Under ISPConfig 3 you can have more than one PHP release available for your websites. Not every project runs perfectly in all versions, there is still out there some software that needs PHP 5.
I will show how easy is to add new PHP versions. This example installs PHP 7.2. UPDATE: PHP 7.3 and 7.4 RPM's are out, the same process applies to them.
IP Authentication is the fact of linking a sip extension against a set of known IP's. Therefore, any call signalled to or from a given IP will be linked to a linked SIP account. IP Authentication is needed (not a must) if you want to configure your PBX as a Class 4 PBX. If you want to know more about the difference between Class 4 and Class 5, read the article I published some years ago in this blog.
So, our scenario is our FusionPBX (pbx-b) is the carrier of another PBX (pbx-a). The pbx-a uses pbx-b as a carrier configured without registration (IP authenticated). Users register into pbx-a. When an outbound call is done, the user signals the authenticate INVITE to pbx-a, then pbx-a forwards the SIP INVITE without authentication. Finally, pbx-b forwards the INVITE to the upstream carrier.
FusionPBX by default is shipped as a Class 5 PBX. You will need to do some web tuning to make it work as a Class 4 PBX. In this article, I will write about the SIP Authentication, which is one of the many steps you need to do.
DNS tunnelling is just another tunnelling technique. Usually, it is called VPN over DNS too, it is just naming. What it makes it very popular is that not all carriers or network administrators are aware of it or if they are, they don't know exactly how to stop it. Rogers, one of the biggest telecommunication carrier in Canada and Telcel the biggest player of mobile telephony in Mexico, both allow DNS tunnelling (I don't doubt others carriers do as well), so when you run out of data in your plan you can still connect if you configure it in your mobile. This is because smartphones need to connect to some carrier servers regardless if you have the right to 2G/3G/4G data access or not; smartphones still have access to the local DNS server. Local networks have the same symptom because DNS is used to access many IT services like the Active Directory, it is very difficult to differentiate between a true legitimate DNS query and DNS tunnelling traffic without the proper tools.
Because of this, I am going to describe how this technique works.