Chan Chung Hang Christopher <christopher.chan at bradbury.edu.hk> wrote: >> Ah, well, if you want to keep the landlines, then yeah, I guess asterisk is the way to go. If your goal is to replace keyline systems, then asterisk definitely has that kind of support which, it appears, even Cisco's solution does not (from the mouth of Datacraft Asia personnel selling the school Cisco's voip solution). << I replaced our PBX with an Asterisk box and Snom VoIP phones for just this reason. All calls are made over POTS lines, although I did have it working over IAX2 with FreeWorldDialup back when they offered a free service. The functionality is significantly better than the old PBX, with a menu system to connect callers to the right extension during business hours, conferencing, voicemail with forwarding by email, etc. I have an OpenVPN connection from my desktop machine at the university where I work back to my home office LAN and can use a softphone to answer my home phone while at the office, etc. Quite neat. I've even programmed it to fetch the area weather forecast and read it out when you dial one extension. This has been much more useful than I expected - when I get sales calls from people I really don't want to deal with, I just say, "Please hold the line - I'm going to transfer you to the right person" and then transfer the call to the weather forecast. The sales person now gets what sounds like Stephen Hawking reading them the weather. Easily the best use for Asterisk ever. My setup is running on Centos 4.8 and has been a breeze to maintain. Nothing is exposed to the outside world, so I haven't felt pressured to apply updates, etc. However, I did do a little experimenting and found that it's remarkably easy to record calls using Cain+Abel to conduct an ARP cache poisoning attack between any phone and the Asterisk server. The only defences against this are to implement SRTP (Secure Real-Time Protocol), but last time I looked, this required SIP over TCP, which Asterisk did not support (not to mention having to set up a PKI and issue certs to the phones), or the much simpler control of ensuring that all phones are on a separate VLAN from the computers. For any reasonable-sized setup this isn't too hard to achieve as you may well want to buy a PoE switch to power the phones (wall warts are a PITA). There's also an excellent publication on VoIP in the NIST 800-series Special Publications, which is worth looking at. Best, --- Les Bell [http://www.lesbell.com.au] Tel: +61 2 9451 1144