . . . . . . . . . . . . . . . . . 298
8.94 TLS Management page . . . . . . . . . . . . . . . . . . . . . . . . . 300
8.95 TLS Management Modify page . . . . . . . . . . . . . . . . . . . . 300

Reference Guide - Version 6.0 IPBRICK SA

LIST OF FIGURES 15

8.96 TLS Management Insert page . . . . . . . . . . . . . . . . . . . . . 301

9.1 Apply Configurations and reboot . . . . . . . . . . . . . . . . . . . 304

9.2 Apply Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . 304

13.1 HA Diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

14.1 Web Server - UCoIP site . . . . . . . . . . . . . . . . . . . . . . . . 318

15.1 Altering the administrator credentials . . . . . . . . . . . . . . . . . 320

15.2 CAFE Login Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
15.3 CAFE Authentication . . . . . . . . . . . . . . . . . . . . . . . . . 321
15.4 CAFE Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
15.5 Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
15.6 CAFE Logout Link and User Icon . . . . . . . . . . . . . . . . . . . 322
15.7 CAFE’s Online Users Roster . . . . . . . . . . . . . . . . . . . . . . 323
15.8 User Status Configuration . . . . . . . . . . . . . . . . . . . . . . . 323
15.9 User Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
15.10Applications List . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
15.11Application successfully added . . . . . . . . . . . . . . . . . . . . . 324
15.12Applications menu with a new added app . . . . . . . . . . . . . . . 324
15.13CAFE - Adding a Link . . . . . . . . . . . . . . . . . . . . . . . . . 324
15.14CAFE Link Creation . . . . . . . . . . . . . . . . . . . . . . . . . . 325
15.15CAFE Login Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
15.16Username Link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
15.17CAFE - User Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
15.18CAFE - My Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
15.19Change Profile link . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
15.20Personal Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
15.21VoIP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
15.22Email Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
15.23Cancel and Save buttons . . . . . . . . . . . . . . . . . . . . . . . . 329

IPBRICK SA Reference Guide - Version 6.0

16 LIST OF FIGURES

Reference Guide - Version 6.0 IPBRICK SA

Chapter 1

Aim of this document

This reference guide gives you a detailed description of the following IPBRICK
menus:

• IPBrick.I configuration;

• IPBrick.C configuration;

• IPBrick.GT configuration;

• IPBrick.SEC configuration;

• IPBrick.4CC Configuration;

• Advanced Configurations.

In the appendix we present the procedure to deal with the Workstation con-
figurations. You will find there, the following configurations

• Process of joining a workstation (MS Windows) to a domain;

• Procedures for the establishment of a virtual private network (VPN) PPTP

and SSL.

IPBRICK SA Reference Guide - Version 6.0

18 Aim of this document

Reference Guide - Version 6.0 IPBRICK SA

Chapter 2

Before Starting

IPBrick is a complete integrated server system based on a Linux distribution.

When installed you can access IPBRICK with an Internet browser. The IPBRICK
IP address by default is 192.168.69.199. The address to be inserted on the
browser is https://192.168.69.199.

Figure 2.1: IPBrick login interface

When you open a WEB session with IPBRICK you will see a login web page.
After a correct validation, IPBRICK allows you access to the main configuration
page. Here you can change the domain and the IP network of the private and
public server interfaces.
Attention: If the communication network, where you are trying to install IP-
BRICK has already a DHCP server you should deactivate this in order to avoid
conflicts.

For more information about installing IPBRICK and configuring a worksta-

tion, please consult the Installation Manual.

IPBRICK SA Reference Guide - Version 6.0

20 Before Starting

IPBRICK web interface management is divided into five main menus (Figure
4.75):

• IPBrick.I : For the configuration of specific Intranet services;

• IPBrick.C : For the configuration of specific Communication services outside

the LAN;

• IPBrick.GT : Permits an easy way to configure the services normally active

at the IPBrick.GT appliance1 ;

• IPBrick.SEC : Permits an easy way to configure the services normally active

at the IPBrick.SEC appliance2 ;

• Advanced Configurations.

All configurations done by the IPBrick administrator are stored in a Post-

greSQL database. Only when the option Apply Configurations is clicked, will the
database generate all the new system configuration files. Changing the configura-
tions in the following menus:

• Advanced Configurations  IPBRICK  Definitions;

• Advanced Configurations  IPBRICK  Authentication;

• Advanced Configurations  System  Date and Hour  Time zone;

causes a restart of IPBRICK (IPBRICK needs approximately 1 minute to

restart, depending on the hardware where it is installed).

IPBrick provides an efficient configuration management where, whenever changes

are made to the system, by the web interface, a new configuration will be locally
saved or automatically stored in an USB pen. This way the Disaster Recovery
is guaranteed, this is just one of the surplus values of IPBRICK. For example, if
the hard drive crashes down, you can quickly restore the configurations with the
IPBRICK Installation CD and the USB pen.

On the left panel you will find every option menu readily accessible.

1
It’s an IPBrick hardware appliance for IP telephony with analogic/ISDN telephony cards
integration
2
It’s an IPBrick hardware appliance acting as a security gateway.

Reference Guide - Version 6.0 IPBRICK SA

 21

Figure 2.2: IPBrick left panel interface

Each menu may have sub-options, simply click on the desired one.

Figure 2.3: IPBrick left panel interface 2

On the management interface there are links that allows you to perform these
types of operations:
• Back: Allows you to turn back to the previous page without saving changes;
• Insert: Allows you to insert new items;
• Modify: Allows you to change item settings;
• Delete: Allows you to delete an item;

Figure 2.4: IPBrick main interface

IPBRICK SA Reference Guide - Version 6.0

22 Before Starting

New in version 6.0 is the tab system.

Figure 2.5: IPBrick tabs

You can have several tabs, making it easy to navigate between menus.

Figure 2.6: Two opened tabs

To close one tab, simply click on the X.

Also new is the Warning Icon on the top right corner of the screen.

Figure 2.7: Warning Icon

This icon will blink, if there are important changes to be made to the system,
and if you click on it you will access a new window enumerating the necessary fixes
and checks to the IPBRICK configurations.

Reference Guide - Version 6.0 IPBRICK SA

 23

Figure 2.8: Warnings page

Each item in the enumeration offers you chance to alter important settings by
clicking on the Fix or Check button.

Usually, the Fix button indicates a more urgent change (e.g: Changing the
Administrator’s default password change). If you click on it you will be redirected
to the page resolving the warning.

Figure 2.9: User’s Management - Administrator

The Check button does the exact same thing, redirects you to the page where
you need to verify the settings.

Figure 2.10: Warning - Check button

After checking for problems, you may access the warnings list and click on the
Done button so that the warning is removed from the list.

Figure 2.11: Warning - Done Button

IPBRICK SA Reference Guide - Version 6.0

24 Before Starting

Figure 2.12: Warning window without the fixed alert

Reference Guide - Version 6.0 IPBRICK SA

Chapter 3

IPBrick.I

This chapter describes the IPBrick.I menus used to manage the main Intranet
services.
It is divided into the following main sections:

• Machine Groups

• Machines Management;

• User Groups;

• Users Management;

• Domain server;

• File Server;

• E-mail;

• Print Server;

• Backup;

• Terminal Server.

3.1 Machine Groups

In this menu you can manage groups of machines, it lets you create groups
and assign machines to each group. For instance, machine groups can be used to
configure web proxy accesses. To insert a group of machines you have set:

• Group name: The name assigned to the group of machines;

• Group type

– Machines Subnets: Depending on the used IP address, these groups

of machines can be split into defined sizes;

IPBRICK SA Reference Guide - Version 6.0

26 IPBrick.I

– Machines: If you choose this option and Insert, it’s possible to assign
existing network machines to the group;

• Machine count: If the group is a subnet of machines, you can choose the
number of machines for the group;

• Subnet: This field defines the subnet for the group of machines. It represents
the range of IP addresses concerning the defined group.

By clicking Insert, the group is created and its settings are displayed. On
that screen you can see three links: Back to go back to the list; Modify to change
the name of the present group; Delete to remove the machine group. We can see
an example of a machine group at Figure 3.2 and the general list at Figure 3.1

Figure 3.1: Machine Groups - List

Figure 3.2: Machine Groups - Example

3.2 Machine Management

This section deals with adding or changing machine registrations in LDAP (e.g.
PC, laptop, printer). A machine is represented by the type, name, group, IP ad-
dress and MAC address, as you can see in Figure 3.3.

These are the available machines types:

• Workstation: Workstation in LAN running a Windows operating system;

• Workstation + SoftPhone: Windows workstation in LAN with a softphone

association;

Reference Guide - Version 6.0 IPBRICK SA

3.2 Machine Management 27

• Linux Workstation: Workstation in LAN running a Linux distribution, so

it will be possible to export the user’s home account by NFS to that Linux
clients;

• Linux Workstation + SoftPhone: Linux workstation in LAN with a soft-

phone association. The name will be the SIP username and it will always be
associated to the IP address;

• Printer: Network printer. Location is a description about the printer loca-

tion. Port will be the port where the print server is running. e.g.: 9100 for
HP’s;

• Set-top Box: A device connected to a displaying apparatus and to an exter-

nal source of signal, turning the signal into content which is then displayed
on a TV screen or any other display device.

• IP Phone: Hardware IP SIP phone in LAN. The name will be the SIP
username and it will always be associated to the IP address. Note that,
the phone’s password must comply with with the strong password policies,
unless you choose to disable them at Telephony - Configurations. ;

• IP Camera: This type of digital video camera is commonly used for surveil-
lance purposes, and can send and receive data via a computer network and
the Internet.

• Linux Terminal: Thinclient with remote session to a Linux machine that

will be used with the Terminal Server in IPBrick;

• Windows Terminal: Thinclient with remote session to a Windows machine

that will be used with the Terminal Server in IPBrick;

• Radio base Station: This machine is used to maintain contact with a fleet
of hand-held or mobile radios. The base station is one end of a communica-
tions link solution offered by IPBrick Radio.

• Set Top Box IPBrick: Our very own set top box, tailor-made for Corporate
TV

• Radio Control Station: The controller of the Radio Base Station. This
machine enables the IPBrick to manage and control the transmissions in up
to 8 Base Stations.

In order to insert a machine you only have to define the type, introduce the
name and IP Address. In this way the machine is registered in the LDAP and
the DNS server. If you fill in the MAC Address field with the MAC adddress of
the machine to be registered then a record is also created for this machine in the
DHCP server.
Note: The machine MAC address can be obtained from the network connection
icon in Windows XP or by executing the order ipconfig /all in the command line.

IPBRICK SA Reference Guide - Version 6.0

28 IPBrick.I

Figure 3.3: Machines Management - Machine registration

You can manage a specific machine clicking over its name in the list. You will
get the screen present at Figure 3.4. If you click the link Modify, the form from
Figure 3.3 is displayed and enables you to redefine the machine parameters. If you
click Delete, the machine will be deleted. When all the machines are registered
you can get the list at the main menu (Figure 3.5).

Figure 3.4: Machines Management - Options

Figure 3.5: Machines Management - List

NOTE: If the inserted machines have become far too numerous to be displayed
or searched efficiently, it’s possible to retrieve a machine by using the various
search links displayed on the Machines Management page. There’s alphabetical
and numerical quick links, as well as the possibility to open a Search window
Figure 3.6 or to display all machines on one page (List all link).

3.2.1 Mass Operations

The Export feature will let you save all data to a .csv file. The Mass operations
option enables you to import of a .csv file. You can edit a .csv file in a spreadsheet
application, choosing ; to split the columns.

Reference Guide - Version 6.0 IPBRICK SA

3.2 Machine Management 29

Figure 3.6: Machines Management - Search Window

Figure 3.7: Machines Management - Search result

Mandatory fields:

• action: Options available:

– I: To insert a machine in IPBrick;

– U: To update machine information in IPBrick;
– D: To delete a machine in IPBrick;
– N: No change is done to the line.

• machinetype: Options available:

– 1: For Workstation;
– 3: For Workstation + Softphone;
– 14: For Linux Workstation;
– 15: For Linux Workstation + Softphone;
– 16: For Printer;
– 2: For IP Phone;
– 7: For Linux Terminal;
– 4: For Windows Terminal.

• name: Machine single name;

• ip: Machine IP. The format is xxx.xxx.xxx.xxx;

Other fields:

• mac: Machine NIC MAC address. The format is xx:xx:xx:xx:xx:xx;

• password: Password to use if a SIP phone is selected. e.g.: 123;

• computernumber: Machine LDAP ID;

IPBRICK SA Reference Guide - Version 6.0

30 IPBrick.I

• groupnumber: Machine group number if associated to some group;

• rdpsrvaddress: Remote server IP if a terminal is selected;

• rdpsrvdomain: Remote server domain if a Windows terminal is selected;

• callerid;

• voip_nat;

• voip_disallow;

• voip_allow;

• voip_dtmfmode;

• voip_subscribecontext;

• voip_pickupgroup;

• voip_callgroup;

• voip_canreinvite;

• voip_insecure;

• voip_athuser;

• voip_fromuser;

• voip_fromdomain;

• voip_mailbox;

• voip_quality;

• voip_call_limit;

• phonedescription;

• idphonetemplate;

• printerdescription;

• printerlocation;

• printerport.
Example of a .cvs file content for mass operations import option:

action;computernumber;machinetype;name;groupnumber;ip;mac;password
I;;1;wrk03;;172.29.1.52;00:E0:98:9B:45:06;
I;;1;wrk04;;172.29.1.54;00:E0:98:9B:45:04;
I;;3;softphone04;;172.29.1.57;00:E0:98:9B:45:54;1234

Reference Guide - Version 6.0 IPBRICK SA

3.3 User Groups 31

! Attention !:

• The computer’s name has to be alphanumerical. The exception is the char-

acter ’hyphen’ -;

• The computer’s name shouldn’t contain spaces nor diacritical marks on char-
acters neither punctuation. Its maximum length should be 15 characters;

• It is not allowed to register neither machines with the same name nor ma-
chines whose names are identical with a registered user log in;

• For a registration of a Windows station, the name as to be always in small

letters and if necessary change the Computer name to small letters, too.

Figure 3.8: Machine Management - Export

3.3 User Groups

A group is a set of users generally created when you wish that all people in that
group share the same permissions to a set of files. In this section you’ll manage
IPBRICK user groups.

• To create a new group:

– Click on Insert (Figure 3.9);

– Choose the group name.

• To add or remove users from a group:

– Click on the group name (Figure 3.10);

– In the generated page (Figure 3.11) choose the users that should be
added or removed from the defined group.

IPBRICK SA Reference Guide - Version 6.0

32 IPBrick.I

There are two pre-defined groups that cannot be deleted or changed. These
groups are:

• Administrators;

• Users.

Users that belong to the Administrators group have administrator permissions

in the domain served by IPBRICK. You may add or remove users of this group
with the exception of the pre-defined Administrator. The General group is a
common group for all users created in IPBRICK.
! Attention !:
• When inserting new groups their name can be in capital and/or small letters.

• The group name can contain spaces, but can’t have more than 32 alphanu-
merical characters without accents.

• When the user is created, there shouldn’t be other group with the same
name, including domains.

Figure 3.9: User Groups - Group creation

Figure 3.10: User Groups - Groups List

3.4 Users Management

In this section you learn how to register new users, change the information of
already existing users and delete users. When creating a new user, IPBRICK cre-
ates automatically an e-mail account and an individual work area (user drive space
in the server) and a net logon in order to identify the user in the domain. After

Reference Guide - Version 6.0 IPBRICK SA

3.4 Users Management 33

Figure 3.11: User Groups - Users

being installed, IPBRICK creates by default one user and two groups. The created
user has the login Administrator, this login can’t be altered and the two groups
are the Administrators and the General. The user with the Administrator
login has a work area created in the Work Area 1. This user has special charac-
teristics because he belongs to the Administrators group and is responsible for
the management of some of the system’s included sites and functions. Therefore
he can never be removed.

The user registration is composed of the following fields:

• Name: User’s name. Usually it’s his first and last name;

• Login: User’s identification to be used for any IPBRICK authentication

process.

• Server: Selection of the server where the user account shall be created. The
user account stands for the hard drive space in the server where various
user contents are stored, including an email folder, Windows profile and
documents. If there are slave servers they are also listed.

• Work Areas: Partition of the server drive selected to create the account.
The users should be distributed in an equitable way, in order to efficiently
use the available space.

• Password: Password definition;

• Retype Password: Confirmation of the password;

• Quota: Value that limits the user hard drive space in the system. The unit
os measurement is kilobytes. If you don’t indicate a limit value, the user will
have unlimited space to occupy.

At option Extra Options we can define other LDAP parameters for the users
like :

• Employee Number;

IPBRICK SA Reference Guide - Version 6.0

34 IPBrick.I

• Department Number;

• Room Number;

• Phone extension;

• Employee type;

• Business category.

An example is present at Figure 3.12:

Figure 3.12: Users Management - Insert

! Attention:

• When inserting users, only use characters without accents for their name,
login and e-mail address.

• Spaces, brackets, full stops, small and capital letters are possible in the Name
field.

• You are not allowed to use spaces in the Login field. Avoid using capital
letters.

• Every login has to be unique. There cannot be a login with the same name
of a machine registered in IPBRICK.

In order to modify some user information you have to click over the name (Fig-
ure 3.13).

Reference Guide - Version 6.0 IPBRICK SA

3.4 Users Management 35

Figure 3.13: Users Management - List

In the form where you change the user you can see all fields that were defined
when the user account was created. The only exception is the uidNumber which is
an IPBRICK user identification number. The password is not shown. All defined
fields are editable with the exception of the login and uidNumber.

To remove a IPBRICK user record:

• Click on the user name;

• In the generated page, besides from displaying user properties, you can also
delete the user (Figure 3.14).

⇒ Note: The user’s contents (personal files, profile, e-mails) are not elimi-
nated when deleting his registration. They are moved to an administrative share
called BackupX (X representing the number of the work area where the user was
registered, 1 or 2). Only members of the Administrators group have access to
this share from any Windows station. Therefore they have to do the following:

• Press the keys [Win]+[R] at the same time

• Write \\ipbrick\backup1 and press the ”OK” button.

All folders and files deleted in these administrative shares are finally eliminated
in IPBRICK.

Figure 3.14: Users Management - Operations

IPBRICK SA Reference Guide - Version 6.0

36 IPBrick.I

3.4.1 Mass Operations

The Export feature will export all the data to a .csv file. The Mass operations
option permits an import of a .csv file. You can edit a .csv file in a spreadsheet
application.
Mandatory fields:

• actionuser: Options available:

– I: To insert a user in IPBrick;

– U: To update user information in IPBrick;
– D: To delete a user in IPBrick;
– N: Make no action to that user;

• usernumber: User LDAP ID. It begins at 10000 to administrator, so the

value can be incremented in 1 for the other LDAP users;

• login: User login;

• name: User name. If more than one word is used the " is necessary;

• email: User email;

• accountquota: Quota for the user account. The 0 is unlimited;

• idworkarea: User work area number;

• password: Insert a user password. Later the user can change it at the
myipbrick site. Note that this field is not present when we export a .cvs file,
so it must be created;

Other fields:

• groupnumber: Group LDAP ID of user;

• idserver: Slave server IP where to create the account. The 0 is for local;

• randompassword: Used to generate random password’s for users. When you

wish that IPBRICK generates random passwords you should remove this
column from the CSV file that you want to import;

• sipurl: User’s SIP url, representing the phone near the user;

• mailaccountstatus: 1 for active, 2 for inactive;

• mailalias: User alternative mail address;

• mailquota: Maximum mail account quota in MBytes;

• mailmaxsize: Maximum received message size in MBytes;

• mailforward: It’s a forward mail for the user;

Reference Guide - Version 6.0 IPBRICK SA

3.4 Users Management 37

• mailoutoreply: It’s the automatic reply message. The use of " is needed;

• homedrive: Represents the account network drive. The default is Z;

• roamingprofile: 1 for a roaming profile, 2 for a local profile.

• employeenumber: Field that represents the employee number;

• departmentnumber: Represents the employee department number;

• roomnumber: User’s room number;

• pager: User’s pager number;

• employeetype: Represents the category for the employee;

• businesscategory: This field represents the employee’s business category

Example of a .cvs file content for mass operations import option:

actionuser;usernumber;login;name;email;accountquota;idworkarea;password
I;10001;jdomingues;"Joao Domingues";[email protected];0;;2;123456
I;10002;jsmith;"John Smith";[email protected];0;;1;123456

3.4.2 XML-RPC management

It’s possible to manage the IPBrick LDAP users using XML-RPC. So using a
client and calling the url:

https://IPBRICK_IP/xmlrpc/server.php

You can send specific .xml messages to:

• Add users;

• Modify users;

• Delete users.

Add user message

<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>adduser</methodName>
<params>
<param>
<value><string>login</string></value>
</param>
<param>
<value><string>md5_password</string></value>

IPBRICK SA Reference Guide - Version 6.0

38 IPBrick.I

</param>
<param>
<value><string>login:userlogin</string></value>
</param>
<param>
<value><string>name:username</string></value>
</param>
<param>
<value><string>email:[email protected]</string></value>
</param>
<param>
<value><string>password:12345</string></value>
</param>
<param>
<value><string>mailalias:[email protected];[email protected]
</string></value>
</param>
</params>
</methodCall>

Modify user message

<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>modifyuser</methodName>
<params>
<param>
<value><string>login</string></value>
</param>
<param>
<value><string>md5_password</string></value>
</param>
<param>
<value><string>login:userlogin</string></value>
</param>
<param>
<value><string>name:username</string></value>
</param>
<param>
<value><string>email:[email protected]</string></value>
</param>
<param>
<value><string>password:12345</string></value>
</param>
<param>
<value><string>mailalias:[email protected];[email protected]
</string></value>

Reference Guide - Version 6.0 IPBRICK SA

3.4 Users Management 39

</param>
</params>
</methodCall>

Delete user message

<?xml version="1.0" encoding="UTF-8"?>
<methodCall>
<methodName>deluser</methodName>
<params>
<param>
<value><string>login</string></value>
</param>
<param>
<value><string>md5_password</string></value>
</param>
<param>
<value><string>login:userlogin</string></value>
</param>
</params>
</methodCall>

Note: The first two parameters must be replaced with the IPBrick web inter-
face credentials.

3.4.3 User Policies

By default, the password policies are inactive. To enable them click on the
Modify link.

Figure 3.15: Users Management - Password Policies

At the new page you will be presented with these options:

• Use strong passwords: By default NO;

• Lock account after password failed: By default, NO;

• Password Validity: By default NO.

IPBRICK SA Reference Guide - Version 6.0

40 IPBrick.I

Figure 3.16: Users Management - User Policies - Modify

By selecting YES on the presented options you will access more settings.

Figure 3.17: Users Management - Password Policies

These are the presented options:

• Use strong passwords: By default, this option is set to NO. Select YES to
configure your password’s length and remember that:

The password can not be equal to that which is in use.

Can not contain the login or the name.

Must contain elements of at least three of the following four groups

Reference Guide - Version 6.0 IPBRICK SA

3.4 Users Management 41

of characters:
Uppercase letters (A through Z)
Lowercase letters (a through z)
Numbers (0 through 9)
Special characters (such as !,$,%,#)

Again, this will affect all users!

Figure 3.18: Error Warning

– Minimum number of characters: Enter the password’s minimum num-

ber of characters (by default 8);

• Lock account after password failed: By default, this option is set to NO. The
user’s account will be locked for a determined amount of time, after a set
number of unsuccessful login attempts.

– Number of attempts before locking the account: By default 5;

– Time period where the account is locked: The time period should set
in minutes. By default, 15m

• Password Validity: By default this option is set to NO this means that the
password will never expire. Select YES to set the number of days:

NOTE: If you select YES all users will have an expiration date on their
passwords, but, a new option will appear, at Users List, when you click on
an individual user Name.

Figure 3.19: User Policies link

IPBRICK SA Reference Guide - Version 6.0

42 IPBrick.I

This new link (User Policies) will enable you to deactivate the password
validity for that particular user.

Figure 3.20: Error Warning

Click on Modify and then select NO at Password Validity

Figure 3.21: Password Validity

Click on Modify to confirm the changes.

Figure 3.22: Password Validity - NO

If you return to the Users List page you will now notice that this partiular
user has no validity in his password.

Reference Guide - Version 6.0 IPBRICK SA

3.4 Users Management 43

Figure 3.23: Users List - User with no validity in his password

– Expires in: Number of days the password will be valid (by default, 30
days);

• Block account: If the password expires, the account will be blocked (by
default, NO). If you select Yes you will have available an option to set the
number of days where your user will be able to access his account until it’s
finally locked:

– Lock account after the password expires: Set the number of days until
(by default, 0 days)

• Send notification: By default, the user will not be notified of the end of his
password’s validity. Select YES to set how many days before expiration will
the system notify him;

– Send notification before password expires: Set how many days before
expiration will the user receive a warning (by default, 1 day)
– Notification: By default, the notification’s subject and message is al-
ready set, but if you wish, you may modify it as you see fit.

To confirm the changes click on the Modify button at the bottom of the page.

The user will be able to alter his password at MyIPBrick. The login page will
prompt him to alter his authentication credential.

3.4.4 User Search

If the list of users is becoming too large you may access the search link.

Figure 3.24: Users List Search link

IPBRICK SA Reference Guide - Version 6.0

44 IPBrick.I

It’s possible to filter the search results by user Name or Login, when you access
the Search Window.

Figure 3.25: Users List Search window

Simply type the name and/or the login and click on the Filter button to retrieve
the search results.

3.5 Domain Server

IPBrick, as a Intranet server, manages all the network resources belonging to
a certain domain and provides important network support services as DNS and
DHCP. A relevant feature to consider in the domain server 1 is that it works with
the authentication server, where all the users have a username/password match
defined in the LDAP database of IPBrick. PDC is checked whenever there is a
authentication demand in a workstation.

3.5.1 Configure
In this section you define the name of the domain served by IPBRICK as well
as this fields (Figure 3.26):

• Domain Login:

– YES: IPBRICK will be a Primary Domain Controller in the chosen

domain;
– NO: IPBRICK will not operate as a domain server.

• Default account network drive: The workstation drive where the user account
will be mapped. Users with large volumes of data should store them there
and not at the profile folders. The default setting is Z;

• Default type of profile: The profile in a Windows workstation is a group of

folders that are stored normally at c:\Documents and Settings\user_login;

– Roaming: In this case, when the user logs out from the workstation,
all the profile folders are synchronized to the user personal account in
IPBrick, located at \\ipbrick\user_login\.profiles. When he logs
in again at the same workstation or at a different one, the profile will
1
Primary Domain Controller

Reference Guide - Version 6.0 IPBRICK SA

3.5 Domain Server 45

be synchronized back to the workstation;

IMPORTANT NOTE: The system administrator should warn users

not to accumulate big amounts of data, since, every time they login, that
huge profile will have to be re-synced back to the user’s workstation of
choice.
– Local: The profile will never be synchronized to IPBrick, all the user’s
document folders will remain at his local workstation.

⇒ Note: The information on this section is only valid for the MS Windows
environment. The IPBRICK Domain Name field is related to the Workgroup or
Domain Name in the MS Windows environment.

Figure 3.26: Domain Server - Definitions

3.5.2 Users Management

For each user it’s possible to specify:

• Account network drive: Z: by default (check the previous section 3.5.1 Con-
figure, for more information);
• Type of profile: Roaming or local (check the previous section 3.5.1 Configure,
for more information);

Clicking on that option the user’s list is presented. Choosing a specific user as
shown at Figure 3.27, we can configure the domain server definitions for him.

Figure 3.27: Domain server - Users Management

IPBRICK SA Reference Guide - Version 6.0

46 IPBrick.I

3.6 File Server

A work area corresponds to a physical partition in the drive with the denomi-
nation /home1 or /home2. When a new user is created, the system also creates its
personal account that represents a folder structure that supports the user account.

1. Personal Accounts: Located in the MS Windows environment, it contains

e-mail files and the user profile;

2. Group Sharing: Responsible for storing user group files

3. Administrative Sharing: Responsible for sharing user accounts and elim-

inated group sharings. These areas are only available for Administrators.

IPBRICK has two Work Areas by default: Work Area 1 and Work Area 2.
When you click on Work Areas you are given a list of all users and sharing groups
classified by Work Area as well as information about the occupied space in the
system of each individual Work Areas.

3.6.1 Individual Work Areas

When you select Individual Work Areas, IPBRICK shows you a list with the
existing Work Areas and a schedule of the occupation rate for each Work Area.
These Work Areas correspond to the hard drive space where the users data is
stored. At Configurations we can enable or disable the recycle bin folder for the
users. It’s possible to enable for all or to disable for all.

Figure 3.28: Work Areas - List

Figure 3.29: Work Areas - Summary of Individual Areas

Reference Guide - Version 6.0 IPBRICK SA

3.6 File Server 47

When you click on a Work Area, e.g.: Work Area 1, you are given a list of all
users introduced in this area as well as the occupied space of each user (Figure
3.29). Each user area is created in the moment you make the IPBRICK registra-
tion in IPBrick.I  Users Management. In individual workareas we also have the
list of FTP accounts created in FTP menu at IPBrick.C.

! Attention !: If the occupied space in the Work Areas reaches 100%, users
can longer save their data in IPBRICK. More over, e-mails are no more delivered to
the users. They stay in the queue until some space is released in the Work Areas.
It is recommended to keep the occupation rate of each Work Areas under 95%.

! Attention !: Enabling the recycle bin for the users is not recommended in
case of small disk capacity.

3.6.2 Group Work Areas

The group work areas are network shares that can be accessed by SMB or by
NFS clients. You can create network shares in any Work Area. After creating a
network share you have to define the correspondent access permissions.
When inserting a Group Work Area you have to first choose the workarea were
the share will be created (Figure 3.30) and fill in the following fields:

• Name: Name of the share folder. Try to avoid spaces, characters with accents
and punctuation;

• Description: Share description. It’s an optional field;

• Administrator: Share administrator’s email. It’s a optional field;

• Browseable: If Yes it will appear in the server browse list. If No the share
will became hidden;

• Recycle bin: Enables the use of a recycle bin;

• Name of the recycle bin folder: If you have chosen to enable the pre-
vious option, you can set in here the folder that will be used as a recycle
bin.

Figure 3.30: Work Areas - List

Two examples can be viewed at (Figure 3.31) and (Figure 3.32).

IPBRICK SA Reference Guide - Version 6.0

48 IPBrick.I

Figure 3.31: Work Areas - Group 1

Figure 3.32: Work Areas - Group 2

Mapping with NFS

The IPBrick server, by default, is setup to block NFS clients connections that
are not from other IPBrick servers (MASTER, SLAVE or CLIENT).

The new share may be accessed via a windows machine (Network Neighbor-
hood, \\server\share) but it can also be accessed by NFS (to be used/mapped
by Linux Machines).

Note: Windows 7 already includes an NFS client.

In order to allow other linux clients to work in the same way, by using NFS, it
is neccessary to follow both these procedures;

At the Server:

1. Register the desired Linux workstations at IPBrick.I -> Machines Management

as Linux Workstation

Reference Guide - Version 6.0 IPBRICK SA

3.6 File Server 49

2. Configure the shares (usually at home1 or home2)

At the Workstation:

1. Map the folder /home1/_shares (and/or /home2/_shares) nin the local

structure, eg: /nfsshares/h1 (and/or /nfsshares/h2)

Note: This could be done via the local fstab by typing these commands:

su - root
mkdir /nfsshares
mkdir /nfsshares/h1 /nfsshares/h2
vi /etc/fstab
(...)
/nfsshares/h1 SERVER_IP:/home1/_shares nfs defaults 0 2
/nfsshares/h2 SERVER_IP:/home2/_shares nfs defaults 0 2

2. After authenticating themselves, at the workstation (LDAP client), users

may access the shares by browsing through the /nfsshares folders.

Access Permissions
After creating a Group Work Area you have to give permissions to the users
in order to have access to the network share. This is done by first clicking at the
share name as shown at Figure 3.33.
There are 3 different types of permissions:

• None: No access to the share. Users have no access to open a share folder
on a workstation;

• Read Only: Users have access to share folders and its files. Nevertheless,
they are not allowed to change these files;

• Read/Write: Users have access to share folders and its files and are allowed
to change files and save changes.

Permissions are given to individual users or user groups (Figure 3.34). Users
groups are defined in IPBrick.I  Group Management.
For example, in order to create a share folder for users belonging to a commer-
cial department you have to take the following steps:

• Create group ”Dept Financeiro”, in Group Management and add the users
of this department to the group.

• Create an area called ”Financeiro” in Work Areas  Group Work Areas.

• Give read and write permissions to the group ”Dept Financeiro”. The other
groups have either reading permissions or no access to this area.

IPBRICK SA Reference Guide - Version 6.0

50 IPBrick.I

⇒ Note: When defining user group permissions any change in the General
group leads to changes for all the other groups. This happens because all users
introduced in IPBRICK are part of General group.

Figure 3.33: Work Areas - Group - Management

Figure 3.34: Work Areas - Group - Users Access

⇒ Note: A deleted share is no longer available to users. All files in this share
are moved to an administrative share called BackupX (X representing the number
of the work area where the share was created, 1 or 2) that you can find in the
same Work Area. Only users belonging to the IPBRICK Administrators group
can access this folder. It’s possible to access this share from a Windows station, if
you take the following steps:

• Press the keys [Win]+[R] at the same time

• Write \\ipbrick\backup1 and press ”OK” (share that exist in Workarea 1)

All files and folders deleted in these administrative share are permanently
deleted in IPBRICK.

3.7 E-Mail
Email is the most used network service in Internet, gradually replacing tradi-
tional mail and fax. The protocol used to send electronic messages is SMTP (Sim-
ple Mail Transfer Protocol) that runs on gate 25 TCP. It enables email sending

Reference Guide - Version 6.0 IPBRICK SA

3.7 E-Mail 51

for one or several recipients and is implemented by MTA (Mail Transfer Agents).
IPBrick’s MTA is Qmail2 .
SMTP is only capable of sending messages, therefore, users need the POP3/IMAP
protocol to retrieve messages from the servers, these protocols are supported by
all email clients.

IPBrick’s Email section is composed of:

• Configure;

• Queue Management;

• Users Management;

• Mailing Lists;

• Statistics;

• Anti-Virus;

• Anti-Spam.

3.7.1 Configure
An important concept about the email server configuration is open relay. A
server that works in open relay processes messages between senders and recipients
out of the server’s domain, that actually can even be non-existent. Obviously,
IPBrick doesn’t work as an open relay, it only forwards Internet emails to domains
that are explicitly indicated.

It is important to mention four very simple and decisive concepts in E-mail

configuration:

1. Locally delivered domains: E-mail addresses with destination to the IP-

BRICK server itself, that is, the associated e-mail accounts are in the local
network. E-mails that are in the queue and whose recipient is one of these
domains are not sent to another server in order to be delivered. The domains
served by the machine have to be correctly configured in each DNS domain
server. That is, the ”E-mail servers” of these domains have to be configured
to this machine.

2. Authorized relay domains: IPBrick forwards all the messages that have
their domains in this list and will be accepted by the server to a queue list.
Messages to other recipients that don’t belong to this domains won’t be
accepted by the server (please see 3 ).
2
http://cr.yp.to/qmail.html
3
Only e-mails from the Internet respecting these rules are processed. IPBRICK is not con-
figured as open-relay.

IPBRICK SA Reference Guide - Version 6.0

52 IPBrick.I

3. Relay networks definitions: IPBRICK relays to any domain as long

as the e-mail is sent from his corresponding internal network. If there are
different internal IP networks it is necessary to add these networks to the
list. This way all machines in the networks are able to send e-mails to other
domains using IPBRICK as a relay server. The Other networks (Internet
IP’s) could use this SMTP server but only with TLS authentication. So
someone in Internet that want to use the IPBrick’s SMTP to send email is
forced to authenticate with his LDAP username/password;

4. SMTP Routes: SMTP routes are configured when you want e-mails to follow
a certain way (server) in order to find their recipient. Normally, a SMTP
route is defined by default (showing the SMTP route and leaving the Domain
empty).When the server is not correctly registered with the IP name in the
Internet DNS, you have to define a SMTP route. In this route it should be
either the server responsible for the forward of company e-mails or the SMTP
server of the ISP used by firms to access the Internet. This configuration is
necessary because certain e-mail servers make additional verifications of the
sending server authenticity. If they can’t resolve the server name into the
corresponding IP address (reverse DNS check), the mail may be deleted or
sent back as SPAM. In case no SMTP route is used the server tries to send
the mails in the queue by his own. With the help of the DNS registrations
he tries to find the recipients directly in the Internet.

Each e-mail configuration option has a link to Insert new entries (Figure 3.35).

Figure 3.35: E-mail - Configure

The domains for local delivery (domains with IPBRICK serves) and relay (do-
mains which IPBRICK forwards) can be edited and/or deleted. The exception is

Reference Guide - Version 6.0 IPBRICK SA

3.7 E-Mail 53

the domain whose name is the same as that of the machine in the local networks
or that of the local domain in the relay.

⇒ Note: To make IPBRICK relay e-mails to another server holding the

accounts, the firm base domain has to be retreated from the domains served by
IPBRICK, since it is a domain served by IPBRICK by default.
By default IPBrick only forwards email messages that come from its private
network. If there are different internal IP networks, they should be added to allow
them to send messages.

There are three different types of SMTP routes:

1. FQDN4 of the route server. For example: smtp.exchange.telepac.pt.

2. IP address of the route server. Please give attention to the brackets 195.22.133.45.

3. A route with authentication bears the FQDN, IP user password

In the following you are given three examples of configurations, one with an IP
for a specific domain, another configuration for the same domain with the FQDN
and the last presents you with a smtp route with authentication:

First Example:
Domain : abzas.miz
SMTP route : 195.22.133.45
Second Example:
Domain : abzas.miz
SMTP route : smtp.exchange.telepac.pt
Third Example (with authentication)
Domain : abzas.miz
SMTP route : 195.22.133.45 user password

An important configuration is that of a machine relaying e-mails. Whenever

you add in this situation a SMTP route by default (without indicating the domain)
you have to add another SMTP route to forward e-mails do the internal e-mail
server. In the following you can see an example of such a configuration.

In this configuration IPBRICK is relaying all the e-mails comming to an in-

ternal e-mail server called accounts. IPBRICK have a second route to deliver all
the mail to the Internet by the smarthost smtp.isp.pt:

Domain: domain.com
SMTP route: accounts.domain.com

Domain:
SMTP route: smtp.isp.pt
4
Fully Qualified Domain Name

IPBRICK SA Reference Guide - Version 6.0

54 IPBrick.I

3.7.2 Definitions
There is a link called Definitions (see Figure 3.36 and Figure 3.37) to define
characteristics of the e-mail server:

• Message maximum size: It’s the global message maximum size of a send-
ing/receiving message
Value by default: unlimited.

• Maximum time to hold the message in the server: Maximum time the
message will be in mail queue
Value by default: 604800 seconds (7 days)

• Maximum number for simultaneous SMTP connections: Number of con-

nections that the server can support
Value by default: 20

• Incoming message timeout: Maximum time to receive a single message in

server. If reached it will timeout
Value by default: 1200 seconds

• Outgoing message timeout: Maximum time to send a single message. If

reached it will timeout
Value by default: 1200 seconds

• Reject emails from invalid domains: The server will reject incoming
mail if the sender’s domain MX record don’t exist, so it will be invalid.
Default value: Yes

• Reject emails from invalid servers: The server will reject incoming
mail if the sender’s FQDN don’t have a reverse DNS record.
Default value: No

• Approaching quota limit warning message: Message to send to the user

when the mail quota is approaching the limit. The default is Quota Warning!;

• SPF (Sender Policy Framework): It’s disabled by default. If active, for

each incoming mail, the sender will be asked about the mail authenticity.
The mail rejection will depend of the sender answer and protection level de-
fined here. The SPF mechanisms, qualifiers and modifiers can be found at
SPF site (http://www.openspf.org/SPF_Record_Syntax).

These are the protection levels defined at IPBrick mail server:

– Standard protection: The mails will be rejected if the answer is Fail;

– Medium protection: The mails will be rejected if the answer is Fail or
SoftFail;
– High protection: The mails will be rejected if the answer is Fail,
SoftFail or Neutral;

Reference Guide - Version 6.0 IPBRICK SA

3.7 E-Mail 55

• Blacklist (RBL): Enable or disable the RBL (Realtime blacklist) or DNSBL

verification. That verification is made to all incoming mails from the Internet
and before the SEC filter. The following are used by default:
– http://www.spamhaus.org/SBL
– http://0spam.fusionzero.com
– http://www.uceprotect.net/en
– http://www.spamsources.fabel.dk/

Figure 3.36: E-Mail - Definitions 1/2

Figure 3.37: E-Mail - Definitions 2/2

In this interface it is even possible to define permissions of sending and receiving

e-mails:
• Valid internal recipients: This list is important to fill in order to pro-
tect the server from a mailbomb attack. Here should be listed all the internal
valid email addresses. If the list is empty all the internal recipients will be
accepted (Figure 3.38);
• Invalid senders: A list with e-mail addresses that are not allowed to send
email (Figure 3.39).

IPBRICK SA Reference Guide - Version 6.0

56 IPBrick.I

Figure 3.38: E-Mail - Definitions - Valid internal recipients

Figure 3.39: E-Mail - Definitions - Invalid senders

3.7.3 Queue Management

The Queue Management (Figure 3.40) allows you to manage and visualize e-
mails that are in the e-mail server queue waiting to be delivered to their local or
remote recipient.

Figure 3.40: E-Mail - Queue Management

You can see the number of e-mails that are in the queue waiting to be delivered
to their local or remote recipient as well as the total number of e-mails in the queue.
The list presents the following fields:

Reference Guide - Version 6.0 IPBRICK SA

3.7 E-Mail 57

• ID: The only message identification added by IPBRICK ;

• Date: E-mail sending date;

• From: E-mail sender;

• To: e-mail recipient;

• Subject: Message subject;

• Size: Message size displayed in Kbytes.

You can delete several e-mails at the same time by selecting the corresponding
checkboxes and clicking in the Delete Mails option. You have to confirm this
action in order to eliminate the chosen mails.
When selecting a mail you can see its complete source. This operation is done
in real time. Therefore is not necessary to Apply Configurations.
! Attention !: E-mails deleted in the queue are eliminated definitely. A email
can stand in queue for a default value of 7 days.
! Attention !: When a message in queue is deleted the qmail service is restarted.

3.7.4 Users management

This option provides a centralized management for each user email account of
the system and it’s possible to configure:

• State: The user email account can be enable or disabled;

• Default mail: The user default mail address. It’s not mandatory to be equal
to login@domain;

• Alternative addresses;

• Mail quota;

• Message maximum size: Maximum size of a received message;

• Forward to;

• Automatic reply message.

Configuration example at Figure 3.42.

IPBRICK SA Reference Guide - Version 6.0

58 IPBrick.I

Figure 3.41: E-mail - Users Management

Alternative Addresses

Alternative addresses (Figure 3.42) allows you to on the one hand to have
practical logins which are easy to manage and on the other hand the confort in
using more personalized e-mail addresses. This way the user can have an e-mail
address with which he identifies himself more.

All mails that are sent to any defined alternative e-mail user address are deliv-
ered to the inbox respectively.

Example: name : John Smith

login : jsmith
email : [email protected]

Alternative Addresses:
[email protected]
[email protected]
[email protected]

Reference Guide - Version 6.0 IPBRICK SA

3.7 E-Mail 59

Figure 3.42: E-Mail - Alternative addresses, Forwarding and automatic reply

To Insert a new email address:

• Select the account (user);

• In the Alternative Addresses field: Set the alternative email address(es).

Whenever you want to you can access the e-mail address list (IPBRICK user
e-mail address arranged in groups) and change the names or the user of an e-mail
address. Is it obvious that when you change the user of an alternative e-mail
address new mails will be delivered to the new user while the other alternative
addresses stay with the old user.

Mail Forward
Mail forward allows delivered mails to be sent to the user’s email and other
internal or external e-mail addresses.
To insert a new mail forward (Figure 3.42):

• Select the account (user);

• In the Forward to field: Set the recipient email address(es).

Automatic reply message

An automatic reply message is an e-mail automatically sent by IPBRICK to
answer other e-mails. When an e-mail arrives at mailaccount with auto reply con-
figured, IPBRICK send a mail to sender with the personalized message.

In order to Insert a new auto reply you need to (Figure 3.42):

• Select the account (user);

IPBRICK SA Reference Guide - Version 6.0

60 IPBrick.I

• Insert in the Automatic reply message text area, insert the content you
want. Ex: I’m not at office. Please contact my coleague John Smith.

3.7.5 Mailing Lists

A mailing list provides the feature of sending email from one to many.
To add a mailing list:

• Click on Insert;

• Write the address you want in the mail field (Figure 3.43);

• Click on Insert.

After you add a mailing list (Figure 3.44), you have to configure:

• Internal Users List: Set the IPBrick Users that will be part of the mailing
list;

• IPBrick Contacts address list: Set if any contact present at IPBrick

Contacts site will be part of the mailing list;

• External Users List: Set the email addresses that don’t belong to the
LAN.

In both cases you only have to click Modify to add members to the list.

Figure 3.43: E-Mail - Mailing List - Insert

Reference Guide - Version 6.0 IPBRICK SA

3.7 E-Mail 61

Figure 3.44: E-Mail - Mailing List

3.7.6 Statistics
Like proxy and web service, the Advanced Web Statistics are used for mail ser-
vice too. They generate helpful and important data for the network administrator:

• Time statistics: Sent mail by month, week, days or even hours;

• Senders statistics: By top level domain, hosts, sended mail and incoming
mail;
• Other information like SMTP errors;

3.7.7 Anti-Virus
An Anti-Virus is already installed in the Email section. The interface displays
the following links:

• Update: After the license expiration, you need to renew with a new license
file;
• Delete: Removes the licence;
• Configure: Provides a general configuration of notifications;
• Groups Management: Provides personalization of Antivirus configuration
and filtering;
• Statistics: Interface with specific statistics about the Anti-Virus use.

General configurations

Click on Modify to configure the notifications email address.

General Settings:

IPBRICK SA Reference Guide - Version 6.0

62 IPBrick.I

• Notify from address: Sender will make the notifications;

• Notify to address: Email address that will receive notifications.
Limits:
• Do not send notification to: Address that won’t be able to receive no-
tifications (the notification sender).
Groups Management

The group default is already created. If you click on the group, the default
general settings are displayed. If you click on Modify, you can personalize the
following options:
• Enable: Anti-Virus State;
• Group administrator address: Group administrator email;
• Quarantine path: The files in the quarantine state are stored in this direc-
tories;
• Sender mask: You may add this item if a new group is created;
• Recipient mask: You may add this item if a new group is created;
The notification rules for any type of object can be changed in Notification Rules
menu.

In the Filter menu, you may set the filter rules/exceptions by the name of
the files or by mime-type.
Statistics

Several statistics are displayed in this interface:

• Virus Statistics in period: Options of displaying the graphic in Virus
Statistics:
– Start: The starting date for statistics;
– View: Can be set in hours, days, months or years;
– Repetition: Scale of the graphic horizontal axis;
– Group: It enables you to group data, depending on the chosen view
• Virus statistics: The display can be filtered by: Infected files, protected,
corrupted, errors and files where disinfection failed;
• Virus List: Can be organized by Virus name/Number of occurrences;
• List of email senders: Shows some statistics about files by sender ad-
dresses;
• List of email recipients: Shows some statistics about files by IPBrick
recipients addresses;

Reference Guide - Version 6.0 IPBRICK SA

3.7 E-Mail 63

ClamAV

ClamAV5 is included in IPBrick. By default the service is inactive (Figure

3.45), to activate it just hit Modify and choose Yes at Enable configuration.
When activated, ClamAV will filter all he incoming mail through its engine. When
ClamAV detects a virus one of these possibilities may occur, and you can configure
what to do (Figure 3.46):

• Reject E-Mail: The message is rejected and will not enter the mail queue.
The sender will receive a notification;

• Mark E-Mail as virus: The message is marked and enter the mail queue
normally;

• Mark and Redirect E-Mail: The message is marked and redirected to a

mail address;

• Delete E-Mail: The message is deleted, will not enter the mail queue and
no notification is sended.

Note: ClamAV will automatically update its database in a transparent way to

the user.

Figure 3.45: E-Mail - AntiVirus - ClamAV - Main menu

Figure 3.46: E-Mail - AntiVirus - ClamAV - Definitions

5
http://www.clamav.net

IPBRICK SA Reference Guide - Version 6.0

64 IPBrick.I

3.7.8 Anti-Spam
Anti-Spam is already installed, you only need to apply a license to activate this
feature at the communications IPBrick. After the activation, the following options
are displayed:

• Update: After the license expiration, you need to renew with a new license
file;

• Delete: Removes the licence;

• Configure: Provides a general configuration of notifications;

• Statistics: Interface with specific statistics about the Anti-Spam use.

The most important Anti-Spam configuration features are:

• To add every email domains of the company that the Anti-Spam should filter;

• To set Anti-Spam detection level. Standard is the default level. If the spam
reception rate is high, the level of detection should be increased;

• To redirect all the emails classified by the Anti-Spam to an email account.

This enables the network administrator to analyze all the emails classified
as Spam - if there is any misclassified email, the administrator may forward
this email to his recipient. In a Intranet and a Communications IPBrick
topology we can use a local mailbox from the Communications IPBrick (ex:
[email protected]), because all the spam must stay at the com. server;

• Email and IP addresses Whitelists and Blacklists should be added - if there

is any.

Statistics

Several statistics are displayed in this interface:

• Spam Statistics in period: Options to display present graphic in Spam

Statistics:

– Start: The starting date for statistics;

– View: Can be set in hours, days, months or years;
– Repetition: Scale of the graphic horizontal axis;
– Group: It enables you to group data, depending on the chosen view.

• Spam statistics: The display can be filtered by: Clean files, Spam, prob-
able and blacklists;

• List of email recipients: Shows some statistics about files by IPBrick

recipients addresses.

Reference Guide - Version 6.0 IPBRICK SA

3.7 E-Mail 65

SpamAssassin
SpamAssassin6 is included in IPBrick. By default the service is inactive (Fig-
ure 3.47), to activate it just hit Modify and choose Yes at Enable configuration.

Note: SpamAssassin will keep its database automatically updated in a transpar-

ent way to the user.
The General Options (Figure 3.48) are:

• Required Score: For each message arriving, the SpamAssassin filter will
apply rules in order to know if it’s spam or not. The final value will be a
score number. In this field we are going to define the required general score.
The default is 10, so only mail messages that match >= 10 will be considered
SPAM;

• Action when it is detected SPAM:

– Reject E-Mail: The message is rejected and will not enter the mail
queue. The sender will receive a notification;
– Mark E-Mail as SPAM: The message is marked and enter the mail queue
normally;
– Mark and Redirect E-Mail: The message is marked and redirected to
the mail address [email protected] (Figure 3.49);
– Delete E-Mail: The message is deleted, will not enter the mail queue
and no notification is sended.

• Body Message Structure: Active for mark’s only. The original message
can be keeped or we can choose to send the original message in attachment,
as .txt or .eml. If it goes in attachment it’s possible to define a specific
description at Body Message Description.

After configuring the General Options, no further alterations are mandatory.

These following definitions, regarding specific score rules, are completely op-
tional.

To insert a score rule, we need to hit Insert. The following options are avail-
able:

• Rule name: Name that will identify the rule;

• E-Mail Field: Specific e-mail field to filter. Options:

– Body;
– From;
– Subject;
6
http://spamassassin.apache.org

IPBRICK SA Reference Guide - Version 6.0

66 IPBrick.I

• Filter: Type of filter and what word or expression to filter. Options:

– Contains this word/phrase: It filters the choosed field containing
the word/phrase defined;
– Exactly match this word/phrase: It filters the choosed field when
exactly match the word/phrase defined;
• Score: Score number to attribute to the rule. Let’s imagine that Required Score
is set to default (10). A rule for example defined with score -1 will be a pass
result. A rule defined with score 20 will be considered SPAM. An example
is presented at Figure 3.50.
At top menu the options Whitelist and Blacklist are presented. At whitelist
we can define authorized domains and emails (example at Figure 3.51). Mail
comming from these origins have a score of -100. At blacklist we can define
forbidden domains and emails. Mail comming from these origins have a score of
100.

Figure 3.47: E-Mail - AntiSpam - SpamAssassin - Main Menu

Figure 3.48: E-Mail - AntiSpam - SpamAssassin - General Options - Reject

Figure 3.49: E-Mail - AntiSpam - SpamAssassin - General Options - Mark

Reference Guide - Version 6.0 IPBRICK SA

3.7 E-Mail 67

Figure 3.50: E-Mail - AntiSpam - SpamAssassin - Created rules

Figure 3.51: E-Mail - AntiSpam - SpamAssassin - Whitelist

3.7.9 POP/IMAP Server

At this page you may configure the POP/IMAP server definitions. Simply click
on the corresponding Modify link to alter:

• Definitions

– Maximum number of daemons: These ’daemons’ are connections, usu-

ally established by email clients when requesting mail. In a regular

IPBRICK SA Reference Guide - Version 6.0

68 IPBrick.I

scenario, this value should be, at least, the double of the number of
users. By default, it is set to 400.
– Maximum number of connections per IP: If the POP/IMAP proxy is
activated the number of connections per IP should be incremented to
half the maximum number of connections (daemons). By default, 20.

NOTE: Please, bear in mind, that these suggestions do not take into
consideration a distributed email load scenario, where various email
servers may be at play!

• POP/IMAP Proxy Server

– Enable Proxy Server: By default, No

Figure 3.52: POP/IMAP Server Definitions

3.8 Print Server

This section deals with the interface management of printers intended to be
available in the network. When you define a printer you are asked to define this
fields (Figure3.53):

1. Name: Printer name;

2. Description: Simple description about the printer. This field is not manda-
tory;

3. Location: Physical location in the company. This field is not mandatory;

4. Interface: Interface type used between the printer and the server. There
are 4 options:

• Parallel port;
• Serial port;
• USB port;

Reference Guide - Version 6.0 IPBRICK SA

3.8 Print Server 69

• Network printer: Connected to a LAN switch.

5. Device: Used by the printer. This is directly related to the interface. (This
option is only available for interfaces with parallel port, series port and USB
port) (e.g. Interface–>Parallel Port, Hardware ->Parallel Port 1)
6. In case of a network printer, the following information is necessary:
• Address: Network printer address. (this option is only available for
network printers) (e.g. 192.168.1.1)
• Port: The network printer’s port. This field is not obligatory. (This
option is only available for network printers) (e.g. for a HP printer:
9100)

Figure 3.53: Print Server - Inserting a network printer at IPBrick

After inserting a printer, IPBRICK has to put the drivers available for the
client stations in order to finish the configuration. Therefore the printer drivers
have to be transferred to the server:

1. Log on in a Windows station with a user of the Administrators group (the

workstation has to be already registered in the IPBRICK domain);
2. Press the keys [Win]+[R] at the same time and type \\ipbrick;
3. Select Printers and Faxes
Verify if the added printer to the IPBRICK Web interface is shown.
4. Right click inside the window Printers and Faxes and select Server Properties;
5. Select the Drivers option in the presented window.
6. Choose ”Add”, set the manufacturer and the printer model and click Next;
7. Select the Windows version which the drivers have to correspond with.
8. Click Finish

Now the printer’s drivers are transferred to IPBRICK.

IPBRICK SA Reference Guide - Version 6.0

70 IPBrick.I

9. At share named Printers and Faxes on IPBRICK, right click at the printer
and choose Printer Properties. You’ll be prompted with a message like
the one in Figure3.54. Choose ”No”.

10. Enter in ”Advanced”, select the new driver just added and click ”Apply”.

Figure 3.54: Print Server - Printer configurations

To configure the printer on the client side, you must:

• Press the keys [Win]+[R] at the same time;

• Type \\ipbrick at the new window;

• Right click on the printer and choose ”Connect”.

Now the printer is listed at ”Printers and fax’s” on the client side.

3.9 Backup
Backup consists of copying data from one device to another so that these ad-
ditional copies may be used to restore the original after a data loss event. Usually
this is made from hard disk to tape, DVD or to another disk. Nowadays, paper
is being rapidly replaced by digital files, so organizations need to be aware of the
importance of having a reliable backup system.

3.9.1 Remote
This option enables the possibility of configuring scheduled backups to a NAS7
device or to a rsync server. Rsync is a powerful backup tool included in IPBrick,
that does incremental copies of files/directories to another rsync server.

To add a backup task you must click Insert (Figure 3.55). You will have the
following fields:
Backup definitions:
7
Network Attached Storage

Reference Guide - Version 6.0 IPBRICK SA

3.9 Backup 71

• Backup Name: It’s the backup’s name.

• Notification E-mail: Recipient that will receive all the backup notifications;

• Job to do: There are two options:

– Copy: It will copy all work areas to the backup device(/home1, /home2,
/home3...);
– Restore: It will restore all work areas from the backup device;

• Periodicity: The backup is always made daily;

• Time to start: Time when the ’Copy’ will start;

Figure 3.55: Backup - Task insertion

Destination Data Definitions:

• Data Location: The only option is remote. It will always be to a remote

machine.

• Backup Device

– NAS (SMB): The backup device is a NAS8 with a SMB share created.
The backup method is done using the archiving utility tar. Options
available:
∗ IP address: Backup device’s IP address;
∗ Login: Username that has access to the share;
∗ Password: Share password;
∗ Share Name: Name of the share created in the NAS.
8
Network-attached Storage

IPBRICK SA Reference Guide - Version 6.0

72 IPBrick.I

– NAS (NFS): The backup device is a NAS9 with a NFS share created.
The backup method is done using the incremental backup utility rsync.
Options available:
∗ IP address: Backup device’s IP address:
∗ Share Name: Name of the share created in the NAS.
– Rsync Server: The backup device is a machine running a rsync server.
You can see an example of a rsync server configuration in the next
section;
∗ IP address: The rsync server’s IP address.

When a backup task is inserted, we have a Backups List with the following
options:

• Name: Clicking on the Backup Name you will have access to these options:

– Back: Go to backups list;

– Modify: Modify the current backup task definitions;
– Delete: Delete the current backup task;

• Start copy: Starts the backup immediately;

• Statistics: Backup statistics;

• LOG: Backup log messages.

Note: If using the NAS(SMB) backup, the restore option will restore all the
files included, but from the beggining. Note: If using NAS(NFS) or rsync server,
the remote filesystem should be the same that IPBrick is using (E.g.: ext3);

Rsync server configuration

If the backup device is another IPBrick, the server must be prepared to act
as a rsync server. First let’s suppose that the client IPBrick machine has that
configurations:

• IP: 192.168.69.199;

• FQDN: ipbrick.domain.com;

At the IPBrick rsync server we need to:

1. Create a group workarea (share) using the Workarea 1, with the FQDN as
the share name: ipbrick.domain.com;

2. Connect by SSH to the IPBrick server and type the following command in
order to put rsync allways running when the server reboots:
9
Network-attached Storage

Reference Guide - Version 6.0 IPBRICK SA

3.9 Backup 73

update-rc.d rsync defaults 20

3. Create the configuration file for rsync by typing: nano /etc/rsyncd.conf

4. Fill the following content:

uid = root
gid = root
use chroot = yes
[ipbrick.domain.com]
path = /home1/_shares/ipbrick.domain.com
hosts allow = 192.168.69.199
read only = false
write only = false

5. Save the file and exit from the file editor nano;

6. Start rsync using this command: /etc/init.d/rsync start

Note: A complete network backup solution is also included at IPBrick, sup-

porting tape and disk backup. Link: http://www.bacula.org.

IPBRICK SA Reference Guide - Version 6.0

74 IPBrick.I

Reference Guide - Version 6.0 IPBRICK SA

Chapter 4

IPBrick.C

This chapter describes the IPBRICK menus used to manage the main com-
munication services between your organization and the Internet. The menu IP-
Brick.C like the one in IPBrick.I is a menu of functional configuration. The
IPBRICK Administrator ’says’ what he wants and the software makes the con-
figurations accordingly and maintains their consistence. This chapter is divided
into the following sections:

• Firewall;

• Proxy;

• VPN;

• E-Mail;

• SMS;

• Web Server;

• FTP Server;

• Webmail;

• VoIP;

• IM.

4.1 Firewall
Note: Any rule change done to the firewall implies its reactivation. Even if
the firewall has been expressively stopped a change in one of its rules implies the
restart of the firewall.

IPBRICK SA Reference Guide - Version 6.0

76 IPBrick.C

4.1.1 Available Services

IPBRICK firewall is controlled by a user-friendly interface that permits, based
upon a list of rules and other criteria, to deny unauthorized access while accepting
authorized communications. Traffic to or from any of the more common services
accessed via Internet, listed below, is supervised by the firewall and configured in
a simple way, by just activating or deactivating the service. For more in depth
changes please access the Advanced Configurations menu.
These are the services:

• Web Server;

• E-mail server;

• SSH;

• FTP.

The list, Firewall -> Available Services (Figure 4.1), indicates the ser-
vice status - whether the firewall is configured to let that service work (Active)
or it is configured to block those service ports (Inactive).

Note that defining here a service as active doesn’t start the service or stops
it. The single change implemented in the Apply Configurations option will only
affect the firewall service (first it stops, reconfigures and then restarts). In other
words, here you can only configure the firewall to open or to shut the Internet
port for a defined service (whether the service is working is another configuration
besides this section).

Figure 4.1: Firewall - Available Services

Reference Guide - Version 6.0 IPBRICK SA

4.2 Proxy 77

4.1.2 Block Services

Like the situation mentioned before, the option to block services only Enable
(unlocked) or Disable (locked) the normal operation of MSN, ICQ and mIRC
services, so LAN users can have or not Internet access to that services (Figure
4.2). For MSN Messenger it’s possible to make exceptions for some specific IP’s
or subnets.

Figure 4.2: Firewall - Block Services

4.2 Proxy
The proxy service acts as an intermediary for requests from clients seeking re-
sources in other servers. A client connects to the proxy, requesting a file, a web
page or any other resource. A Proxy is commonly used as way to achieve a better
network management; it caches web pages, providing a better bandwidth manage-
ment and enforces an access policy to network services or content, e.g.: to block
undesired sites, the possibility to customize web access, etc.

In IPBrick the proxy service is handled by DansGuardian and Squid.

The Proxy section is divided into:

• Settings;

• Statistics;

• Auto Configuration;

• Monitoring;

4.2.1 Settings
The presented main proxy definition (Figure 4.22) determines the normal op-
eration of the Internet browsers. Therefore, it is recommendable to define each
Proxy type first:

IPBRICK SA Reference Guide - Version 6.0

78 IPBrick.C

Figure 4.3: Proxy - Settings

1. Standard Proxy: It is not obligatory to use the proxy to access the Inter-
net. The proxy is only used by those who configure the browser to use the
proxy from the IPBRICK port 3128. Users without any additional browser
configurations continue to access the Internet without any problems. The
web accesses are registered by IP’s for statistical purposes.

2. Transparent Proxy: Every Internet access is done through the proxy. The
firewall has to be activated. Users may configure their browsers to use the
indicated proxy. They may also continue to access the Internet without any
proxy configurations in their browsers. Here the firewall makes the traffic
routing to the proxy. The web accesses are registered by IP’s for statistical
aims.

3. Proxy with Authentication: Internet access is only possible by using this

proxy. In order to have access to the web, users have to configure their
browser with this proxy. Once the browsers are configured, a valid authenti-
cation is asked whenever a user opens the browser. The user authentication
is done by login and password. The firewall has to be activated. All web
accesses are registered for each user purely for statistical purposes (NOTE:
You have to select this option, if you want to create access permissions by
using LDAP users and groups).

Configurations
The Configurations link enables you to access the content filtering settings.
This page (Figure 4.23) presents you with the default proxy policies.

Figure 4.4: Proxy - Content Filtering

Reference Guide - Version 6.0 IPBRICK SA

4.2 Proxy 79

If you click on the Default link you will access its Definitions. It is also
possible to insert a new set of policies by clicking on the Insert link.

As you can see, there’s a Modify link enabling you to alter the default general
definitions.

Figure 4.5: Proxy - Content Filtering - Default

if you click on it you will be able to alter these settings:

• Name: The designation you want to give to this policy;

• Access mode: There are three modes available Filtered, Banned and Accept
All. Depending on your choice, some of the following options may not be
available;

Figure 4.6: Proxy - Content filtering - Banned

IPBRICK SA Reference Guide - Version 6.0

80 IPBrick.C

Figure 4.7: Proxy - Content filtering - Accept All

• Block downloads: If you want the proxy to block all downloads select YES.
By default, this setting is set to NO

• Enable PICS: PICS1 is a cross-industry working group whose goal is to fa-

cilitate the development of technologies to give users of interactive media,
such as the Internet, control over the kinds of material to access. By default,
No

• Sensibility: This relates to the level to which the content will be filtered:
Very High, High, Medium, Low, Very Low, Off.

• Bandwidth: By default, the bandwidth is set without restrictions (Unlim-

ited), but it is possible to select from a range of 64 KB/s to 100 MB/s. If
you wish to attribute a value not on the range you may select Custom and
type the desired value in KBs.

• Bandwidth - Individual: Same as the previous setting, the only difference

is that you are assigning the individual bandwidth. By default, Unlimited

Figure 4.8: Proxy - Content filtering - Edit Default Definitions

1
Platform for Internet Content Selection

Reference Guide - Version 6.0 IPBRICK SA

4.2 Proxy 81

There’s also a number of other links that allow you to configure what content
will be Banned or Authorized.

Figure 4.9: Proxy - Content filtering links

• Mime-type: Multipurpose Internet Mail Extensions (MIME) is an Internet

standard designed mainly for SMTP protocol, but MIME’s use has grown
beyond describing the content of email and is now used to describe content
in general. The process of adding or removing types from the banned or
Authorized lists is very simple. Click on the Modify link.
On the new page, simply edit the Banned and or Authorized lists as you
would normally do in a text editor (remember that you should add or remove
types bearing in mind that they should be arranged one per line).

Figure 4.10: Proxy - Content filtering - Mime Type Edit Page

• Extensions: In order to prevent certain files download through web pages

you need to deny access to some file extensions. As in the previous option If
you click on the Extensions link. On the new page, simply edit the Banned
and or Authorized lists as you would normally do in a text editor (remember
that you should add or remove types bearing in mind that they should be
arranged one per line).

IPBRICK SA Reference Guide - Version 6.0

82 IPBrick.C

Figure 4.11: Proxy - Content filtering - Extensions Edit Page

• Domain: You may configure FQDN2 access, by domain or by TLD3 accessing

a record to each line. Some possible denial examples:

FQDN example:
www.facebook.com
www.marca.es

Domain example:
facebook.com
marca.es

TLD example:
com
es

On the Modify page, simply edit the Banned and or Authorized lists as you
would normally do in a text editor (remember that you should add or remove
domains bearing in mind that they should be arranged one per line).

2
Fully Qualified Domain Name
3
Top Level Domains

Reference Guide - Version 6.0 IPBRICK SA

4.2 Proxy 83

Figure 4.12: Proxy - Content filtering - Domain Edit Page

• URL: The page regarding URLs. On the Modify page, simply edit the Banned
and or Authorized lists as you would normally do in a text editor (remember
that you should add or remove URLs bearing in mind that they should be
arranged one per line).

Figure 4.13: Proxy - Content filtering - URL Edit Page

• Blacklists: Displays the set of blacklists that are available. By default, only
the Adult blacklist filter is active, you may, of course, tick other blacklist in
order to activate the corresponding filter.

IPBRICK SA Reference Guide - Version 6.0

84 IPBrick.C

Figure 4.14: Proxy - Content filtering - Blacklists Edit Page

• Phrases: You can deny in this option the access to pages that contain certain
phrases in the page’s contents. This action is not done in a ’blind’ manner
but rather by ’weight’. Furthermore, you may authorize access to ’good
phrases’ in the whitelist. This way, access to pertinent content is assured.

Figure 4.15: Proxy - Content filtering - Phrases Page

Reference Guide - Version 6.0 IPBRICK SA

4.2 Proxy 85

Figure 4.16: Proxy - Content filtering - Phrases Edit Page

• Times: The Times feature enables you to schedule the proxy policies. Just
click on the Modify link and on the new page select the day or days of the
week where the proxy will be active (You may use Ctrl or Shift to select the
desired days)

Figure 4.17: Proxy - Content filtering - Time Edit Page

If you select NO on All day long a new set of rules will appear:

– Start time: Select the time of day when you wish to begin to enforce
the proxy policies;

– End time: Select the time of day when the proxy will be deactivated.

IPBRICK SA Reference Guide - Version 6.0

86 IPBrick.C

Figure 4.18: Proxy - Content filtering - Time Edit Page

• Members: At this page you will be able to select Machines and IPs by

Figure 4.19: Proxy - Content filtering - Members Page

• Machine groups: You can associate to this policy an existing machine group;

• Machines: Lists the machines that are registered in IPBrick and provides
direct association to the origin group;

• IP subnets: Provides subnets association, defining the network IP and its

mask;

• IP machines: Provides machine association to the group by IP;

• IP ranges: You can set IP ranges with proxy access.

Reference Guide - Version 6.0 IPBRICK SA

4.2 Proxy 87

NOTE: If you choose the proxy with authentication mode, it’s possible to
filter the web access’s not only by the machines IP but also using LDAP. In Figure
4.20 we can see an example of a source group represented only by a LDAP group.

Figure 4.20: Proxy - Source groups - LDAP filter

Remote Proxy

In this option you can indicate a list of remote proxy servers. These servers
should provide web access because they usually have a huge cache, increasing the
speed of web access (Figure 4.21).

• List of remote proxy servers: You can use several web proxy’s and after
that order that list;

• Dont use remote proxy for the following sites: If you don’t want to
use remote proxy for certain sites, you must indicate them here.

Figure 4.21: Proxy - Remote Proxy

IPBRICK SA Reference Guide - Version 6.0

88 IPBrick.C

Figure 4.22: Proxy - Settings

• Source groups list: Sets an origin group with access to proxy. After this
group creation, the accesses can be set by: Machine group, Machine, IP
Subnets, IP Machines and IP ranges.By default IPBrick has a LAN group
with its own defined IP Subnet.

• Destination groups list: Sets destination groups (Web servers). You

can set Domains, Extensions or Words in the URL each created destination
group. By default the created group is named INVALID;

• Blacklists: Displays the set of blacklists that were configured at Other

configurations;

• List of time spaces: Sets specific periods based on hours and week days;

• Access Lists: Sets access permissions from the created origin and desti-
nation groups, as well as defined blacklists and periods. For instance, you
can set that all destinations can be accessed by the LAN group, with the
exception of INVALID destination group and blacklist porn, in an undefined
period (always).

Reference Guide - Version 6.0 IPBRICK SA

4.2 Proxy 89

Figure 4.23: Proxy - Rules 1/2

Figure 4.24: Proxy - Rules 2/2

Other configurations
General Settings
It is possible to change the port from where the proxy will operate. By default
it is port 3128.
Redirect page in case of denied access
If the access for some site is blocked, the user can be automatically redirected
to the web site configured at URL address;
Blacklists
In this context, blacklists are set as site lists organized by several categories
that are considered inconvenient. You can find here the following options (Figure
4.25):

IPBRICK SA Reference Guide - Version 6.0

90 IPBrick.C

• Url for update: That URL provides a default blacklist base file that is au-
tomatically decompressed by IPBrick. Each category will have a list of sites
that is automaticaly updated, but it’s possible to do a update clicking at
Update. The proxy service can use other blacklist bases, some with other cat-
egories. Some blacklists can be found here: http://www.squidguard.org/blacklists.html.

• Current file MD5SUM: MD5 Hash of the file if it’s calculated. It lets you
check file integrity;

• Available categories: Categories list present in that compilation (usually

they are considered unsuited to LAN use)

– ads: List of advertisement sites;

– aggressive: List of violent content sites;
– audio-video: List of music and video content sites;
– drugs: List of drug related content sites;
– gambling: List of gambling sites;
– hacking: List of hacking sites;
– mail: List of sites that provide free webmail services;
– phishing: List of sites about phishing;
– porn: List of sites with pornographic content;
– proxy: List of sites that provide anonymous proxy service;
– warez: List of sites with pirate software content.

Content access management

Sets the number of simultaneous filtering processes that depends on the ma-
chine performance and the present CPU load. The default is five processes.

Proxy cache options

• Cache enabled: Activates the Proxy cache service. If the cache is activated,
every page accessed by the origin groups are stored in the server. Example:
If the page www.google.com is in the cache, the browser will only access to
IPBrick, instead of accessing the google web server, providing a better band
width management.

• Cache size: Maximum cache size. If the limit is reached, the older cache
files are removed.

• Cache location: The default is the /var partition. If you choose a big
cache size it’s a good option to choose the /home1 or /home2 partition.

Allowed connections
This list presents all the ports that are accepted by proxy. So all traffic com-
ming from LAN machines with destination ports in Internet listed here will match

Reference Guide - Version 6.0 IPBRICK SA

4.2 Proxy 91

proxy defined ACL’s. It’s possible to configure witch ports are accepted or not by
proxy with Remove and Add option.

Ignore rules for the following destinations

In this section we can define whitelists for any destinations, including domains
and networks. So for that destinations no proxy ACL’s will be matched.
All this settings can be viewed at Figure 4.25 and Figure 4.26.

Figure 4.25: Proxy - Other configurations 1/2

Figure 4.26: Proxy - Other configurations 1/2

4.2.2 Statistics
Advanced Web Statistics is the software that generates several important statis-
tics for the network administrator, like detailed cache statistics, accesses (Figure
4.27).

There are different statistics types:

IPBRICK SA Reference Guide - Version 6.0

92 IPBrick.C

• Global statistics: Global network statistics;

• Statistics by machine: You have to select the machine you want from a
list of LAN machines. The purpose is to give individual statistics for each
machine;
• User statistics: If proxy configuration has authentication, it’s displayed
here a user list. You have to select the user from this list to have their
individual statistics.

Figure 4.27: Proxy - Statistics

4.2.3 Auto-Configuration
It’s possible to configure the proxy via a wpad file. Click on the Modify link.

Figure 4.28: Proxy - Auto-Configuration

At the new page you can now enable the configuration by selecting YES at
Enable Autodiscovery, you will notice that more options will appear.

• WPAD URL address: E.g. http://wpad.domain.com/wpad.dat

• Proxy URL address: E.g. proxy.domain.com
• Proxy port: 3128

Reference Guide - Version 6.0 IPBRICK SA

4.2 Proxy 93

NOTE: These are the default settings, please change them according to your
own scenario.

Figure 4.29: Proxy - Auto-Configuration Modify page

4.2.4 Monitoring
This page will display all proxy traffic stats for you to monitor. The information
is arranged in a simple table with columns for: Date, User, Source IP, URL, HTTP
Code and Size.

Figure 4.30: Proxy Monitoring Page

There’s also two links: Filter and Configurations.

The Filter link will open a new page that will provide you with the necessary
means to retrieve the data you desire.

Figure 4.31: Proxy Monitoring Filter Page

The Configurations link will let you set if you wish to record the browsing
history (by default, it is set to NO).

IPBRICK SA Reference Guide - Version 6.0

94 IPBrick.C

Figure 4.32: Proxy Monitoring Configurations Page

Simply click on the Modify link to activate the feature by selecting YES

Figure 4.33: Proxy Monitoring Configurations Edit Page

By selecting YES, a new option (Delete history automatically) will appear,

if you enable it, another one will be visible and it will permit you to type the
number of days you wish to keep the history (by default, 7).

4.3 VPN
VPN4 is a way of extending any network by providing a remote access (usually
via Internet) to a network’s resources.

4.3.1 PPTP
A PPTP5 VPN type works by providing a PPP session with the recipient
through the tunneling GRE protocol. It needs another network connection to
start and manage PPP session that runs on port 1723 TCP. In IPBrick’s case, you
have to indicate who are the users that access VPN-PPTP connections, as well as
the address range that will be used by clients.

Configurations
The link configurations gives you access to a form where you define the range
of IP addresses chosen for VPN connections. Remote clients will get an IP in this
group when they make an IPBRICK connection. It is as if they were connected
to the network server with an IP from this range. The user list shown on the left
side in Figure 4.34 presents the selected VPN users. On the right side you find
the users registered in IPBRICK.
4
Virtual Private Networks
5
Point-to-Point Tunneling Protocol

Reference Guide - Version 6.0 IPBRICK SA

4.3 VPN 95

Figure 4.34: VPN - PPTP - Users

Access log
The access log option permits the visualization of all PPTP accesses. It’s
possible to filter by:

• IP;

• User;

• Notes:

– Connected;
– Disconnected;
– Wrong password;
– Illegal user;
– Locked;
– Timeout.

• Date;

Options available:

• Clean filters: Will clean all the chosen filters;

• Export PDF: Exports all the information to a .pdf;

• Back: Go back to the top menu;

4.3.2 SSL
A VPN-SSL uses the SSL encryption protocol to insure data privacy and in-
tegrity between the two parts because the protocol provides data encryption and
authentication. SSL is based on TCP protocol and uses the Public key cryptogra-
phy concept (introduced by Diffie-Hellman in the 1970 decade).

IPBRICK SA Reference Guide - Version 6.0

96 IPBrick.C

This concept specifies that each part has a Private Key and a Public Key that
can be distributed by people that want to have encrypted communication. En-
crypted data with the Public Key are only decrypted by the corresponding Private
Key. Encrypted data with the Private Key are only decrypted by the correspond-
ing Public Key.

After clicking on SSL, the list of VPN SSL servers is shown. To configure the
tunnel you must click on it (Figure 4.35).

Figure 4.35: VPN - SSL Settings

Definitions In this section you can configure the definitions of the VPN-SSL
network.
• Name/IP: Name or public IP address of the network;
• Port: The port of the VPN server. The default for SSL is 1194;
• Protocol: The transport protocol used in the communication. TCP is more
reliable buy will add an extra overhead;
• VPN Network: The IP network which will be given to the clients. When a
user connects to this vpn server, he will get an IP address in this IP network.
This network should be different from any other IP network in the company;
• Domain: The domain offered to the clients;
• DNS Servers: The DNS server passed to the clients;
• NetBios Servers: The netbios server passed to the clients;
• Routes for clients: Sets all the networks that client must have access
through the tunnel.
NOTE: If you want to use a VPN SSL and use the same email client with
the internal mail server configurations, you need to add the VPN Network to the
Relay networks definitions at the Email option;

Reference Guide - Version 6.0 IPBRICK SA

4.3 VPN 97

Certificates After the Definitions configuration its necessary to create SSL dig-
ital certificates. A digital certificate has the following informations:

• Identification of the titular entity;

• Public Key for the titular entity;

• Serial number Certificate;

• Valid date Certificate;

• Identification of the Certifying Authority (The Certificate issuing entity);

• Digital signature of the Certifying Authority.

It will be generated a Digital Certificate for the server and for each of the clients
using the VPN SSL connection. Clicking on Insert will start the generation of
the server’s Certificate. You will then have to insert data in the following fields:

• Country Code;

• Country;

• City;

• Company;

• Nome: Certificate name;

• Email: Company’s email.

The next certificates shall be for the clients, and it is necessary to fill the
following fields (Figure 4.36):

• Name: Certificate name. Normally the single name of the person/entity that
will connect;

• E-Mail: Client e-mail address;

• Password: A password (PSK) with six characters minimum;

• Associated access policies: The specific client certificate can be associated to

a policy, so we can control to what LAN machines the client will have access
to. If none, access will be granted to all the defined network routes.

Afterwards, it is necessary to download the certificate and send it to the cus-

tomer who shall establish the VPN connection. The .zip file contains:

• Server public key: ca-server-domain.crt;

• Client private key: certificate_name.key;

• Client public key: certificate_name.crt;

IPBRICK SA Reference Guide - Version 6.0

98 IPBrick.C

Figure 4.36: VPN SSL - Client certificate configuration

• VPN configuration: certificate_name.ovpn;

Client
In the client side you have to install the specific software to create the VPN
SSL connection- OpenVPN6 . Then you must uncompress the certificate file to a
new directory in
c:\Program Files\OpenVPN\config.
To start VPN connection you have to click on the OpenVPN icon located in the
tool bar with the right button, choose the connection you want and click Connect.

The option Delete All should only be used to restart the all process.

State
This interface shows you the active tunnels and their respective traffic, users
and IP

After configuring this service you have to activate it in section Advanced

Configurations  System  Services. The procedure to configure VPN client
is described in detail at Appendix C - Chapter 12.

Access policies
At main menu of SSL it’s possible to create two types of access policies (Figure
4.37):

• Permission policies: Making a certificate association to a permission policy

will give permission only to the configured destinations;

• Restriction policies: Making a certificate association to a restriction policy

will give permission to all except the configured destinations;
6
Software: openvpn.net — Windows GUI: openvpn.se

Reference Guide - Version 6.0 IPBRICK SA

4.3 VPN 99

After clicking on Insert and choosing the name, clicking on it will open a
window when it’s possible to choose the destinations. The destination options
include:

• Machine groups;
• Machines;
• IP Subnets;
• IP Machines;
• IP Ranges.

Figure 4.37: VPN SSL - Access policies list

Access log
The access log option permits the visualization of all VPN-SSL accesses. It’s
possible to filter by:

• IP;
• User;
• Notes:
– Connected;
– Terminated/Timeout;
– Blocked.
• Date;

Options available:

• Clean filters: Will clean all the chosen filters;

• Export PDF: Exports all the information to a .pdf;
• Back: Go back to the top menu;

IPBRICK SA Reference Guide - Version 6.0

100 IPBrick.C

4.3.3 IPSec
IPSec (IP security) technology is a suite of protocols that ensures confiden-
tiality, integrity and authenticity to data transmission on an IP network. SSL
protocol works at the transport layer level - IPSec operates at the network layer
and consequently provides data encryption in this level.

VPN through PPTP or SSL provides a connection between a defined machine

and the network (road warrior type). On the contrary VPN IPSec allows two net-
works to communicate permanently and in a transparent way (LAN to LAN type).
This is accomplished with an IPSec configured between two IPBrick’s or between
an IPBrick and a router, providing full configuration transparency to users from
the two networks.

Example: 192.168.2.0 network that belongs to the Company X headquarters

in Oporto, Portugal and network 192.168.4.0 belongs to its office branch located
in Japan. Both networks should have Internet connection to make possible the
communication between their machines through a VPN IPSec tunnel. With this
feature two networks can behave as if they where one.

To configure a VPN connection between two networks you need to have the
appropriate configuration on both origin and destination IPBrick’s for the IPSec
tunnel.

The main menu presents the configured IPSec tunnels. To insert a new IPSec
tunnel click Insert. In that page we are going to configure the IPSec connection
(as you may see in Figure 4.38). The following data is necessary:

• General settings

– Name: VPN IPSec name;

– Description: Description of the IPSec connection;
– State: VPN IPSec state - enable or disable;

• Local Network Definitions

– Local IP: IPBrick external interface address (eth1);

– Local network: Local network address and respective IPBrick network
mask;
– Local Gateway: Router internal interface address;
– Local Identification: Identification field. Can be used the public
network IP or if the network dont’t have fixed public IP, a dynamic
DNS address;
– Server IP in local network: IPBrick internal interface address (eth0).

• Remote network definitions

Reference Guide - Version 6.0 IPBRICK SA

4.3 VPN 101

– Remote IP: Remote public address;

– Remote network: Remote network address and mask;
– Remote Gateway: Remote network router internal interface address
(this field is not mandatory);
– Remote identifier: Remote identification field (this field is not manda-
tory);

• Keys Management

– Password: A Pre-Shared Key is a shared key that the VPN service

expects as a first credential (before username and password). In order
that the VPN server allows the authentication process to continue, it is
necessary to pass the correct PSK;
– Type: The IPSec supplies two operation methods specified in this field,
which are Tunnel (where the original IP pack is encrypted) and Trans-
port (the data (payload) are encrypted, but the original IP heading is
not changed);
– IKE Encryption 7 : By default the algorithms used in the first stage of
negotiation are ’auto-negotiable’. If the destination does not support
auto-negotiation, it is possible to select the algorithm.
– Authentication: IPSec adds two extra headers to the IP package -
AH and ESP. The AH (Authentication Header) insures integrity and
authenticity, but not confidentiality. ESP provides data integrity, au-
thenticity and confidentiality;
– ESP Encryption 8 : By default the used algorithms for the second phase
of negotiation are ’auto-negotiable’. If the destination does not support
auto-negotiation, it is possible to select the algorithm.
– PFS9 : Allows PFS protocol that adds additional security in the keys
exchange;
– Start: Only automatic is available.

Router configuration
In case of a VPN IPSec not between two IPBrick’s but between a IPBrick and
a router, at the router side it’s important to know all parameters used by the
IPBrick that are transparent to the web interface. Here are the most important
ones:

• Negotiation key protocol: IKE;

7
IKE stands for Internet Key Exchange, a protocol used to set up a security association (SA)
in the IPsec protocol
8
ESP stands for Encapsulating Security Payload, it provides origin authenticity, integrity,
and confidentiality protection of packets
9
Perfect Forward Secrecy

IPBRICK SA Reference Guide - Version 6.0

102 IPBrick.C

Figure 4.38: VPN - IPSec Configuration 1/2

Figure 4.39: VPN - IPSec Configuration 2/2

• Negotiation mode: Normal;

• Fase 1 encryption Algorithm: 3DES;

• Fase 1 authentication Algorithm: MD5;

• Fase 2 encryption Algorithm: 3DES;

• Fase 2 authentication Algorithm: SHA1;

Reference Guide - Version 6.0 IPBRICK SA

4.3 VPN 103

• Key Group: DH2;

⇒ Note: Before configuring a VPN connection, PPTP, IPSec or SSL, you

have to know what is the addressing system used by the local network where the
client connects and what is the destination’s network addressing system. If the
addressing systems in both networks are exactly the same, the VPN connection
will be not possible.

4.3.4 GRE
The GRE10 protocol was developed by Cisco to encapsulate a multi variety of
network layer protocols inside a specific IP tunnel. So the main idea was to create
a link between Cisco routers, so two networks can stay interconnected (company
headquarters and branches for example). In these days the GRE protocol is Linux
supported, so with GRE active at IPBrick, it’s possible to create tunnels between
IPBricks or between IPBricks and Cisco routers.

To set up a new GRE tunnel click Insert. The following options are available:

• General settings

– Name: GRE tunnel name;

– Description: Description of the GRE connection;
– State: GRE state - enable or disable.

• Local Network Definitions

– Local IP: IPBrick external interface address (eth1);

– Server IP in local network: IPBrick internal interface address (eth0).

• Remote network definitions

– Remote IP: Remote IP address. Normally a public one because the

tunnel is being established by Internet;
– Remote subnet: Remote network address and mask;

A configuration example is shown at Figure 4.45

NOTE: When configuring a GRE tunnel between an IPBrick and a Cisco
router, the Server IP in local network may need to be the local IP address
of a GRE tunnel network, e.g.: GRE tunnel with specific network 10.0.0.0/24.
IPBrick will have IP 10.0.0.1 and Cisco IP 10.0.0.2.
10
Generic Routing Encapsulation

IPBRICK SA Reference Guide - Version 6.0

104 IPBrick.C

Figure 4.40: VPN - GRE Configuration

4.3.5 VPC
Amazon Virtual Private Cloud (VPC) is a cloud computing service providing
a virtual private cloud over an IPsec based virtual private network.

The Amazon VPC lets you prepare an isolated section of the Amazon Web
Services (AWS) Cloud, where you may use its resources and have control over
your virtual network, including your own IP range, subnets, and also configure
route tables and network gateways, extending your data center into a cloud.

To use this feature you will have to register and request the Amazon Web Ser-
vices VPC.

For more information please access:

http://aws.amazon.com/vpc/

General settings
• Name: Name your VPC
• Description: Merely as a reference type a brief description of your VPC
• State: Enable or disable your VPC. By default it’s Enabled.

Internet Key Exchange Configuration

Internet Key Exchange (IKE or IKEv2) is used to configure a security associ-
ation (SA) in IPsec.

Reference Guide - Version 6.0 IPBRICK SA

4.3 VPN 105

Figure 4.41: VPC - General Configurations

NOTE: Only the Pre-shared key field is editable.

• Pre-shared key: Type the pre-shared key that Amazon has provided you.

Figure 4.42: VPC - Internet Key Exchange Configuration

IPSec Configuration

At the IPsec configuration there are no editable fields.

Figure 4.43: VPC - IPsec Configuration

IPBRICK SA Reference Guide - Version 6.0

106 IPBrick.C

Tunnel interface configuration

As the name suggests here you may configure tour VPN tunnel by filling the
following fields with the necessary data:

• Outside IP address of the customer gateway: Type the appropriate IP;

• Outside IP address of the VPN gateway: Type the appropriate IP;

• Inside IP address of the customer gateway: Type the appropriate IP;

• Inside IP address of the VPN gateway: Type the appropriate IP;

• VPC subnet: Type the value for your VPC subnet. You may insert more
subnets by clicking on the Add button.

Figure 4.44: VPC - Tunnel interface configuration

Border Gateway Protocol (BGP) configuration

Border Gateway Protocol (BGP) is a protocol used to make routing decisions
on the Internet.//
These routing decisions are based on path, network policies and/or rule-sets.
For this reason bear in mind your Amazon routing definitions.

• Customer Gateway ASN: Your customer’s ASN (Access Service Network)

Gateway. By default 65000

• VPN Gateway ASN: Your Gateway ASN. By default 7224 Neighbor IP Ad-
dress: Insert her you neighbor’s IP.

• Neighbor Hold Time: Non editable. Set to 30 seconds.

When you have finished inserting all necessary data please click on the Insert
button at the bottom of the page.

Reference Guide - Version 6.0 IPBRICK SA

4.4 E-mail 107

Figure 4.45: VPC - BGP configuration

4.4 E-mail
This E-mail section is repeated in both IPBrick.I and .C modules. IPBrick.I
provides Intranet services: Base Configuration, Queue Management, User Man-
agement, Distribution Lists and Anti-Virus and Anti-Spam. IPBrick.C provides
additional services:

• Advanced relay;
• Get Mail from ISP;
• Mail copy.

4.4.1 Advanced relay

The advanced relay option makes possible to forward emails based on non-
existent recipients and also to forward all the mail that comes to a domain. This
last feature is also known as catchall (Figure 4.46).
Relay definitions:
• Email/Domain
– Email: Insert a invalid recipient that doesn’t have any LDAP account
created and the desired internal domain;
– Domain: Choose for each domain you want to relay all the messages
(catchall option);
• Relay to: Destination email. Can be an internal or external destination;

Figure 4.46: E-Mail - Advanced relay

IPBRICK SA Reference Guide - Version 6.0

108 IPBrick.C

4.4.2 Get Mail from ISP

If company mails are not delivered to an internal firm server, being therefore
only available via POP11 , you can configure IPBRICK in order to unload these
mails from the ISP12 periodically to a local server. Once they are in this local
server the mails are associated respectively to the previously configured accounts.
In this way you can configure a server for internal E-mails, even if you only have
one, to automate and centralize all firm e-mails (from the Internet and internal).

This feature normally called fetchmail is useful when the MX from the enter-
prise domain points to another server.

Figure 4.47: E-Mail - Get Mail from ISP - Base menu

Click on Insert (Figure 4.47) to configure a external server that you want to
connect to download email and deliver it in the local server. You have to insert
data in the following fields:

• Server: Server identification. It could be FQDN and IP address;

• Protocol: Protocol that is used by the server - POP3 or IMAP;

• Remote domains: Domains that deliver email to the server. It is commonly

used in volume email boxes.

To access server definitions, you must click on its name (Figure 4.47):

• Modify: To change the account data;

• Delete: Deletes the selected account;

• Back: Goes back to email servers list.

To access the management interface of remote mailboxes, you must click insert
and fill in the following fields:

1. Mailbox type: Select individual mailbox or volume box. A volume mailbox

refers to boxes that are not assigned externally to any user, so all mail to all
users is delivered in just one public mailbox. In that fetchmail case, IPBrick
will get all mail and analyse the to field, delivering mail to the respective
local mailboxes;
11
Post Office Protocol: Used to access inboxes and transfer mails.
12
Internet Service Provider

Reference Guide - Version 6.0 IPBRICK SA

4.4 E-mail 109

Figure 4.48: E-Mail - Get mail from ISP - Servers Management

2. Login: Used username to access the email remote box;

3. Password: Needed to validate login;

4. Retype password: Confirm the previous password;

5. Local server email: If the individual mailbox is chosen, this field is the
local email account where the downloaded emails will be delivered;

6. Drop ’Delivered-To’: If the email address in ISP is the same as the email
address in local server, this field must be active.

4.4.3 Mail Copy

This feature (Figure 4.49) aims to save all the incoming and outgoing email
messages in two accounts: sentmail and receivedmail.

Figure 4.49: E-Mail - Mail copy

Note: It is necessary to pay attention to the management of these Mail Copies,

especially in places with a lot of e-mail traffic. It is very important to control the
development of the occupied server hard drive space. These e-mail inboxes may
quickly reach the full size of the partition. By reaching this size they may cause
some trouble either with interferences with other server applications or to the ones
responsible for these e-mail inboxes that at a certain stage will loose a series of
mails because no copy could have been made.

IPBRICK SA Reference Guide - Version 6.0

110 IPBrick.C

When you activate this service (Yes) the mails are copied to the corresponding
account, that is:
1. Sent: YES, all mails that get through this SMTP server and whose sender
is from the server domain(s) will be copied to the Sent Mails local account;
2. Received: YES, all mails that get through this SMTP server and whose
sender is not from the server domain(s) will be copied to the Received Mails
local account.
When you activate the option (Yes) the system shows the Delete Automatically
the Copies field. This field allows defining whether the mail copies that are in
the server are to be deleted or not. The Delete Copies With More Than field
allows specifying the days after which mail copies are to be deleted in the server.

4.4.4 POP/IMAP Server

At this page you may configure the POP/IMAP server definitions. Simply click
on the corresponding Modify link to alter:
• Definitions
– Maximum number of daemons: These ’daemons’ are connections, usu-
ally established by email clients when requesting mail. In a regular
scenario, this value should be, at least, the double of the number of
users. By default, it is set to 400.
– Maximum number of connections per IP: If the POP/IMAP proxy is
activated the number of connections per IP should be incremented to
half the maximum number of connections (daemons). By default, 20.

NOTE: Please, bear in mind, that these suggestions do not take into
consideration a distributed email load scenario, where various email
servers may be at play!
• POP/IMAP Proxy Server
– Enable Proxy Server: By default, No

Figure 4.50: POP/IMAP Server Definitions

Reference Guide - Version 6.0 IPBRICK SA

4.5 SMS 111

4.5 SMS
IPBrick provides now an SMS13 functionality to send SMS by using a specific
account at Ficom, Vipvoz or by using an IPBrick GSM gateway. The idea is to
send one or multiple SMS using an email client and a special FQDN created just
for that. So the method can be called Mail2SMS.
Important Note: The GSM Gateway route has only been tested with IP-
Brick GSM Gateways. Therefore, we do not guarantee that the feature will be
operational if you use another manufacturer’s gateway.

4.5.1 Configure
At the web interface access textttIPBrick .GT -¿ SMS

Click on Modify, and then choosing Yes will enable the service configuration.
At Mail2SMS definitions we should define the specific domain to use for SMS send-
ing. Normally it’s used this FQDN: sms.domain.com, replacing the domain.com
with the actual IPBrick’s domain (Figure 4.51).

Figure 4.51: SMS - Enable configuration

In IPBrick .GT -> SMS -> SMS Users, you can control the user’s access to
the Mail2SMS service.

Click on Modify, A list with all IPBrick users will appear (Figure 4.52). You
can now check which ones you wish to grant access to this feature.

4.5.2 Routes Management

Clicking on Insert will create a new route:

• Operator: Three options are available:

13
Short message service

IPBRICK SA Reference Guide - Version 6.0

112 IPBrick.C

Figure 4.52: SMS Users

– Ficom: The SMS will be sent using XML-RPC method. Contact IP-
BRICK SA ([email protected]) to create an account;
– GSM gateway: The SMS will be sent using the telnet protocol;
– VipVoz: The SMS will be sent to a VipVoz mail account using SSL.
Contact IPBRICK SA ([email protected]) to create an account;

Depending on the selected operator option, the following fields will appear:

• Route name: A name just for route identification;

• Email for notification reception: It’s the email account that will receive the
notifications with the send result (only for VipVoz);

• Gateway IP address: The IP Address of the GSM Gateway (Only for GSM
Gateway) (Figure 4.53);

• SIM card: Select which SIM card to use (Only for GSM Gateway);

• User (VipVoz and Ficom): Username of the account already created (in GSM
Gateway mode, please type the web interface Username);

• Password (VipVoz and Ficom): Password from the account already created
(in GSM Gateway mode, please type the web interface Password);

After the created route, we need to click at the route name to define a prefix
in order to use that specific route. That choosed prefix will be later part of the
number and will match only that route.

4.5.3 Statistics
Displays statistics about the sent and outgoing SMS.

Reference Guide - Version 6.0 IPBRICK SA

4.5 SMS 113

Figure 4.53: GSM Gateway Route Example

Sent SMS
For sent SMS these are the fields available:

• Id;

• Send date;

• Sender;

• Destination;

• Order;

• Attempts;

• Route;

• Operator;

• State;

• File.

Outgoing SMS
For outgoing SMS that are pending, the following fields are presented:

• Id;

• Sender;

• Destination;

• Order;

IPBRICK SA Reference Guide - Version 6.0

114 IPBrick.C

• Attempts;

• Route;

• Operator;

• State.

4.5.4 Sending a SMS

With everything configured at IPBrick, we can send a SMS(s) using a mail
client or webmail using the syntax:

<prefix + number>@<mail2sms domain>

E.g.: We are using the domain sms.domain.com and a VipVoz account acti-
vated with prefix 00. To send a SMS to the Portuguese mobile number 946666666
saying ’Hello, party at 23:00 - Bar XYZ’.

To: [email protected]
Subject: Party
Body: Hello, party at 23:00 - Bar XYZ

Note that you can create a mailing list at IPBrick and insert all the mobile
numbers you want. E.g.: Create a mailing list named [email protected]
and insert at External users list some costumers mobile numbers:

[email protected]
[email protected]
[email protected]
...

So at the client side you just need to send a email to [email protected],

with the text you want.

CSV file
Another method to send SMS is to attach a CSV file created in a spreadsheet
program with the columns number and message splited by a ;.
E.g.:

number;message
003519191919191; Hello John
003519696969696; Merry christmas Mike
003519191919191; Meeting at 15:00.
00339696969696; Bonjour David.
00344233333333; Feliz navidad Juan.

Reference Guide - Version 6.0 IPBRICK SA

4.6 Web Server 115

To send it, we just need to create a new email message with the destination of
the specific mail account smslist@<mail2sms domain>.
E.g.:

To: [email protected]
Subject: SMS CSV List
Body:
Attach: sms_list.csv

If at the CSV file the message column is empty, the considered SMS text will
be the email message body (if present).

4.6 Web Server

A web server, through the HTTP14 and/or HTTPS protocols, is responsible
for answering user requests, concerning the web pages lodged in it, and each server
may lodge several sites. The IPBRICK web server running in IPBrick is Apache
15
. The base virtual hosts registered in IPBRICK are displayed after clicking on
Web Server.
IPBrick hosts the following sites by default:

• broker.domain.com: A load balancing tool;

• callmanager.domain.com: Flash callmanager application for VoIP;

• callstatistics.domain.com: Specific site with VoIP call detailed statistics. It’s

the same menu present in IPBrick.GT - VoIP - Monitoring - Call Statistics,
but now it’s possible to give access to LDAP users;

• contacts.domain.com: Intranet LDAP contacts management; An in depth

look is provided at Appendix H;

• groupware.domain.com: horde webmail client;

• ipbrick4cc.domain.com: Virtualization solution;

• ipbrick.domain.com: IPBrick web management interface;

• cafe.domain.com: A site for internal users and it replaces MyIPBrick. It’s

possible to change personal settings, check the personal area and go to other
internal websites. A detailed description is done at Chapter ?? Appendix F
- IPBRICK Cafe;

• jwchat.domain.com: A web-based Jabber (XMPP) client for the IPBrick

LDAP users;

• pgsqladmin.domain.com: PostgreSQL database web management;

14
HyperText Transfer Protocol
15
For more information please visit http://www.apache.org

IPBRICK SA Reference Guide - Version 6.0

116 IPBrick.C

• ucoip.domain.com: The UCoIP webpage (please consult Appendix E)

• webphone.domain.com: It’s a IAX webphone example. The idea is to view

the page source code and include it in a real website. This webphone can
be configured to call directly any number you want or to match some direct
access for a VoIP funcionality (sequence, groups, IVR etc). To specify that,
the variable called url must be changed.

• wpad.domain.com: WPAD (Web Proxy Autodiscovery Protocol) a method

used by clients to locate a URL of a configuration file using DHCP and/or
DNS discovery methods.

By clicking on one of the links a new page will be displayed and if you click on
the Statistics link you will access the stats table pertaining to that particular
domain.

Figure 4.54: Web Server - Adding sites

4.6.1 Creating a new site

By clicking on Insert it’s possible to create a new site. A new form is displayed
(Figure 4.55) with the following fields:

Reference Guide - Version 6.0 IPBRICK SA

4.6 Web Server 117

Figure 4.55: Web Server - Adding sites

1. URL address: It’s the FQDN16 of the new site that will be hosted in the
server. It’s possible to use SSL too. Example: www.domain.com;

2. Alternative URL address: Alternative name(s) for the URL address that
was previously set. This field is not mandatory;

3. Site administrator email: E-Mail of the user that is responsible for the
site management;

4. FTP User: A new user login that will access to the site folder through FTP.
This should be the only login and shouldn’t be equal to another IPBrick
LDAP user. The site maintenance will be made through this protocol.

5. Password: Password of the FTP user.

6. Retype Password: Confirmation of Password.

7. Site folder location: Folder to be created in the server filesystem that

will be automatically created on /home1/_sites/. Usually it’s used the
name of the site;

8. Internet Availability: Choosing Yes we say that the virtualhost will be

created from this site to the IPBrick external IP - if this is the case the
created site will be available in the Internet;

9. Safe mode: If the site is php based, it deny’s the access of files outside the
site folder location, so it will interfer too with the global variables. It’s the
reason that the default mode is Disabled;
16
Fully Qualified Domain Name

IPBRICK SA Reference Guide - Version 6.0

118 IPBrick.C

10. Access authorized only to the directories: By default the php have
access to the site folder location and to /tmp but it’s possible to add more
locations;

11. Character encoding: It’s the encoding that Apache will use for the website
depending of the content language;

12. Always keep the typed URL: Allows to keep always the requested URL;

If the created site is internet available, it is also necessary to create a DNS

record in the company’s external DNS server pointing to the company’s network
public IP (A or CNAME). If IPBrick have public IP at eth1, it will point directly
to that IP and not for the router IP.

4.6.2 Management
When the site is created if you click on it, you’ll have these options to choose
from:

• Back: Allows you to go back to the main webserver menu;

• Alias;

• Redirect;

• Reverse Proxy;

• Modify: Allows to modify the site fields;

• Delete: Remove the site from the web server. After clicking on Apply Con-
figurations the site is no longer available online. The files of the site are not
eliminated but moved to the share sites_bk1. This share is the file location
of the removed sites. When IPBrick removes these sites only the services
that are affected are reconfigured and the contents removed to an own share
accessible only to LDAP Administrators. It is like in the user accounts and
group shares;

Alias

Alias or Host Header is a simple form of having access to certain contents that
are physically dislocated from the main directory of the site. Next, we’ll present
these two examples:

In Figure 4.56 we create a web alias for the folder /home1/_sites/www/site/img.

So, going to www.domain.com/es/img or www.domain.com/img will be the same.

Reference Guide - Version 6.0 IPBRICK SA

4.6 Web Server 119

Figure 4.56: Web Server - Alias 1

Figure 4.57: Web Server - Alias 2

Now we have a subsite called www.domain.com/forum that is present in filesys-

tem at /home1/_sites/www/site/forum.
You can manage each alias if you click on it.

Redirect

Redirect allows you to be redirected to a new URL when you type a first URL
in the browser. Some examples:

• In Figure 4.58’s example if someone tries to access www.domain.com/index.htm

and the index.htm file doesn’t exist, he will be automatically redirected to
www.domain.com
/index.htm;

• In Figure 4.59’s example if someone tries to access www.domain.com/index.html,

he will be automatically redirected to www.domain.com/web/index.htm. Please
note that in the source field you can insert only /index.html or www.domain.com/index.html,
which is the same.

IPBRICK SA Reference Guide - Version 6.0

120 IPBrick.C

Figure 4.58: Web Server - Redirect - Example 1

Figure 4.59: Web Server - Redirect - Example 2

You can manage each redirection if you click on it.

Reverse Proxy

The reverse proxy is used in front of the Webserver and has the main objective
of redirecting all connections addressed to various Webservers to be routed through
the proxy server. A reverse proxy has the function of dispatching incoming network
traffic to various servers and is totally transparent to the user (he will not know
that a proxy is being used).

• The first example stands for this situation: When someone enters the URL
http://site.domain.com they will be transfered to a internal site running
in another server. So the first step is the site creation, and after that the
reverse proxy definition (Figure 4.61);

• In the second example the idea is for someone in the Internet that wants to ac-
cess a site running in a internal machine (http://192.168.1.4:85/cgi/site).
To do this we just need to add a new reverse proxy definition at the base
domain;

Reference Guide - Version 6.0 IPBRICK SA

4.6 Web Server 121

Figure 4.60: Web Server - Reverse Proxy - Example 1 - Empty site created

Figure 4.61: Web Server - Reverse Proxy - Example 1 - Add

Figure 4.62: Web Server - Reverse Proxy - Example 2 - Add

Statistics
Each site in IPBrick uses Advanced Web Statistics to display many statistics
about the site accesses, the same software used for proxy statistics. To access the
statistics just go to IPBrick.C - Web Server, click in the desired site and after

IPBRICK SA Reference Guide - Version 6.0

122 IPBrick.C

that go to statistics.

You can get some useful information like you can at left side of Figure 4.63.

Figure 4.63: Web Server - Statistics

4.7 FTP Server

IMPORTANT NOTE: In IPBrick v6.0 UCoIP accounts are no longer needed.
Since there is a dedicated UCoIP page (Please check section 5.2 of this document].
But if you so desire you may still configure this service.

In FTP Server it’s possible to manage single FTP accounts. The accounts can
be associated to simple Unix system users or to IPBrick websites.

Figure 4.64: FTP Server - Definitions

4.7.1 Definitions
Clicking on Insert will present this fields (Figure 4.65):

• Login: FTP account login;

• Password: FTP account password;
• Retype Password;

Reference Guide - Version 6.0 IPBRICK SA

4.7 FTP Server 123

• Account location: It’s possible to choose a individual FTP work area or

associate the account to a virtualhost;

• Create folder account: Create a new folder account at /home1/_ftp or

/home2/_ftp. Choosing No, no folder will be created. This options is useful
when we want to create a FTP login to the same account but with different
permissions;

• If account location was changed: You may keep the current folder and
create a new one or choose other options, such as:

– Keep current folder;

– Copy current account folder to a new one;
– Move current account folder to a new one;
– Remove current account folder and create a new one.

• Access permissions: Can have only read permission or read and write
permissions.

Figure 4.65: FTP Server - Insert page

Access log
The access log option permits the visualization of all FTP accesses. It’s possible
to filter them by:

• Date (Start and End);

• Duration;

• User;

• IP;

• Notes:

– Upload

IPBRICK SA Reference Guide - Version 6.0

124 IPBrick.C

– Connected;
– Disconnected;
– Wrong password;
– Illegal user;
– Timeout/Locked.

• File

Figure 4.66: FTP Server - Access Log

Available options:

• Filter: Will present a filter with various search criteria;

Figure 4.67: FTP Server - Access log filter

Reference Guide - Version 6.0 IPBRICK SA

4.7 FTP Server 125

• Export PDF: Exports all the information to a .pdf;

• Back: Go back to the top menu;

4.7.2 Statistics

The FTP statistics page presents you with the global and individual user statis-
tics.

Figure 4.68: FTP Server - Statistics

To access them just click on the corresponding show link.

The FTP statistics presented here are based in AWStats 17 . AWStats is power-
ful log analyzer which creates ftp server statistics reports based on data contained
in server logs. Data is then graphically presented in easy to read web pages.

For more information, please consult the following URL:

http://awstats.sourceforge.net/

The general Statistics page, as the name suggests presents the totality of up-
load and download traffic statistics in a multitude of forms (Graphic, tables, lists).

You may check when the FTP server has been accessed, who had access to the
FTP server, the FTP traffic (download/upload) and also the executed operations.

17
Advanced Web Statistics

IPBRICK SA Reference Guide - Version 6.0

126 IPBrick.C

Figure 4.69: FTP Server - General Statistics

The User Statistics displays FTP statistics of a particular user.

Figure 4.70: FTP Server - User Statistics

4.8 Groupware
At the Groupware page you may click on the Modify link and alter the following
Groupware settings:

Figure 4.71: Groupware definitions

Reference Guide - Version 6.0 IPBRICK SA

4.8 Groupware 127

• Groupware definitions:

– IMAP Server: The IMAP server address (receiving mail);

– SMTP Server: The SMTP server address (sending mail);

• Global Options:

– Login Image: Upload here the login image (this image is displayed at
the authentication page);

Figure 4.72: Login Image

– Logo Image: Upload here the login image (regardless of the uploaded
image file, the displayed size wil be: 88x34px);

Figure 4.73: Logo Image

– Can export addresses from GAL?: Select YES or NO to enable user export
of IPBRICK Contacts addresses via GAL18 . By default YES
– Administration Users: Select the Groupware administration user to im-
port settings. By default, administrator

• Thunderbird Plugin Settings:

– Show calendar where the event was marked: By default, Yes

– Display logo when processing events: By default, Yes
– Hide option ’never’ to the end of recurrence: By default, No
– Limit the marking of recurrences to one year: By default, No
18
The Global Address List (GAL) is a term used in groupware software and means the shared
address book

IPBRICK SA Reference Guide - Version 6.0

128 IPBrick.C

Figure 4.74: Thunderbird Plugin Settings

Each group of the following options presents you with a record of various set-
tings done at IPBRICK Groupware. When you click on the Import button any new
changes will be presented according to its type with the Block option to prevent
users to access the corresponding features. If there no record of any configuration
it will be displayed as No Records.

Figure 4.75: Groupware options

4.9 VoIP
This section deals with the management interface of the VoIP19 service available
in IPBRICK.
The VoIP (Voice Over IP) technology allows phone calls through an IP network,
thus enabling phone calls through the Internet. The main advantages for the use
of VoIP are: reduction of expenses because the rates don’t follow the conventional
telephony model; better service quality, since commutation by packs does a better
use of the existing network resources, different from the circuit commutation.

19
Voice over IP

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 129

The IP Telephony concept sometimes mixes up with VoIP, but they are not
exactly the same thing. The IP Telephony uses VoIP service and defines itself
as the group of services and applications that allow companies to reduce phone
expenditures.

Signalling VoIP service needs a protocol to signal the calls. The signalling
protocol used by IPBrick is SIP, but there are others such as H.323, MGCP,
Jingle, IAX, H.248/MEGACO etc. SIP20 allows calls and conferences through IP,
and those calls may include audio, video, images, etc. This way, the SIP protocol
is responsible for all the processed calls between users, regardless the content of the
call itself. The IPBrick.GT acts as an authentic PBX IP and it can route the calls
to/from a traditional PBX, Internet, LAN and PSTN. All the PBX management is
made by a software called Asterisk. Asterisk is compatible with several signalling
protocols, including SIP. The routing work is made by another software that is
acting as SIP proxy - OpenSER.
The VoIP features accessible through the web interface are presented next.

4.9.1 Phone management

This menu (Figure 4.76) allows you to get the list of registered IPBRICK
VoIP clients (IP telephones, workstations + softphone) that where registered from
the IPBrick.I - Machines Management and to manage some configurations. By
clicking on a phone name it’s possible to modify the following fields:
• Phone: Phone username;
• Password: Phone password that can be changed;
• Alternative Phone Addresses: In that field we can have alternative ad-
dresses to the phone. An alternative address is another name (or number)
to reach the telephone. This functionality is very useful when there are tele-
phones from which you can only dial numbers. It’s a good policy to register
phones by names and after that define a numeric alternative address;
• Caller ID: If you want to mask the caller ID insert the full number;
• Phone Location
– Local: It’s the default, for a LAN phone;
– Remote: For a remote phone that is connected behind a NAT. Usually
this option is used when the idea is register the phone from the Internet,
using the IPBrick network public IP.
• Auto provisioning: The auto provisioning option permits the automatic
configuration of SIP hardphones, so here we just need to choose the phone
model. To work, it’s mandatory when registering the phone at Machines
Management, to insert the MAC address.
20
Session Initiation Protocol

IPBRICK SA Reference Guide - Version 6.0

130 IPBrick.C

• Enable SRTP: It’s possible to enable or disable the SRTP21 . SRTP encrypts
your communications making them more secure.

• Description: This field should have a text description about the phone;

Figure 4.76: VoIP - Phones management

Note that it’s also possible to register phones in:

Advanced Configurations - Telephony - Registered Phones

This option is only valid, if it isn’t necessary to attribute a specific IP address

to the phone’s, DNS, DHCP and LDAP record. It is possible to add a phone just
by filling the field relating to the name and the access password.

NOTE: If the inserted phones have become far too numerous to be displayed or
searched efficiently, it’s possible to retrieve a phone by its name, simply by using
the various search links displayed on the Machines Management page. There’s
alphabetical and numerical quick links, as well as the possibility to open a Search
pop-up window or to display all machines on one page (List all link).

Figure 4.77: VoIP - Phone Management Search window

4.9.2 Users Management

This option provides a VoIP centralized management for each LDAP user.

User VoIP settings

The main screen presents the users list with SIP address and associated phone
address if any (Figure 4.78). When clicking on a user name (Figure 4.79), we can
manage:
21
Secure Real-time Transport Protocol

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 131

• SIP address: It’s the default user email and can’t be changed here;
• Alternative addresses: It’s possible to define multiple SIP addresses for a
user. Persons can call user using the default SIP address or the alternatives
(click on the + icon to add alternative addresses);
• Default Phones: IPBRICK will manage this phone specifically for this user.
When selected here, the phone is no longer available to any other user;
• User PIN: Defines the user PIN and must be numeric. This PIN can be used
for multi functions: Phone locking, access classes, voicemail and call queues.
User can’t change PIN;
• Password: Defines a password and must be numeric. The password can be
used for phone locking, access classes, voicemail and call queues. A user can
change the password too from the myipbrick site;
• User access validation: For authentication it can be used only PIN or PIN and
password. When the authentication process begins for some funcionality, the
user will listen one Asterisk message to enter the User ID (PIN) and another
one to enter the Password.
• Caller ID: The caller’s ID message that will appear at the destination’s phone
display;
• Follow Me: This is a important field. Here we can associate users to a specific
internal phone or external. So when someone in the LAN or Internet make
a call to the user SIP address, it will ring the phone that is defined here.
Off course it will work if internal/public DNS zone is properly configured. A
user can change the phone address at myipbrick site.
– Phone: The user will be associated to an internal SIP phone registered
in IPBrick;
– User: You may associate another user’s phone by selecting this option;
– Agent: The user will be associated to an Agent registered in IPBrick
– External: The user will be associated to another phone. It can be a
external SIP account, PSTN number, PBX extension, mobile number
etc. When somebody in Internet or from the user UCoIP site make
a call, if IPBrick have routes to make the call it will call the external
number specified here.
• Follow Me Mode: It can be Group or Sequence. If it is Group the call will
ring on all phones configured in Phone Address. If it is the latter the call
will ring in sequence, according to the order of insertion;
• Voicemail enabled: By default, YES;
• Personalized voicemail: By default, NO. If you select yes a new field will
appear that will enable you to upload a personalized voicemail file (mp3/wav
only);

IPBRICK SA Reference Guide - Version 6.0

132 IPBrick.C

Figure 4.78: VoIP - Users Management

NOTE: As in IPBRICK.I - Users Management it is possible to Export and

Import (via Mass Operations) VoIP users via a CSV file editable in a spreadsheet
application, please consult the 3.4.1 - Mass Operations subsection of this document.

Figure 4.79: VoIP - Users Management - User VoIP settings

User Access Class

• Access class: A user can be part of an access class, not just phones. A user
access class should be less restricted than a phone’s access class;
• Unlock mode: The unlock mode by default is done using always the PIN or
PIN and password and the desired number to dial. The second mode uses
authentication only at the first time (Figure 4.80);
E.g.: For a user with PIN 111 and password 1234 that need to call 003512255443322:

• PIN: 111#003512255443322
• PIN and Password:111#1234#003512255443322

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 133

Call queues
If some call queues are configured, a user can be associated as an agent (Figure
4.80). The waiting mode can be as:

• Music on hold: The phone will be immediately part of the call queue. The
user will listen to music until a call is received;

• Callback: Only if the agent receives a call from the call queue, the phone
will ring;

Figure 4.80: VoIP - Users Management - Access classes and call queues

4.9.3 Functions
This section allows you to configure all the IP PBX functionalities splitted into
inbound and outbound services.

Inbound
Call Groups

In this interface (Figure 4.81) it’s possible to define answering groups, (i.e., a
group of telephones which shall ring simultaneously when the access to the group
is made). To define a group it is necessary to fill these fields:

IPBRICK SA Reference Guide - Version 6.0

134 IPBrick.C

• Name: Name for the group;

• Caller ID (Inbound): Possibility to use a specific inbound caller ID for

this service;

• Caller ID (Outbound): Possibility to use a specific outbound caller ID for

this service;

• Direct access: List of numbers/addresses that will call this service. We

have three options and the possibility to use many direct accesses, it’s also
possible to choose one of the PSTN interfaces defined at: Telephony ->
Interfaces;

– DID: If the IPBrick has a ISDN telephony card, the PSTN DID (Direct
Inward Dial) that will call this service needs to be inserted;
– ANA: If the IPBrick has a analogic telephony card, will be the direct
PSTN number that will call this service;
– SIP: It’s the specific SIP address that will call this service;

• Caller IDs restriction: Will restrict the route only for the listed caller
ID’s;

• Group Members A user can be part of an access class if the configurations

are made correctly.

– Internal: Internal SIP phones that belong to the group;

– External: External phones (SIP, PSTN number, etc) that belong to
the group.

• Voicemail enabled: Active by default (YES)

• Personalized voicemail: Deactivated by default, this option enables the

user to record a customized voicemail message.

Attendance seq.

In this section it is possible to define an answering sequence, or see/change/remove

the already defined sequences. To add a new sequence it is necessary to click In-
sert, define a name for the sequence, select if the voicemail is active or not and
in Direct Access add the addresses DID/SIP/ANA of the telephones by which the
sequence shall be activated.

If you intend to add a Direct Access for an extension defined in IPBrick, it

is possible to choose SIP and select the extension in the address. In Sequence is
possible to add the telephones which shall ring by the desired order and the time
in which each one of them plays till the next one.

To define a attendance seq. it is necessary to fill (Figure 4.82):

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 135

Figure 4.81: VoIP - Call groups

• Name: Name for the attendance seq;

• Caller ID (Inbound): Possibility to use a specific inbound caller ID for

this service (this field is optional);

• Caller ID (Outbound): Possibility to use a specific outbound caller ID for

this service (this field is optional);

• Voicemail enabled: Enables the voicemail for the sequence;

• Direct access:List of numbers/addresses that will call this service. We

have three options and the possibility to use many direct accesses, it’s also
possible to choose one of the PSTN interfaces defined at: Telephony ->
Interfaces;

– DID: If the IPBrick has a ISDN telephony card, the PSTN DID (Direct
Inward Dial) that will call this service needs to be inserted;
– ANA: If the IPBrick has a analogic telephony card, will be the direct
PSTN number that will call this service;
– SIP: It’s the specific SIP address that will call this service;

• Caller IDs restriction: Will restrict the route only for the listed caller
ID’s;

• Sequence positions

– Location Internal: Internal SIP phones that belong to the sequence;

IPBRICK SA Reference Guide - Version 6.0

136 IPBrick.C

– Location External: External phones (SIP, PSTN number etc) that

belong to the sequence;
– Timeout: Timeout in seconds, be default 25.
• Voicemail enabled: Active by default (YES)
• Personalized voicemail: Deactivated by default. If active this option
enables the user to upload a customized voicemail message.

Figure 4.82: VoIP - Sequence definitions

A attendance sequences list can be viewed at Figure 4.83.

Figure 4.83: VoIP - Attendance sequences list

IVR Attendance

In this section it’s possible to define interactive answering menus (Figure 4.84).
You need to click Insert to add a new one:

• Name: Choose a name for IVR;

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 137

• Type: Choose between, Normal, Strategy entry point or Validation module

• Direct access: List of numbers/addresses that will call this service. We

have three options and the possibility to use many direct accesses, it’s also
possible to choose one of the PSTN interfaces defined at: Telephony ->
Interfaces;

– DID: If the IPBrick has a ISDN telephony card, the PSTN DID (Direct
Inward Dial) that will call this service needs to be inserted;
– ANA: If the IPBrick has a analogic telephony card, will be the direct
PSTN number that will call this service;
– SIP: It’s the specific SIP address that will call this service;

• Caller IDs restriction: Will restrict the route only for the listed caller
ID’s;

• Number of desired shortcuts: Choose how many options does the menu
have;

• Shortcuts: What type of destiny to give (according to the pressed key):

– Phone: To call an internal telephone;

– IVR: To go to an interactive answering sub-menu;
– Conference: To connect to a conference;
– Scheduler: To connect to a scheduler;
– Group: To ring the telephones of a group;
– Sequence: To activate an answering sequence;
– SIP address: To call a SIP telephone;
– DISA: It allows someone outside the central to connect as if he/she is
directly connected to the central;
– Call queue: To make the call enter a waiting line;
– Callback: To make the call in the most cost-efficient method. For more
information check the Callback section of this document.
– IPBRConference: Type the key shortcut to access the IPBrick radio
conference. You will need the Radio4IPBrick package in order for this
feature to be operational.

• Attendance message: It allows the selection of an answering message. It

can be a .mp3 or .wav file;

• Number of message repetitions: Number of times the attendance mes-

sage is replayed;

• Response timeout: Time that the user has to choose an option, after they
heard the message. By default 10 seconds

IPBRICK SA Reference Guide - Version 6.0

138 IPBrick.C

• Redirect automatically when no option has been dialed: As Yes if

no DTMF pressed it can redirect the call directly to:

– Phone: To call to an internal telephone;

– IVR: To go to an interactive answering sub-menu;
– Conference: To connect to a conference;
– Scheduler: To connect to a scheduler;
– Group: To ring the telephones of a group;
– Sequence: To activate an answering sequence;
– SIP address: To call a SIP telephone;
– DISA: It allows someone outside the central to connect as if he/she is
directly connected to the central;
– Call queue: To make the call enter a waiting line;
– Callback: To make the call in the most cost-efficient method. For more
information check the Callback section of this document.

Figure 4.84: VoIP - IVR attendance configuration

An IVR can have only an attendance message without any shortcut or direct
access, e,g.: A message just saying that the company is closed, so that IVR can
be used at the scheduling.
Call Conference

In this interface (Figure 4.85) is possible to create conferences. To create a

simple static conference just click Insert:

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 139

• Name: The conference name;

• Numeric identifier: Numeric identifier for the conference. It’s only a

internal identifier for the VoIP server;

• PIN: Code which shall allow the users to connect to the conference;

• Administrator PIN: Conference code for the administrator;

• Direct access: List of numbers/addresses that will call this service. We

have three options and the possibility to use many direct accesses, it’s also
possible to choose one of the PSTN interfaces defined at: Telephony ->
Interfaces;

– DID: If the IPBrick has a ISDN telephony card, the PSTN DID (Direct
Inward Dial) that will call this service needs to be inserted;
– ANA: If the IPBrick has a analogic telephony card, will be the direct
PSTN number that will call this service;
– SIP: It’s the specific SIP address that will call this service.

• Caller IDs restriction: Will restrict the route only for the listed caller
ID’s;

Figure 4.85: VoIP - Call conference insertion

It is also possible to allow the creation of dynamic conferences. For that, it is

necessary to click Dynamic Conferences, modify the option Active to Yes and
insert the address(es) and/or number(s) for the Direct Accesses (Figure 4.86). At
dynamic conferences, when someone calls to the direct access it’s possible to enter
automatically an existant conference or to create a new one.
Call Parking

IPBRICK SA Reference Guide - Version 6.0

140 IPBrick.C

Figure 4.86: VoIP - Dynamic call conferences

Here (Figure 4.87) it’s possible to activate or deactivate the option of calls on
hold.

Figure 4.87: VoIP - Call Parking

If this option is activated, it is necessary to define an extension to place the

calls on hold, as well as the virtual extensions in which calls are going to be placed
(Figure 4.88). To access these calls later it’s necessary to press on the telephone
keypad the ”#” plus the virtual extension were the call was parked.

Figure 4.88: VoIP - Call Parking - Modify

Scheduling

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 141

This option (Figure 4.89) allows you to define the daily behavior of the IP
PBX. Usually this is the most important inbound service because from here, we
are able to call all the other configured services.

Figure 4.89: VoIP - Scheduling

It is necessary to click option Insert (Figure 4.90) and configure the first
parameters:

• Name: The name for the scheduler;

• Direct access: List of numbers/addresses that will call this service. We

have three options and the possibility to use many direct accesses, it’s also
possible to choose one of the PSTN interfaces defined at: Telephony ->
Interfaces;

– DID: If the IPBrick has a ISDN telephony card, the PSTN DID (Direct
Inward Dial) that will call this service needs to be inserted;
– ANA: If the IPBrick has a analogic telephony card, will be the direct
PSTN number that will call this service;
– SIP: It’s the specific SIP address that will call this service.

• Caller IDs restriction: Will restrict the route only for the listed caller
ID’s;

Next, it is necessary to add rules for this scheduler. For that:

• Click in the scheduler name;

• Click Insert;

• Choose the type of action to be executed;

• Choose the period to be executed.

Fields explanation:

• Destination type: Where shall the call be routed if the rule defined next
is equalled. Options:

IPBRICK SA Reference Guide - Version 6.0

142 IPBrick.C

– Phone: To call to a internal telephone;

– IVR: To go to an interactive answering sub-menu;
– Conference: To connect to a conference;
– Scheduler: To connect to a scheduler;
– Group: To ring the telephones of a group;
– Sequence: To activate an answering sequence;
– SIP address: To call a SIP telephone;
– DISA: It allows someone outside the central to connect as if he/she is
directly connected to the central;
– Call queue: To make the call enter a waiting line;

• Destination: Telephone address or specific service name were the call shall
be routed;

• Hours: Beginning and end hour, from the timetable in which the rule shall
be valid (format hh:mm at each field);

• Weekdays: Weekdays in which the rule shall be valid. If not chosen it will
use all days;

• Month days: Days of the month in which rule shall be verified. If not chosen
it will use all;

• Months: Months in which the rule shall be valid. If not chosen it will use all
months;

Figure 4.90: VoIP - Scheduling Inserted

NOTE: If you don’t select any hour or days of the week/month, hour or
months, the rule shall be valid respectively for all the day. A rule like this one is
called the default rule;

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 143

Figure 4.91: VoIP - Scheduling - Rule

DISA

DISA22 (Figure 4.92) is a service that allows that someone that is not directly
connected to IPBrick or the PBX central, to obtain an internal call sign and
execute calls as if he/she was directly connected to the internal network. The user
calls the access number to DISA and he/she should type a password followed by
the key ”#”. If the password is correct, the user shall hear the sign indicating that
he/she may dial the number. You can also enjoy this service without a password
if you want to. The fields necessary to configure a DISA are:

• Name: Name for DISA;

• Direct access: List of numbers/addresses that will call this service. We

have three options and the possibility to use many direct accesses, it’s also
possible to choose one of the PSTN interfaces defined at: Telephony ->
Interfaces;

– DID: If the IPBrick has a ISDN telephony card, the PSTN DID (Direct
Inward Dial) that will call this service needs to be inserted;
– ANA: If the IPBrick has a analogic telephony card, will be the direct
PSTN number that will call this service;
– SIP: It’s the specific SIP address that will call this service.

• Caller IDs restriction: Will restrict the route only for the listed caller
ID’s;

• PIN authentication: It allows the introduction of a password to enable the

dialling through DISA;

• Password: PIN password;

• Allowed caller ID’s: Callers identifiers list which may accede to this ser-
vice. Insert only one by line.

IPBRICK SA Reference Guide - Version 6.0

144 IPBrick.C

Figure 4.92: VoIP - DISA - Insert

Callback

Callback feature have the main objective to save costs on internacional calls.
It allows people to call to the IPBrick callback service, the IPBrick will hangup
the call and call back to that number that made the call. That callback usually
will be made using a VoIP operator SIP account, so with a low cost.

When inserting a callback, the available options are:

• Name: Name for the Callback;

• Direct access: List of numbers/addresses that will call this service. We

have three options and the possibility to use many direct accesses, it’s also
possible to choose one of the PSTN interfaces defined at: Telephony ->
Interfaces;

– DID: If the IPBrick has a ISDN telephony card, the PSTN DID (Direct
Inward Dial) that will call this service needs to be inserted;
– ANA: If the IPBrick has a analogic telephony card, will be the direct
PSTN number that will call this service;
– SIP: It’s the specific SIP address that will call this service.

• Caller IDs restriction: Will restrict the route only for the listed caller
ID’s;

• Callback type:

1. Callback any number: No matter the number that made the call, the
call will be finished, will ring a defined internal phone and when someone
22
Direct Inward System Access

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 145

answer the phone will be made automatically a callback to the origin

number (Figure 4.93);
2. Callback authorized numbers. Hangup non authorized numbers: For
authorized origin numbers, the call will be finished, will ring a defined
internal phone and when someone answer the phone will be made auto-
matically a callback to the origin number. For unauthorized numbers,
the call will be just finished (Figure 4.94);
3. Callback authorized numbers. Redirect non authorized numbers:
For authorized origin numbers, the call will be finished, will ring a de-
fined internal phone and when someone answer the phone will be made
automatically a callback to the origin number. For unauthorized num-
bers, the call will be redirected to a internal phone (Figure 4.95).
• Originate Callback calls from: It’s the internal phone that will ring and
callback the origin number;
• Redirect non authorized numbers to: Internal phone where the calls will
be redirected. Used only for callback type 3;
• Callback timeout: Pause in seconds from the momment tha call is termined
and called back, so the person that makes the call can have time to hangup
the phone. The default is 5 seconds;
• Allowed caller id’s: Will be the authorized origin numbers list. Used for
callback type 2 and 3.

Figure 4.93: VoIP - Callback any number

Call queues

Here (Figure 4.96) it is possible to define waiting queues. When calling to the
telephone defined in Direct Access the caller shall be placed on hold if there is
another call to be answered. An answering message may be defined which shall be
heard when the call is on hold. It is also possible to choose messages by default in
Select queue information from the line which may inform the caller about his/her
position in the line and the time interval between those messages.

The visible settings when we hit insert are these:

IPBRICK SA Reference Guide - Version 6.0

146 IPBrick.C

Figure 4.94: VoIP - Callback authorized numbers or hangup

Figure 4.95: VoIP - Callback authorized numbers or redirect

• Name: Name of queue;

• Phone Display Message: You may opt to display several messages: Incoming
number, Incoming number and Queue name, Queue name and Incoming number
and finally you may create a Custom message;

• Caller ID (Inbound): Possibility to use a specific inbound caller ID for

this service;

• Caller ID (Outbound): Possibility to use a specific outbound caller ID for

this service;

• Direct access: List of numbers/addresses that will call this service. We

have three options and the possibility to use many direct accesses, it’s also
possible to choose one of the PSTN interfaces defined at: Telephony ->
Interfaces;

– DID: If the IPBrick has a ISDN telephony card, the PSTN DID (Direct
Inward Dial) that will call this service needs to be inserted;
– ANA: If the IPBrick has a analogic telephony card, will be the direct
PSTN number that will call this service;
– SIP: It’s the specific SIP address that will call this service.

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 147

• Caller IDs restriction: Will restrict the route only for the listed caller
ID’s;

• Queue weight: Queue’s priority.

• Maximum number of queued calls: Maximum number defined of calls on

hold. ’0’ defines an unlimited number;

• Define maximum waiting time: It is possible to define the maximum wait-

ing time. For that it is necessary to click option Yes, select the maximum
time in seconds and the type of routing to do if the time is exceeded as well
as the final destiny;

• Allow new calls in queue when there aren’t any logged users: Even
if there’s an empty queue you may Forward the call and select its Destination

• Leave queue when there are no logged users: The call wil leave the
queue if there’s no users available. By default, this option is inactive;

• Leave queue when press key: By default, NO. If you select YES a new
option to create a Shortcut will appear. Please insert the Key, select the
Destination Type and Destination. The Remove button enables you to
delete the Shortcut;

• Current welcome message file: Visualizes the current message to be pre-

sented when someone enters the waiting line;

• New welcome message: Select the message to be presented when someone

enters the waiting line, choose the Type and click on Browse to select it;

• Select queue information message: Select some of these messages to in-

form about the position in the waiting line or the estimated waiting time.
Messages: ”You are now first in line”, ”There are”, ”calls waiting”, ”The
current estimated holdtime is”, ”minutes”, ”seconds”, ”Thank you for your
patience”, ”less than” ,”hold time” ,”All phones busy / wait for next”;

• Time interval between queue information messages: If some informa-

tive message is selected, is possible to select the time (seconds) between
messages;

• Periodic notification message: This option helps you to define a cus-

tom periodic message on voip call queues. By default, NONE. Other options
include: All phones busy/wait for next (the default message), the abil-
ity to upload a new periodic notification message file (mp3 or wav only) and
the time interval between this periodic messages, by default, 60 seconds ;
Time interval between periodic notification messages:

• Attendance timeout: Period of time (seconds) at the end of which the caller
shall be put on hold if the call is not answered, even if there is no one else
on hold;

IPBRICK SA Reference Guide - Version 6.0

148 IPBrick.C

• Attendance policy: How the waiting line answering telephones should an-
swer the calls:

– Ring all: All available telephones ring until one of them answers;

– Random: One of the available telephones rings by chance;

– Round Robin: Each telephone rings at the time;

– Round Robin with memory: Each telephone rings at the time, but it
remembers which was the last one to ring;

– Least recently called phone: The call goes to the member that for
the longest time hasn’t answered;

– Phone with fewest completed calls: Will ring the telephone with
less answered calls.

• Wrap up time after call received After the call is answered this option
sets the time By default, 0 seconds;

• Pause users when they fail to answer a call: By default, this option
is set to No. If enabled the user who can’t answer a call will be paused;

• Listen to new call tone when user is with a call This option will
change the call tone if the user is busy. By default this otion is set to
Yes;

• Play message when call is answered: If Yes a message will be played

before the call is answered;

• Automatic Answer: By default No. If active it enables auto-answer for

agents in callqueues

• Service Level: Service level describes, usually in measurable terms, the

services a call center service provider furnishes a customer within a given
time period. In call center metric, service level measures the percentage of
incoming calls that an agent answers in an established amount of time. By
default 60 seconds.

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 149

Figure 4.96: VoIP - Call queue definitions

When a call queue is inserted there are the following options at the top: Back,
Modify, Delete and Members. So the next step is to define what IP phones or/and
LDAP users will be associated to the call queue. Clicking Members you will get a
list of phones and users, like shown at Figure 4.97.

IPBRICK SA Reference Guide - Version 6.0

150 IPBrick.C

Figure 4.97: VoIP - Call queue members

Current Users

At this page (Figure 4.98) you will be able to visualize a table with all the
current users by Name, Login, State and Extension.

Figure 4.98: VoIP - Call Queues - Current Users

Boss/Secretary Group

This feature enables you to configure important aspects in the Boss/Secretary

communications.

You will be able to set which users, or phones, will be ’bosses’ or ’secretaries’
and add priority numbers (numbers who will ring in the same manner on both the
secretary and boss’ phones).

At the Boss/Secretary Group page (Figure 4.99) click on Insert.

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 151

Figure 4.99: VoIP - Boss/Secretary Group - Insert

At the new Insert page (Figure 4.100) you will have these options available:

Figure 4.100: VoIP - Boss/Secretary Group - Options

• Name: For your reference, name your Boss/Secretary group;

• Boss: Clicking on the + icon will open the boss’ options into two pop-down
lists:

– The first let’s you select the type of ’boss’, if it will be a Phone or a
User. If you select phone you will assign a particular phone to a boss.
If you select user you will assign all the user’s associated phone settings
(ie: phones, aliases) configured at the VoIP user’s management;
– The second pop-down list presents you all the available phones or users
(depending on the choice made on the previous pop-down list);

• Secretary: Clicking on the + icon will open the Secretary’s options into two
pop-down lists:

– The first let’s you select the type of ’secretary’, if it will be a Phone or
a User. If you select phone you will assign a particular phone to a sec-
retary. If you select user you will assign all the user’s associated phone
settings (ie: phones, aliases) configured at the VoIP user’s management;

IPBRICK SA Reference Guide - Version 6.0

152 IPBrick.C

– The second pop-down list presents you all the available phones or users
(depending on the choice made on the previous pop-down list);

• Priority Numbers: Usually, when a call is made to a boss, the ringtone on

his phone will be different than the one at his secretary. At this text box
you will be able to add phone numbers that you wish to ring in the same
way. Please bear in mind to add only one per line.

The example on Figure 4.101 shows a Boss/Secretary Group named Group1

configured in a way that, the boss’ phone will be the ipphone1 and his secretary
will be the user Liliana Monteiro. The secretary’s phone(s) will depend of the
settings made at:

VoIP > Users Management

The number 40100 will be a priority number, ringing in the same manner on
both phones.

Figure 4.101: VoIP - Boss/Secretary Group - Example

Click on the Insert button to save the Boss/Secretary group settings (Figure
4.102).

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 153

Figure 4.102: VoIP - Boss/Secretary Group - Settings Saved

Outbound
Access Classes

It is possible to define access rules for the existing telephones. For that it’s
necessary to click on the connection Insert and fulfil the following fields (Figure
4.103):

• Name: The access class name;

• Unlock code: Code to deactivate temporarily a access class;

• Prefixes: It allows to add to the authorized prefixes list the prefixes which
may be used in the telephones under the access rules. By default all the calls
are blocked except the Authorized prefixes;

• Numbers: In Politics by default it is possible to block the traffic for any

number or let it pass by default (Block/Authorize, respectively) and then, if
there are some exceptions, it is possible to indicate an exception number by
line. You can use wildcards at the exceptions;

• Domains: In the same way it is possible to authorize or block the access to

certain numbers, it is also possible with VoIP domains at Internet.

To confirm and create a defined rule, click Insert. Now it is possible to add
the members under that rule, clicking the name of the rule and then Members
(Figure 4.104). To remove or add SIP phones to the access class you only have to
click the buttons  or  respectively.

Speed Dial

The speed dial allows the association between an internal address and a tele-
phone external to the organization. That is to say, the users call an internal
number (or address) and this is associated to a telephone external to the organiza-
tion. Example: An external alternative address of the telephone [email protected] is

IPBRICK SA Reference Guide - Version 6.0

154 IPBrick.C

Figure 4.103: VoIP - Access Classes - Insert

Figure 4.104: VoIP - Access Classes - Members

created for the destiny address [email protected]. This way, when-

ever you dial internally 44, the call shall be re-addressed to john.smith@another-
domain.com.

Choosing Speed Dial and clicking Insert we have two fields (Figure 4.105):

• Phone Address: Will be the external number or address to call;

• Speed Dial: The extension for speed dial.

Note: If you wish you may add another speed dial, simply click on the Add
button. Click on the Remove button to erase the speed dial.

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 155

If the IPBrick has routes, it’s possible to insert in speed dial field legacy PBX
extensions, GSM and PSTN numbers etc.

Figure 4.105: VoIP - Speed Dial

4.9.4 Monitoring
Online Phones
The VoIP clients who are actually active and ready to execute and receive calls
can be visualized here (Figure 4.106).

Figure 4.106: VoIP - Online phones

The information made available about each telephone is:

• Phone: Name of the telephone and the respective user;

• Request location: It indicates the IP address of the telephone;
• Port: Port where the telephone is registered.

Call Statistics
Finished Calls

Detailed statistics about all the finished calls. At the main menu we have:
General statistics relating to the filter criteria:
• Call number: Total number of calls;
• Total call time;

IPBRICK SA Reference Guide - Version 6.0

156 IPBrick.C

• Maximum call time;

• Average call time;
• Total RTP packets: Total of RTP (voice/video) packets;
• Lost RTP packets:
• Average lag: Average packet delay;
• Maximum lag: Maximum packet delay;
• Average jitter23 ;
• Maximum jitter.
Clicking at Insert it is possible to filter the result of the list be specific fields:
• Source IP;
• Source address;
• Destination address;
• Used route: SIP routes and internal routes;
• Result: ANSWERED, NO ANSWER, BUSY, FAILED;
• Time periods.
The option Export CSV will export the list to a .csv file.

At Access Management (Figure 4.107) we can manage the LDAP users that
will have access to callstatistics website.

You may select the users who access to Call Statistics from the System users
by simply clicking on the desired username and then on the arrow button pointing
to the desired box.

Figure 4.107: VoIP - Call Statistics - Access Management

23
Is the measure of the variability over time of the latency across a network

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 157

In the call list we have specific statistics (Figure 4.108) relating to the filter
criteria (Figure 4.109):

• #: Call identification;

• User: Username

• Source Address: Name of origin telephone/number;

• Destination Address: Number or name of destination telephone;

• Final Destination Address: Number or name of the final destination tele-

phone

• Source IP: Source IP phone address;

• Route: Route used to make the call;

• Fallback: If it was a fallback route;

• Result: Result of the call (ANSWERED, NO ANSWER, BUSY or FAILED);

• Start: Call start time;

• Ring time: Time that the destination telephone rang;

• Duration: Call duration.

Clicking at one of this check boxes will order the calls by that field.

Figure 4.108: Finished Call statistics

IPBRICK SA Reference Guide - Version 6.0

158 IPBrick.C

Figure 4.109: VoIP - Statistics filter

Current calls

In this menu we have statistics about the current calls, with this fields:

• Source: Name of origin telephone/number;

• Destination: Number or name of destination telephone;

• Duration: Call duration.

• State: The current state;

• Route: Route used to make the call;

Call Recording
NOTE: This feature is only available after installing and licensing the UCoIP
Recording .deb package available at our eshop!

Figure 4.110: Call recording requires licensing and the UCoIP recording package

It’s possible, in IPBrick, to enable the recording of all calls, placing the archived
records in the Document Management and Workflow System, iPortalDoc. Users

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 159

with higher privileges may listen to calls as they happen. Enabling configuration,
two other options will appear (Figure 4.111):
• Record format: MP3 or WAV;
• iPortalDoc URL: Specify the existant URL(s) for the iPortalDoc server(s).
If iPortalDoc is not installed, it’s not possible to use this feature.
The next step is to define which SIP phones will have their calls recorded. This
can be defined at Advanced Configurations - Telephony - Registered Phones.
A new field called Call Recording is now present with the following options (Fig-
ure 4.112):
• None: The phone will not have its calls recorded;
• Incoming: Only the incoming calls will be recorded;
• Outgoing: Only the outoing calls will be recorded;
• All: All the calls will be recorded.
The high privileged iPortalDoc users can now listen to the calls at the workflow
calls;

Figure 4.111: VoIP - Call recording definitions

Figure 4.112: VoIP - Call recording - Phones configuration

At the top right corner of the Call Recording page there’s two additional links
(Figure 4.113)

IPBRICK SA Reference Guide - Version 6.0

160 IPBrick.C

• Phones Management

• Additional Numbers

Figure 4.113: VoIP - Call recording - Phone Management/Additional numbers

links

Phones Management

This feature enables you to manage the call recording on the internal phones.

If you click on the phone’s name a new page will be visualized (Figure 4.114)
where you will be able to select from the following options:

• None: No calls will be recorded;

• Incoming: Only the incoming calls will be recorded;

• Outgoing: Only the outgoing calls will be recorded;

• All: All calls to and from that phone will be recorded.

Confirm your choice by clicking on the Modify button.

Figure 4.114: VoIP - Call recording - Phone Management page

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 161

Additional Numbers

By clicking on this link you will be redirected to a new page where you will
visualize the list of added numbers, if you click on Insert you will be able to add
a new number or prefix (Figure 4.115). These are the available fields:

• Number: To add a prefix select begins with. To add a number select is

and type the number (or prefix) on the following box.

• Call Recording: This let’s you choose which calls to record. As in Phone Management
select from None, Incoming, Outgoing or All.

Figure 4.115: VoIP - Call recording - Additional Numbers page

Call Supervision
The call supervision permits to supervise some specific IP phones. The idea is
to guide the person answering a call in a super-visioned phone. It’s a functionality
that can be useful for technical support departments.

The first step to use call supervision is the feature activation. This is done at
Advanced Configurations - Telephony - Configurations - Call Supervision
(Figure 4.116).

When enabled, a supervision group should be created by clicking Insert.

Three fields are presented:

• Name: A description for the supervision group. Example: technical support;

• Unlock code: A code for members authentication. Example: 444;

• Supervision mode: There are three modes available:

– Only Spy: The supervisor will only be able to listen to the call;
– Only Whisper: The supervisor will be able to speak, but only to the
person who’s answering the phone. The supervisor will not be able to
listen to the call;

IPBRICK SA Reference Guide - Version 6.0

162 IPBrick.C

Figure 4.116: VoIP - Call Supervision Group

– Spy and Whisper: The supervisor will be able to speak (only to the
person who’s answering the phone) and listen to the conversation.

Clicking at the supervision group name, it’s possible to define:

• Call Supervision Group Members: To define what phones are able to lis-
ten/supervise calls (Figure 4.118);

• Supervisioned phones: To define what phones will be supervised (Figure

4.117);

Figure 4.117: VoIP - Call Supervision - Supervisioned phones

Figure 4.118: VoIP - Call Supervision Group members

After the configuration we can supervise a call by following that steps:

• Dial the prefix+supervised_phone from a phone that is member of super-

vision group;

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 163

• Insert the unlock code and press # when asked;

• After that a beep will be listened and the supervision will start, so the call
will be listened and you can talk only to the person that is at the supervised
phone. The remote person can’t hear the supervision.

Call manager
The Call Manager (Figure 4.119) is a Flash application that allows to visualize:
the state of each extension, if it is online and if it is doing calls, state of the lines
and SIP servers. You can also end calls through this interface when authenticated.

Figure 4.119: VoIP - Call Manager configuration

The configuration of the call manager (Figure 4.120) is made from the IPBrick
web interface in IPBrick.C - Voip - Call Manager, and it is necessary to click the
connection Change. By default are shown the state of all registered telephones,
ports of each RDIS and analogic plate, state of the waiting lines, conferences and
SIP servers. Some of these fields cannot be shown if we remove them in Show fields.

To define an administration password which allows to end the calls, it is nec-

essary to change the value of the field Administration password. To allow other
LDAP users to use the call manager it’s possible to control the permissions at
Access Management option.

In the configuration page you have the link to the call manager which may be
acceded from the LAN. It might be necessary to define the alias call manager in
the DNS server of the network.

If it is not possible to visualize all the extensions, lines and servers of the call
manager, it is necessary to move the mouse to the right side of the page and the
remaining ones shall be visible. In this version of Call Manager we can do some
operations when the administrator password is inserted:

• Call transfer: Drag and drop the active phone to another;

IPBRICK SA Reference Guide - Version 6.0

164 IPBrick.C

Figure 4.120: VoIP - Call Manager

• Call termination: Double click in a phone;

• Call generation: Drag and drop one phone to another;

In the screen appear all the telephones, routes, interfaces, etc., which shall be
registered in IPBrick. However, there are differences, if the telephone has a visible
IP address, it means that it is active, otherwise it will be deactivated. If the tele-
phone is represented in red, it means that a call is in progress and its duration is
indicated.

4.9.5 Routes Management

In order for IPBrick to execute the routing of calls between the several network
interfaces, it is necessary to define the specific routes according to a telephony
numbering.

As you can see in Figure 4.121 we have this options:

• Local Routes: Represents all the local interfaces available in IPBrick by

default;
• Outbound routes: Represents all the outbound routes, so it will be possible
to make calls using SIP/IAX accounts;

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 165

• SIP servers list for registering: Allow to receive calls for SIP numbers asso-
ciated to SIP accounts;

Figure 4.121: VoIP - Routes Management

Available Local routes

Local routes (Figure 4.122) allow the configuration of an interconnection be-

tween LAN, PSTN, PBX or INTERNET.
The possible options by default are:

• PSTN-LAN: It allows the call routing from the telephone network to the
VoIP phones of local network. So it’s a internal IPBrick route than can
redirect the received calls from the PSTN to VoIP phones;
• PBX-LAN: It allows the call routing between the telephones connected to
the PBX and the VoIP telephones of local network;
• LAN-PBX: It allows the call routing from the VoIP telephones in local net-
work to the telephones of the PBX;
• LAN-PSTN: It allows the call routing from VoIP phones to telephone net-
work;
• INTERNET-PBX: It allows to accept VoIP calls from the Internet and route
them to PBX phones. It’s a IPBrick internal route only for call redirection;
• INTERNET-PSTN: It allows to accept VoIP calls from the Internet and
route them to the telephone network network. It’s a IPBrick internal route
only for call redirection;
• PBX-PSTN: This is a default internal route. It allows the call routing from
the PBX to telephone network. 24
24
It’s possible to call from phones connected to PBX and, if IPBrick is connected to PSTN
and to a PBX, you can also answer calls. IPBrick will work in a transparent mode, switching all
the traffic from PBX to PSTN and vice-versa.

IPBRICK SA Reference Guide - Version 6.0

166 IPBrick.C

• PSTN-PBX: This is a default internal route. It allows the call routing from
the telephone network to the PBX.

If there are other configured interfaces (acting like trunks), they may be added
to the list of routes, and for that it is necessary to click the connection Available
Local Routes (Figure 4.122) and then add the necessary routes.

Figure 4.122: VoIP - Local Routes

The Insert in the top menu allows to insert one of the routes mentioned. After
insertion, each type of route has a connection that allows its configuration. When
acceding to this interface it is possible to choose one of these options:

• Back

• Modify: To change the type of local route;

• Delete: Remove the local route;

• Insert: It allows to add the prefixes that must be added to this route. When
you indicate a prefix, all the calls whose initial digits coincide with that digit
are routed by that route. Choosing Advanced Options we have this options
(Figure 4.126):

– Prefix: The numeric prefix to use to make calls using that route;
– Include prefix in address: If Yes the prefix will be part of the
destination number, so the prefix will be maintained when the call is
routed. If No the prefix will be used only to identify the route. Example:
To enable the use of number 6 to route a call to the Portuguese PSTN
network, it is necessary to remove this prefix in order that the number
stays with the correct format (the format 2XXXXXXXX instead of
62XXXXXXXX).
– Postrouting prefix: It’s a prefix added by the IPBrick when the
number is received. Example: For the Portuguese PSTN network we
use the format 2XXXXXXXX. If we use has main route a SIP account
route it’s necessary to use prefix 2, include prefix in address and use
a postrouting prefix with 00351 (351 is the portuguese international
code);

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 167

– Caller IDs restriction: Will restrict the route only for the listed
caller ID’s;
– Fallback routes: It’s a backup route to use if the present one fails;
– Generate local ringing tone: Will generate a local ringing tone.
Can be used when it can’t ring at the destination phone;
– Priority: Define the prefix priority level.

Outbound routes

This option enables you to configure which calls shall be routed to a external
server which, in turn, shall be responsible for routing them to their destination
(Figure 4.123). This routing is made through prefixes that may be inserted clicking
the name of the route and then the link Insert above the prefixes table. To change
or remove a route you only have to click its name and then the option Modify or
Delete, respectively.
To add a new outbound route click Insert. The Basic Options are:

• Type: Type of signalling protocol to use: Can be SIP, SIP with TLS, IAX
or Local;

• Name: Outbound server name;

• Server Address: Server IP/name address;

• Authentication: If authentication is necessary at the server, you will have

to choose the option User/Password and fill the users name and respective
password;

Choosing Advanced Options the following parameters will be presented:

• Server Port: Server port to use;

• Video support: If the VoIP server supports video, you can enable that
option;

• Caller identifier: Outbound caller ID masking;

• Registration realm: Realm is usually the SIP server FQDN but some SIP
servers have different server address and registration realm;

• Outbound proxy: Usually not used but is a server that passes the SIP mes-
sages between the SIP client and the SIP proxy server;

• Available to Internet: With this option selected, the route shall be avail-
able for VoIP telephones outside the LAN;

• Simetric signalling: It allows to define if signalling is sent and received

through the same port (5060);

IPBRICK SA Reference Guide - Version 6.0

168 IPBrick.C

• Enable ENUM lookup: It allows IPBrick to search through ENUM.25

• Enable DUNDi lookup: It allows IPBrick to search through DUNDi.26

• DTMF type: Type of DTMF27 to use. Options: RFC2833 (default), Inband,

Info and Auto;

• Call limit: Number of possible simultaneous calls using that route, that
can be useful for bandwidth control. With 0 we can disable it;

• State check: This feature permits you to verify if the entity is online or not,
i.e.: on a phone it will check if there’s online activity, if wether by accident
or deliberate the IPBrick will know that the entity is no longer available. By
default this field is set to No;

• No far-end NAT detection by provider: This option applies in a context

where there’s a route to a operator that also sends calls, i.e. not just a an
outbound operator.

• P-Asserted-Identity: Some servers are now requiring that packets include

P-Asserted-Identity in the header of SIP packets. If this is the case, please
activate this option.

NOTE: At Authentication you will have to choose User/Password in or-

der for this option to be available.

• Caller ID on blind tranfers: Support for configuring the caller ID on

blind transfers. Available options are:

– Use the caller ID of the phone that transfers

– Use the caller ID of the transfered phone

If the outbound route type is IAX, the only parameters are:

• Name;

• Server Address;

• Server Port;

• Available to Internet;

• Call limit.

If the outbound route type Local, the basic parameters are:

25
Group of protocols that aims to associate the telephonic numbering to a new register in
DNS. This way, a telephone number shall correspond to a SIP address.
26
A peer-to-peer system for locating Internet gateways to telephony services. Unlike traditional
centralized services (such as the remarkably simple and concise ENUM standard), DUNDi is fully
distributed with no centralized authority whatsoever.
27
Dual-tone multi-frequency

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 169

Figure 4.123: VoIP - Outbound route definition

• Type: Local
• Name: Type your local server’s name

Figure 4.124: VoIP - Local - Basic Options

But if you click on Advanced Options a new set of fields will appear:

• Caller identifier: Outbound caller ID masking;

IPBRICK SA Reference Guide - Version 6.0

170 IPBrick.C

• Available to internet: By default, NO;

• Call limit: (by default, 0 to disable)

• Mandatory Route: A mandatory VoIP route will have priority over any
other. Dialed numbers (including prefixes) associated to a mandatory route
will overlap any other match, even if this match is with a local phone, an alias
or any other direct access (including IVRs, Attendances Sequences, queues,
etc.);

• Caller ID on blind tranfers: Support for configuring the caller ID on

blind transfers. Available options are:

– Use the caller ID of the phone that transfers

– Use the caller ID of the transfered phone

Figure 4.125: VoIP - Local - Advanced Options

Click on the Insert button to create the route.

Prefixes
The prefixes inserted in any of these outbound routes shall be available auto-
matically for the SIP telephones and the telephones connected to PBX.

These are all the available options (advanced):

• Route name: Type your route’s name

• Prefix-Number Pattern: Both fields define the destination’s number format

that enables you to make calls by using this route. Prefix will be a number
and for the Number Pattern you may use this syntax:

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 171

X matches any digit from 0-9

Z matches any digit from 1-9
N matches any digit from 2-9
[1237-9] matches any digit or letter in the brackets
(in this example, 1,2,3,7,8,9)
[a-z] matches any lower case letter
[A-Z] matches any UPPER case letter
. wildcard, matches one or more characters
! wildcard, matches zero (none) or more characters immediately

• Include prefix in address: By default YES

• Postrouting prefix: It’s a prefix added by the IPBrick when the num-
ber is received. e.g: For the Portuguese PSTN network we use the format
2XXXXXXXX. If we use has main route a SIP account route it’s necessary
to use prefix 2, include prefix in address and use a postrouting prefix with
00351 (351 is the portuguese international code);

• Caller IDs restriction: Will restrict the route only for the listed caller
ID’s. Click on the ADD button to insert a restriction;

• Fallback routes: Should any failure occur, you may set an alternative
route. Click on the ADD button to insert a fallback route;

• Generate local ringing tone: It generates a ringing tone to the calling

party. By default, NO

Figure 4.126: VoIP - Prefix definition

Codecs

IPBRICK SA Reference Guide - Version 6.0

172 IPBrick.C

For each outbound route it’s possible to set which codecs are going to be used
(click on Modify) as well as their priority (Order option).

Figure 4.127: VoIP - Codecs

SIP servers list for registering

Here it’s possible to visualize the SIP28 address list which have already been
configured (Figure 4.128). When inserting a new one, the page generated asks for
the following data:

• Name: Server name;

• SIP server address: SIP server IP or address. It is possible to specify the

port number along with the SIP IP address as: <server address>:<port
number> (e.g: 212.12.34.1:5090)

After typing in the data, it is necessary to click the button Insert to confirm
the address. The next step is to register accounts to the local SIP server. Pressing
Insert we have this options:

• Login: SIP account login. Normally it’s the nomadic SIP number;

• Authentication user: Usually the same as the login;

• Password: SIP account password;

Note: To configure the internal number to where the operator will transfer the
incoming calls from the Internet to that nomadic number, just create a Phone at
Phones Management, IVR, Call Group etc. at Functions > Inbound.
Note: In order to define the destination of the received calls, you should con-
figure a Speed Dial or use a function to that purpose.
28
Session Initiation Protocol

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 173

Figure 4.128: VoIP - SIP server for registering

4.9.6 Music on Hold

In this section (Figure 4.129) you can see the list of songs which shall be heard
if the call is placed on hold. It is also possible to add more mp3 files to the list,
clicking the connection Insert and after searching the localization of the music file
(by clicking on the button Browse...), write a brief description of the file in the
field Name. To add the mp3 after all fields have been fulfilled, click the button
Insert. You can also remove or modify the songs from the list clicking on the name
of the song and clicking on Change or Delete.

Figure 4.129: VoIP - Music on hold

4.9.7 Voice Prompts

The Voicemail prompts are now divided by .tgz files according to language and
with a structure compatible with the system of Asterisk 1.4.x.
The AsteriskSounds4IPBrick voice prompts packages (.tgz files) are available
on IPBrick e-shop at:

Downloads  Software  IPBrick Related Software  IPBrick 5.3

The available languages are:

• Spanish: asterisksounds4ipbrick_es.tgz

IPBRICK SA Reference Guide - Version 6.0

174 IPBrick.C

Figure 4.130: VoIP - Voice Prompts

• French: asterisksounds4ipbrick_fr.tgz

• Dutch: asterisksounds4ipbrick_nl.tgz

• German: asterisksounds4ipbrick_de.tgz

• Portuguese: asterisksounds4ipbrick_pt.tgz

By default, IPBrick comes with just the English voice prompts already installed
and ready to use (Figure 4.131). But as soon as you add more packages you will
be able to select them as default.

Figure 4.131: VoIP - Voice Prompts by default

To add another language, please download the package at our eshop (or use any
other compatible packages you have in your possession) and install it, by clicking
on the Insert link, at the Voice Prompts page (Figure 4.130).

At the new page (Figure 4.132) name the voice prompt package and select the
language, this is a double-check procedure in order to ensure that you are adding
the correct file. Click on Browse... to select the .tgz voice package.

Reference Guide - Version 6.0 IPBRICK SA

4.9 VoIP 175

Figure 4.132: VoIP - Insert Voice Prompts

When you have finished, please click on the Insert button.

4.9.8 Dialplan

At Dialplan you will be able to check the information tables for the internal,
Inbound and Outbound routes. It will also be possible to do quick modifications,
simply by clicking on the corresponding icons.

At the top of the page there’s a Filter (Figure 4.133) where you will be able to
select if you want to visualize All or just the Internal (Figure 4.134), Inbound
(Figure 4.135), Outbound routes (Figure 4.136), simply select which one you wish
to see.

Figure 4.133: VoIP - Dialplan - Filter

IPBRICK SA Reference Guide - Version 6.0

176 IPBrick.C

Figure 4.134: VoIP - Dialplan - Internal

Figure 4.135: VoIP - Dialplan - Inbound

Figure 4.136: VoIP - Dialplan - Outbound Routes

These tables are arranged by Number, Type and Interface for the source and
destination. On all of them, you will be able to select the number of entries to be

Reference Guide - Version 6.0 IPBRICK SA

4.10 IM 177

visualized (10, 25, 50, 100, 250), order the table by column, read the Description
to each row and there’s also a search box so you can make your queries.

It is also important to note that besides each row showing one element of the
table, there’s a dedicated All row for the inbound and outbound routes.

There are also three types of icons (Figure 4.137) with different results depend-
ing of their location:

Figure 4.137: Add - Edit - Delete Icons

• Add: Clicking on this icon will open a new window: VoIP  Routes Management
 Prefixes, enabling you to add prefixes.

• Edit: This will open a new window where you’ll be able to alter the corre-
sponding settings.

– At the Internal table the edit icon will open the Telephony  Configurations
 Modify page.

– At the Inbound table the edit icon will open the VoIP  Functions
 Inbound  Call queues  <The respective queue>  Modify page.

– At the Outbound Routes table the edit icon will open the Telephony
 Configurations  Modify page.

• Delete: Clicking on this icon will erase the corresponding route or call queue.
At the new window simply click on the Delete button to confirm or the Close
button to cancel the action.

4.10 IM
IM (Instant Messaging) is a service that lets you exchange text messages at
near-real-time speed. IPBrick’s IM server is ejabberd, an IM server based on the
Jabber (XMPP) protocol.

With this server you can communicate both using the Jabber protocol and the
MSN protocol through a MSN gateway. Access to MSN contacts is controlled by
this web interface. By default, the IM service, when enabled, blocks access to all
MSN contacts, except the ones explicitly authorized in this web interface.

It is also possible to record all chat conversations, this will require the ucoip4iportaldoc
v2.1 package, available at our eshop in:

IPBRICK SA Reference Guide - Version 6.0

178 IPBrick.C

4.10.1 Activating / Deactivating the IM server

Enable Instant Messaging  Modify (Figure 4.138):
• No: The ejabberd server is stopped and all access to the MSN IM network
is unblocked.
• Yes: The ejabberd server is running. The access to the MSN IM network
is blocked. The MSN client programs will be blocked, (Figure 4.139) so
will the web messenger sites, as we can see in Firewall (Figure 8.30). At
Authorized domains we can define witch domains will be authorized to use
the IM service.
When the Instant Messaging server is enabled, you’ll have the following fea-
tures:
• List of authorized MSN users from IPBrick Contacts:
– Insert: Clicking the check-boxes you can choose which MSN contacts,
from IPBrick Contacts, are reachable through the Instant Messaging
server.
– Delete: Clicking the check-boxes you can choose the contacts from IP-
Brick Contacts that you no longer want to be reachable from accounts
logged on the server.
• List of authorized MSN users:
– Modify: Add, one per line, the MSN contacts that you want to be
reachable through the Instant Messaging server. All users will be able to
reach only the authorized MSN contacts. To remove the authorization
you just need to remove them from the text box.
It is possible to use both these features simultaneously, that is, you can be
using IPBrick Contacts to allow MSN contacts, and add other contacts in the List
of authorized users.

Figure 4.140: IM - Web messenger sites blocking in firewall

Reference Guide - Version 6.0 IPBRICK SA

4.10 IM 179

Figure 4.138: IM - Enabling Instant Messaging Server

Figure 4.139: IM - Blocking MSN applications

4.10.2 Chat Recording

This feature enables you to record all user chat conversation. You should take
notice that privacy laws apply in cases where company chat conversation logs are
kept!

NOTE: This feature is only available after installing and licensing the UCoIP
Recording .deb package available at our eshop!

Figure 4.141: Chat recording requires licensing and the UCoIP recording package

IPBRICK SA Reference Guide - Version 6.0

180 IPBrick.C

Reference Guide - Version 6.0 IPBRICK SA

Chapter 5

IPBrick.GT

All the services except Fax and UCoIP page are presented at IPBrick.C menu:

• VoIP;

• IM;

• Fax Server;

• E-Mail;

• SMS;

• Web Server;

• Groupware.

5.1 Fax Server

The fax server is integrated at IPBrick from version 4.1 onwards. It works
with a serial modem/fax or integrated in the PBX IP server. Incoming faxes are
automatically forwarded trough email.

The FAX Server configurations are implemented through the web interface in
IPBrick.GT - FAX Server (Figure 5.1).

Figure 5.1: Fax Server - Configure

IPBrick provides you these two services: FAX2Mail e Mail2FAX. With the
FAX2Mail service, a FAX sent by an external FAX device is received by the FAX

IPBRICK SA Reference Guide - Version 6.0

182 IPBrick.GT

connected to IPBrick and then is forwarded to a defined email address.

With Mail2FAX you can send from an email an attached pdf file to a defined FAX
number. to enable this task you have to configure the email client with the SMTP
server where the FAX service is running and add the configured fax domain to the
domain list that is allowed to be forwarded by the email server.

5.1.1 Fax2Mail
To configure this service you have to click on the Modify link and select Yes to
Enable Configuration. The following options are displayed:

Figure 5.2: Fax Server - FAX at telephony card

• Main Fax Number: The PSTN Fax number to be present when a FAX is
sended;

• Company identification: Company name to be present when a FAX is sended;

• Country Code: Country phone number code to be present when a FAX is

sended;

• Area Code: Area phone number code to be present when a FAX is sended;

• Long distance prefix: 0 by default;

Reference Guide - Version 6.0 IPBRICK SA

5.1 Fax Server 183

• International prefix: 0 by default;

• Rings Before Answer: Number of rings before IPBrick answers to Fax. Can
be useful if another FAX equipment is connected. For example, if the FAX
equipment can’t receive the FAX, IPBrick FAX server can answer at the 5th
ring;

• Speaker volume: FAX sound volume;

• Enable delay: Should be active by default;

• Sender of notifications: It’s a internal email account that will send notifica-
tions to users that are using the Mail2FAX. Examples: Error sending fax,
task completed etc. By default we use IPBrick Fax Server that will use
the current domain;

• Sender of received fax notifications: Identification of the reception warnings

sender. By default we use IPBrick Fax Server;

• Attach Original File in the notification: Choose YES if you wish to attach
the file in the notification (by default this option is set to NO)

• Fax resolution: Define the vertical resolution of the fax. There are two
resolution modes, a normal resolution of 98 lines/inch and a high resolution
of 196 lines/inch;

• Number of attempts to send the fax: Number of tries attempts to send the
FAX. By default will terminate a job if 3 consecutive attempts to send a
particular page fail;

• Maximum time to send the fax: Sets the time that a fax have to be sent.
Stop the process if it does not complete in the indicated time.

To activate configuration, click Modify

If you access the menu again, there will be two new options near the link
Modify: Fax Users and Fax Interfaces

Fax users
In Fax users (Figure 5.3), you can set which users may be authenticated in the
Fax client application and which will have permissions to manage Fax queue lists.

The FAX client can be WinPrintHylafax that is available for download at:

http://winprinthylafax.sourceforge.net

IPBRICK SA Reference Guide - Version 6.0

184 IPBrick.GT

The benefit in using a FAX client at the workstations side is the possibily
to print any document directly to HylaFax, so it’s an alternative to Mail2FAX
explained down.

Figure 5.3: Fax Server - Fax Users

Fax Interfaces

In this page (Figure 5.4) you will insert any number of interfaces that you deem
necessary.

Figure 5.4: Fax Server - Fax Interfaces page

Click on Insert, a new page will be presented (Figure 5.5)

Reference Guide - Version 6.0 IPBRICK SA

5.1 Fax Server 185

Figure 5.5: Fax Server - Fax Interfaces Insert page

Depending on the choices you make, these are the presented fields:

• Name: The name you will give to the interface, e.g: fax1

• Type: The interface’s typology, these are the available types:

– Foip - SIP: FoIP stands for Fax over IP and refers to the process of
sending and receiving faxes via a VOIP network.
Server address: The server’s url (eg:voipbuster.sip.com)
Authentication: There are two options:
-Fixed IP: A static IP
-User/Password:
–User: Type the user’s name
–Password: Insert the desired password
–Retype Password: Confirm the password by re-typing it.
– Telefony Card: Choose the type of Interface:
-PSTN
-PBX
– Foip - T38: Fax over IP works via T381 and requires a T38 capable
VOIP gateway as well as a T38 capable fax machine, fax card or fax
software. Fax server software that can talk ’T38’ allows sending and
receiving faxes directly via a VOIP gateway and, consequently, does not
need any additional fax hardware. As with FoIP SIP you will have two
modes of Authentication:
-Fixed IP: A static IP
-User/Password:
–User: Type the user’s name
–Password: Insert the desired password
–Retype Password: Confirm the password by re-typing it.
1
T38 is a protocol that describes how to send a fax over a computer data network. T38 is
needed because fax data can not be sent over a computer data network in the same way as voice
communication.

IPBRICK SA Reference Guide - Version 6.0

186 IPBrick.GT

– Serial Fax Modem: If the modem is connected to the server serial port
you should choose the port that connects to the the modem in the
Serial Ports list (S0 to S7), the Baud rate (1200 to 38400) and Class of
the modem (Class1 to Class2.1). To know the appropriate values you
should read the modem manual

• Number of virtual fax machines: Define the number of virtual FAX’s to use;

By default, notifications and reception warnings are delivered by email to

fax@<domain>. That’s why you have to create an email account with this name
or an alternative email with the same name for other existing accounts.

Note: You have to activate the Fax service in Advanced Configurations

- System - Services and click in FAX. Enable Active and Automatic start.

T38
We will present next, the necessary steps in order to configure the T38 protocol.

Note: The presented configurations should serve merely as an example.

At IPBrick.GT > Fax Server you will activate the FAX service. As soon
as that is done there will appear three links on the top right corner of the page
Modify, Fax interfaces and Fax Users

Figure 5.6: T38 - Fax Server

Reference Guide - Version 6.0 IPBRICK SA

5.1 Fax Server 187

Click on Fax Interfaces and there will be two types of interfaces FoIP-SIP
and FoIP-T38. Select the latter and create a new interface for your T38 operator.

Figure 5.7: T38 - Fax Interfaces

At Routes Management (IPBrick.GT > Fax Server > Routes Management)

create the FAX routes in the same fashion as for the SIP routes.

Figure 5.8: T38 - FAX Routes

Click on Insert at Outbound Routes and add a route using the previously
created interface. You may configure it as default gateway or as prefix.

Figure 5.9: T38 - Outbound Routes

You should now insert an inbound route.

IPBRICK SA Reference Guide - Version 6.0

188 IPBrick.GT

Figure 5.10: T38 - Inbound Routes

The final result should be something like in the following figure:

Figure 5.11: T38 - Final result

In this example, the FAX default gateway is the T38 operator and the DDI
22XXXXXXX as an entry in T38.

5.1.2 Mail2Fax
In Mail2Fax definitions we have two options:

• Domain for fax sending: It’s a internal domain used just to send FAXES. You
can choose any domain you want, but the recommended one is fax.domain.com.
When the email server receives one message for that FQDN, the message at-
tachment will be forwarded to the FAX server that sends the FAX by the
PSTN;

• Presented source fax number: For each LDAP group it’s possible to define
what would be the source fax number field when someone sends a FAX to
the PSTN (public network, outside, etc.);

After updating the configurations you will be able to send Faxes from a work-
station using a simple email client. At the workstation side just:

• Map an email account pointing the SMTP to the IPBrick or use webmail;

Reference Guide - Version 6.0 IPBRICK SA

5.1 Fax Server 189

• At the To: field insert number@fax_domain, e.g.: [email protected];

• The subject is optional, so the next step is to attach a .pdf or a .tiff file
that will be the FAX;

Note that you can create a mailing list at IPBrick and insert all the FAX
numbers you want, e.g.: Create a mailing list named [email protected]
and insert at External users list some costumers FAX’s:

[email protected]
[email protected]
[email protected]
...

So at the client side you just need to send an email to [email protected],

attaching only the .pdf or .tiff file.

5.1.3 Statistics
This menu displays the statistics about Sent Faxes, Incoming Faxes and in
course tasks.

Sent Faxes

Visible fields:

• ID: Fax identification;

• Date: Sending date;

• Owner: Fax Sender;

• Pages: Number of Pages;

• Origin: Origin email address;

• Number: Fax number;

• Attempts: Number of attempts;

• State: Fax sending status.

• File: Type of file.

IPBRICK SA Reference Guide - Version 6.0

190 IPBrick.GT

Received Faxes

Visible fields:

• Sender: Sender name;

• Destination: Receiver number;

• Pages: Number of pages;

• Reception date;

• File: Fax file.

Running

Visible fields (Figure 5.12):

• Delete: Deletes Fax;

• ID: Fax identification;

• Owner: Fax sender;

• Number: Fax number;

• Pages: Number of pages;

• Attempts: Number of attempts;

• State: Fax sending status.

In this menu you can visualize statistics and Delete Tasks.

Figure 5.12: Fax Server - Current Faxes

The monthly FAX statistics are automatically sended to the Sender of notifications
email.

Reference Guide - Version 6.0 IPBRICK SA

5.1 Fax Server 191

5.1.4 Routes Management

In this page (Figure 5.12) you will be able to define outbound and inbound
routes, just click on the corresponding Insert link.

Figure 5.13: Routes Management

Outbound
The prefix definitions are as follows:

• Fax interface:

• Prefix:

• Default gateway: If you check this field. the next options will obviously be
unavailable:

– Include prefix in address: By default: YES

– Postrouting prefix: Type the Post routing prefix

Inbound
These are the available inbound number definitions:

• Fax interface: Select the desired interface, you have inserted, from the pop-
down list

• Fax Number:

• Send to: At this moment the single option available is sending to email

• Destination: Is the email address where the IPBrick incoming faxes are for-
warded;

• File type: The faxes will be delivered in these formats: pdf, ps or tiff.

IPBRICK SA Reference Guide - Version 6.0

192 IPBrick.GT

5.2 UCoIP Page

This option enables you to configure certain aspects of the UCoIP page, such
as, which users will have administrative privileges and the UCoIP Page parame-
ters, like Title, Logo, etc.

Click on the UCoIP Page option at the IPBrick.GT menu.

Figure 5.14: UCoIP Page

At the new page you will have available the editable options for:
• Users with administrative privileges
• UCoIP Page Parameters

Figure 5.15: UCoIP Page Settings

Each has a dedicated Modify link. Clicking on one will let you alter the corre-
sponding settings.

If you click on the user privileges you will access a new page where you will be
able to select which users, from the roster, will have administrative privileges and
access the UCoIP Page Management Interface.

Reference Guide - Version 6.0 IPBRICK SA

5.2 UCoIP Page 193

Figure 5.16: User privileges selection

The procedure is exactly the same as choosing any other user in IPBrick.

Simply select the user(s) by clicking on the desired username and then on the
arrow button pointing to the desired box. You may also double-click a user to
transfer him.

Obviously, by default, the administrator is the only user with administrative

privileges, but you may add other users from the System Users box.

When you have finished selecting users, click on the Back link to return to the
UCoIP page settings.

If you now click on the Modify link pertaining to the UCoIP page parameters,
you will access the available editable settings.

The only parameter available for edit by the common user is the Description
visible at his/her UCoIP page. All other options are barred to the regular user,
but you may alter these settings.

• Title: Configure Yes if you wish to let the user change the UCoIP page’s
title. By default, No

• Logo: Configure Yes if you wish to let the user change the UCoIP page’s
logo. By default, No

• UCoIP Page Style: Configure Yes if you wish to let the user change the
UCoIP page’s style., No

• Social Networks Links: Configure Yes if you wish to let the user change the
UCoIP page’s links. By default, No

• Description: Configure No if you wish to block the user from changing the
UCoIP page’s description. By default, No

IPBRICK SA Reference Guide - Version 6.0

194 IPBrick.GT

Figure 5.17: UCoIP page parameters

These settings will be available at the user’s profile page at CAFE

Figure 5.18: IPBRICK.CAFE

After login you will access the CAFE home page.

Figure 5.19: CAFE login

Click on your username.

Reference Guide - Version 6.0 IPBRICK SA

5.2 UCoIP Page 195

Figure 5.20: CAFE username

At the new page you will be able to access The UCoIP Page settings.

Figure 5.21: User Profile options

The UCoIP Page settings page presents you with several editable settings (de-
pending on your permissions). The same ones you set at the UCoIP Page Man-
agement Interface.

• Logo: Upload your company’s logo (Max size: 400x70)

• Profile background image: Upload a background image (Exact size: 1068x442)

Figure 5.22: User Profile options 1/3

Simply click on each color code setting to access a color palette.

IPBRICK SA Reference Guide - Version 6.0

196 IPBrick.GT

• Page background color

• Profile background color

• Profile text color

• Services text color

• Services background color

Figure 5.23: User Profile options 2/3

Figure 5.24: Color Palette

• Title: The page’s title. By default, CONTACT PAGE;

Reference Guide - Version 6.0 IPBRICK SA

5.2 UCoIP Page 197

• Facebook URL: Type the URL for your company’s Facebook page;

• Twitter URL: Type the URL for your company’s Twitter page;

• Google+ URL: Type the URL for your company’s Google page;

• Linkedin URL: Type the URL for your company’s Linkedin page;

Figure 5.25: User Profile options 3/3

For more info on CAFE please consult Appendix 15 - IPBRICK.CAFE)

5.2.1 UCoIP Page Management Interface

Also available, to the administrator, is an interface that let’s you define impor-
tant components of the UCoIP page, such as the visible logo, social media links,
page style etc. As we have seen, these components may or may not be altered by
the users.

The interface is available at:

http://ucoip.domain.com/admin/

NOTE: Replace domain.com with your own domain name!

IPBRICK SA Reference Guide - Version 6.0

198 IPBrick.GT

Figure 5.26: UCoIP Page Managent Login

After authentication, the interface will display the UCoIP Page Settings page.

Figure 5.27: UCoIP Page Settings Page

• Title: The page’s title. By default, CONTACT PAGE;

• Description: The page’s Description;

• Logo: The page’s logo. Upload an image file with the dimensions: (max
width: 400px - max-height: 70px);

• Facebook URL: Type the URL for your company’s Facebook page;

• Twitter URL: Type the URL for your company’s Twitter page;

• Google+ URL: Type the URL for your company’s Google page;

• Linkedin URL: Type the URL for your company’s Linkedin page;

Reference Guide - Version 6.0 IPBRICK SA

5.2 UCoIP Page 199

Figure 5.28: UCoIP Page Settings Modify Page

If you click on Style at the side menu you will open the Style page. Here, you
may alter the color scheme by clicking on the Modify link.

Figure 5.29: UCoIP Page Style

When you click on the Modify link you will be presented with the edit page
were you will be able to alter the color, for each of the available settings. Simply
click on each square to present a color palette. You may also upload a background
image (width: 1068px - height: 442px).

Figure 5.30: UCoIP page Style Palette

IPBRICK SA Reference Guide - Version 6.0

200 IPBrick.GT

The UCoIP page will now look something like this.

Figure 5.31: UCoIP page Style Modified

The default UCoIP page can be seen on the following picture.

Figure 5.32: UCoIP page

Reference Guide - Version 6.0 IPBRICK SA

Chapter 6

IPBrick.SEC

IPBrick.SEC communications server is based on a robust internet security soft-

ware and one of its key security features is that it prevents workstations from di-
rectly accessing the internet, not allowing Trojans to establish access tunnels that
would allow remote access to your network.

IPBrick.SEC becomes an essential element for your network safety, offering a

wide range of security solutions:

• Anti-virus;

• Intranet Security;

• Anti-virus and anti-Spam;

• Denial of service prevention;

• Firewall;

• VPN server;

All the services in IPBrick.SEC are presented at IPBrick.C menu:

• Firewall;

• Proxy;

• VPN;

• E-Mail;

• Groupware.

IPBRICK SA Reference Guide - Version 6.0

202 IPBrick.SEC

Reference Guide - Version 6.0 IPBRICK SA

Chapter 7

IPBrick.4CC

IPBrick.4CC allows you to manage services, virtual machines, users and desk-
tops, significantly reducing the time and expense.

This solution is easily managed via a simple web interface and adapts to all en-
vironments, allowing users to have different working environments simultaneously,
e.g: Windows and Linux.

Since all the content that would be in the usual PCs happens is in a single
server, you no longer need a technician to intervene in every PC. Thanks to IP-
Brick.VDI and the cost per job decreases dramatically. In addition, the solution
reduces the time spent on maintenance, since all information is centralized in a
single server.

For more information regarding IPBRICK.4CC, please consult our IPBRICK.4CC

Manual.

7.1 Hypervisor
The hypervisor is the intermediary between the virtual libraries and the GUI.
There can only be one per host, the Hypervisor is the VDI’s administrative ac-
count. When you enable the Hypervisor you are enabling the IPBRICK.4CC
virtualization solution.

To do so, click on Modify link at the Hypervisor page.

Figure 7.1: Hypervisor

IPBRICK SA Reference Guide - Version 6.0

204 IPBrick.4CC

On the new page select YES to enable the Hypervisor and then click on the
Modify button.

Figure 7.2: Enable Hypervisor

You may check, on the newly presented page, that the Hypervisor is now
enabled.

Figure 7.3: Hypervisor enabled

Selecting a Share to upload ISO in Configurations requires that you config-

ure a share first at:

IPBRICK.I > File Server > Group Work Areas

For additional please consult section 3.6 - File Server of this document.

NOTE: If you do not configure a share you will not be able to copy ISOs to it
via a GUI (Windows or Ubuntu). You will have to use the console and copy the
ISOs to the default directory.

We offer you an example of a configuration in order to help you set the 4CC
service.

The first step is to create a share, it is mandatory that you set as permissions
type ACL! ACL enables to assign different permissions to subfolders regardless of
the permissions in the main folder.

Reference Guide - Version 6.0 IPBRICK SA

7.2 VDI 205

Figure 7.4: Share data with ACL as permissions type

The next step is to give permissions at Group Access.

Figure 7.5: User group access

The share will then be available for selection.

Figure 7.6: Hypervisor enabled

7.2 VDI
7.3 Terminal Configuration
IPBrick’s terminal server provides an Operating System to terminal stations
that have no disk (thin clients). Usually a thin client is a low-end computer ter-
minal which only provides a graphical user interface (GUI) to the end-user. The
operating system is loaded through the network and provided to the terminal, that
will have available, for example, a browser or the login console of a Windows server.

IPBRICK SA Reference Guide - Version 6.0

206 IPBrick.4CC

NOTE: IPBrick must be working as a DHCP in the network (and has to be

the only DHCP server). The client of terminal server receives from IPBrick the
necessary information to boot from the network.

7.3.1 Settings
First, you have to activate Terminal Server in IPBrick’s web interface. To
activate, click Modify and choose Yes;

Figure 7.7: Terminal Enable Configuration

After the activation, you may configure terminal server in this fields:

• Display [2 to 7]:

NOTE: Display 7 offers a an option not available on any other Displays.

The LTSP1 Display Manager (LDM). In this case, you only need to input
the IP address in order to establish the connection.

– Server Remote Desktop: The connection is made by the terminals to

IPBrick. IPBrick is responsible for the connection with the Windows
Server:
∗ Server: Address to connect by remote desktop;
∗ Domain: Indicate the Windows domain that is going to connect (ex:
ipbrick2014).
– Terminal Remote Desktop: The connection to the server is directly
made by the terminal:
∗ Server: IP Address of the server to connect by remote desktop;
∗ Domain: Indicate the Windows domain that is going to connect (ex:
ipbrick2014).
– Mozilla-Firefox: Open a Firefox browser session;
– Telnet Session:
∗ Server: IP Address of the telnet server. It is possible to connect to
other service by indicating a specific gate. Syntax: ip_address:port;
– Linux Remote Desktop: Remote connection to a Linux machine;
1
Linux Terminal Server Project

Reference Guide - Version 6.0 IPBRICK SA

7.3 Terminal Configuration 207

– Others: It presents a command line

• Keyboard model: It depends on the number of keys. These are the available
options:

– pc101;
– pc102;
– pc103;
– pc104;
– pc105.

• Keyboard layout:

– de: german;
– es: spanish;
– fr: french;
– pt: portuguese;
– us: english.

• Mouse protocol: Type of protocol used by the mouse in the client station;

• Mouse device: System Device that will be used (/dev/...);

• Mouse resolution: The Resolution mode used by the mouse;

• Mouse buttons: Number of mouse buttons;

• Video driver: Leave blank for auto-detection;

• Sound: Enable or Disable the terminal’s sound;

• Printer [0...1] type: Sets the printer type you want to use;

• Printer [0...1] device: Specific device for the printer (/dev/...);

• Local Device [0...2]: Other devices you want to use (/dev/...);

• Mode [0...2]: Possible screen resolutions. If you leave these fields without
selection the system will auto-detect the resolution. But if you choose to
select a resolution, always type on Mode 0 the one you think best;

• Color Depth: This is the number of bits to use for the colour depth. Possi-
ble values are 8, 16, 24 and 32. 8 bits will give 256 colours, 16 will give 65536
colours, 24 will give 16 million colours and 32 bits will give 4.2 billion colours!
Not all X servers support all of these values!!! The default value for this is 24.

NOTE: If the terminal hasn’t got the necessary resources we recommend

selecting 16 bits!!!

IPBRICK SA Reference Guide - Version 6.0

208 IPBrick.4CC

• Module 01...02: Makes possible the loading of two Kernel modules.

• Startup Script 01: You may type here a script to be executed. When the
terminal starts, it will run your command.

• Startup Script 02: In case script 01 doesn’t run, you may type here an-
other one to be executed in its place.

• DNS Server: A valid IP for domain name server. if the DNS server is in
the same machine this setting is not needed, but if the DNS is on another
machine you must set a valid IP.

• DNS Domain: Sets a valid search domain in the clients’s resolv.conf file. Used
to build the resolv.conf file. Not needed by default. Needed if DNS SERVER
is set!

• Time Server: The address of a time server (NTP) that the thin client can
set its time from. If unset, the thin client just uses the BIOS time.

• Shutdown Time: Time at which thin client will automatically shut down.
The format is hh:mm:ss in 24 hour format. The default is unset;

• Local Applications: Whether to run apps locally on the client or not;

• Allows multiple sessions (only LDM): This setting is only applicable on

a LDM terminal. Enable it if you wish to run multiple sessions;

• LDM Theme: Type the path for the folder that will hold the LDM themes;

• Encrypted LDM Session: It allows you to turn off or on the encrypted tun-
nel via SSH, and instead run a less secure, but much faster unencrypted
tunnel. the terminal will perform faster but data transmission will be less
secure;

• CUPS Server: CUPS2 allows a terminal to access a print server. By default,

this option is disabled.

2
Common Unix Printing System

Reference Guide - Version 6.0 IPBRICK SA

7.3 Terminal Configuration 209

Figure 7.8: Terminal Configuration 1/2

Figure 7.9: Terminal Configuration 2/2

You can see a first configuration example in Figure 7.10.

IPBRICK SA Reference Guide - Version 6.0

210 IPBrick.4CC

Figure 7.10: Terminal Configuration - Example

Boot and Operating System

If using thin clients, after the first terminal configuration here, IPBrick will
need a LTSP boot system and an operating system. The boot system (kernel) will
be loaded into the thin clients memory.

Boot Systems
To load Boot systems (Kernel) click on kernel link (Figure 7.11). The following
fields are displayed:
Boot system configuration:

• Description: Kernel text description;

• Boot loader: It will be selected later;

• Kernel: If you click Archive you should select the Kernel file from the above
link.

Figure 7.11: Terminal Server - Boot System configuration

Operating Systems
To load the Operating System you have to click in top menu on OS (Figure
7.12), and after that click insert to display the following options:

• Description: Description of the operating system;

Reference Guide - Version 6.0 IPBRICK SA

7.3 Terminal Configuration 211

• Operating system: If you click Archive you should select the OS version
to run.
The Kernel and Operating System files can be downloaded at our eshop:

http://eshop.ipbrick.com/eshop/

At: Downloads -> Software -> IPBrick Related Software -> IPBrick 5.x
(5.2, 5.1, 5.0.1, 5.0)

Note: You have to be registered at our eshop for the Download section to be
available.

For IPBrick 5.x you will need to download the following files:
ipbrick5-ltps5-kernel_1.0.tgz
ipbrick5-ltps5-OS_1.0.tgz
For older versions of IPBrick you need the files root.tgz (OS) and 2.6.9-ltsp-3.tgz
(Boot system).

Figure 7.12: Terminal Server - Operating System

Machines
If the terminals are registered in IPBrick (IPBrick.I - Machines Management)
you may personalize configurations for a terminal in the machines link (Figure
7.13) by selecting if the default options set in the top menu of configuration are
going to be used.

After loading the boot system(s) and the operating system(s), you should click
Back and Terminal OS and choose the Kernel and the Operating System you want
to use.

Figure 7.13: Terminal Server - Machines

IPBRICK SA Reference Guide - Version 6.0

212 IPBrick.4CC

7.3.2 Client configuration

You should boot from network to make available for the clients the Terminal
Server. For example if you use a Book PC, the machine should be booted and the
access to BIOS is made with the keys Shift + F10. The configuration should be
(it is possible to modify the values through the directional keys (<- and ->)):

Network Boot Protocol : PXE

Boot Order : Int 19h
Show Config Message : Enable
Show Message Time : 3 Seconds

After this configuration, an orange window appears with this message:

Always boot network first, the local devices.

After making these changes you have to confirm them by clicking the F4 key.
This procedure makes sure that the client machine will boot from the network.
After the client machine reboots, this machine will now boot via IPBrick.

NOTE: If the login screen of Linux graphic interface appears after the booting
, you have to restart X Server with the keys [CTRL] + [ALT] + [BACKSPACE].
If the same window appears even after the restart, it is possible to validate with
user ltsp and password ltsp.

Several screens may be active for the same client (depending on what was set
in the Number of Displays field of IPBrick). Browsing across screens can be made
with these key combinations: [CTRL] + [ALT] + [F2] for screen 1, [CTRL] +
[ALT] + [F3] for the screen 2, and so on.

7.3.3 Broker
The Broker feature enables the Balancing Service. Load balancing is a tech-
nique for distributing load over a number of servers.

Figure 7.14: Broker - Disabled Balancing Service

Click on the Modify link.

Reference Guide - Version 6.0 IPBRICK SA

7.3 Terminal Configuration 213

Figure 7.15: Broker - Balancing Service Modify page

Enable service: Select YES to enable the service configuration.

Figure 7.16: Broker - Enabling the Balancing Service

When you enable the service new options appear:

• Broker IP: The IP of the Broker service. By default, it is configured as:

127.0.0.1

• Memory weight: The value of importance when balancing the available mem-
ory in relation to the CPU. The combined value of memory and CPU weight
must be 1. By default: 0.5 this will mean that the memory and CPU have
equal importance for the broker.

• CPU weight: The importance when balancing the CPU resources. By de-
fault: 0.5. As stated previously the combined value must always be 1. If
you want you may prefer that the CPU has an increased importance, if you
type, for instance, 0.7, but then, the memory weight must be 0.3

• Servers: Server IP. By default: 127.0.0.1. At this option you must type
the IP address of the server(s) that will host the machines. It is possible to
add as much IPs as you deem necessary, simply click on the Add button to
add another IP. To delete one, simply click on the Remove button.

Click on the Modify button to save the settings.

IPBRICK SA Reference Guide - Version 6.0

214 IPBrick.4CC

Figure 7.17: Broker - Modify page

Sessions Manager

At the Broker Modify page you will also have available the Sessions Manager
link, this new page presents the list of all machines groups created in IPBrick.I.
You will need to configure the desired groups to be brokered, in order for the load
balancing to function correctly.

IMPORTANT NOTE: When creating the machine groups to be brokered,

bear in mind that you must created them according their type, i.e.: all machines
in a group must be either Windows or Linux based. Do not mix windows and
Linux machines in a single group!

Figure 7.18: Broker - Sessions Management - Machine Groups List

Click on the underlined name of a machine group to open a new page where
you will be able to check the type, server and users that constitute that particular
group.

Reference Guide - Version 6.0 IPBRICK SA

7.3 Terminal Configuration 215

Figure 7.19: Broker - Sessions Management - Group data

Click on the Modify link to alter the group settings. At the new page you will
be able to select if the Group Type is made of entirely Windows or Linux machines,
what is their server IP (from the inserted hosts at the Broker modify page). It
is also possible to select from the system users, the ones that will be part of that
group.

Figure 7.20: Broker - Sessions Management Modify page

The user selection procedure is very simple. Just select the users from the
right box (System) and click on the button with the arrow pointing to the left box
(Group) <<. To remove a user simply invert the process.

IPBRICK SA Reference Guide - Version 6.0

216 IPBrick.4CC

Reference Guide - Version 6.0 IPBRICK SA

Chapter 8

Advanced Configurations

Here you have the advanced interface for some services and configurations
present in the upper menus. This chapter is divided by the following main sections:

• IPBrick;

• Telephony;

• Network;

• Support services;

• Disaster recovery;

• System.

8.1 IPBRICK
8.1.1 Definitions
In this section will be treated some very essential IPBRICK server configura-
tions.

Domain Definitions
In Domain Definitions you configure the hostname and the server DNS do-
main. The Fully Qualified Domain Name is composed by the machine name and
the DNS domain. For example, if you have the hostname ipbrick and the DNS
domain company.com, the FQDN will be ipbrick.domain.com. In order to change
these definitions click on Modify.

Network Definitions
At network definitions it is possible to configure the following network interface
parameters:

• Interface: Interface name;

IPBRICK SA Reference Guide - Version 6.0

218 Advanced Configurations

• Type: Private (for eth0) or public for the others;

• Mode: Inferface mode can be static or for the public interfaces it’s possible
to configure the interface as dynamic, so it will act as a DHCP client;

• IP: Interface IP address with the correspondent network bit mask;

• Network: Network address;

• Broadcast: Network broadcast IP;

• Aggregate network interface cards: If some addicional NIC’s are available,

the ethernet bonding can be configured;

• MAC Address: Physical address of NIC.

The parameter state will show the physical link state:

• Green: The link is OK;

• Red: The link is DOWN;

The Modify will change these parameters. The Insert will add a new IP alias
for the interface. Example: eth0:1, eth0:2.
If IPBrick works as an Intranet server (IPBrick.I), it is only necessary to config-
ure the private interface. The public interface may get all the default configurations
and it shall not have a network cable connected.

If the server has more network cards (ETH2, ETH3...), they are listed as private
but no rules will be added automatically to the firewall. This means that all traffic
for that new interfaces will be denied.
If IPBrick works like a Communications server (IPBrick.C) or if it accumulates
the Intranet and Communications functions (IPBrick.I + IPBrick.C), it is neces-
sary to configure the two network interfaces (in these two situations, the server
where IPBrick was installed, shall have two network cards).

To change the network interfaces definitions, it’s necessary to click ETH0 and
ETH1.

The network cards aggregation (bonding) option can provide failover, load-
balance and link speed increase. To get a good experience with bonding the switch
were the network cards are connected must support IEEE 802.3ad Dynamic link
aggregation (Figure 8.2).
For configuration this steps must be followed:

• Have one interface (ex: eth2) present but not configured yet;

• Click at the interface to bond (ex: eth0) and choose to aggregate network
interface cards;

Reference Guide - Version 6.0 IPBRICK SA

8.1 IPBRICK 219

• Choose the NIC’s MAC addresses of eth0 and eth2 interfaces;

• Click Modify, so the eth0 will be bounded with eth2 and became only one
interface - eth0.

NOTE: The private interface is the first network card detected by IPBrick in
the server where it was installed. If the server has a second network card, this shall
be configured as a public interface. The firewall is already configured by default
with specific rules to recognize the ETH0 as a private interface and ETH1 as a
public interface. If the server has more network cards (ETH2, ETH3...), they shall
be considered as private;
NOTE: The ethernet cards MAC address should be associated to all the in-
terfaces, so when the server reboots the interfaces will be always associated to the
same NIC.

Default route
This menu allows to define the gateway of IPBrick.

If IPBrick works as an Intranet server (IPBrick.I), the address to put in this

field is the address of the equipment which makes the access to the Internet. This
equipment may be, for example, a Communications IPBrick or a router. The gate-
way IP address shall have to be the address of that same IP network configured
in the private interface, the ETH0. For instance, if the private interface has the
IP address 192.168.1.1, the gateway IP address shall have to be 192.168.1.x. The
interface to choose to configure the gateway is ETH0.

If IPBrick works as a Communications server (IPBrick.C) or if it accumulates

the Intranet and Communications functions (IPBrick.I + IPBrick.C), the address
to put in this field is the internal address of the equipment that accedes to the
Internet, for example, a router. In this case, the gateway IP address shall have to
be the address of that same IP network configured in the public interface, ETH1.
The interface to choose to configure the gateway is ETH1.

To change the Gateway definition is necessary to click Modify. An example

can be viewed at Figure 8.1

8.1.2 System Information

As you can see in Figure 8.3 , here you shall receive crucial information about
the system, from the use of the network, information of the hardware, use of
memory or archive systems.

8.1.3 Web Access

This section allows the access and license management of IPBrick (Figure 8.5).

IPBRICK SA Reference Guide - Version 6.0

220 Advanced Configurations

Figure 8.1: Advanced Configurations - Definitions

Figure 8.2: Advanced Configurations - Bonding

Access definitions
• Login: admin;

• Password: 123456.

The login admin and respective password refer, uniquely and exclusively, to
the authentication used to access IPBrick through the web interface and both can
be altered. To edit them it’s necessary to click on Change.
Note: In contrast with the Administrator user this login has no work area
in IPBRICK.

Language definition
IPBRICK is currently available in five languages:

Reference Guide - Version 6.0 IPBRICK SA

8.1 IPBRICK 221

Figure 8.3: Advanced Configurations - System Information - 1/2

Figure 8.4: Advanced Configurations - System Information - 2/2

• Portuguese;

• English;

• Spanish;

• French;

• German.

In this section it’s possible to change the language in IPBRICK (Figure 8.6). To
make this change, it is necessary to click on Modify, select the prefered language
and afterwards click on Apply Configurations so that the alterations become
effective.

IPBRICK SA Reference Guide - Version 6.0

222 Advanced Configurations

Figure 8.5: Advanced Configurations - Web Access

Figure 8.6: Advanced Configurations - Language

External WEB access

To access the IPBrick configuration interface through the Internet (External

Web Access), is necessary to click Change and choose ”Yes” (Figure 8.5). You
should also activate the HTTPS service to the Internet. It is also necessary to do
this:

• Activate the HTTPS for Internet (IPBrick.C - Firewall - Services and

choose Active in the State;

• If the IPBrick is connected to the router internal interface (without public

address), is necessary in router to do a DNAT to the port 443 for the IPBrick;

IPBrick license

This section is about the licensing process of IPBrick. When installing IPBrick,
you will have a trial license of 30 days of use. When this license expires, the server
will remain reachable, since all network settings are kept, but the majority of ser-
vices will not be available until a permanent license is activated.

Reference Guide - Version 6.0 IPBRICK SA

8.1 IPBRICK 223

To install a permanent license it’s necessary to click on the option Download

server identification for license generation and send the file.dat to [email protected]
asking for license activation. You need to speciffy this information:

• Company name;
• Some information about the IPBrick server type (Intranet, Communication
or VoIP server);

After receiving the answer (with an attached file) from [email protected],

you will no longer need to cancel temporary license, just insert the file received (it
will be licence.dat), and the license will stay permanent.

8.1.4 Authentication
From the moment the user is created in IPBrick, there shall be a register in
the database of the authentication server - LDAP1 . LDAP is defined as a directory
service where the information, relating to the computer resources of the company
and its users, is kept. Whenever an user intends to authenticate in a certain service
with his/her username and password, the IPBrick LDAP database is consulted to
validate or not the access.

Modify
IPBrick allows several authentication modes and it is configured by default for
all the users to authenticate themselves in their own IPBrick (Figure 8.7):

• IPBrick Master: Default Mode. All the services in the server shall use the
LDAP server;
• Secondary Master IPBrick: Used only under High availability license. See
Appendix E for details.
• IPBrick Slave: LDAP server shall be a synchronized replica of the indi-
cated IPBrick Master server, and this mode is used in a scenery with several
servers. The users may authenticate themselves in this server, once there is a
temporized synchronization of the LDAP database with the IPBrick Master,
but there is no possibility to add users. In networks with a high number
of users where there are several authentications, it is useful the use of slave
authentication servers thus avoiding a congestion in the IPBrick Master net-
work segment. This scenery is also of a great use in networks geographically
distributed (Figure 8.8);
• IPBrick Client: The services authenticate remotely in the indicated LDAP
IPBrick server. In this case, there is no local database copy, and it is nec-
essary to specify the IPBrick Master/Slave server. Normally, this way of
authentication is used in a IPBrick.c in the extent of VPN, PPTP and Proxy
services (Figure 8.9);
1
Lightweight Directory Access Protocol

IPBRICK SA Reference Guide - Version 6.0

224 Advanced Configurations

• Netbios Client: It is possible to IPBrick to become a part of the domain

managed by a server previous to Windows 200x to use the NetBIOS protocol.
In a network like this, the users continue to authenticate themselves normally
in the Windows machine.

• AD Domain Member (IPBrick Master): IPBrick is a member of a domain

managed by a Windows Active Directory server. The users of the network
need, as always, to authenticate in AD;

• AD Domain Member (IPBrick Slave): The IPBrick Slave is also going to

be a member of a AD domain, acting as a secondary IPBrick server. The use
of a Slave IPBrick as a member of a AD domain may be particularly useful in
the case of secondary email servers, always implying the existence of another
IPBrick server configured as a member of the AD domain - Master IPBrick .

NOTE: After changing the IPBrick authentication mode, during the Apply
Configurations, the IPBrick will reboot automatically.

NOTE: At a Slave/Client IPBrick, the myipbrick virtualhost will be automat-

ically configured with reverse proxy to the Master IPBrick.

Figure 8.7: Advanced Configuration - Authentication modes

Figure 8.8: Advanced Configuration - Authentication - IPBrick Slave

Distributed Filesystem

Reference Guide - Version 6.0 IPBRICK SA

8.1 IPBRICK 225

Figure 8.9: Advanced Configuration - Authentication - IPBrick Client

The users nay be physically distributed by the Master/Slave servers. Mean-

while, the centralized information system - LDAP has the information about the
physical location of each account. A NFS (Network File System) service makes
available the accounts of the users through the network. The Automount service
combines the LDAP information with NFS and makes automatically available the
accounts of the users virtually in any other Master/Slave server. IPBrick allows
the integration with authentication servers running in Windows operating sys-
tems, namely previous Windows 200x machines (NetBIOS authentication) and
after Windows 200x machines (authentication via Active Directory).

Automount
LDAP is a directory service where the relevant information of a company is
kept: Users, computer resources, contacts, etc. The Automount service combines
the LDAP information with NFS and makes automatically available the accounts
of the users virtually in any Master/Slave server.

In the Netbios authentication, the authentication server has not as a base a

LDAP service. In this configuration, IPBrick uses its own LDAP server as an
auxiliary member for the other services. In the authentication mode member
of the AD domain, the authentication server is a LDAP implementation. All
IPBrick services are configured to use this LDAP server. However, it is necessary
to extend the structure of this LDAP server to support the requisites of IPBrick
server, namely the UNIX/Linux credentials and the Automount information.
NOTE: At www.eshop.ipbrick.com - Downloads  Documentation  Other
documentation there is a document about the integration of IPBrick as a member
of an AD domain as well as necessary files for this procedure (you will have to be
registered at our eshop for the Download section to be available).

Servers

In that option all the servers registered at Master LDAP are presented by the
IP, FQDN and the authentication type (Figure 8.10).

IPBRICK SA Reference Guide - Version 6.0

226 Advanced Configurations

Figure 8.10: Advanced Configuration - Authentication - Servers list

Compatibility Mode

The Compatibility Mode enables you to operate a server cluster with a client
IPBRICK v6.0 and a master IPBRICK v5.x, but before enabling the compatibility
mode, you have to ensure that the IPBrick v6.0 is a Master server.

IMPORTANT NOTE: Any change to the status of the Compatibility Mode

(Enable or Disable) requires that the IPBRICK v6.0 always be a Master server

Procedure

Enable the Compatibility Mode on IPBrick v6.0 at:

Advanced Configurations > Authentication

Figure 8.11: Advanced Configurations - Authentication

Click on the Compatibility Mode link.

Figure 8.12: Compatibility Mode link

Click on the Modify link.

Reference Guide - Version 6.0 IPBRICK SA

8.1 IPBRICK 227

Figure 8.13: Modify Link

Enable the mode and click on the Modify button.

Apply Configurations (ATTENTION: Applying configurations will reboot IP-

Brick!)

Figure 8.14: Apply Configurations

Configure the IPBrick v6.0 as a Client of the IPBrick v5.X at:

Advanced Configurations > Authentication

Figure 8.15: Advanced Configurations - Authentication

Figure 8.16: Authentication Page

Apply Configurations (ATTENTION: Applying configurations will reboot IP-

Brick!)

IPBRICK SA Reference Guide - Version 6.0

228 Advanced Configurations

Figure 8.17: Apply Configurations

8.1.5 High Availability

At the High Availability (HA) page you can check straight away your system’s
status, this is where you will be able to configure the HA definitions and check
both the System State and connected Interfaces (Figure 8.18). For more informa-
tion regarding High Availability please consult Appendix E of this document.

To alter the settings please click on Modify. A new page will appear (Figure
8.19)

Figure 8.18: Advanced Configuration - IPBrick - High Availability

Reference Guide - Version 6.0 IPBRICK SA

8.1 IPBRICK 229

Figure 8.19: High Availability - Modify

• Authentication type (eg IPBrick Master, Secondary Master IPBrick, ...);

• Mode: ’Active/Passive’, ’Active/Active’ or ’N/A’
– ’Active/Passive’: when there is only an HA interface on one server;
– ’Active/Active’: when there are at least two HA interfaces configured
on different servers (note: that this mode is not possible to use failover
switches! );
– N/A - Not applicable or Not available
• Keep-Alive interfaces: interface through which the HA service will commu-
nicate between servers (by default will set the eth0 and eth1, if the latter
exists).
• Auto Failback: With this option enabled, after a failure, the HA interface
that changed server, will return to the original server;
• Fail detection timeout: By default: 10 seconds;
• Initial fail detection timeout: By default: 120 seconds;
• Connectivity nodes: Click on Add to insert a node’s IP address. You will
also be able to Remove it;
• High availability state (eg. Disabled, Enabled or N/A) says the state of
the heartbeat in the system (even when the active HA, for any reason the
heartbeat may be giving error)
• Server state (eg. Standby, Active or N/A) - Depending on the state it’s
possible to acquire or free resources (note that if you are in Active/Active
mode it will be possible that two buttons are visible)
• High Availability Interfaces - Table showing the HA interfaces
• Failover switches available - Table showing the failover switches available
Note: At Advanced Configurations > Telephony > Failover switches you
may also visualize the switches available.

IPBRICK SA Reference Guide - Version 6.0

230 Advanced Configurations

Alert Definitions
At the top right corner you will have available the Alert Definitions link.
These ’alerts’ are warnings that will be submitted to you should any HA IP fluc-
tuation has occurred, whether by machine failure or human hand.

IP fluctuation basically means that should one machine fail, another one will
assume its virtual IP. If you click on the Alert Definitions link a new page will
appear (Figure 8.20) where you will visualize the Source and Destination email
addresses. By default, no address is set. You should click on Modify to add both
email addresses. (Figure 8.21)

NOTE: The mechanism for failure detection is based on network and service
failure (valid only for the VoIP service).

Figure 8.20: High Availability - Alert Definitions

Figure 8.21: High Availability - Alert Definitions - Address definitions

8.1.6 Update
All available updates in the Downloads section of our eshop should be installed
here. All you have to do is click on Insert, choose the update file (.deb) by clicking
on Browse confirm the package by clicking on the Insert button. The package
will then be installed in the system (Figure 8.22).

8.1.7 Remote Management

The remote management feature enables you to install updates, perform mass
operations (insert users, phones, prefixes and routes) and monitor the IPBricks
status, via the Remote Manager Server web interface.

Reference Guide - Version 6.0 IPBRICK SA

8.1 IPBRICK 231

Figure 8.22: Advanced Configurations - Update

Choose an IPBrick to install the ipbmanager.deb file. The procedure is exactly

the same as installing an IPBrick update (please consult the 8.1.6 section of this
document for more information).

NOTE: Please don’t forget to apply configurations!

To add the URL of the IPBrick Remote Manager server click on Insert (Figure
8.23).

Figure 8.23: Remote Management

Add the IPBrick Manager Server URL (eg: ipbmanager.domain.com). At

URL Address it’s also possible to select between http and https protocol (Figure
8.24).

NOTE: Repeat this procedure on ALL IPBricks you wish to remotely manage,
including the one where you have installed the ipbmanager.deb package

Figure 8.24: Remote Management Insert page

IPBRICK SA Reference Guide - Version 6.0

232 Advanced Configurations

Confirm the changes by clicking on the Apply button.

Click on the Test Connection button to check the connectivity.

Figure 8.25: Test Connectivity

8.2 Network
In this section we’ll address the advanced configuration of services related to
the structure of the organization’s network. It will be possible to define specific
rules at firewall, to add static routes for other internal networks (or external), to
define rules and priorities in the QoS service as well the configuration of service
routing at firewall.

8.2.1 Firewall
This section deals with the IPBRICK firewall management. Some of the pre-
defined rules were already mentioned in the section Firewall in the chapter IP-
Brick.C (rules that can’t be changed by the user, only deactivated). In the mean-
time the configuration of some other services demands some other rules. These
rules can only be managed in part by the user in the Order section. Nevertheless,
IPBRICK offers the administrator an advanced interface for the firewall manage-
ment. There, he can define a group of rules with high personalization (Figure
8.26).
Here you have links to:
• Insert new rules in advanced mode;
• Delete already inserted rules
• Order: Interface to order all the rules that exist in the firewall (Figure 8.30).
This option is particularly important when new rules are created. Because
the first rules the firewall does the matching will be the first to use. Then,
more specific rules should be at the top and general should be at the bottom.
You can insert three types of rules:
• DNAT Rule: Redirects the traffic that comes to a port to another port/machine
of the internal network. That rule here is only for TCP traffic (example at
Figure 8.29);

Reference Guide - Version 6.0 IPBRICK SA

8.2 Network 233

Figure 8.26: Network - Firewall

• Disable machine access: It defines the denial of access to a port of defined

network machine (example at Figure 8.28);

• General settings: Here you can add a completely personalized rule (ex-
ample at Figure 8.27). These are the affected fields:

– Rule:

INPUT: Data received by the firewall that aim the recipient

interface no matter their origin;
OUTPUT: Data sent by the firewall;
FORWARD: Redirects traffic from an interface to another;
PREROUTING: Is used to change IP packets arriving to the
machine before the routing decision;
POSTROUTING: Is used to change IP packets arriving to the
machine after the routing decision;

– Interface: You should choose which interface to apply the rule (eth0,
eth1, eth2... and the loopback interface - lo);
– Protocol: Protocol(s) to which you want to apply the rule;
– Module: Shows the list of iptables modules available for use;
– Source MAC Address: The packet source’s MAC Address;
– Source IP: Source IP Address of the packet;
– Origin port: Source port of the packet;
– Destination IP: Destination IP address of the packet;
– Destination port: Destination port of the packet;
– Parameters: 16 bits field that exists in the original IP packet - it is
used to identify the type of packet to filter. Examples:

IPBRICK SA Reference Guide - Version 6.0

234 Advanced Configurations

! --syn
--state INVALID
--state ESTABLISHED,RELATED
--icmp-type echo-request
– Policy:
ACCEPT: To accept a packet and let it pass the firewall rules;
DROP: Doesn’t accept the packet and eliminates it;
MARK: Saves a mark in the packet. These marks can be used to make
decisions at the forwarding level;
LOG: Saves a log of every packet that folows the rule.

– If the PREROUTING rule is used, there are the following extra policies:
REDIRECT: Used to redirect the traffic arriving from a port to
another port;
DNAT: it allows to redirect the traffic arriving at a certain
port to another machine and port belonging to the internal
network
– If the POSTROUTING rule is used, there are the following extra poli-
cies:
MASQUERADE: It allows to ’mask’ the traffic
SNAT: It allows to redirect the traffic generated in a certain
port to another machine and port.
TCPMSS: It changes the MSS field (maximum packet size) from the
TCP header. It just can be used to TCP SYN or SYN/ACK
packets because is just used in the beginning of
conections.

The rules that are defined by default can’t be eliminated, but can be deactivated
by clicking in the state of the rule and change the Deactivate option.
At body there’s a list of all the rules controled by the user (Figure 8.26). A
rule can be switched between enabled and disable state. To eliminate rules is
necessary to click Delete, select the rule or rules that you want to remove and
click the button Delete. The rules defined by default cannot be deleted, however
they can be deactivated, all you have to do is click the state of the rule and change
the option to disable.

8.2.2 Route management

When there are several distributed networks separated by some routers in an
organization, and if you want to give IPBrick access to all of them, you must
indicate the gateway for that network (Figure 8.31).
The following fields are present:

• Destination network: Network to access;

Reference Guide - Version 6.0 IPBRICK SA

8.2 Network 235

Figure 8.27: Network - Firewall - General settings rule

Figure 8.28: Network - Firewall - Disable access rule

• Mask: Mask of the destination network;

• Interface: IPBrick interface with connectivity to the destination network;

• Gateway: Router/server IP with connectivity to the destination network.

IPBRICK SA Reference Guide - Version 6.0

236 Advanced Configurations

Figure 8.29: Network - Firewall - DNAT rule

Figure 8.30: Network - Firewall - Order

8.2.3 QOS
The QoS service2 (Figure 8.32) in IPBrick allows the customization of traffic
priority levels, oriented to the external interface, thus assuring a certain level of
quality of the service for the final user. It is importnt to indicate immediately the
value of the band width available in the connection for the internet. From these
data we can establish priority rules among the several types of traffic in a network.
for example: instead of the internet connection being entirely occupied by the
email service, limit the band width given to that service and assure a minimum
value for the web traffic.

At the Body we have the list of the available Public Interfaces (normally
ETH1) and the state of the service for each network card. Clicking the state allows
2
Quality of Service

Reference Guide - Version 6.0 IPBRICK SA

8.2 Network 237

Figure 8.31: Network - Route management

to move between active and inactive. Clicking the network plate allows to
accede the management formulary of that service (Figure 8.32).

Figure 8.32: Network - QoS management

In Generic Configurations (Figure 8.33) is possible to define which maxi-

mum band width is allowed for download and upload.
In section Structure there are three classes of defined priorities, each one of
them already with predefined filters. It is possible to define new filters for each
priority class, specifying the following fields:

• Types of filter: ACK type (confirmation of packets reception) or General;

• ToS3 :

– Minimizes the delay;

– Maximizes debit;
– Maximizes reliability;
– Minimizes the cost;
– Minimizes the cost;

• Protocol: Type of protocol to apply in the filter;

• Source IP;
3
Type of Service

IPBRICK SA Reference Guide - Version 6.0

238 Advanced Configurations

• Source Port;

• Destination IP;;

• Destination Port.

The Priority Class 1 has always maximum priority, and the traffic is defined in
Priority Class 3, the less importnt.

Figure 8.33: Network - QOS - General Configurations

8.2.4 Service Routing

IPBrick allows to route the traffic of several network services to different output
interfaces. A communication server may be routing the SMTP traffic to a certain
ISP router and the web traffic to another (example at Figure 8.34). The definition
of gateways is made through the following fields:

• Name: The name of the new access to the internet;

• IP address: Internal router IP responsible for that access - Gateway;

• Tag in the firewall: Automatically attributed.

After defining a Destination, it’s necessary to add specific rules in the firewall so
that the routing of desired services becomes a reality. It will be presented firewall
configuration examples for:

• Using the new access to send and receive email;

• Using the new access for web traffic;

Reference Guide - Version 6.0 IPBRICK SA

8.2 Network 239

Figure 8.34: Network - Service Routing

Mail service example

In this case, the new Internet Access (eth2) will be used for the mail service,
including incoming and sending (port 25). This rules should by inserted:

1. Rule to masquerade the outgoing traffic for the eth2 interface;

• Type: General configuration;

• Rule: POSTROUTING;
• Interface: eth2;
• Protocol: ALL;
• Module: Leave blank;
• Source IP: Leave blank;
• Origin port: Leave blank;
• Destination IP: Leave blank;
• Destination port: Leave blank;
• Parameters: Leave blank;
• Politics: SNAT;
• Value: eth2 IP;

2. Rule that accepts incoming traffic for the port 25:

• Type: General configuration;

• Rule: INPUT;
• Interface: eth2;
• Protocol: TCP;
• Module: Leave blank;
• Source IP: Leave blank;
• Origin port: Leave blank;

IPBRICK SA Reference Guide - Version 6.0

240 Advanced Configurations

• Destination IP: Leave blank;

• Destination port: 25;
• Parameters: Leave blank;
• Politics: ACCEPT

3. Rule to allow the replies for port 25 by the Internet mail servers:

• Type: General configuration;

• Rule: INPUT;
• Interface: eth2;
• Protocol: TCP;
• Module: Leave blank;
• Source IP: Leave blank;
• Origin port: 25;
• Destination IP: Leave blank;
• Destination port: Leave blank;
• Parameters: ! --syn;
• Politics: ACCEPT

4. Rules to forward outgoing Internet SMTP traffic for eth2

• Type: General configuration;

• Rule: OUTPUT;
• Interface: eth1;
• Protocol: TCP;
• Module: Leave blank;
• Source IP: eth1 IP;
• Origin port: Leave blank;
• Destination IP: ! eth1 IP;
• Destination port: 25;
• Parameters: Leave blank;
• Politics: MARK;
• Value: 1 (firewall tag);

5. Rules to forward outgoing SMTP traffic with origin in IPBrick for the new
interface (eth2);

• Type: General configuration;

• Rule: OUTPUT;

Reference Guide - Version 6.0 IPBRICK SA

8.2 Network 241

• Interface: eth1;
• Protocol: TCP;
• Module: Leave blank;
• Source IP: eth2 IP;
• Origin port: 25;
• Destination IP: ! eth1 IP;
• Destination port: Leave blank;
• Parameters: Leave blank;
• Politics: MARK;
• Value: 1 (firewall tag);

6. Rule to forward traffic with origin in LAN and destination the port 25 in
Internet (only when is used a external SMTP account)

• Type: General configuration;

• Rule: PREROUTING;
• Interface: eth0;
• Protocol: TCP;
• Module: Leave blank;
• Source IP: LAN IP;
• Origin port: Leave blank;
• Destination IP: ! eth1 IP;
• Destination port: 25;
• Parameters: Leave blank;
• Politics: MARK;
• Value: 1 (firewall tag);

Web access example

In this case, the new Internet Access (eth2) will be used for the LAN web access
that will be redirected to the new interface:

1. Rule to masquerade the outgoing traffic for the eth2 interface;

• Type: General configuration;

• Rule: POSTROUTING;
• Interface: eth2;
• Protocol: ALL;
• Module: Leave blank;

IPBRICK SA Reference Guide - Version 6.0

242 Advanced Configurations

• Source IP: Leave blank;

• Origin port: Leave blank;
• Destination IP: Leave blank;
• Destination port: Leave blank;
• Parameters: Leave blank;
• Politics: SNAT;
• Value: eth2 IP;

2. Rule to allow the replies for port 80 by the Internet web servers:

• Type: General configuration;

• Rule: INPUT;
• Interface: eth2;
• Protocol: TCP;
• Module: Leave blank;
• Source IP: Leave blank;
• Origin port: 80;
• Destination IP: Leave blank;
• Destination port: Leave blank;
• Parameters: ! --syn;
• Politics: ACCEPT

3. Rule to allow the replys for port 443 by the Internet web servers:

• Type: General configuration;

• Rule: INPUT;
• Interface: eth2;
• Protocol: TCP;
• Module: Leave blank;
• Source IP: Leave blank;
• Origin port: 443;
• Destination IP: Leave blank;
• Destination port: Leave blank;
• Parameters: ! --syn;
• Politics: ACCEPT

4. Rule to forward traffic with origin in LAN and destination the port 80 in
Internet (only when the proxy is not used!)

Reference Guide - Version 6.0 IPBRICK SA

8.2 Network 243

• Type: General configuration;

• Rule: PREROUTING;
• Interface: eth0;
• Protocol: TCP;
• Module: Leave blank;
• Source IP: LAN ip;
• Origin port: Leave blank;
• Destination IP: ! eth1 IP;
• Destination port: 80;
• Parameters: Leave blank;
• Politics: MARK;
• Value: 1 (firewall tag);

5. Rule to forward traffic with origin in LAN and destination the port 443 in
Internet (only when the proxy is not used!)

• Type: General configuration;

• Rule: PREROUTING;
• Interface: eth0;
• Protocol: TCP;
• Module: Leave blank;
• Source IP: LAN network;
• Origin port: Leave blank;
• Destination IP: ! eth1 IP;
• Destination port: 443;
• Parameters: Leave blank;
• Politics: MARK;
• Value: 1 (firewall tag);

6. Rule to forward traffic with origin in a machine conected to the LAN using
VPN PPTP and destination the port 80 in Internet (only when the proxy is
not used!)

• Type: General configuration;

• Rule: PREROUTING;
• Interface: ppp+;
• Protocol: TCP;
• Module: Leave blank;

IPBRICK SA Reference Guide - Version 6.0

244 Advanced Configurations

• Source IP: LAN IP;

• Origin port: Leave blank;
• Destination IP: ! eth1 IP;
• Destination port: 80;
• Parameters: Leave blank;
• Politics: MARK;
• Value: 1 (firewall tag);

7. Rule to forward traffic with origin in a machine conected to the LAN using
VPN PPTP and destination the port 443 in Internet (only when the proxy
is not used!)

• Type: General configuration;

• Rule: PREROUTING;
• Interface: ppp+;
• Protocol: TCP;
• Module: Leave blank;
• Source IP: LAN IP;
• Origin port: Leave blank;
• Destination IP: ! eth1 IP;
• Destination port: 443;
• Parameters: Leave blank;
• Politics: MARK;
• Value: 1 (firewall tag);

8. Rules to forward outgoing Internet web http traffic for eth2:

• Type: General configuration;

• Rule: OUTPUT;
• Interface: eth1;
• Protocol: TCP;
• Module: Leave blank;
• Source IP: eth1 IP;
• Origin port: Leave blank;
• Destination IP: ! eth1 IP;
• Destination port: 80;
• Parameters: Leave blank;
• Politics: MARK;

Reference Guide - Version 6.0 IPBRICK SA

8.3 Support services 245

• Value: 1 (firewall tag);

9. Rules to forward outgoing Internet web https traffic for eth2:

• Type: General configuration;

• Rule: OUTPUT;
• Interface: eth1;
• Protocol: TCP;
• Module: Leave blank;
• Source IP: eth1 IP;
• Origin port: Leave blank;
• Destination IP: ! eth1 IP;
• Destination port: 443;
• Parameters: Leave blank;
• Politics: MARK;
• Value: 1 (firewall tag);

NOTE: To route other services for the new internet access (local and remote
port), the idea is the same.

8.3 Support services

8.3.1 LDAP

Figure 8.35: Support Services - LDAP

In this section a list is presented of the machines registered in the LDAP service
of IPBrick. To insert a new machine in the LDAP domain of IPBrick it’s necessary
to click Insert. It is also possible to Modify or Delete LDAP registers.

The insertion of machines in LDAP from here can be very useful, when there
are IP networks different from the internal interface of IPBrick, since there is no
need to indicate the IP.
Mass Operations for machines
The Export feature will export all the data to a .csv file. The Mass operations
option permits an import of a .csv file. You can edit a .csv file in a spreadsheet
application, choosing the ; to split the columns. When doing an export we can
see all this fields present:

IPBRICK SA Reference Guide - Version 6.0

246 Advanced Configurations

• action: Options available:

– I: To insert a machine record in LDAP;

– U: To update a machine record in LDAP;
– D: To delete a machine record in LDAP;

• uidnumber: LDAP field that identifies the resource. Usually machines begin
with UID 50000.

• name: Machine name;

Example of a .cvs file content for mass operations import option:

action;uidnumber;name
N;50000;pc01
N;50001;pc02
I;50002;pc03
I;50003;pc04
I;50004;pc05

8.3.2 DNS
DNS4 is a name resolution service that translates domain names into IP ad-
dresses and vice-versa, and it is implemented in IPBrick by the software Bind using
port 53 UDP/TCP. The majority of queries consists of a simple UDP request by
the client, followed by a UDP answer of the server. There are two situations where
the TCP is used: when the data to be sent by the user exceed 512 bytes or at
the transference of zones. Some operating systems like HP-UX, for example, even
adopt DNS implementations always using TCP, thus increasing reliability.

The service acts like a database with information about the connections of a
IP network, and that information is organized into domains. The used notation
represents FQDN5 :

servername.company.region

Being the ”servername.company.region” the FQDN, the ”company.region” des-

ignated as the domain, ”company” the sub-domain and ”region” the top domain
(Top Level Domain), which is administrated by an entity denominated ICANN6 .
A DNS server generates a database about a certain part of the domain, what is
normally designated by zone, and there are two different types of servers that:

• master: It obtains the data from a zone which it manages from its own
database;
4
Domain Name System
5
Fully Qualified Domain Name
6
Internet Corporation For Assigned Names and Numbers

Reference Guide - Version 6.0 IPBRICK SA

8.3 Support services 247

• slave: It obtains the data from the primary master, existing one or more
in a network. Whenever there are changes in the configuration of the areas
served by the master, this server is always notified, proceeding to the update
of database.

So we can have master DNS servers, also called primary, and slave DNS servers
that can be named as secondary too. Regardless of being master or slave in a zone,
a server can have different purposes:

• internal DNS server: A internal DNS server (master or slave) serves pri-
vate domains and resolve names at private IP’s. They stay inside the LAN
and normally the service is running at the same server that is PDC. Example:
pc01.domain.com - 192.168.0.25. At IPBrick context, it will be a IPBrick.I;

• public DNS server: A public DNS (master or slave) serves only public do-
mains and resolve names at public IP’s that are well known at the Internet.
They can stay at company’s network DMZ, but usually the public DNS server
of a domain is managed by the company ISP or some hosting company in
Internet. Example: www.ipbrick.com -¿ 80.251.163.69. At IPBrick context,
a IPBrick.G/SEC/GT can be as public DNS server of some domain. It’s
not a good policy to have a unique server managing the same domain with
internal records and public records.

The DNS server also allows the resolution of names in a reverse mode, that is,
answer with the name (FQDN) from a certain IP address. This device allows the
confirmation of the authenticity of an IP address, important aspect in the email
service.

Domains
This is the main section of DNS configuration. Here you can handle the do-
mains managed by the server and their respective DNS records like, machines,
alias, mail exchange records etc. By default the following zones are presented:

• Forward zone: This type of zones have the name-¿IP address mapping,
and are the most used ones. By default, IPBrick serves the forward zone
domain.com;

• Reverse zones: This type of zones can map IP address-¿ names and are
mostly used by public e-mail servers, for authenticity verification. By defaut
IPBrick serves the reverse zone 192.168.69.0/24;

You can access the interface management of these zones by clicking on one of
them. (Figure 8.39 and Figure 8.40)

Clicking on the Insert link a new domain will be served by IPBrick (Figure
8.36)

IPBRICK SA Reference Guide - Version 6.0

248 Advanced Configurations

Insert a new zone At top menu you have a link to get Back to the previous
list and cancel the current process of introducing a new zone. At body you see a
register form for forward and/or reverse name (Figure 8.41) resolution zones. You
find the following definitions:

1. Domain: Name of the new zone to create; e.g. companyx.com; porto.companyx.com;

easylinux.com;

2. Network: The associated IP network for which you are going to create reg-
istrations. This is used only for reverse name resolution records (PTR7 );

3. Zone type: Field that allows you to create a master or secondary zone. A
secondary zone is a copy of another DNS server master zone;

4. Server: Name of the machine that will serve8 this domain (e.g. ipbrick.domain.com)
(this field is only applied on master zones);

5. Email: E-mail of the responsible for this domain. This e-mail is registered
in the DNS under the name of the administrator for this domain (this field
is only applied on master zones);

6. Refresh time: The time of a secondary zone to see if there are any changes
in the master zone (this field is only applied on master zones);

7. Transfer retry time: The time a secondary zone has to wait to retry the
connection to the master zone, that is, if the last refresh was unsuccessfully
(this field is only applied on master zones);

8. Expiry time: The time a secondary zone has to consider the dates of a zone
as valid since the last successful refresh (this field is only applied on master
zones);

9. Default time-to-live the time in which the other DNS servers have to
consider the dates of this zone as valid (this field is only applied on master
zones);

10. Master servers: IP address of the master server for that zone (this field is
only applied on secondary zones);

11. Visible in the management of machines: If selected, all these defini-

tions will appear too under domain management.

If the idea is to create a sub-zone these are the necessary steps (Example:
porto.companyx.com):

• Insert a new zone at the present main menu. At domain type porto.companyx.com;

• Go to domain management of main zone companyx.com and at Name Servers

insert:
7
Pointer
8
SOA - Start of Authority

Reference Guide - Version 6.0 IPBRICK SA

8.3 Support services 249

Figure 8.36: Support Services - DNS - Name resolution zones

Domain: porto.companyx.com
Server: ipbrick.domain.com (no need to change that default field)

• Go to domain management of sub-zone and start populating it (machines,

alias, MX record...)

Domains Management To manage a domain simply click on the domain name

in the zone’s list. So in this section you control all DNS records of a selected zone.
At top you have a link to get Back to the zones list and a Domain link that guide us
to zone definitions. At body you have a list of all possible DNS records to configure,
each one with a Insert button. Now all records will be presented supposing that
we are managing the forward zone of domain.com:
• Machines: This is called the A record (address record). It’s used to map
hostnames to IP’s. E.g.:

pc01 192.168.69.96
ipbrick 192.168.69.1
slave01 192.168.69.2

So pc01.domain.com will resolve to 192.168.69.199. In order to get the

base domain domain.com associated to some IP you need to insert a machine
record like that:

domain.com. 192.168.69.1

• Aliases: This is called the CNAME record (canonical name record). It’s
an alternative name for some existing machine record (this option is only
available for a forward name resolution zone). E.g.:

webmail ipbrick
im ipbrick
contacts ipbrick
voip ipbrick
mailsrv2 slave01

IPBRICK SA Reference Guide - Version 6.0

250 Advanced Configurations

• Name Servers: It’s the NS record (name server record). Here we manage the
list of DNS servers for the zone. If a zone has master and slave servers, the
master should have that information defined here. E.g.:

domain.com ipbrick.domain.com
domain.com slave01.domain.com

Let’s suppose that the same IPBrick’s are serving other zone called easylinux.com.
So the configuration would be:

easylinux.com ipbrick.domain.com
easylinux.com slave01.domain.com

• Mail Servers: This is called the MX record (mail exchange record) and it’s
a crucial record. We can say what server or servers are the mail servers for
the present domain. You can have several registrations each with different
internal positive values. The values indicate which registration to use first.
The registration with the lowest value is always the first one to be used. The
names to be introduced here must always be the e-mail server FQDN (this
option is only available for a forward name resolution zone). For example:

10 ipbrick.domain.com
20 mailsrv2.domain.com

• VoIP Servers: It’s one SRV record (service locator) for new protocols, in-
cluding VoIP (SIP). The value to be introduced here is the FQDN of the VoIP
server (this option is only available for a forward name resolution zone). For
example:

voip.domain.com

• Instant Message Server: It’s also a SRV record for Jabber protocol and by
default the address is im.domain.com. The alias im exist by default;

The SRV records for VoIP and IM are very easy to configure if IPBrick is
the DNS server, because we only need to type the FQDN of the server. If
the private/public zones are managed by different DNS servers and we want
to use that services in IPBrick you need to really specify all the SRV records
that are being used, and pointing them to IPBrick.

Example for VoIP:

_sips._tcp.domain.com. IN SRV 1 0 5061 voip.domain.com.

_sip._tcp.domain.com. IN SRV 1 0 5060 voip.domain.com.
_sip._udp.domain.com. IN SRV 1 0 5060 voip.domain.com.

Reference Guide - Version 6.0 IPBRICK SA

8.3 Support services 251

Example for IM:

_jabber._tcp.domain.com. 86400 IN SRV 5 0 5269 voip.domain.com.

_xmpp-server._tcp.domain.com. 86400 IN SRV 5 0 5269 voip.domain.com.
_xmpp-client._tcp.domain.com. 86400 IN SRV 5 0 5222 voip.domain.com.

• Valid records for sending mail (SPF): In this field we can use the SPF
in order to specify what records are valid for mail sending. So this config-
uration here will be the IPBrick’s mail server answer to the external mail
servers that are using the SPF protection. The configuration can be done at
Basic Options (Figure 8.37):

– Registered mail servers: The domain MX records can be valid (pass),

invalid (fail) or undefined (not present at TXT record)
– Registered machines: The domain A records can be valid, invalid or
undefined;
– Domains: Other domains that are valid (corresponding to the senders
address);
– Networks: Valid sender networks;

All the rest is invalidated (mechanism -all).

Figure 8.37: Support Services - DNS - SPF basic options

After the configuration, from the Basic Options, going to Advanced Options
will present the TXT record. There it’s possible to edit directly the TXT
record, so other specific SPF mechanisms and qualifiers can be used (Figure
8.38).

TXT record example:

domain.com. IN TXT "v=spf1 a mx -all"

IPBRICK SA Reference Guide - Version 6.0

252 Advanced Configurations

Figure 8.38: Support Services - DNS - SPF advanced options

In that configuration, if someone in Internet asks for the mail authenticity,

only the mail sended by the domain MX and A records will be valid. The
rest will be invalidated.

Figure 8.39: Support Services - DNS - Zone Management 1/2

Mass Operations for machine record

The Export feature will export all the data to a .csv file. The Mass operations
option permit an import of a .csv file. You can edit a .csv file in a spreadsheet
application, choosing the ; to split the columns. When doing a export we can see
all the fields present:

• action: Options available:

– I: To insert a machine record in DNS;

– U: To update a machine record in DNS;
– D: To delete a machine record in DNS;

• idzone: Zone identifier;

• zonename: Zone name;

• iddnsina: A record identifier;

Reference Guide - Version 6.0 IPBRICK SA

8.3 Support services 253

Figure 8.40: Support Services - DNS - Zone Management 2/2

Figure 8.41: Support Services - DNS - Reverse zone

• name: A record name;

• ip: A record IP;

• addtorev: Option to add the record or not to reverse DNS zone. Value 1
yes, 0 no.

Example of a .cvs file content for mass operations import option:

action;idzone;zonename;iddnsina;name;ip;addtorev
N;1;domain.com;1;ipbrick;172.29.1.154;1
N;1;domain.com;2;pc2;172.29.1.32;1
I;1;domain.com;3;pc3;172.29.1.33;1
I;1;domain.com;4;pc4;172.29.1.34;1

IPBRICK SA Reference Guide - Version 6.0

254 Advanced Configurations

Note: The private reverse zones can exist at DNS LAN servers, but the public
reverse zones are maintained at .arpa9 . The configuration of that public zones
are configured at ISP DNS servers, so all the costumers public IP’s can be mapped
to the respective FQDN. It’s called a PTR record and actually they became very
important, because the number of mail servers that make that reverse zone ver-
ification is increasing. Example: Mapping the IP 195.23.45.33 with name ip-
brick.companyx.com. The ISP will insert a record like that:

33.45.23.195.in-addr.arpa. IN PTR 195.23.45.33

Forwarders
If a DNS server receives a request for a domain which he neither serves nor has
in cache, then the server has to forward this request to other DNS servers in the
Internet. The forwarders should be the nearest ones, normally the DNS servers
of ISP. If the forwarders field is empty the DNS still working because the server
use the internet gateway to do the DNS search. If in the same network exists a
IPBrick.I and a IPBrick.C, the IPBrick.I must have the IPBrick.C eth0 address in
the forwarder field. Here you have the most appropriate interface to register the
nearest DNS servers (Figure 8.42).

Note: It is now possible to create areas that are of type forward.

Advanced Configurations -> Support service -> DNS

Figure 8.42: Support Services - DNS - Forwarders

Name Resolution
Regardless of the DNS service is being executed or not in this server, you can
configure the server to handle its DNS requests in another server. You can apply
this configuration to all server services (with the obvious exception of the DNS
server which uses its forwarders for requests he does not know). In order to make
the server use its own DNS you have to configure the IP address of the localhost10 ,
127.0.0.1 - by the way, its the default configuration. (Figure 8.43).

9
Internet Address and Routing Parameter Area
10
local server

Reference Guide - Version 6.0 IPBRICK SA

8.3 Support services 255

Note that if IPBrick is not resolving in its own DNS service and if we dont have
machines using IPBrick as DNS server or as a forwarder, the service is not being
used at all. In that case all zones presented at DNS - Domains submenu may even
be deleted;

Figure 8.43: Support Services - DNS - Name resolution

8.3.3 DHCP
The DHCP11 service may be defined as a protocol of dynamic attribution of
parameters for configuration of network and workstations (door 67 and 68 UDP),
an evolution of the BOOTP protocol. Basically, a DHCP client sends a broadcast
packet to a network asking an IP address, and it obtains an answer if there is a
DHCP server active in the network. The server not only attributes it an IP but
also: Network mask, route by default, DNS server and WINS server.

DHCP allows two ways of attributing the IP addresses:

• Address manual or reserve: there an association between the MAC address

of a client machine and the IP address to supply, and that machine stays
with that same IP address;

• Dynamic: the client obtains the address from a range of address previously
defined by the IPBrick administrator, for a defined period of time;

NOTE: There is a mechanism that allows to have the DHCP server in a IP

network distinct from the clients, this mechanism is known by DHCP relay. The
DHCP relay is assured by an agent installed in the post(s) present in the remote
network(s), this agent receives the DHCP clients requests and routes them to the
configured DHCP server.

Subnets
This menu permits the definition of subnets to be served and the parameters
of the network configurations to attribute to the workstations. (Figure 8.44)
At the top menu you have links to Insert new subnets, configure Redundancy
parameters and define the General Options. You also have a list of the inserted
11
Dynamic Host Configuration Protocol

IPBRICK SA Reference Guide - Version 6.0

256 Advanced Configurations

Figure 8.44: Support Services - DHCP - Subnets

subnets. Each IP is a link that displays the configuration options in each one
(Figure 8.45).

Figure 8.45: Support Services - DHCP - Subnets Definition

Insert
The Insert links allows you to introduce subnet parameters, which shall be
attributed to the clients:

• DHCP Type: Select if your DHCP server is Local or Remote.

– Local: By default, IPBRICK’s DHCP server is set to local, if you

wish to centralize a database of available IP addresses and networks
for various servers it is advised to configure the Master server as Local
DHCP and its Slave(s) as Remote.
– Remote: At the Slave server you will have to delete the local DHCP
settings and insert a remote DHCP server that will fetch its network

Reference Guide - Version 6.0 IPBRICK SA

8.3 Support services 257

settings from the local DHCP server, avoiding thus the arduous task of
configuring independently a new network.

– When you select Remote new form options will appear, where you will
have to insert the Network address, the address of your network and
the Master Server that hosts the Local DHCP server.

Figure 8.46: Remote DHCP server form

• Network Address: It allows you to indicate the address of the network and
the respective mask;

• Dynamic addresses range: Which range of addresses is reserved to at-

tribute the clients;

• Clients mask: Mask of the network to attribute the clients;

• Broadcast address: Address of broadcast to attribute the clients;

• Default lease time: Default lease time during which the address can be
lent;

• Max lease time: Max lease time of an IP address for the machines. This
value surpassed, the IP address is renewed;

• Default Gateway: Address of the gateway which will serve as the default
route (by default 192.168.69.199);

• DNS Servers: List (one per line) of the DNS servers to be used by the clients
(by default ipbrick.domain.com);

• WINS servers: List (one per line) of the WINS servers to be used by the
clients (by default ipbrick.domain.com);

• TFTP server: Define the TFTP server to be used by DHCP clients. Can be
used for example for IP phones auto provisioning;

• Image Server: This server hosts the image replication service for Linux
user stations. This way every machine can be updated without the need for
individual and manual OS updates.

IPBRICK SA Reference Guide - Version 6.0

258 Advanced Configurations

• Boot File: The boot file enables the user machine to restart via the image
server. It is the individual boot file in every Linux machine, including data
such as its MAC address. Each machine is thus identified by the image
server, which in turn will proceed with the appropriate updating procedure.
By default, the Linux boot file is: pxelinux.0

• DNS domain: Name of the domain indicated to the clients (by default do-
main.com).

Redundancy
It is possible for an IP network to configure two DHCP servers, one as main
(primary) server and the other as secondary. Normally, only the primary server
answers the requests, while the secondary one synchronizes its DB with the pri-
mary, if the primary fails the secondary shall assume its service. Communication
between the servers is made from the network ports which may be customized.
One of the ports shall be attending the connections from the secondary server and
the other one shall be attending the connections from the main server. (Figure
8.47)

Top Menu Here you have a link to get Back and Insert a new connection.
The following fields are presented in the insertion of redundancy and fault:

• Name: Name of the redundant connection;

• Settings: here you can see if the server is the primary or secondary DHCP;

• Local IP: Servers internal IP address;

• Local port: Local port where the service is running;

• Remote IP: Remote IP address from the server of the other extreme;

• Remote port: Remote port where the service in the other extreme is running;

• Max response Delay: Max time that the DHCP server can wait for a mes-
sage from the other peer. When that is out, the server assumes that the
other has failed and assumes itself as the network DHCP server;

• Max Unpacked Updates: Max Unpacked Updates (BNDUPD) non-confirmed

that the server can receive from other peer.

Reference Guide - Version 6.0 IPBRICK SA

8.3 Support services 259

Figure 8.47: Support Services - DHCP - Redundancy

General Options
This option (Figure 8.48) allows the insertion of general DHCP parameters,
which shall be attributed by default to the clients:

Figure 8.48: Support Services - DHCP - General Options

• Base domain: Domain where the DHCP is operating;

• DNS servers: DNS servers to be used by the DHCP server;

• WINS servers: WINS servers to be used by the DHCP server;

• Clients mask: Mask to be used by the clients of the DHCP service;

• Default lease time: Default lease time during which the ’lease’ of the
address is valid for the clients;

• Max lease time: Max lease time of an IP address for the machines. When
this value is surpassed, the IP address is renewed.

IPBRICK SA Reference Guide - Version 6.0

260 Advanced Configurations

• Interfaces with DHCP: eth0 - By default, YES

• Dynamic DNS updates: Update DNS dynamically - By default, NO If you
want the DNS Dynamic Update, it is necessary to choose ”Yes” in the re-
spective box. This feature is used to update dynamically a machine’s IP in
the DNS record (if that machine is not registered with its MAC address) at
Figure 8.48 you may visualize the Dynamic DNS update ’Yes’ form.

Figure 8.49: Support Services - DHCP - Dynamic DNS updates (Yes)

Note: It is possible to visualize the leases of the DHCP at:

Advanced Configurations -> Support services -> DHCP -> DHCP Leases

• DNS Server Key: Your DNS local or remote server key;

• Local DNS Server: By default this box is ticked, If it is a remote DNS
server remove the tick on this box;
• Forward zone: Click on the add button to add a Forward zone and fill with
the domain name and server IP;
• Reverse zone: Click on the add button to add your network and server IP.

Machines
Here you see a list of the registered machines with their MAC addresses in
the DHCP service. You can register the machines in Machines Management (see
section 3.2, page 26) or directly in this section (Figure 8.50).

Figure 8.50: Support Services - DHCP - Machines

Mass Operations for machines

Reference Guide - Version 6.0 IPBRICK SA

8.3 Support services 261

The Export feature will export all the data to a .csv file. The Mass operations
option permit an import of a .csv file. You can edit a .csv file in a spreadsheet
application, choosing the ; to split the columns. When doing a export we can see
all the fields present:

• action: Options available:

– I: To insert a machine in DHCP;

– U: To update a machine in DHCP;
– D: To delete a machine in DHCP;

• iddhcpmachine: DHCP machine identifier;

• name: Machine name;

• ip: Machine IP address;

• mac: Machine NIC’s MAC address;

Example of a .cvs file content for mass operations import option:

action;iddhcpmachine;name;ip;mac
N;1;maq1;172.29.1.66;AA:55:43:4A:AA:A1
I;2;maq1;172.29.1.67;AA:55:43:4A:AA:A2
I;3;maq1;172.29.1.68;AA:55:43:4A:AA:A3

DHCP leases
This page presents you with a list of all the DHCP leases (Figure 8.51).

Figure 8.51: Support Services - DHCP - DHCP Leases

IPBRICK SA Reference Guide - Version 6.0

262 Advanced Configurations

8.3.4 ENUM
The ENUM12 service allows the mapping of telephone numbers (Rule E.164)
in names associated to IP addresses, using an architecture based on the DNS ser-
vice. Those names may be from the protocol SIP, H.323, Email etc. In order to
consult the DNS, ENUM inverts the telephone numbers, giving them the prefix
e164.arpa. which is the root of the tree. This tree is delegated to all countries of
the world taking into account their codes E.164. this way, the Portuguese delega-
tion shall be the inverted 351 - 1.5.3.e164.arpa.

In IPBrick, you can define the ENUM zones where a number search can be
made. For that you’ll have to click on the connection Insert and input the ENUM
zone domain. In Order it’s possible to define which are the priority zones where
the number search shall be made. In Figure 8.54 a list of the ENUM zones may
be visualized.
Once the list of the ENUM zones is defined, where to search numbers, the
ENUM may be used in VoIP routes. Next, an example is given:

1. In IPBrick.C - VoIP - Routes Management, there is a Output Route for

Sip Servers - VoIPBuster.
There it is necessary to activate the option Activate ENUM Search in the
Route Definitions;

2. A certain user of the network calls through the SIP/PBX to number +351 253 59 31 12;

3. Automatically, a research is made in the ENUM zones specified in the present

menu for 2.1.1.3.9.5.3.5.2.1.5.3.e164.arpa, in order to obtain the cor-
respondence of that number in a certain IP address/name;

4. Supposing that the research results in the SIP address [email protected],

a SIP call is made to the address [email protected];

Figure 8.52: Support Services - ENUM

12
Telephone Number Mapping

Reference Guide - Version 6.0 IPBRICK SA

8.3 Support services 263

8.3.5 DUNDi
DUNDi is a peer to peer system for locating Internet gateways to telephony
services. Unlike traditional centralized services (such as the remarkably simple
and concise ENUM standard), DUNDi is fully distributed with no centralized au-
thority whatsoever.

Add the DUNDi servers at:

Advanced configurationsSupport ServicesDUNDi

Figure 8.53: Support Services - DUNDi

Click on Insert and type your DUNDi server’s name, MAC and IP.

Figure 8.54: Support Services - DUNDi Insert

On Outbound Routes select YES for the DUNDi lookup. The DUNDi will tell
you which extensions are on each server. When a call is placed on a server, if the
look up is active, the search is made before the call. If the reply is a different
server from the one configured in the route, the call is made to that new server.

8.3.6 File Server

Another important aspect in IPBRICK v6.0 is the change in file system char-
acter set in IPBRICK v6.0 from ISO-IEC to UTF.

If there’s an addition of a new machine to the system and backup data is copied
from the old to the new machine, conflicts may arise from this fact.

At this page you will be able to alter the encoding type of the file system.

IPBRICK SA Reference Guide - Version 6.0

264 Advanced Configurations

Figure 8.55: Support Services - File Server

Click on the Modify link to present the edit page where you will be able to
select between UTF8 (IPBRICK v6.0 default encoding) orfor compatibility reasons
you wish to select the ISO8859-15 encoding.

Figure 8.56: Support Services - File Server Edit Page

Click on the Modify button to enforce the change.

8.4 Disaster recovery

8.4.1 Configurations
All configurations done in IPBRICK through the web interface are saved in a
Postgres database. This way any changes done will only be effective in the system
after clicking on Apply Configurations.

IPBrick allows the time tracking of all configurations, because when you modify
something in the web interface and Apply Configurations, a new configuration is
locally saved. It is possible to store these configuration files in an USB pen and ad-
ditionally send them to a configurable email address. In the configuration filename
we have the date and the exact hour when a configuration was created. In short,
this configuration management allows a fast disaster recovery, in case of hardware
problems. When applying configurations if for some reason the configuation can’t
be saved, a warning message will be presented.
There is a configuration called default which is the IPBrick’s base configura-
tion immediately after install.

Reference Guide - Version 6.0 IPBRICK SA

8.4 Disaster recovery 265

Clicking on Definitions there are the following fields that can be modified on
the link Modify:

• Source address: Source address to send the notifications (by default admin-
[email protected]);

• Destination address: Email address (internal or external) were the configu-

rations are delivered (by default [email protected]). You can add
multiple destinations separated by a ;

• Message Subject: By default is Backup IPBrick ;

• Message body: Should have a description about the IPBrick server type. By
default is empty.

! Attention !: After the IPBrick installation you should always insert a USB
pen connected to server. The pen must be labeled with the name IPBRICK-D and
must be FAT32 formated.

Replace
In this section you see a list of all saved copies on the USB pen. In order to
replace a setting you just have to click over it (Figure 8.57).

Figure 8.57: Disaster Recovery - Replace configuration

⇒ Note: All services will be reconfigured when replacing a copy of the set-
tings. After the configuration of all services IPBRICK restarts automatically.

When the authentication type is IPBrick Master the replacement of configu-

rations is done normally, (ie. the configuration is replaced and the server goes into
reboot) but when the authentication type is other than IPBrick Master, a two
step procedure takes place:

• First Step: IPBrick will detect if there is connectivity with the master
at the time of the replacement of the settings. If there is, the setting is
replaced and the server reboots, ending the replacement process. If not, the
replacement process enters its first stage and the server goes into reboot, the
process will now enter its second step.

IPBRICK SA Reference Guide - Version 6.0

266 Advanced Configurations

• Second Step: If at the boot process connectivity is found, the restore

procedure enters its final stage and the server goes into reboot. If not, the
administrator receives a warning on the IPBrick’s web interface stating that
the settings were not fully restored, due to the lack of connectivity, and the
administrator is prompted to complete or cancel the replacement by clicking
on the corresponding button.

Download
This section allows you to download the copies of the configurations done to a
local computer (Figure 8.58).

Figure 8.58: Disaster Recovery - Download configuration

With this useful option you can save IPBRICK settings on another place.

Upload
In this section it is possible to upload a previously downloaded configuration
file to the server (Figure 8.59).

Figure 8.59: Disaster Recovery - Upload configuration

! Attention !: It is not possible to use setting copies in different IPBRICK

versions. The configuration files are not compatible with the different IPBRICK
versions.

8.4.2 Applications
This is a useful disaster recovering feature. When upgrading IPBrick from
version A to version B, if an old installation is detected, the following applications
will be backed up:

Reference Guide - Version 6.0 IPBRICK SA

8.5 System 267

• PostgreSQL: All the Postgres databases will be dumped, including the sites
databases;

• Mail: The emails that were in the queue will be saved;

• Security: All security apps statistics will be saved;

• VoIP: It will save all the VoIP statistics;

• IM: The Instant Messaging data and configuration will be saved.

So, all these application files are packed and saved in a folder.
Choosing the option Applications - Restore the list of available application
data backups will be shown (Figure 8.60). To restore the desired application data
backup, click on the file and then on Restore. At this moment the backup will be
restored for the new IPBrick version.

Figure 8.60: Disaster Recovery - Applications - Data backups list

Databases
It is possible to manage the daily backups of databases. There is an interface to
configure the mail admin to give notice that the backup is not made successfully.
The login postgres refers to the database that runs on port 5432.

Advanced Configurations -> Disaster recovery -> Applications -> Databases

8.5 System
Inside the System menu, we can find the options indicated in these following
points.

8.5.1 Services
In Services (Figure 8.61) you’ll find a list of several services available in IP-
BRICK. The State column shows you if the service is enabled or disabled. It is
possible to restart any service without having to restart IPBRICK.
In order to restart any service you have to:

• Change the State from Enable to Disable;

IPBRICK SA Reference Guide - Version 6.0

268 Advanced Configurations

Figure 8.61: System - Services

• Change the State from Disable to Enable;

The Start column defines the way in which each service has to start with the
server (whether after a reboot or after a period while the server was disconnected).
If you see Automatic in the Start column of a service then the service will start
automatically with the server. On the other hand, if you see Manual on the
column then the service will not start with the server. Nevertheless it can be
started manually in this menu by changing its State from Disable to Enable.
⇒ Note: Any changes in the Start column of a service will not have imme-
diate effects on the service start. The changed start will only be valid for the next
server start. On the other hand, a change in the State column has immediate
effects. That is, by changing the service state from Enable to Disable IPBRICK
stops this service.

8.5.2 Task Manager

The Task Manager shows you a list of all executed processes in IPBRICK. It
gives you information about:

• Identifier: It’s the PID13 ;

• Owner: The system user name that started the process;

• Start: The date of the process start;

• Memory: The memory percentage used by the process;

• Processor: The processor percentage used by the process;

13
Process Identifier

Reference Guide - Version 6.0 IPBRICK SA

8.5 System 269

• Process: The process that is running.

In this section it is possible to stop a certain process. Therefore you only have
to click over the option Kill Task (Figure 8.62).

Figure 8.62: System - Task Manager

! Attention !: Speaking in general, the running processes should not be

stopped in this manner. To stop a process in this interface may cause instability
in IPBRICK. In order to correctly stop services use the Services menu.

8.5.3 Date and Hour

In this menu (Figure 8.63) you can see and change the server date/hour and
the time zone. When clicking Modify this fields are presented:

• Synchronization: If Manual the date/hour will be managed by the own server.

If Automatic IPBrick will use a NTP server to remotely synchronize the
data/hour. The default one is pool.ntp.org14 ;

• Date: Only active in manual mode;

• Hour: Only active in manual mode;

• Time Zone: Choose the correct time zone.

14
Big virtual cluster of Network Time Protocol timeservers

IPBRICK SA Reference Guide - Version 6.0

270 Advanced Configurations

Figure 8.63: System - Date and Hour

8.5.4 System users

This menu (Figure 8.64) lists the System users (name and its login). If you
select one of them, it is possible to change its password as long as you know the
existing password. This is the list:

• root: Linux console superuser;

• operator: Linux console operator;

• Received Mail: User for the received mail copy functionality. The idea is
to map a IMAP account from a email client;

• Sent Mail: User for the sent mail copy functionality. The idea is to map a
IMAP account from a email client;

• antivirus: User to receive the Applications notifications for example. The

idea is to map an IMAP account from a email client;

• spam: User to receive the mails from the Anti-Spam. The idea is to map a
IMAP account from an email client;

• VoIPCDR: User for FTP access, to get the asterisk full call statistics.

The password for all of them except root is L1opardo.

⇒ Note: Do not mistake System Users for LDAP Users. A System User is
not registered in LDAP.

Figure 8.64: System - System users

Reference Guide - Version 6.0 IPBRICK SA

8.5 System 271

8.5.5 Monitoring
This section stands only for monitoring features. Main options:

• Logs: IPBrick and system logs management;

• Accesses: Monitoring for some TCP protocols;

• Traffic: Can manage all the active TCP connections;

• Alerts: Options for disk partitions and services with problems alerts;

Logs
The logs are an important tool for troubleshooting. In this menu we can:

• IPBrick Logs: Logs generated by the IPBrick. Useful in detecting any prob-
lem at the web interface layer. The most recent information is available in
Current Log. In case there are other log registrations then each of them
provides information generated by IPBRICK till their indicated date (Fig-
ure8.66);

• System Logs: Can manage some system logs (syslog, daemon.log,auth.log,

mail.*). Figure8.65:

– State: The default is disable;

– Server: If enable we can say if logs will be written locally or in a remote
machine that supports syslog daemon;
– Authorize logs from remote servers: If enable, authorize servers to
write system logs in IPBrick;

Figure 8.65: System - Monitoring - System Logs

Accesses
At Management clicking on the service name we can enable the accesses moni-
toring for SSH, FTP, VPN PPTP and SSL. By default the state is disabled (Fig-
ure8.67).
The Entries option permits the visualization of all accesses (Figure8.68). It’s
possible to filter by:

IPBRICK SA Reference Guide - Version 6.0

272 Advanced Configurations

Figure 8.66: System - Monitoring - IPBrick logs list

• IP;

• User;

• Notes:

– Connected;
– Disconnected;
– Wrong password;
– Illegal user;
– Locked;
– Timeout;
– Timeout/Locked;
– Log in attempt with root user;
– Disconnected/Timeout.

• Date;

Options available:

• Clean filters: Will clean all the chosen filters;

• Export PDF: Exports all the information to a .pdf file;

Figure 8.67: System - Monitoring - Accesses - Management

Reference Guide - Version 6.0 IPBRICK SA

8.5 System 273

Figure 8.68: System - Monitoring - Accesses - Entries

Traffic

Here all the active TCP connections are listed by this fields:

• Source IP: Remote machine that has a connection to the server;

• Source port: Port used by the source machine;

• Destination IP: Server IP;

• Destination port: Port where the source machine is connected;

• State: The default is enabled.

In Action, choose the option Block connection to finish a specific connection.

After blocking one connection it’s possible to unblock it hiting the option Unblock
connection (Figure8.69).

Figure 8.69: System - Monitoring - Traffic

IPBRICK SA Reference Guide - Version 6.0

274 Advanced Configurations

Alerts
At this page you can define if the Full partition alerts definitions and
the Send alerts of services with problems will be enabled or disabled (both
are enabled by default).

The full partition alerts will act if the partition reaches 85%. An email alert
will be delivered to the email present at Destination address. Changing the
source address notifier is possible too (Figure8.70).

The monitored services with problems are:

• Web server

• Internal system database

• Fax server

• Voice server

There’s also a protection to the VoIP service that uses the same email to notify
the system’s administrator of attacks to the VoIP service.

If more than 300 requests of an IP are made in 10 seconds, that same IP will
be blocked for 120 seconds.

Note: The same e-mail address is used regardless if the ”Send alerts of services
with problems” option is active or not.

Figure 8.70: System - Monitoring - Alerts

8.5.6 SSH
The SSH menu implements a secure connection to the IPBRICKś shell, showed
in Figure 8.71.

Reference Guide - Version 6.0 IPBRICK SA

8.5 System 275

Figure 8.71: System - SSH

The SSH (Secure Shell) is similar to the known Telnet application but more
secure because of the protocol SSL used.

Note: This function needs the installation of Java Virtual Machine. The
software is available in www.java.com. After the connection it’s necessary to make
an authentication. Therefore, you’ll need to input the following data:

• Username: operator;

• Password: L1opardo.

After that first authentication, you can enter su to login as superuser;

8.5.7 Reboot
This option allows you to reboot IPBRICK (Figure 8.72). After confirming
the reboot option, the web connection with the server is automatically stopped.
When IPBRICK restarts it is possible to establish a new https connection with
the server.

IPBRICK SA Reference Guide - Version 6.0

276 Advanced Configurations

Figure 8.72: System - Reboot

8.5.8 Shutdown
This option is to clearly shutdown IPBRICK (Figure 8.73), assuring that all
the services are terminated correctly. You should use this option, whenever it
is necessary to shutdown IPBRICK. Do not shutdown the server directly in the
power supply.

Figure 8.73: System - Shutdown

8.6 Telephony
To make possible the IPBrick’s interaction with telephone systems, you need
to install specific hardware. This hardware includes PCI cards that can be ana-
logic, RDIS BRI or RDIS PRI. Analogic cards provide the connection to telephone
networks working in analogic mode. If telephone networks are working in digital
mode (RDIS), cards may be BRI or PRI. A BRI (Basic Rate Interface) access
has three channels: Two 64kbit/s (B) for data/voice and one 16 kbits/s (D) for
control. The PRI (Primary Rate Interface) access corresponds to 30 B channels
plus one D channel in Europe - can also be designated as E1 circuit.

8.6.1 Cards
After physical configuration and installation in the machine you have to con-
figure IPBrick. To make this step you have to know how the card was physically
configured, i.e., each port configuration. After the physical installation of the
hardware, you can configure cards in the IPBrick web interface in the menu:

Advanced Configurations - Telephony - Cards

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 277

To insert click on Insert, and then indicate (as shown on Figure 8.74):

• Card type: Can be analogic, ISDN BRI or ISDN PRI;

• Manufacturer: Depending of the card type can be:

– ISDN BRI: Beronet compatible (chipset HFC);

– ISDN PRI: Digium compatible (default), Open Vox, Sangoma;
– Analog: Digium compatible (default), Open Vox.

• Port count: Number of ports;

• Port configuration: Each port can be configured to connect to the pre-

setted interfaces: PBX or PSTN. For analogic, ISDN BRI/PRI the settings
are automatically configured like this:

Analogic: Connecting to a PBX, so the card port will act as fxs

Connecting to PSTN, so the card port will act as fxo
ISDN BRI: Connecting to a PBX, so the card port will act as NT PtP
or NT PtMP
Connecting to PSTN, so the card port will act as TE PtP
or TE PtMP
(PtMP = 1 to N possible terminals. Contact the PSTN operator)
ISDN PRI: Connecting to a PBX, so the card port will act as NET
Connecting to PSTN, so the card port will act as CPE

The actual status of each port is next. Detailed explanation:

• Green: The layer 1 (physical) and layer 2 (signalling) are UP. So the port is
ready;

• Yellow: The layer 1 is UP and layer 2 is DOWN. It means a sync problem,

so probably you need to check the tx or rx settings (ISDN PRI) or the card
jumpers (ISDN BRI);

• Red: The layer 1 and layer 2 are DOWN. It means that we have a connection
problem (bad cable or no cable) or the port is damaged. Note that for a
PSTN BRI - PTMP mode, usually when no calls are active, the standby
status can be allways red;

• Red blinking: Hardware problem. You need to verify the card integrity /
jumpers configuration. It’s very rare to happen.

If no card is present or if it’s not detected, the message will be NA.

IPBRICK SA Reference Guide - Version 6.0

278 Advanced Configurations

Figure 8.74: Telephony - Cards - Insert

For each card inserted there are three options: Back, Modify and Delete.

If the port is connected to the landline (PSTN) you need to configure the
setting as TE. If the port is connected to the PBX gateway you have to configure
the PBX port and configure the setting as NT. A ISDN FAX usually behaves like a
PBX requiring the port configuration as FAX (to show this option requires a FAX
interface configuration) and configure the setting as NT. If there is a GSM interface
configured in one of the ports you have to choose it on the list and configure the
setting as TE. To configure a ISDN PRI you have to indicate if the line uses R2
protocol (protocol used for example in Brazil) and if the CRC4 is active on the
line. The PtP or PtMP depends of the telephone operator line type.
After the configuration, we can see a list with the configured cards, as visible
in Figure 8.75.

Figure 8.75: Telephony - Cards list

8.6.2 Interfaces
Interfaces represent trunks normally to non-IP world. I’ts possible to create
more interfaces than the default ones (PBX and PSTN) (Figure 8.76. Examples:
GSM ISDN or FAX’s interface. You can create them at:

Advanced Configurations - Telephony - Interfaces

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 279

Figure 8.76: Telephony - Interfaces

Menu to insert interfaces:

• Interface Name: When created, the interface will appear by that choosed
name at Local Routes and Telephony Cards port configuration;

• Interface Type: Represents the associated trunk:

– BRI PSTN: Represents the PSTN side using a ISDN BRI connection;
– BRI PBX: Represents the PBX side using a ISDN BRI connection;
– PRI PSTN: Represents the PSTN side using a ISDN PRI/E1 connec-
tion;
– PRI PBX: Represents the PBX side using a ISDN PRI/E1 connection;
– ANALOG PSTN: Represents the PSTN side using a ANALOG connec-
tion;
– ANALOG PBX: Represents the PBX side using a ANALOG connec-
tion;
– OCS: Represents the Microsoft Office Communications Server. That
interface will be used only for Local Routes. For that interface type
two extra fields are present:
∗ FQDN: OCS fully qualified domain dame;
∗ Mediation Server IP: Mediation Server IP address;
• SIP Peering: The Open Peer option provides that any incoming call from the
Internet can use this interface. The Closed Peer option sets that only peers
defined in SIP Peers can use the interface(this is the best option connect to
PSTN or GSM). So peers are public IP’s authorized to use certain interface,
for instance a peer can be another IPBrick. They can be inserted at:

Advanced Configurations - Telephony - SIP Peers

• Receive gain: Receive gain in dB. Can be useful to increase it if we are

talking about the PSTN interface and at the IPBrick side we are listening
with low volume;

• Transmission gain: Transmission gain in dB. Can be useful to increase it

if we are talking about the PSTN interface and at the PSTN side they are
listening with low volume;

IPBRICK SA Reference Guide - Version 6.0

280 Advanced Configurations

This operation is necessary if you want to connect a FAX to a card port, a GSM
gateway or another additional interface. If there is a GSM gateway, you may add
here a GSM interface (as an interface name). Choose a card type (analogic, PRI or
BRI) in the Interface Type, and the Closed Peer option in the SIP Peering.

8.6.3 Failover Switches

At this page (Figure 8.77) you may insert failover switches.

Figure 8.77: Telephony - Failover Switches

Click on Insert and fill in with the necessary information (Figure 8.78):

• Name: The failover switch name;

• IP: Its IP address;

• MAC Address: Its MAC address

• Keep-alive interval: A keep-alive signal is sent at predefined intervals (by

default 5 seconds). If there’s reply no change is done to the routing. If
there’s no reply the connection is assumed to be down and future data will
be routed via another path until the link is up again.

Figure 8.78: Telephony - Failover Switches Insert

8.6.4 Registered Phones

The phones should be inserted by the IPBrick.I - Machines Management so the
main goal of this option is to modify some specific SIP phones attributes.

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 281

Inserting a phone here is valid too if there is no need to attribute a specific IP

address to the telephone and we don’t want that LDAP stores information about
that machine. You can add a telephone simply by filling the field relating the
name and the access password to the telephone. Note that, the phone’s password
must comply with with the strong password policies, unless you choose to disable
them at Telephony - Configurations.

• Phone: Insert the name of the telephone to register;

• Password: Insert the access password to the telephone;

• Retype Password: Reinsert password;

• Caller ID: If you want to mask the caller ID insert one;

• Phone Location

– Local: It’s the default, for a LAN phone;

– Remote: For a remote phone that is connected behind a NAT. Usually
this option is used when the idea is register the phone from the Internet,
using the IPBrick network public IP.

• Auto provisioning: The auto provisioning option permit the automatic

configuration of SIP hardphones, so here we just need to choose the phone
model. To work, it’s mandatory when registering the phone at Machines
Management, to insert the MAC address.

• Description: This field should have a text phone description;

Mass Operations
As in the Mass Operations link found in IPBrick.I > Machines Management,
it’s possible to use a .csv file to insert, more rapidly, a greater number of phones.
If you click on the Export link, you will be able to save a .csv file with all your
registered phones or, if you have none, the file will serve as a template for insertion.

You can edit the .csv file in a spreadsheet application, choosing ; to split the
columns. The Registered Phones .csv field structure is as follows:

• action: Mandatory field. Options available:

– I: To Insert a phone;
– U: To Update phone information;
– D: To Delete a phone;
– N: No change is done to the phone’s settings.

• idvoipphone: A number identifying the VoIP phone;

• name: The phone’s name (mandatory field);

IPBRICK SA Reference Guide - Version 6.0

282 Advanced Configurations

• password: The phone’s password (mandatory field);

• callerid: The phone’s caller ID;

• voip_nat: The phone’s location. Insert 0 if it’s local or 1 if it is a remote

phone;

• phonedescription: A free text field. For your reference only, insert a simple
description of the phone;

• idphonetemplate: the numeric value for your phone’s auto-provisioning

template. By default, these are the available templates and their respec-
tive id’s:

Name id Template
Aastra 6731i 513
Aastra 6755i 500
Atcom 530 501
Cisco SPA303 421
Cisco SPA504G 422
Cisco SPA525G2 423
Grandstream BT200 510
Grandstream BT201 511
Grandstream GXP1200 508
Grandstream GXP2000 505
Grandstream GXP2010 506
Grandstream GXP2020 507
Grandstream GXP280 509
Snom 300 514
Snom 320 503
Snom 360 504
Snom 370 515
Snom 870 516
Thomson ST2030s 502
Yealink T20P 417
Yealink T26P 419
Yealink T28P 420

8.6.5 Configurations
In this menu it’s possible to adjust several configurations for VoIP and PBX/PSTN
integration. This are the options:

• General options;

• Voicemail Options;

• Agent Mobility;

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 283

• Analog and ISDN PRI options - R2 Signaling options ;

• ISDN BRI options;
• List of enable codecs;
• IP PBX remote managers;
• VoIP domain alias;
• Authorized internal networks for SIP registration.

General options
You will find the following fields in Options (Figure 8.80):

Figure 8.79: Telephony - Configurations (partial)

• Router with full DNAT?: If IPBrick is connected to a router, responsible

for the access to the exterior (in terms of VoIP) and allowing the ’passage’
of all traffic, it is necessary to select Yes and indicate the external address
of that same router in Router public IP address;
• IP address of the IPBrick public interface used by the VoIP service:
IP address of the public interface of IPBrick responsible for the VoIP service;
• Enable direct voice traffic: It allows to route the network traffic only
in a interface and not in two interfaces, as usual;
• Remove default national prefix (0): It removes national prefix nor-
mally used;
• IPBrick Contacts Server IP address: The IPBrick Contacts IP address.
• IPBrick Contacts Server DNS domain: The IPBrick Contacts DNS do-
main.

IPBRICK SA Reference Guide - Version 6.0

284 Advanced Configurations

• Get call source address from IPBrick Contacts: If activated, it goes

to the Contacts’ LDAP database and, if it finds the calling number, it will
replace it by the name of the entity associated to that number (this option
can also be used on internal calls).
• Restrict Follow Me Addresses on MyIPBrick to IPBrick Contacts: By
default NO;
• Mask call source address on internal calls: By default NO;
• Immediate answer on calls originated in a PBX: It is advisable to have
this option enabled if you are using connections to SIP servers (ex: VoIP-
Buster, NetCall), in order to avoid timeouts in the PBX central. If, for
example, you intend to define rates for the calls from the PBX, this option
shall have to be deactivated to avoid that the user starts paying as soon as
he dials the number.
• Attendance Timeout: Time (seconds) during which the call is sent to the
destiny phone, before being sent or routed to another phone;
• Call Timeout: Time (seconds) during which the connection is trying to be
established. If it expires, the attempt will be ended;
• Timeout to hangup calls without sound;
• Timeout to hangup calls on hold without sound;
• Default register time: The time by which you request the operator a
register (by default, 3600 seconds);
• Maximum register time: The duration of your register (by default, 3600
seconds);
• Number of register attempts: The number of times you attempt a regis-
ter (by default, 0);
• Enable SIP video support: Enables the support for SIP video. The sig-
nalling protocols doesn’t support only voice but also video.
• Attended transfer: If yes is chosen, you can define a key activation se-
quence to do a attended transfer. So you can stop using this feature from
the SIP phone and use it from the VoIP server;
• Blind transfer: If it’s on yes you can define a key activation sequence to
do a blind transfer. So you can stop using this feature from the SIP phone
and use it from the VoIP server;
• Call pickup: If it’s on yes it will enable the call pickup. If a phone is
ringing and the idea is to answer the call by using another phone, we can
use the key activation sequence (*8 by default) plus the phone number to
pickup the call. Example: *8111, will pickup a call from the phone 111 that
is ringing;

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 285

• Call pickup key activation sequence: Change here the default activa-
tion sequence (*8)

• Group call pickup: With this option active, it’s possible to pickup a call
from a ringing phone, member of the same group, by using the defined key
activation sequence (*7 by default), If the phone belongs to more than one
call group, the last call to be ringing on any of those call groups will be the
one to be picked up;

• Global call pickup: If you choose yes it will enable the global call pickup.
If a phone is ringing and the idea is to answer the call by using another phone,
we can simply use the key activation sequence (*8 by default) to pickup the
call. Example: *8, will pickup a call from a phone that is ringing. If we have
two or more calls at the same time, will be picked always the last arrived
call;

• Global call pickup key activation sequence: Change here the default
activation sequence (*8)

• Phone lock: Permits to lock a internal phone, so it will be not able to make
calls (it will still be able to receive them). To lock a phone you need to enter
the key activation sequence and wait for a message. After that message you
need to type the user PIN or PIN and password defined at IPBrick.GT -
Users Management, depending of choosed user access validation. To unlock
the phone the process is the same. If the option Allow phone unlocking by
any valid user is set to NO, only the user that locked the phone or the defined
Administrator unlock password will unlock the phone;

• Do not disturb: If enabled the phone will be unable to receive calls. By

default use *73 to activate DND on a phone, and *74 to deactivate;

• Unconditional forwarding: Can be used to do unconditional call forwarn-

ing at a phone and by default uses key sequence *70. Example: Calls for
phone 201 will be unconditional forwarded to phone 202. So we just need
to do a *70202 at phone 201. To deactivate we type only *70;

• Forward when busy: Can be used to forward a call when some phone is
busy and by default uses key sequence *72. Example: If phone 201 is busy,
calls will be forwarded to phone 202. So we just need to do a *72202 at
phone 201. To deactivate we type only *72;

• Forward when not answer: Can be used to forward a call when some phone
do not answer and by default uses key sequence *71. Example: If phone 201
is not answering, calls will be forwarded to phone 202. So we just need to
do a *71202 at phone 201. To deactivate we type only *71;

• Retry Dial when busy: If someone is calling a number and that phone
is busy, the caller will be notified and asked to activate the retry dial, if
he decides to activate it, this option will run an availability check on that

IPBRICK SA Reference Guide - Version 6.0

286 Advanced Configurations

number. When it finally is available, the system will establish a connection

between both numbers and both phones will ring. By default this option is
Disabled. If you activate it these options will appear:

– Retry Dial when busy key activation sequence: Change here the
default activation sequence (5)
– Timeout: The amount of time (in minutes, by default: 60) that the
system will continue to run the availability check. When this period
ends, the retry dial function will be stopped.
– Restrict access to: Choose the addresses that may activate the
retry dial function.

• Call Supervision: If yes is active, it will only enable the call supervision
feature. By default the key activation sequence is *9;

• Call’s prioritization: If enabled it will be possible to define priority

levels for each route prefix defined in Routes Management. The level can be
set from 1 (highest), to 10 (lowest). Example: In a LAN-PSTN route all the
BRI lines are full. If a emergency call prefix (911) have maximum priority
defined, when someone dials 911 some current call can be disconnected;

• Enable advanced call statistics: If active will enable some fields at call
statistics like: Total packets, codec, lag, lost packets, signaling and jitter.
Note that CPU/memory load will be increased;

• Store calls details records in csv file: All the call history in the
default asterisk format will be saved to a file called Master.csv. This file
can be downloaded acceding by ftp with username voipcdr and password
L1opardo;

• IP of server-signalling different from the media server: If a re-

mote signalling service is running in one server, and the remote media server
is running in a different one, this option must be activated;

• Boss/secretary forward: This feature, when active, permits to more ef-

ficiently address the issue of call forwarding between boss and secretary, it
assigns *79 as the key activation/deactivation sequence for the direct trans-
fer between phones. You may alter it to another sequence if you so wish. By
default this option is inactive.

NOTE: Disabling this option will not deactivate the feature Boss/secretary
group in:

VoIP > Functions > Inbound

Both features are autonomous.

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 287

• Secretary disabled: This feature enables the secretary to enable/disable

her availability to answer calls from her ’Boss’. By default, Disabled. When
enabled the Secretary key activation sequence is, by default *55;

• Play call forwarding message: When a call is forwarded the user will
hear a message stating this fact (by default, YES)

• Distinctive Ring on internal calls: Allows you to enable or disable

a different ringing tone when calls are internal. By default, this feature is
enabled;

• Use strong passwords: By default Yes. Whenever you insert a phone,

its password will have to comply with the minimum number of characters
(preconfigured as 8) but you my increase this number. Bear in mind that
you cannot decrease the minimum value of 8 characters!

• Default Call Limit: This option defines the maximum limit of calls for
a particular phone. By default, this feature is enabled and the default call
limit is 2

• SIP Ports: It’s possible to alter the default SIP ports (5060) and add others
by clicking on the + icon;

• TLS Port: It’s possible to alter the default TLS port 5061;

• IAX Port: It’s possible to alter the default IAX port 4569.

Figure 8.80: Telephony - Configurations (Ports)

Voicemail Options

At this menu (Figure 8.81) you will be able to configure your Voicemail settings,
simply click on Modify to access the options.

IPBRICK SA Reference Guide - Version 6.0

288 Advanced Configurations

Figure 8.81: Telephony - Configurations - Voicemail Options

• Voicemail: Enable or Disable the Voicemail service for, Phones, Users, Call
Groups and Attendance sequences (by default, Enabled);
• Location: Choose if the Voicemail server will be Local or External (by
default, Local). If you choose External a new field will appear:
– Server: Please type you external voicemail server’s name;
• Access voicemail by telephone: It’s possible to access your Voicemail
via telephone, to activate this feature select Enabled (by default, Disabled)
a new field will appear:

– Key combination to access voicemail: Insert the key combination

to access your voicemail (by default, *75)

• Send Voicemail by email: This option will be visible only if you select
Local at the Location field. Select NO if you do not wish to receive emails
with your voicemail messages as attachments (by default this option is set
to YES).
• Servers to notify new messages: Indicate here the server(s) to notify
(add only one per line).

Agent Mobility
As the name suggests, this feature (Figure 8.82) enables the user to log on as
agent on any phone he wishes to use, simply by using his PIN number. Any session
on a previous phone will be terminated. By default, the Agent Mobility feature is
disabled. To enable it, click on the Modify link.

Figure 8.82: Telephony - Configurations - Agent Mobility

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 289

At State, select Enabled, and insert the VoIP server’s IP(s) where it will be
possible for users to register themselves as agents (Figure 8.83).

NOTE: Insert only one per line!

Figure 8.83: Telephony - Configurations

When you have finished, please click on the Modify button at the bottom of
the page.

Analog and ISDN PRI options

Parameters only for the analog/ISDN PRI cards, that will be adjusted at the
driver configuration files used for that cards - dahdi (Figure 8.84):

• Channel tone zone: Country tone zone. Frequencies may vary from country
to country. Select the appropriate tone zone for your location;
• Echo cancel: Minimizes echo during calls;
• Type of Number (ISDN TON): Type of Number (TON) indicates the scope
of the address value, such as whether it is an international number (i.e.
including the country code), a ”national” number (i.e. without country
code), and other formats such as ”local” format (i.e. without an area code).
This types of number are then presented to the operator if, for example, you
leave the default option (Unknown) the operator will identify the type of
number.

– These are the available options both for the Callee (Calling Number)
and Caller (Caller Number):

IPBRICK SA Reference Guide - Version 6.0

290 Advanced Configurations

∗ Unknown - The default option. The most common setting, when

unknown is configured your telephony operator will handle the
number’s TON;
∗ Local - The number will be without area code;
∗ Private - The number will not be displayed it will not be possible
to redial or callback;
∗ National - The number is presented without country code;
∗ International - The number will include the country code;
∗ Dynamic - This option will permit the TON’s auto detection and
is based on the prefix configured at the next field (Prefixes based
on ISDN TON);
– Prefixes based on ISDN TON: This option is related to the card’s call
reception and the Dynamic TON, in such a way that, if you receive a
PSTN incoming call, with an international or national type of number,
the corresponding prefix will be added to the incoming numbers. This
feature is important to facilitate the call redial function;

• R2 signalling options: If the R2 signaling protocol is used (old ISDN protocol)

you can define here the R2 parameters:

– DNIS: Dialed Number Identification Service value;

– ANI: Automatic Number Identification value;
– Zone/Country;

Figure 8.84: Telephony - Analog and ISDN PRI options

ISDN BRI options

Parameters only for the ISDN BRI cards, that will be adjusted at the driver
configuration files used for that cards - misdn (Figure 8.85):

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 291

• Echo cancel: The default is High. Other options: Disabled, minimum, low
and maximum (requires more CPU processing);

• DTMF detection threshold: Permit to change the DTMF sensibility from 50

to 400 (less sensibility);

• Disable DTMF on voice audio: This option disables DTMF detection of

voice audio on calls from BRI Cards. By default, this option is set to NO

• Immediate digit capture: The immediate capture of digits changes the way
how the numbers sent from a PBX central are read in IPBrick. When this
option is deactivated, the routine capture of digits is changed to solve prob-
lems in the reading of numbers in some central stations, for example, when
the dialled number is wrongly identified in IPBrick (repeated digits or lack
of digits). Attention: This option should be placed No by default;

• PSTN digit reception timeout: Timeout in seconds;

• Jitter Buffer: Permit the change of Jitter Buffer15 ;

• Digit timeout: Time (seconds) from the dialling of the last number from
which IPBrick considers the dialling as ended;

• Response timeout: Time (seconds) counted from the moment the receiver is
hung up and at its end IPBrick shall cancel the channel;

• Type of Number (ISDN TON): Low level signalling options

– Outgoing number (onumplan): Unknown is the default, other options

are national, international and subscriber;
– Caller id (dnumplan): Unknown is the default, other options are na-
tional, international and subscriber;
– CPN (cpnnumplan): Unknown is the default, other options are national,
international and subscriber.

• Prefixes based on ISDN TON: This option is related to the card’s call re-
ception, in such a way that, if you receive a PSTN incoming call, with an
international or national type of number, the corresponding prefix will be
added to the incoming numbers. This feature is important to facilitate the
call redial function. At BRI card options you will also be able to set the
country code;

• CLIP no screening: Available only in some countries, such as Germany and

Austria, this option permits you to mask your Caller ID number with a
number out of bounds of its assigned number space. By default, this option
is set to NO
15
Shared data area where voice packets can be collected, stored, and sent to the VoIP server
in evenly spaced intervals

IPBRICK SA Reference Guide - Version 6.0

292 Advanced Configurations

Figure 8.85: Telephony - ISDN BRI options

List of enable codecs

In this table are listed the codecs used in IPBrick and the preference order by
which they are chosen in communications. To add or remove codecs to the list, you
just have to follow the option Modify, select the codec and press the button add
() or remove () (Figure 8.86). In the same way, to change the order by which
the codecs are used, you should select the codec and clicking on the arrows on the
right of the list, making it going up or down in the list according the necessary
priority.
It is possible to select among the following codecs, knowing that the bandwidth
used for each one in a call is approximately:

• GSM: 13 Kbps;

• iLBC: 15 Kbps;

• Speex: Configurable 4-48 Kbps;

• G.726: 32 Kbps;

• LPC10: 2.5 Kbps (not recommended);

• G.711 ulaw: 64 Kbps;

• G.711 alaw: 64 Kbps, used in Europe;

• G.722: 64 Kbps;

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 293

• G.729: 8 Kbps. You may have to buy a license to make calls with this codec
at Digium website. If this codec is enabled a link called Licence Activation
will appear, so with a valid key a G729 licence will be generated.

NOTE: In the Country field use only your country’s two letter code (e.g.:
Portugal-pt, France-fr, Angola-ao, etc.). For a complete list of all countries,
please check ISO 3166 Country Codes.

http://www.acronymsearch.com/documents/country_ISO_country_codes.
htm

Of course the bigger the required bandwidth, the smaller the number of possible
simultaneous calls. For each of the selected codec we can include an average of
more 15 Kbps of overhead.

Figure 8.86: Telephony - Configurations - Codecs

IP PBX remote managers

This option allow other programs to connect to the asterisk, normally programs
running at LAN servers. Some examples: Mail plugin for calls generation, external
asterisk monitoring tools, call center for calls generation etc.

By default the IP PBX remote management is disabled. To enable click Modify

and next Insert IP PBX remote manager (Figure 8.87)
Configuration options:

• Login: Login to use;

• Password;

• Network: Network range or specific IP that will got access;

• Network mask;

IPBRICK SA Reference Guide - Version 6.0

294 Advanced Configurations

Figure 8.87: Telephony - IP PBX remote managers

VoIP domain alias

The VoIP server can accept calls not only for the main domain but for different
ones as well. To add domains just click Modify and insert the domains one per
line. (Example at Figure 8.88).

Figure 8.88: Telephony - VoIP domain alias

Functions available for phones

Call transfer
Besides supporting the transference of calls made by the terminal equipment,
telephones SIP, PBX’s or softphones, IPBrick also makes transfers in any tele-
phone, even if it does not support transfers from origin. The two types of trans-
ference allowed by IPBrick are:

• Assisted transfer: When receiving a call, the person receiving it dials an

extension, asks the person in that extension if he/she accepts the call or not,

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 295

disconnects it and the call is transferred. To execute an assisted transference

during the call, it is necessary to dial * (by default) and the name of the
extension or alternative address. Example: To transfer a call into a telephone
registered as ipbrick1 which has as alternative address the 480 extension, dial
*480 during conversation.

• No-assisted transfer: when receiving a call, the person receiving it dials

an extension and the call is immediately transferred to that extension. To
execute a non-assisted transference during a call, dial # (by default) and
the name of the extension or alternative address. Example: Non-assisted
transference to the above telephone: #480.

To cancel a transference, you just have to dial again the number you have
dialled to transfer. Example: you wanted to transfer a call to extension 481
but you have dialled *482. To recapture the call you shall have to dial again
*482 and then it is possible to transfer to the correct number dialling *481.
Calls capture
To capture a call ringing in another extension, dial *8 followed by the name
with which the telephone was registered or the name of the group of telephones
ringing.

8.6.6 SIP peers

You may add here IP addresses to let remote known gateways to use interfaces
defined as Closed Peers in IPBrick. For instance, you have two IPBrick’s connected
to each other through the Internet and one is connected to the PSTN. If you want
that remote IPBrick connects to PSTN interface, you need to add your IP to this
list by clicking on Modify. Example at Figure 8.89.

Figure 8.89: Telephony - SIP peers

IPBRICK SA Reference Guide - Version 6.0

296 Advanced Configurations

8.6.7 IAX peers

By clicking insert we define the IAX servers that are authorized to forward
the calls using that IPBrick. The IPBrick will accept inbound routes from other
servers that will be specified in that list. Example at Figure 8.90.

Figure 8.90: Telephony - IAX Peers

8.6.8 Auto provisioning

Here is presented the full auto provisioning template list. The list shows the
template name, phone brand and model and the specific firmware version (Figure
8.91). We can manage existant templates clicking at the template name or clicking
Insert in the main menu to create a new template. The fiels are:

• Name: Name for the template. Usually is the complete phone brand and
model;

• Brand: Phone brand. Available: Aastra, Atcom, Grandstream, Snom and

Thomson;

• Model: Shows the supported models;

• Firmware version: Supported firmware for that choosed model;

• Configuration files: Here the idea is to insert the desired configuration file.

It’s possible to have various auto provisioning configurations for the same phone
model. So we can change only some configuration parameters like ringtone, LCD
logo information, codecs etc. An example of a new template insertion is present at
Figure 8.92. A new list with some customized templates is shown at Figure 8.96

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 297

Figure 8.91: Auto provisioning - Template list (partial)

Necessary steps to use auto provisioning:

• If needed adjust the template for some specific configuration;

• Register a phone in IPBrick;

• Go to Advanced Configurations - Telephony - Registered Phones and

associate the desired template to a phone;

• Go to DHCP server and enable the option 66 (TFTP server) pointing the
IP to IPBrick;

• Get ready the SIP phone and connect it to the network (read next section)

The LAN DHCP server must have the option 66 active and pointing to the IP-
Brick IP. That option represents the TFTP server that will be always the IPBrick
were the auto provisioning is configured, because all the supported phones will get
the configuration stored in IPBrick using the TFTP server IP passed by DHCP. If
the IPBrick is the DHCP server, the option TFTP server at Advanced Configurations
- Support services - DHCP - Subnets must point to the IPBrick IP. It’s impor-
tant too to check that the phone firmware is the same listed at auto provisioning
template list.

Figure 8.92: Auto provisioning - Insert a new configuration for a phone

IPBRICK SA Reference Guide - Version 6.0

298 Advanced Configurations

Figure 8.93: Auto provisioning - Full template list

Supported phones
This is a list of all the supported models:
Name Firmware version
Aastra 6731i 2.6.0.66
Aastra 6755i 1.37
Atcom 530 1.6.79.68
Cisco SPA303 7.4.8
Cisco SPA504G 7.4.8
Cisco SPA525G2 7.4.8
Grandstream BT200 1.1.6.46
Grandstream BT201 1.1.6.46
Grandstream GXP1200 1.1.6.46
Grandstream GXP2000 1.1.6.46
Grandstream GXP2010 1.1.6.46
Grandstream GXP2020 1.1.6.46
Grandstream GXP280 1.1.6.46
Snom 300 7.3.14
Snom 320 7.3.14
Snom 360 7.3.14
Snom 370 7.3.14
Snom 870 7.3.14
Thomson ST2030s 2.67
Yealink T20P 9.60.0.100
Yealink T26P 6.60.0.100
Yealink T28P 2.60.0.100

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 299

Atcom 530

Because the auto provisioning parameters can’t be passed by DHCP in this

phone we need to do a initial configuration at ATCOM phone web interface. The
complete steps are:

• If not a new phone reset the configurations by default;

• Go to phone web interface using the defined IP passed by DHCP;

• Go to menu Update - Auto Provisioning and configure that:

Server address: IPBrick IP

Username: -
Password: -
Config File Name: MAC_ADDRESS.cfg
Config Encrypt Key: -
Protocol Type: TFTP
Update Interval Time: 1 hour
Update Mode: after reboot

• Save config and reboot;

Other supported phones

Just connect the phone to the LAN. You just need to check that the DHCP
is active. If they are new the DHCP is active by default, if it’s a used phone
please change the network mode from static to DHCP or reset the configurations
by default.

8.6.9 TLS Management

TLS16 was designed to provide communication security over the Internet. The
TLS protocol allows client-server applications to communicate across a network in
a way designed to prevent eavesdropping and tampering. In IPBRICK, this feature
handles TLS certificates management, thus allowing phones to be validated by
those same certificates and offers a more secure connection to SIP communications.

16
Transport Layer Security

IPBRICK SA Reference Guide - Version 6.0

300 Advanced Configurations

Figure 8.94: TLS Management page

Click on the Modify link to alter the General definitions.

Figure 8.95: TLS Management Modify page

Fill the form with the necessary data. Note that, all generated certificates will
carry this info.

• Country code: Type in a country code;

• Country: Type in a country (e.g.: Portugal);

• City: Type in a city;

• Company: Type in your company’s name;

• Enable verification of TLS certificates: Select if you want to enable certificate

verification.

Reference Guide - Version 6.0 IPBRICK SA

8.6 Telephony 301

To create a certificate return to the TLS Management page and click on the
Insert link

• Name: Name your certificate;

• Email: Client email address;

• Password: Type the certificate’s password;

• Retype Password: confirm the password by retyping it again.

Figure 8.96: TLS Management Insert page

Click on the Insert button to create the certificate.

IPBRICK SA Reference Guide - Version 6.0

302 Advanced Configurations

Reference Guide - Version 6.0 IPBRICK SA

Chapter 9

Apply Configurations

The option Apply Configurations is crucial in IPBrick. All configurations

done in IPBRICK through the web interface, are saved in a Postgres database.
This way any changes the configuration will only be effective in the system after
clicking on Apply Configurations.

Most changes don’t make the IPBrick server go to reboot, so a screen like
Figure 9.2 will appear. IPBrick only needs to reboot in these cases:

• Network interfaces configuration;

• Domain name and server name configuration;

• Changes in authentication mode (LDAP).

NOTE: The IPBrick Administrator will be notified should the VoIP service re-
quires restart, in order to apply the configurations. This will imply the momentary
loss of VoIP service, thus terminating all current calls. Please bear in mind this
when deciding to apply the changes.

And a screen like Figure 9.1 will be shown. It’s important to inform that
IPBrick will go to reboot, so the administration has the option to apply configu-
rations in that momment or at non work hours.

As we can see, we only need to change this type of configurations to get the
server in production at the costumer network. From the momment IPBrick is in
production, is becames very rare to go to a reboot because we don’t need to change
anymore of the network definitions, domain/server name and LDAP mode.

When applying configurations two extra options are presented:

• Description: Each time we apply configurations we can make a description

of what we did;

• Cancel all changes: Choosing that option, instead of Apply, will rollback
all configurations that were made. So IPBrick will stay with the settings

IPBRICK SA Reference Guide - Version 6.0

304 Apply Configurations

from the last time someone applied configurations, i.e. the last configura-
tion file that appears at Advanced Configurations - Disaster Recovery
- Configurations.

Figure 9.1: Apply Configurations and reboot

Figure 9.2: Apply Configurations

NOTE: Applying configurations on an IPBrick Master automatically forces

the apply configurations on its IPBrick Clients and Slaves.

Reference Guide - Version 6.0 IPBRICK SA

Chapter 10

Appendix A
Join in the domain

This section describes the process of:

• Configuring a workstation with DHCP;

• Joining a workstation in a domain.
This process description presupposes the following:
• the domain controlling server is IPBrick.I ;
• the DNS domain is empresa.pt;
• the domain is EMPRESA.
In order to join a workstation in a domain you need to take the following steps:

1. Know the MAC address of the machine’s network interface card;

2. Choose a machine ”name”;
3. Have a machine IP address;
4. Create an entry for the machine in IPBrick.I ;
5. Update IPBrick.I.

10.1 Windows XP Professional Workstation

⇒ Note: Before starting the process of joining a machine in a domain you
have to know the username/password of the administrator of the XP machine.
Then you can start the migration process.

Therefore you have to:

IPBRICK SA Reference Guide - Version 6.0

306 Appendix A - Join in the domain

1. Press [windows];

2. Select My Local Network ;

3. Select Network Connections;

4. Right click on the icon Local Network Connection and select Properties;

5. Choose TCP/IP in the open window and click on Properties;

6. Choose Get the IP Address Automatically in the open window and then
select Get the DNS server addresses automatically;

7. Close the network properties windows.

The next step is to confirm that the machine IP address is the same that was
introduced in IPBrick.I. Therefore you have to:

1. Press the keys [windows]+[R];

2. cmd [ENTER];

3. ipconfig /all;

4. Check the information in the IP Address field.

If the IP address is not the one introduced in IPBRICK you have to release it
and renew it with the following commands:

1. Press [windows]+[R] keys simultaneously;

2. cmd [ENTER];

3. ipconfig /release;

4. ipconfig /renew;

5. ipconfig /all.

If the machine IP address is right you can join the machine in the domain
EMPRESA:

1. Press the keys [windows]+[pause] and open the System Properties;

2. Select ”Computer Name”, click on ”Change...” and give the computer a name
(the name must have been created in IPBrick.I before);

3. Press button ”more..” and add the dns machine domain: empresa.pt. Do
not select the option Change the primary DNS suffix when the association
to the domain is changed ;

Reference Guide - Version 6.0 IPBRICK SA

10.1 Windows XP Professional Workstation 307

4. Insert EMPRESA in the domain. The password of the domain EM-

PRESA or of the machine administrator may be requested;

5. Click OK and close ”System Properties”;

6. Restart the machine. While the machine is starting you can already login
the domain EMPRESA.

⇒ Note: The workstation must not be with the DHCP. It can be configured
with a fix IP address. In this case you don’t have to fill in the field MAC Address
while you register the machine in IPBRICK.

IPBRICK SA Reference Guide - Version 6.0

308 Appendix A - Join in the domain

Reference Guide - Version 6.0 IPBRICK SA

Chapter 11

Appendix B
Configuring a VPN connection

In order to create a VPN (PPTP) connection in a Windows XP Professional

workstation you have to take the following steps:

1. Press [windows]

2. Select Control Panel

3. Double click Network Connections

4. In the window Network Connections, select Create a New Connection

5. The Wizard appears to create a new connection. Select ”Connect to my work

area network” (refers to the VPN description), ”Virtual Private Network
Connection”. After that select a name for the connection to be created, for
example ”Enterprise connection”. Then you have to indicate the IP address
or the full name by which IPBRICK is known in the Internet. At last you
have to select who can use the VPN connection.

The VPN connection is configured. In order to establish a VPN you only have
to introduce the user name and password registered in IPBRICK. IPBRICK is
now working as a VPN-PPTP server.

IPBRICK SA Reference Guide - Version 6.0

310 Appendix B - Configuring a VPN connection

Reference Guide - Version 6.0 IPBRICK SA

Chapter 12

Appendix C
Configuration of a VPN SSL
connection (Open VPN)

To create a VPN connection (Open VPN) in a Windows 2000/XP and higher

workstation it is necessary to install the Open VPN GUI software:

• Open VPN - VPN Open Source Pack;

• Open VPN GUI - The Graphic Interface for Open VPN.

The installation of this pack should be executed without changing the default
definitions. This software is installed in directory C:\Program Files\OpenVPN.
The certificate generated by IPBRICK must be unpacked into directory C:\Program
Files\OpenVPN\config.
To start a VPN connection, press the right button on icon OpenVPN in the
toolbar, choose the intended connection and press Connect.
Insert the password used to create the certificate in IPBRICK and the VPN
shall be established.

12.1 Two or more SSL certificates

When it is intended to put more than one certificate in the same workstation
(create VPN connections for distinct places) it is necessary to create a new folder
into directory C:\Program
Files\OpenVPN\config. Extract all the files to that new folder.
To initiate VPN connection, press the right button on icon OpenVPN in the
toolbar, choose in the list the connection and press Connect.

IPBRICK SA Reference Guide - Version 6.0

312Appendix C - Configuration of a VPN SSL connection (Open VPN)

12.2 Configuration of a SSL Connection for MS

Windows 2000/XP and higher
1. In http://openvpn.net/index.php/open-source/downloads.html down-
load the latest version of the Windows Installer file;

2. Install the openvpn;

3. Extract the IPBRICK zip file to the config folder of OpenVPN. Example:
c:\Programas
\OpenVPN\config;

4. If you are using Windows Vista or 7, run the file, openvpn-gui.exe as

Administrator;

5. In the Windows Vista tray, click on the OpenVPN icon and connect;

NOTE: If it’s not working you need to modify the *.ovpn file in
c:\Programas\OpenVPN\config and add the following lines at the end:

route-method exe
route-delay 2

Reference Guide - Version 6.0 IPBRICK SA

Chapter 13

Appendix D
High Availability

13.1 Introduction
Users want their systems to be ready at all times. Downtime (i.e.: periods of
time when your system is unavailable) affects your users, your customers, sales,
revenue, productivity, and just about every other aspect of your business.
High availability (HA) is a system design protocol that garantees an operational
continuity during a given period of time and is now a possibility at IPBrick, using
a service called Heartbeat. The main idea is to have a clustering solution with two
or more IPBricks that provides:

• Availability:

• Reliability;

• Serviceability.

Note: High Availability is available solely for VoIP and E-Mail relay services.

13.1.1 Advantages
The advantage of clustering servers for HA is seen if one node in the cluster
fails, another node can resume the task of the failed node, and users experience
no interruption of access.
The advantages of clustering servers for scalability include increased application
performance and a greater number of users that can be supported. You can imagine
a cluster of servers as a single computing resource. With the total redundancy of
multiple servers that will make the system work if other servers fail, the cluster
can help achieve greater system uptime (i.e.: periods of time when your system is
available).
Clustering can be implemented at different levels,

• Hardware

IPBRICK SA Reference Guide - Version 6.0

314 Appendix D - High availability

• Operating systems

• Systems management and applications.

• Middleware

The more layers, the more reliable, scalable and manageable the cluster is.

13.2 HA Requirements
The minimum requirements to run an HA service in IPBrick are:

• At least two IPBricks (they can be more, it all depends on the client’s de-
mands, needs and expectations)

• All IPBricks have to be installed with the same IPBrick software version;

• Two NICs per server.

You can see in Figure 13.1 a diagram of an IPBricks HA service.

13.3 HA Configuration
To set up a high availability solution with two IPBrick’s:

• Install the HA update from Advanced Configurations - IPBrick - Update;

• Choose a secondary master server. At that IPBrick, the authentication type

must be changed at Advanced Configurations - IPBrick
- Authentication to Secondary Master IPBrick;

• At primary master (IPBrick Master), go to Advanced Configurations - IPBrick

- Authentication set Yes at High availability and choose the HA mem-
bers;

• There are two different types of High Availability configuration:

– Active-Passive: It’s a failover solution and only one virtual IP address

will be used. Configuration: At the primary master insert a virtual IP
for HA. To do that go to Advanced Configurations, click at interface,
Insert and choose HA Private Interface;
– Active-Active: It’s a load balancing solution and two virtual IP ad-
dresses will be used, one on each server. Configuration:

• At the primary master insert a virtual IP for HA. To do that go to Advanced

Configurations, click at interface, Insert and choose HA Private Interface;

• At the secondary master insert a virtual IP for HA. To do that go to

Advanced Configurations, click at interface, Insert and choose HA Private Interface;

Reference Guide - Version 6.0 IPBRICK SA

13.3 HA Configuration 315

Figure 13.1: HA Diagram

• In both servers at Advanced Configurations - System - Services en-

able the service Heartbeat and set HA at the wanted services;

• In both servers insert a general settings firewall rule at Advanced Configurations

- Network - Firewall,

– Rule: INPUT;
– Interface: lo;
– Protocol: ICMP;
– Policy: ACCEPT;

• In both servers Apply Configurations. The servers will reboot;

Note: The services (VoIP/E-Mail) must have exactly the same configuration
in both servers. To use the high availability an addicional licence is needed.

IPBRICK SA Reference Guide - Version 6.0

316 Appendix D - High availability

Reference Guide - Version 6.0 IPBRICK SA

Chapter 14

Appendix E
UCoIP

All enterprise communications - Voice, Mail, Instant Messaging and Web - are
managed in an integrated way, (i.e. unified through a single individual or group
address). To reach this goal, IPBrick uses only Internet communications services
(SIP, SMTP/IMAP, XMPP and HTTP) integrating them with DNS and LDAP
support services.

The generic site is ucoip.domain.com but the idea is to have one site for each
LDAP user. The following options are included:

• A webphone for direct connection to the user SIP url;

• A SIP url link to call the user using a softphone previously installed at the
workstation;
• A web-based Jabber (XMPP) client to chat directly with the user;
• A SMTP link to mail the user using a email client at workstation;

As we can see, for SIP/SMTP/XMPP the user will be reached using the single
address [email protected]. Now we present all the necessary steps to configure a
UCoIP site for a specific LDAP user with username jsmith, with IPBrick FQDN
being ipbrick.domain.com:

• The user jsmith must go to https://myipbrick.domain.com and define a

phone (depending of the IPBrick.GT routes can be a SIP/PSTN/GSM num-
ber) at field SIP Address. Examples: [email protected], 00351221121112,
00351963322212;
• Activate the IM service at IPBrick.C - IM;
• Go to IPBrick.C - Web Server, click at ucoip.domain.com and define the
alternative address daraujo.domain.com;
• At private/public domain DNS server add a record named daraujo, pointing
to that IPBrick server;

IPBRICK SA Reference Guide - Version 6.0

318 Appendix E - UCoIP

• Enter now the UCoIP site using http://jsmith.domain.com (Figure 14.1)

Figure 14.1: Web Server - UCoIP site

Reference Guide - Version 6.0 IPBRICK SA

Chapter 15

Appendix F
IPBRICK.CAFE

15.1 Introduction
IMPORTANT NOTE: MyIPBrick was replaced by CAFE. You will find all
the MyIPBrick features and much more, in this new social intranet application!

New in IPBRICK is the CAFE social media web application.

Social Media plays a pivotal role in our interaction with the world around us.
As we create, share or exchange information and ideas in virtual communities and
networks.

IPBRICK.CAFE brings this concept to you organization’s private network.

Every employee, may post their photos, comments and ideas. Sharing their inter-
ests and promoting a more collaborative working environment.

Fully integrated with iPortalDoc and IPBRICK unified communications - Voice,

Video, Email and Chat - and presenting them in a simplified way, IPBRICK.CAFE
is a private and secure space of business communications that unifies and stream-
lines access to all information, enhancing the exchange of knowledge, documents,
task and contacts management between employees.

The portal is divided into different areas:

Communications and applicational - allowing users to access a range of infor-

mation and resources that are now spread across several subsystems, ensuring a
smooth and unified communication.

15.1.1 Features
• Management of multi-channel presence, allowing you to see user’s availability
across various services:

IPBRICK SA Reference Guide - Version 6.0

320 Appendix F - IPBRICK.CAFE

– Voice;
– Video;
– Email;
– Chat.

• News/information area

• View and share documents from the Document Management and Workflow
System

• iPortalDoc

• Develop surveys to measure how employees feel about a certain subject

• Links to all applications with a single Sign-On system

• Social area with space for messages to the global organization

• Account and user profile management

With IPBRICK.CAFE your company will communicate in an agile, quick and

effective way with all your employees!

15.2 Altering the default administrative creden-

tials
To change the default administrative password on CAFE, please access the
interface:

cafe.domain.com

• Default login: admin

• Default password: 123456

To change the administrator password access the admin options.

Figure 15.1: Altering the administrator credentials

Reference Guide - Version 6.0 IPBRICK SA

15.3 IPBRICK.CAFE user guide 321

15.3 IPBRICK.CAFE user guide

The IPBRICK.CAFE user guide is divided into two sections, one addressing
basic user actions and another one dedicated to administrative tasks.

15.3.1 Access

Access to the CAFE is very simple, just open your browser and type the URL
address:

E.g.: ipbrickcafe.domain.com

NOTE: Please replace domain.com with your correct domain!

Click on Login

Figure 15.2: CAFE Login Link

The authentication window will be displayed. Type in you Username and

Password.

Figure 15.3: CAFE Authentication

After authentication you will access the home page of IPBRICK.CAFE. Where
you will find Business and Social News.

IPBRICK SA Reference Guide - Version 6.0

322 Appendix F - IPBRICK.CAFE

Figure 15.4: CAFE Home Page

You will also find the following options:

• Applications: Enables you to manage the inclusion (click on the + icon) or

not of your workstation apps at this menu. This way, you will always have
them available, when you access CAFE;

• Links menu: You may wish to customize your links menu by adding URLs
of your favourite page;

• Company: Access to all the news and company related actions.

• Personal Access to your workstation files and voicemail.

Figure 15.5: Options

At the top right hand corner, you will find the Logout link and the user icon.

Figure 15.6: CAFE Logout Link and User Icon

Reference Guide - Version 6.0 IPBRICK SA

15.3 IPBRICK.CAFE user guide 323

The User Icon icon opens a side window where you may check the online user
roster.

Figure 15.7: CAFE’s Online Users Roster

It is also possible to set your status for Chat, Video and Calls.

Figure 15.8: User Status Configuration

The color code is the usual in these situations:

• Red: Unavailable

• Yellow: Absent

• Green: Available

Figure 15.9: User Availability

15.3.2 Adding Apps

In order to add one or several of your machine’s applications to IPBRICK.CAFE
simply click on the Applications menu > Manage Applications and on the new page
select the app you wish by clicking on the green Add link.

IPBRICK SA Reference Guide - Version 6.0

324 Appendix F - IPBRICK.CAFE

Figure 15.10: Applications List

The interface will notify you that the app was added successfully.

Figure 15.11: Application successfully added

The new app will now be available at the Applications Menu.

Figure 15.12: Applications menu with a new added app

15.3.3 Adding Links

To add links to the menu simply click on the + icon

Figure 15.13: CAFE - Adding a Link

Reference Guide - Version 6.0 IPBRICK SA

15.3 IPBRICK.CAFE user guide 325

At the Create Link page simply type a Description (a reference name that will
be visible on the menu) and,of course, the URL address.

Figure 15.14: CAFE Link Creation

Click on the Insert button to add the link.

15.3.4 Posting
Posting is very simple, just type a text and/or upload an image. When you
have finished, simply click on the Publish button.

Figure 15.15: CAFE Login Link

15.3.5 User Space

You may access you User Space by clicking on your username.

Figure 15.16: Username Link

You will then access the User page.

IPBRICK SA Reference Guide - Version 6.0

326 Appendix F - IPBRICK.CAFE

Figure 15.17: CAFE - User Page

Where you will have all your personal files readily available.

Figure 15.18: CAFE - My Files

You may perform the usual tasks; Copy, Move and Delete.

15.3.6 Change Profile

You may also alter your personal data, email settings and VoIP settings. just
click on the Change Profile link.

Figure 15.19: Change Profile link

Personal Data
At the new page you may edit your personal data:

Reference Guide - Version 6.0 IPBRICK SA

15.3 IPBRICK.CAFE user guide 327

• Search Picture: Click this button, so you may upload a picture of you;

• Username: User complete name. Not editable;

• Quota: User general quota if defined. If not defined it will show Unlimited.
Not editable;

• Password: When clicking Modify at top, the user LDAP password can be
changed too;

• Confirm Password: Retype your password in order to confirm it;

• Job: Type your job or rank in the company;

• Description / Biography: If you’d like, you may write something about you
so other users may read it;

• Birthday: Insert your birth date;

• Language: Select the CAFE’s interface language.

Figure 15.20: Personal Data

VoIP Settings
• Follow Me: Phone associated to the user. Represents the phone number
that the user is using at the moment. Multiple phone numbers can be used:
Internal SIP addresses (Ex.: 201, phone01), external SIP addresses (Ex.:
[email protected]), PSTN number (Ex.: 00351221121334), GSM num-
ber, etc. No matter where, the user will always be available, the person who
wants to call, just needs to dial [email protected] and the selected
phone will ring. You may add more phones to the list, simply by clicking on
the + button;

• Follow Me mode: Select between Group or Sequence.

IPBRICK SA Reference Guide - Version 6.0

328 Appendix F - IPBRICK.CAFE

Figure 15.21: VoIP Settings

Email Settings
• State: Shows if mail account is active or not. Not editable;

• Mail: User mail address. Not editable;

• Alternative address: Shows the user alternative mail addresses list. Not
editable;

• Mail quota: User mail quota if defined. If not defined it will show Unlimited.
Not editable;

• Message maximum size: Message maximum size to receive, if defined. If not

defined it will show Unlimited. Not editable;

• Forward To: The user can define other email addresses. So when someone
send a mail to [email protected], the addresses defined here will receive
a copy too;

• Automatic reply message: If a message is defined, IPBrick will auto reply

with this message when someone send a mail to the user’s account. By
default, of course, no message is present.

Figure 15.22: Email Settings

When you have finished, click on the Save button. You may also click on the
Cancel button to abort the changes.

Reference Guide - Version 6.0 IPBRICK SA

15.3 IPBRICK.CAFE user guide 329

Figure 15.23: Cancel and Save buttons

IPBRICK SA Reference Guide - Version 6.0