Log into the MSL using putty.
If you don’t know how to then check out this earlier post
Log in a “root” and use same password as “admin” (Normally)
MBG
How to change certificate on MSL
If you have a pfx file you will need to decrypt it (unless you are on the latest version on MSL)
If the file was named wildcard certificate the instructions would be something like the below
You will need the password to decrypt the pfx file. This was created the same time as the certificate
Using putty as a socks5 proxy
You can use the MBG to VPN to a customers network but this is another trick in your box.
From your office putty into the external address of the MBG
(This has to be allowed in the remote access section of MSL)
Setup tunnels in Putty, see below, copy this and click Add. Make sure to choose “dynamic” and “Auto”
As some of the Mitel kit requires Internet explorer(IE) i will use it as my example.
In IE choose internet options, connections,LAN settings
Now you can web browse to any web site on the customer network, including the 3300, MBG, Nupoint, ETC
MBG daisy chaining
MBG – Installation and Maintenance Guide
Setting up Daisy Chained Servers
For geographically remote servers:
- Configure your upstream MBG server as usual (either Gateway or DMZ deployment).
- On the downstream server, use the MBG web interface to configure the following
parameters:
- On the Configuration tab, select Network Profiles and then click Put Into
Daisychain Mode.
- In the Daisy-Chain IP address field, enter the IP address of the upstream MBG
server.
- Click Save.
Notes:
- Downstream server can be in either Gateway or DMZ deployment mode.
- Add sets and configuration changes to the upstream server only.
For remote offices with high volume of remote sets:
This scenario can be configured in one of the following two ways:
- Remote (downstream) office uses an MBG server operating in Gateway mode as the Internet firewall.
- Remote office has a separate firewall and runs the MBG server in DMZ mode.
In either case the configuration described under For geographically remote servers should be
done on the downstream server.
Note: There is no restriction on the location of remote sets – they do not have to be on
the LAN side of the server. So it is possible (and may be desirable) to have Internet MBG
sets also point to the downstream server to maintain local streaming with sets on the
remote LAN.
Why do i get “Invalid Set type” on a 5235 teleworker?
- 5235 are supported in teleworker mode, but not in a clustered MBG enviroment
How to use UCA remotly with a Desk Phone
This has changed in version 6 UCA
- First you need an Mitel Border Gateway (MBG) with Web proxy
- In Ver5.0 you programme the client as softphone as well as the normal desk phone
- Programme the soft phone DN as any free number and enter the MBG external IP address
- Click “Retreive the certificate” and get the administrator to approve the certificate in the MBG
- After cert has been “approved” you should get a message telling you so in the UCA client
- In the MBG add a minet user with the DN you used in the client
How do i use putty on a MITEL Standard Linux server (MSL)?
- Download putty from here (My mirror ) putty
- Under host name enter ip address of MSL server
- Set connection type to SSH
- Hit open
- Accept certificate
- Use “admin” account to see console or “root” account for trouble shooting.
- Same password for both accounts you entered on install of MSL
Console of MSL
Root login of MSL
Putty interface
How do i trouble shoot SIP trunks on Mitel Border Gateway (MBG)?
- Type this in on putty root logon
- tcpdump -s0 -i eth0 -w testsip.pcap .Useful examples
- eth0 is the NIC, if you have two NIC’s in your MBG then you may want to use eth1
- Start it running before making test call and stop it running after with “Control C”
- then sftp it with winsftp and open testsip.pcap in wireshark (my mirror –winscp517setup)
- Also on MCD 5.0 and above you can now do “Sip TCPDump on/off” in the maintanence commands
- This creates a file in the “vmail” directory on the mitel
- Ftp to the mitel which will put you in the “sysro” directory.
You need to go one directory up to get the the vmail directory - Same logon to FTP as phone system
Note Gamma Tech Support number = 0808 178 8000 option 1, 1, 2
Update June 2021
The newer veisons of MBG have a useful feature that splits the wireshark capture in to managable file sizes
Here is an example of how to do the same via TCPDUMP on the older version of MBG that dont have this feature
I had a customer where they had 1000’s of phones connecting to 2 x MIVB with 2 x MBG SBC’s accross 10’s of sites
When they had a speech quality issue and i needed to prove the speech was poor before it got the MBGSBC i started a wireshark capture.
Of course the file got far to be far to quickly.
To try and remendy this i needed to filter the capture to only collect the packets going to the particular phone subnets
As well as the packets going ot he phone system so i could capture the signalling
tcpdump -n \(net 10.1.2.0/24 or net 10.1.36.0/24 or net 172.20.26.211\) -C 500 -W 20 -w sbc1.pcap -Z root
-n = do not look up DNS for the IP’s
net 10.1.2.0/24 = include all packets coming from and to that subnet
net 10.1.36.0/24 = include all packets coming from and to that subnet
net 172.20.26.211 = include all packets going to and from the phone system
-C 500 = file size limit
-W 20 = number of files to create before rolling over (Note the upper case)
-w sbc1.pcap = file name to write too (once the first file has reached 500mb the next file is created with a 01 appended)
-Z root = file permission ( you will get permission denied with out this)
This should collect all the RTP going through the MBGSBC as well as the SIP signalling to and from the MIVB
so you can still use wireshark to inspect and filter the captured file like i explained in these posts 1 2 3