Categories
Asterisk Support Covid-19 FreePBX Knowledge Base Remote Working

Disabling Router SIP ALG

With many companies asking their employees to work from home, a common problem when trying to use a sip phone on a home network is the SIP ‘helper’ or ALG, Here is some advice on how to disable it on the more common routers that you may encounter.

SIP ALG (Application Layer Gateway) modifies VoIP traffic with the aim of solving NAT and firewall related problems. SIP ALG does this by inspecting SIP packets and modifying SIP Header and SDP data.

Unfortunately, SIP ALG was poorly implemented in a lot of cases, which has lead to it causing more issues than it corrects and due to this, we believe that, in general, it is best disabled.

Note – Many routers will re-enable SIP ALG after being powered off and on, or sometimes after a firmware update, therefore if it has been disabled in the past, and you know that the router was recently updated and powered off and on again, then it is always a good idea to log in to the router and double check the setting.

Virgin SuperHub: SIP ALG cannot be disabled in the settings of SuperHubs. Please click here for advice troubleshooting issues with SuperHubs. 

BT: SIP ALG cannot be disabled in the settings of BT HomeHubs, but can be disable with BT Business Hub versions 3 and higher:

Disabling a BT Business Hub 5’s SIP ALG

Fritz!Box: SIP ALG can’t be disabled.

DrayTek routers: Log in to your DrayTek via Telnet using an SSH client such as Putty: http://www.putty.org/

Check if SIP ALG is Enabled or Disabled:

To check if SIP ALG is Enabled or Disabled enter this command: sys sip_alg ?

If SIP ALG is disabled a ” 0 ” result will be returned.  If SIP ALG is enabled the result will be ” 1 “.

Disabling SIP ALG:

To Disable SIP ALG enter the following:

sys sip_alg 0
sys commit
sys reboot

The router will restart and save your changes.

Click here for additional general information about DrayTek Firewall setup. 

TP-Link routers: How to Disable SIP ALG on TP-Link ADSL modem router

Linksys: Check for a ‘SIP ALG’ option, in the ‘Administration’ tab under ‘Advanced’. 

May also need to disable SPI Firewall. 

Microtik: Disable ‘SIP Helper‘. 

Netgear: Look for a ‘SIP ALG’ checkbox in the ‘WAN’ settings.

Port Scan and DoS Protection should also be disabled.

Disable STUN in VoIP phone’s settings. 

D-Link: In your router’s ‘Advanced’ settings –> ‘Application Level Gateway (ALG) Configuration’ uncheck the ‘SIP’ option. 

Huawei: Many routers support SIP ALG (usually found in the ‘Security’ menu). 

SonicWALL Firewall: Under the VoIP tab, the option ‘Enable Consistent NAT’ should be enabled and ‘Enable SIP Transformations’ unchecked.  

Thomson: How to Disable SIP ALG on a Thomson Router HERE

Test with STUN disabled in your VoIP phone’s settings.

Adtran Netvanta: Disable SIP ALG under ‘Firewall/ACLs’ –> ‘ALG Settings’.

Even if there isn’t a SIP ALG option in your router’s settings, it may still be implemented. TelNet commands must be used to disable SIP ALG with TechnicolorThomsonSpeedTouch, some Draytek and some ZyXEL routers. 

Categories
Asterisk Support FreePBX Knowledge Base Support Technical

Backing up files in FreePBX 15

The first time you come to restore your FREEpbx 15 system you may find that not everything that you expected is there !

The new backup module backs up on a module by module base and not like before where is was DBs and Files.

Linked here is a repository that has the files to create a module that can be edited to backup directories.

https://bitbucket.org/cybercottage/filebackup

The file you need to edit is Backup.php

<?php

namespace FreePBX\modules\Filebackup;
use FreePBX\modules\Backup as Base;

class Backup extends Base\BackupBase
{
    public function runBackup($id, $transaction)
    {
        $this->addDirectories([
            '/etc/asterisk','/tftpboot',
        ]);
        $files = glob("/etc/asterisk/*conf");
        foreach ($files as $file) {
            $path = pathinfo($file, PATHINFO_DIRNAME);
            $this->addFile(basename($file), $path, '', "conf");
    }
    $files = glob("/tftpboot/*xml");
        foreach ($files as $file) {
            $path = pathinfo($file, PATHINFO_DIRNAME);
            $this->addFile(basename($file), $path, '', "conf");
        }
        return $this;
    }
}

As you see we are backing up /etc/asterisk and /tftpboot , But only *.conf files in /etc/asterisk and only *.xml files in /tftpboot

Details on the new backup system are here https://wiki.freepbx.org/display/FOP/Implementing+Backup

Thanks to James Finstrom for the original version of this, This version is not to replace his work but only to give an example of working with Multiple directories

The downloaded zip file needs to be added as a Local module via Module Admin and enabled, It will obviously give a signing error but this can be disabled in Advanced settings or ignored ;-)

Enjoy but don’t blame me if it doesn’t work. Ive tested it on my systems and all seems good by your experience may be different

Categories
Asterisk Support FreePBX Knowledge Base Support Technical

Resetting root password on FreePBX 14 and other Centos 7 servers

Boot your system and wait until the GRUB menu appears. On some systems you may need to press the “Escape” key to access the GRUB menu. FreePBX should show this for a few seconds on Boot

Highlight your Operating System and then press “e” to edit. You have to be quick here simpler to just press e when the menu appears and you will see similar to below.

Find the line beginning with linux. In this example the line begins linux16.

Manually delete the entries quiet and rhgb from the line. then append the following statement to the end of the line init=/bin/sh Don’t worry if your command is spread across more than one line. A continuation character “\ will be inserted automatically.

Now reboot your system now using the options specified by pressing the keys Ctrl +X

Once the system has re-booted, you will be presented with a shell prompt without having to enter any user name or password.

At this command prompt you will need to enter the following commands:

Remount the “/” root filesystem in Read/Write mode: mount -o remount,rw /

Issue the passwd command to reset the root account password: passwd

Then enter the new password as prompted twice

Then remount the “/” root filesystem in Read Only mode: mount -o remount,ro /

You can now restart the system and login with your new password.

Categories
Asterisk Support Blog Design FreePBX Knowledge Base Software

G.729 Goes Royalty Free

G.729 – IMPORTANT INFORMATION

As of January 1, 2017 the patent terms of most Licensed Patents under the G.729 Consortium have expired.

With regard to the unexpired Licensed Copyrights and Licensed Patents of the G.729 Consortium Patent License Agreement, the Licensors of the G.729 Consortium, namely Orange SA, Nippon Telegraph and Telephone Corporation and Université de Sherbrooke (“Licensors”) have agreed to license the same under the existing terms on a royalty-free basis starting January 1, 2017.

For current Licensees of the G.729 Consortium Patent License Agreement, no reports and no payments will be due for Licensed Products Sold or otherwise distributed as of January 1, 2017.

For other companies selling G.729 compliant products and that are not current Licensees of the G.729 Consortium, there is no need to execute a G.729 Consortium Patent License Agreement since Licensors have agreed to license the unexpired Licensed Copyrights and Licensed Patents of the G.729 Consortium Patent License Agreement under the existing terms on a royalty-free basis starting January 1, 2017.

As soon as we hear how this is going to affect Digium Asterisk we will update here.

 

Categories
Asterisk Support Knowledge Base Security

Catching the IP of anonymous callers on Asterisk servers

Hi just sharing a simple bit of dialplan to catch anon callers ip addresses when using freepbx and Anonymous callers is set to yes, which is needed for some suppliers.

Normally I would say lock your firewall to only known IPs, but in some cases this isn’t possible

Im sure if you have a Asterisk server with a public IP you will have seen calls on the console screen where the call is to a destination but the callers are exten@yourserver . Well this little bit of dialplan at the end of you default sip context should catch them and log them with the ip of the originating server

In extensions_custom.conf add the dialplan below

[catchall]
exten => s,1,Noop(Dead calls rising)
exten => s,n,Set(uri=${SIPCHANINFO(uri)})
exten => s,n,Verbose(3,Unknown call from ${uri} to ${EXTEN})
exten => s,n,System(echo "[${STRFTIME(${EPOCH},,%b %d %H:%M:%S)}] SECURITY[] Unknown Call from ${CALLERIDNUM} to ${FROM_DID} IPdetails ${uri}" >> /var/log/asterisk/sipsec.log)
exten => s,n,Hangup()

Then in Custom Destinations add a destination as  catchall,s,1

so you now get in your logs

[May 1 00:11:06] SECURITY[] Unknown Call from  to 900441516014742 IPdetails sip:101@37.75.209.113:21896

 I hope this is some help to you, It allows other scripts to pick up this address and add it to your firewall.
Categories
Asterisk Support Knowledge Base

Nagios check_asterisk change for Asterisk 13

We noticed to day after a Asterisk server upgrade the Nagios check_asterisk plugin we use was reporting a”unknown”

It seems there is a minor change in response to the status request.

It was:

[root@elastix24 ~]# ./check_asterisk -h 127.0.0.1 -m mgr -u user -p secret  -vvvv
Running in Manager mode
Connecting to 127.0.0.1:5038
Connected to 127.0.0.1:5038
Asterisk Call Manager/1.1
Action: Login
Username: user
Secret: secret

Response: Success
Message: Authentication accepted
Action: Status

Response: Success
Message: Channel status will follow

Event: StatusComplete
OK  (idle) 

Its now with ami 2.7

[root@aubpbx1 ~]# ./check_asterisk -h 127.0.0.1 -m mgr -u user -p secret -vvvv
Running in Manager mode
Connecting to 127.0.0.1:5038
Connected to 127.0.0.1:5038
Asterisk Call Manager/2.7.0
Action: Login
Username: user
Secret: secret

Response: Success
Message: Authentication accepted

Action: Status
Response: Success

EventList: start
Message: Channel status will follow

Event: StatusComplete
OK  (idle)

So the plugin code need a small change to reflect this

diff check_asterisk check_asterisk_old 
162,163c162,163
< &unknown("Unknown answer $response (wanted Message: something)") unless ($message =~ m/^EventList:\s+(.*)$/i);
< &unknown("didn't understand message $message") unless ($1 =~ m/start/i);
---
> &unknown("Unknown answer $response (wanted Message: something)") unless ($message =~ m/^Message:\s+(.*)$/i);
> &unknown("didn't understand message $message") unless ($1 =~ m/Channel status will follow/i);

Once this is made seems to be reporting OK.

Categories
Asterisk Support Elastix Support Knowledge Base Support Technical

One way audio with Yealink T23 and Gamma Sip trunks on Freepbx

We recently had a very puzzling issue with a customer who we supplied some T23 Yealink handsets. When making outgoing calls over Gamma sip trunks on their Elastix server we were getting one way audio, This was not an issue with their existing Snom handsets or a problem for internal or incoming calls over the same trunks. It also wasn’t an issue when using iax2 trunks.

It seems that there is some interoperability issue when using sip trunks and these handsets. and seems to be a little known issue as only affects a few operators.

It seems to addressed in 44.80.0.20 version software that isn’t on the Yealink UK site yet but is available here and should be loaded on all T23 handsets as they are being delivered as 44.80.0.5 firmware at the moment.

Categories
Asterisk Support Elastix Support Knowledge Base Support

Multiple Dynamic features with Asterisk Applicationmaps

Dynamic features are very useful for allowing users access to custom features during calls. These can be loaded individually via the dialplan, but in freepbx based solutions this will mean a bit of hacking of the dialplan using overides and making sure all still works afterwards, or as a global varible.

The easiest way is to load them as a global as is done with apprecord, But if you want to add lots of features then you will have to use a Application Map group. This is done by editing the features_applicationmap_custom.conf  file so it looks like below for example, at the top are your application maps then your group

testfeature => #9,callee,Playback,tt-monkeys 
calleehangup => #8,callee,Hangup()
callerhangup => #7,caller,Hangup()
[mymapgroup]
testfeature => #9
calleehangup => #8
callerhangup => #7
apprecord => *1

DO NOT FORGET to add the apprecord to your group.

You then need to edit the globals_custom.conf file and add a line like below

DYNAMIC_FEATURES => mymapgroup

Then reload asterisk and issue the command “features show”

Dynamic Feature           Default Current
---------------           ------- -------
callerhangup              no def  #7     
calleehangup              no def  #8     
testfeature               no def  #9     
apprecord                 no def  *1     
Feature Groups:
---------------
===> Group: mymapgroup
===> --> apprecord (*1,caller,Macro,one-touch-record)
===> --> callerhangup (#7)
===> --> calleehangup (#8)

and to check that they are loaded as a global variable do “dialplan show globals” and near or at the top you will see:-

 DYNAMIC_FEATURES=mymapgroup

And thats all there is to it.

Categories
Asterisk Support Elastix Support Knowledge Base

Sip Config for Aretta CBeyond and Voiceflex with Asterisk

Since Version 1.8 in Asterisk we have seen some issues with DID calls from some suppliers.

The tell tail sign is that even though you have an inbound route that matches the DID it will still say in the verbose screen that nothing matched it in the inbound context, For example:-

Call from 'USERNAME' (XXX.XX.XXX.XX:5060) to extension '01234123412' rejected because extension not found in context 'from‐trunk'

and if you do “dialplan show 01234123412@from-trunk” sure enough there is one.

After much searching and experimentation below is a working freepbx config that has been tested with 1.8 and 11 and proves to be working with the suppliers above.

OUTBOUND

[peername]
username=USERNAME
type=peer
trustrpid=yes
sendrpid=yes
secret=PASSWORD
qualify=no
outboundproxy=sip.hostname.com
nat=yes
insecure=very
host=sip.hostname.com
fromdomain=sip.hostname.com
dtmfmode=auto
disallow=all
context=from-trunk
canreinvite=no
allow=ulaw
allow=alaw

INBOUND

[username]
type=peer
host=sip.hostname.com
dtmfmode=auto
disallow=all
context=from-trunk
canreinvite=no
allow=ulaw
allow=alaw

;registration string
USERNAME:PASSWORD@peername/USERNAME
Categories
Asterisk Support Elastix Support Knowledge Base

IAX2 Cause code

Here is a table of the IAX2 to assist with debugging IAX2 call issues

More IAX2 information can be found here and the RFC is here


CSV
 download is here
Number Cause Reference
1 Unassigned/unallocated number [RFC5457]
2 No route to specified transit network [RFC5457]
3 No route to specified transit network [RFC5457]
4-5 Unassigned
6 Channel unacceptable [RFC5457]
7 Call awarded and delivered [RFC5457]
8-15 Unassigned
16 Normal call clearing [RFC5457]
17 User busy [RFC5457]
18 No user response [RFC5457]
19 No answer [RFC5457]
20 Unassigned
21 Call rejected [RFC5457]
22 Number changed [RFC5457]
23-26 Unassigned
27 Destination out of order [RFC5457]
28 Invalid number format/incomplete number [RFC5457]
29 Facility rejected [RFC5457]
30 Response to status enquiry [RFC5457]
31 Normal, unspecified [RFC5457]
32-33 Unassigned
34 No circuit/channel available [RFC5457]
35-37 Unassigned
38 Network out of order [RFC5457]
39-40 Unassigned
41 Temporary failure [RFC5457]
42 Switch congestion [RFC5457]
43 Access information discarded [RFC5457]
44 Requested channel not available [RFC5457]
45 Pre-empted (causes.h only) [RFC5457]
46 Unassigned
47 Resource unavailable, unspecified (Q.931 only) [RFC5457]
48-49 Unassigned
50 Facility not subscribed (causes.h only) [RFC5457]
51 Unassigned
52 Outgoing call barred (causes.h only) [RFC5457]
53 Unassigned
54 Incoming call barred (causes.h only) [RFC5457]
55-56 Unassigned
57 Bearer capability not authorized [RFC5457]
58 Bearer capability not available [RFC5457]
59-62 Unassigned
63 Service or option not available (Q.931 only) [RFC5457]
64 Unassigned
65 Bearer capability not implemented [RFC5457]
66 Channel type not implemented [RFC5457]
67-68 Unassigned
69 Facility not implemented [RFC5457]
70 Only restricted digital information bearer capability is available (Q.931 only) [RFC5457]
71-78 Unassigned
79 Service or option not available (Q.931 only) [RFC5457]
80 Unassigned
81 Invalid call reference [RFC5457]
82 Identified channel does not exist (Q.931 only) [RFC5457]
83 A suspended call exists, but this call identity does not (Q.931 only) [RFC5457]
84 Call identity in use (Q.931 only) [RFC5457]
85 No call suspended (Q.931 only) [RFC5457]
86 Call has been cleared (Q.931 only) [RFC5457]
87 Unassigned
88 Incompatible destination [RFC5457]
89-90 Unassigned
91 Invalid transit network selection (Q.931 only) [RFC5457]
92-94 Unassigned
95 Invalid message, unspecified [RFC5457]
96 Mandatory information element missing (Q.931 only) [RFC5457]
97 Message type nonexistent/not implemented [RFC5457]
98 Message not compatible with call state [RFC5457]
99 Information element nonexistent [RFC5457]
100 Invalid information element contents [RFC5457]
101 Message not compatible with call state [RFC5457]
102 Recovery on timer expiration [RFC5457]
103 Mandatory information element length error (causes.h only) [RFC5457]
104-110 Unassigned
111 Protocol error, unspecified [RFC5457]
112-126 Unassigned
127 Internetworking, unspecified [RFC5457]
128-255 Unassigned