Quantcast
Channel: FreePBX Community Forums - Latest posts
Viewing all 227279 articles
Browse latest View live

Help migrating from Italian tiscali provider's router to freepbx and pfsense

October 4, 2019, 6:42 am
$
0
0

Sorry @asteriskadmin but I’m not so good with analyzing sip logs so I will try… first off all I cannot see in the log any 407 status and the real in the authorization string that I reported is realm=“ims.tiscali.net” so I think that is right… about the username

they send to me an email with the username in this format 0039XXXXXXXXXX@ims.tiscali.net but I cannot place this under the username field cause I will receive the error

res_pjsip.c:3628 create_out_of_dialog_request: Unable to create outbound OPTIONS request to 
endpoint  0039XXXXXXXXXX as URI 'sip:0039XXXXXXXXXX@ims.tiscali.net@ims.tiscali.net:5060' 
is not valid

so I removed the domain from the username. Here in Italy, in the last mounths, Tiscali is the first isp that has changed the modem management policy and released access to the sip credentials, so it will be very usefull for us to find a way to make this works. many thanks

Search

Extension unreachable / reachable

October 4, 2019, 6:45 am
$
0
0

That’s a single successful result for qualifying. It doesn’t show the REGISTERs - which will likely show the Grandstream asking for the registration to be removed.

One way Audio

October 4, 2019, 6:45 am
$
0
0

Hi,

All my remote sites have a site-to-site VPN connection so the VPN is running from the router of the remote site and not from the phone itself.

The IP of the phone that ia ma doing my tests is 10.10.1.251

One way Audio

October 4, 2019, 6:46 am
$
0
0

The remote subnets are 10.10.1.0/24, 10.10.20.0/24, 192.168.22.0/24, 192.168.23.0/24, 192.168.24.0/24 and 192.168.25/0/24

Module CustomContext

October 4, 2019, 6:47 am
$
0
0

I am looking in the web interface in the context module for an option that will allow one context to be included in another. An option in the web interface that records the include option in the desired file

Module CustomContext

October 4, 2019, 6:49 am
$
0
0

This is the wrong format. It needs to be include => mirohost1

FreePBX 14 Asterisk 13 Fail2ban issue

October 4, 2019, 6:50 am
$
0
0

Clean install of the recommended FreePBX 14 with Asterisk 13 from the freepbx download. Fail2ban seems to work fine for SSH but anything related to SIP doesn’t get caught. I played around with the regex a little and got it to ban for Rejecting unknown SIP connection from .

/etc/fail2ban/filter.d/asterisk.conf

# Fail2Ban filter for asterisk authentication failures
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = asterisk

__pid_re = (?:\[\d+\])

iso8601 = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+[+-]\d{4}

# All Asterisk log messages begin like this:
log_prefix= (?:NOTICE|SECURITY)%(__pid_re)s:?(?:\[C-[\da-f]*\])? \S+:\d*( in \w+:)?

failregex = ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Registration from '[^']*' failed for '<HOST>(:\d+)?' - (Wrong password|Username/auth name mismatch|No matching peer found|Not a local domain|Device does not match ACL|Peer is not su$
            ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Call from '[^']*' \(<HOST>:\d+\) to extension '[^']*' rejected because extension not found in context
            ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Host <HOST> failed to authenticate as '[^']*'$
            ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s No registration for peer '[^']*' \(from <HOST>\)$
            ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Host <HOST> failed MD5 authentication for '[^']*' \([^)]+\)$
            ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Failed to authenticate (user|device) [^@]+@<HOST>\S*$
            ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s hacking attempt detected '<HOST>'$
            ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s <HOST> tried to authenticate with nonexistent user.+$
            ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s <HOST> failed to authenticate as.+$
            ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Request from '[^']*' failed for '<HOST>:\d+' .+ No matching endpoint found$
            ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="([\d-]+|%(iso8601)s)",Severity="[\w]+",Service="[\w]+",EventVersion="\d+",AccountID="(\$
# These WARNINGS do not have a file attribute, as they're generated dynamicly
            ^(%(__prefix_line)s|\[\]\s*WARNING%(__pid_re)s:?(?:\[C-[\da-f]*\])? )[^:]+: Friendly Scanner from <HOST>$
            Ext\. s: "Rejecting unknown SIP connection from <HOST>:(.+)"$

ignoreregex =


# Author: Xavier Devlamynck / Daniel Black
#
# Update: 2016-05-10 by xrobau@gmail.com
# - Detect PJSIP Scans
# - Detect AMI events that may be missed by having SecuritEvents disabled
# - Support WSS
#
# General log format - main/logger.c:ast_log
# Address format - ast_sockaddr_stringify
#
# First regex: channels/chan_sip.c
#
# main/logger.c:ast_log_vsyslog - "in {functionname}:" only occurs in syslog

/etc/fail2ban/jail.local

[asterisk-iptables]
enabled = true
filter = asterisk
action = iptables-allports[name=SIP, protocol=all]
logpath = /var/log/asterisk/fail2ban

Everything is logging to /var/log/asterisk/fail2ban but the regex is not picking it up.

Does anyone have a regex file that works with FreePBX 14 and Asterisk 13?

Is there something I am missing here?

One example of it not blocking is this

DP/192.168.5.14/5060",RemoteAddress="IPV4/UDP/77.247.108.220/6011",ACLName="registrar_attempt_without_configured_aors"
[2019-10-04 09:53:55] WARNING[17436] res_pjsip_registrar.c: Endpoint 'anonymous' has no configured AORs
[2019-10-04 09:53:55] SECURITY[2415] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-04T09:53:55.938-0400",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="anonymous",SessionID="4205803017",LocalAddress="IPV4/UDP/192.168.5.14/5060",RemoteAddress="IPV4/UDP/77.247.108.220/6011",ACLName="registrar_attempt_without_configured_aors"
[2019-10-04 09:53:55] WARNING[11664] res_pjsip_registrar.c: Endpoint 'anonymous' has no configured AORs
[2019-10-04 09:53:55] SECURITY[2415] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-04T09:53:55.956-0400",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="anonymous",SessionID="1454978471",LocalAddress="IPV4/UDP/192.168.5.14/5060",RemoteAddress="IPV4/UDP/77.247.108.220/6011",ACLName="registrar_attempt_without_configured_aors"
[2019-10-04 09:53:55] WARNING[17436] res_pjsip_registrar.c: Endpoint 'anonymous' has no configured AORs
[2019-10-04 09:53:55] SECURITY[2415] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-04T09:53:55.967-0400",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="anonymous",SessionID="1359014312",LocalAddress="IPV4/UDP/192.168.5.14/5060",RemoteAddress="IPV4/UDP/77.247.108.220/6011",ACLName="registrar_attempt_without_configured_aors"
[2019-10-04 09:53:55] WARNING[11664] res_pjsip_registrar.c: Endpoint 'anonymous' has no configured AORs
[2019-10-04 09:53:55] SECURITY[2415] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-04T09:53:55.977-0400",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="anonymous",SessionID="3550642603",LocalAddress="IPV4/UDP/192.168.5.14/5060",RemoteAddress="IPV4/UDP/77.247.108.220/6011",ACLName="registrar_attempt_without_configured_aors"

Cisco PAP2 with EndPoint Manager

October 4, 2019, 7:01 am
$
0
0

Update: After 20 minutes idle, it did auto provision itself.

My next question, through basefile edit, am I able to tell it to turn on NAT Mapping, as well as change the ring waveform?

Search

FreePBX 14 Asterisk 13 Fail2ban issue

October 4, 2019, 7:08 am
$
0
0

It looks like you have anonymous access turned on. That won’t help.

I finally gave up chan_sip for chan_pjsip and it was fine

October 4, 2019, 7:09 am
$
0
0

Today I found that the WebRTC phone doesn’t work over IPv6, but does work over IPv4. Investigating. I’m mentioning it in this thread because the error generated is:

[2019-10-04 10:01:46] ERROR[29983]: res_pjsip.c:3662 ast_sip_create_dialog_uas: Could not create dialog with endpoint 991101. Invalid URI (PJSIP_EINVALIDURI)

What do you dislike/hate about FreePBX?

October 4, 2019, 7:10 am
$
0
0

Hi,

Let’s talk about what you like or not FreePBX distro ?

  1. First i would like a way to uninstall a batch of commercial modules in case i don’t use them.
  2. Troubleshooting a call issue is difficult with over 50-100 lines in the verbose output.
  3. it would be nice if you had templates for different SIP providers.

What other things you like or not ?

FreePBX 14 Asterisk 13 Fail2ban issue

October 4, 2019, 7:11 am

Module CustomContext

October 4, 2019, 7:12 am
$
0
0

Is there a button in the web interface that includes context in context, that’s what I mean

I finally gave up chan_sip for chan_pjsip and it was fine

October 4, 2019, 7:15 am

FreePBX 14 Asterisk 13 Fail2ban issue

October 4, 2019, 7:15 am
Search

Module CustomContext

October 4, 2019, 7:27 am
$
0
0

No - that’s not how custom contexts work, so having the GUI make changes wouldn’t be a good plan.

FreePBX 14 Asterisk 13 Fail2ban issue

October 4, 2019, 7:34 am
$
0
0

That seems to have taken care of the log. Any ideas as to why the regex wasn’t picking up the entry in the log when it was present?

I finally gave up chan_sip for chan_pjsip and it was fine

October 4, 2019, 7:41 am
$
0
0

Might be the same or a fresh new bug:

[2019-10-04 10:33:14] DEBUG[32275]: res_pjsip_transport_websocket.c:448 websocket_on_rx_msg: Request msg INVITE/cseq=9908 (rdata0x7fae503937b8) re-writing Contact URI from ibef549gpid8.invalid:0;transport=wss to [2601:xxx:xxx:xxx:xxx:xxx:xxx:yyy]:55257;transport=ws

I’m suspicious of how ;transport=wss becomes ;transport=ws

Asterisk 100 cpu and no SIP calls

October 4, 2019, 7:43 am
$
0
0

Today the pbx is simply refusing to connect calls to any phones. Everything seems correctly configured and the pbx can send and receive calls via an E1 but calls simply do not flow to phones and cpu usage is above 100%. I have seen load averages over 30 with all the stuck calls. DNS is working and all phones report as available. A core show channels shows all the stuck calls:

Channel Context Extension Prio State Application Data CallerID Duration Accountcode PeerAccount BridgeID
DAHDI/5-1 macro-dial-one s 59 Up Dial PJSIP/1528/sip:1528@192.1 5510834437 00:04:40 E1
DAHDI/10-1 macro-dialout-trunk s 26 Up Dial DAHDI/G0/5552654848,300,T 5551302800 00:03:51 E1 E1 73796caa-beff-43fe-a
PJSIP/1423-00000040 func-apply-sipheader s 10 Down Return (Empty) 1423 00:00:37 E1 E1
Local/901128@zulu-mo zulu-mobile-phone-pu 901128 1 Ring Stasis zulu-mobile-call-push-pro 9611807869 00:00:00 E1 E1
Local/901128@zulu-mo zulu-mobile-phone-pu 901128 1 Down AppDial (Outgoing Line) 901128 00:00:00 E1 E1
PJSIP/2813-0000003b func-apply-sipheader s 10 Down Return (Empty) 2813 00:01:01 E1 E1
PJSIP/2813-0000004c func-apply-sipheader s 10 Down Return (Empty) 2813 00:00:00 E1 E1
Local/901635@zulu-mo zulu-mobile-phone-pu 901635 1 Down AppDial (Outgoing Line) 901635 00:00:02 E1 E1
Local/901635@zulu-mo zulu-mobile-phone-pu 901635 1 Ring Stasis zulu-mobile-call-push-pro 6671380230 00:00:02 E1 E1
Local/901635@zulu-ca zulu-call 901635 5 Ring Dial Local/901635@zulu-mobile- 6671380230 00:00:02 E1 E1
Local/901635@zulu-ca zulu-call 112 1 Ringing AppDial (Outgoing Line) 112 00:00:02 E1 E1
Local/901128@zulu-mo zulu-mobile-phone-re 901128 1 Ring Stasis zulu-mobile-call-register 9611807869 00:00:00 E1 E1
DAHDI/2-1 macro-dial s 65 Up Dial PJSIP/1128/sip:1128@192.1 9611807869 00:01:05 E1
Local/901128@zulu-mo zulu-mobile-phone-re 901128 1 Down AppDial (Outgoing Line) 901128 00:00:00 E1 E1
DAHDI/13-1 macro-dial s 65 Up Dial PJSIP/2813/sip:2813@192.1 6144294000 00:00:47 E1
Local/902813@zulu-mo zulu-mobile-phone-pu 902813 1 Ring Stasis zulu-mobile-call-push-pro 6144294000 00:00:00 E1 E1
Local/902813@zulu-mo zulu-mobile-phone-pu 902813 1 Down AppDial (Outgoing Line) 902813 00:00:00 E1 E1
PJSIP/1528-0000003a func-apply-sipheader s 10 Down Return (Empty) 1528 00:01:04 E1 E1
DAHDI/61-1 from-digital 1 Up AppDial (Outgoing Line) 05552654848 00:03:39 E1 E1 73796caa-beff-43fe-a
DAHDI/9-1 macro-dial-one s 59 Up Dial PJSIP/1000/sip:1000@192.1 9848033447 00:02:22 E1
Local/901128@zulu-mo zulu-mobile-phone-wa 901128 1 Down AppDial (Outgoing Line) 901128 00:00:00 E1 E1
Local/901128@zulu-mo zulu-mobile-phone-wa 901128 1 Ring Stasis zulu-mobile-call-wait-pro 9611807869 00:00:00 E1 E1
PJSIP/1403-00000045 func-apply-sipheader s 10 Down Return (Empty) 1403 00:00:21 E1 E1
Local/901128@zulu-de zulu-desktop-phone 901128 1 Ring Stasis zulu-desktop-call-process 9611807869 00:00:00 E1 E1
Local/901128@zulu-de zulu-desktop-phone 901128 1 Down AppDial (Outgoing Line) 901128 00:00:00 E1 E1
PJSIP/1049-0000003d func-apply-sipheader s 10 Down Return (Empty) 1049 00:00:49 E1 E1
Local/902813@zulu-mo zulu-mobile-phone-wa 902813 1 Ring Stasis zulu-mobile-call-wait-pro 6144294000 00:00:00 E1 E1
Local/902813@zulu-mo zulu-mobile-phone-wa 902813 1 Down AppDial (Outgoing Line) 902813 00:00:00 E1 E1
-------- snip --------------

Any ideas? Everything is up to date on the server and it had been working fine till today.

I finally gave up chan_sip for chan_pjsip and it was fine

October 4, 2019, 7:46 am
$
0
0

That should be okay. That logic is updating the received Contact to enforce connection reuse, and due to the way things work internally being "ws’ is pefectly fine. If it were “wss” it wouldn’t actually work. The spec also states that the transport parameter should be “ws” for URIs[1]. WSS is only valid in the Via header.

[1] https://tools.ietf.org/html/rfc7118#page-6

Viewing all 227279 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>