Categories
Knowledge Base

Simple Script to import Asterisk Database entries

This is a very simple script to add entries in bulk to the asterisk internal database.

You colate your entries in a simple csv file as below

family,key1,val99
family,key2,val98

then this simple script needs to be written and then run to update the astdb

#!/bin/sh
input=db.csv
while read line
do
 fam=$(echo $line | cut -d',' -f1)
 key=$(echo $line | cut -d',' -f2)
 value=$(echo $line | cut -d',' -f3)
 asterisk -rx "database put $fam $key $value"
done < "$input"

As can be seen its short and simple, but as it does what its meant to do and can save lots of time when building or migrating Asterisk  servers.

It could be easily changed to remove entries if required.

 

Categories
Peripherals Products

Algo 8128 SIP/VoIP Strobe light

Algo

The Algo 8128 SIP Strobe light is the ideal solution for visual ringing in such areas as noisy factories, cafeterias, and public areas.

Or alternatively it can also be used as a silent visual alert where loud ringing may be disruptive in areas such as hospitals, theatres and, churches etc.

Other applications include emergency and security notification where the press of a single phone key can be used to activate one or many strobe lights. And it can also be integrated within a Call Centre system to provide visual notification when queues and waiting times are exceeding there maximum thresholds

Algo 8128 SIP Strobe Light Key Features

  • 360° Visibility
    Flash patterns are visible in every direction or may be chosen specifically for ceiling and wall mount applications.
  • PoE SIP Endpoint with Web Interface
    Integrates easily into a VoIP Unified Communications environment, hosted or premise PBX.
  • Auto-Multicast
    Trigger one – trigger many. Multiple strobes may be operated simultaneously and synchronously using just one SIP extension.
  • Colourful Options
    Available blue, red, and amber caps to distinguish events in the workplace.
  • LEDs for High Intensity and Long Life
    The 8 brilliant LEDs splash 198 candela light in all directions with greater efficiency than xenon strobes.

Please call or email for pricing and avalibility

Categories
Asterisk Support Elastix Support Knowledge Base

Sip Config for Aretta CBeyond and Voiceflex with Asterisk

Since Version 1.8 in Asterisk we have seen some issues with DID calls from some suppliers.

The tell tail sign is that even though you have an inbound route that matches the DID it will still say in the verbose screen that nothing matched it in the inbound context, For example:-

Call from 'USERNAME' (XXX.XX.XXX.XX:5060) to extension '01234123412' rejected because extension not found in context 'from‐trunk'

and if you do “dialplan show 01234123412@from-trunk” sure enough there is one.

After much searching and experimentation below is a working freepbx config that has been tested with 1.8 and 11 and proves to be working with the suppliers above.

OUTBOUND

[peername]
username=USERNAME
type=peer
trustrpid=yes
sendrpid=yes
secret=PASSWORD
qualify=no
outboundproxy=sip.hostname.com
nat=yes
insecure=very
host=sip.hostname.com
fromdomain=sip.hostname.com
dtmfmode=auto
disallow=all
context=from-trunk
canreinvite=no
allow=ulaw
allow=alaw

INBOUND

[username]
type=peer
host=sip.hostname.com
dtmfmode=auto
disallow=all
context=from-trunk
canreinvite=no
allow=ulaw
allow=alaw

;registration string
USERNAME:PASSWORD@peername/USERNAME
Categories
Asterisk Support Elastix Support Knowledge Base

IAX2 Cause code

Here is a table of the IAX2 to assist with debugging IAX2 call issues

More IAX2 information can be found here and the RFC is here


CSV
 download is here
Number Cause Reference
1 Unassigned/unallocated number [RFC5457]
2 No route to specified transit network [RFC5457]
3 No route to specified transit network [RFC5457]
4-5 Unassigned
6 Channel unacceptable [RFC5457]
7 Call awarded and delivered [RFC5457]
8-15 Unassigned
16 Normal call clearing [RFC5457]
17 User busy [RFC5457]
18 No user response [RFC5457]
19 No answer [RFC5457]
20 Unassigned
21 Call rejected [RFC5457]
22 Number changed [RFC5457]
23-26 Unassigned
27 Destination out of order [RFC5457]
28 Invalid number format/incomplete number [RFC5457]
29 Facility rejected [RFC5457]
30 Response to status enquiry [RFC5457]
31 Normal, unspecified [RFC5457]
32-33 Unassigned
34 No circuit/channel available [RFC5457]
35-37 Unassigned
38 Network out of order [RFC5457]
39-40 Unassigned
41 Temporary failure [RFC5457]
42 Switch congestion [RFC5457]
43 Access information discarded [RFC5457]
44 Requested channel not available [RFC5457]
45 Pre-empted (causes.h only) [RFC5457]
46 Unassigned
47 Resource unavailable, unspecified (Q.931 only) [RFC5457]
48-49 Unassigned
50 Facility not subscribed (causes.h only) [RFC5457]
51 Unassigned
52 Outgoing call barred (causes.h only) [RFC5457]
53 Unassigned
54 Incoming call barred (causes.h only) [RFC5457]
55-56 Unassigned
57 Bearer capability not authorized [RFC5457]
58 Bearer capability not available [RFC5457]
59-62 Unassigned
63 Service or option not available (Q.931 only) [RFC5457]
64 Unassigned
65 Bearer capability not implemented [RFC5457]
66 Channel type not implemented [RFC5457]
67-68 Unassigned
69 Facility not implemented [RFC5457]
70 Only restricted digital information bearer capability is available (Q.931 only) [RFC5457]
71-78 Unassigned
79 Service or option not available (Q.931 only) [RFC5457]
80 Unassigned
81 Invalid call reference [RFC5457]
82 Identified channel does not exist (Q.931 only) [RFC5457]
83 A suspended call exists, but this call identity does not (Q.931 only) [RFC5457]
84 Call identity in use (Q.931 only) [RFC5457]
85 No call suspended (Q.931 only) [RFC5457]
86 Call has been cleared (Q.931 only) [RFC5457]
87 Unassigned
88 Incompatible destination [RFC5457]
89-90 Unassigned
91 Invalid transit network selection (Q.931 only) [RFC5457]
92-94 Unassigned
95 Invalid message, unspecified [RFC5457]
96 Mandatory information element missing (Q.931 only) [RFC5457]
97 Message type nonexistent/not implemented [RFC5457]
98 Message not compatible with call state [RFC5457]
99 Information element nonexistent [RFC5457]
100 Invalid information element contents [RFC5457]
101 Message not compatible with call state [RFC5457]
102 Recovery on timer expiration [RFC5457]
103 Mandatory information element length error (causes.h only) [RFC5457]
104-110 Unassigned
111 Protocol error, unspecified [RFC5457]
112-126 Unassigned
127 Internetworking, unspecified [RFC5457]
128-255 Unassigned

 

Categories
QueueMetrics Support Software

QueueMetrics,  The Advanced Call Center Software Solution Suite. Measure your targets, conversion rates and agent activities. Create accurate reports and statistics. Set security and privacy on individual queues. Support virtual and multi-tenant production environments.

But above all Improve your business.

 

This slideshow requires JavaScript.

QueueMetrics Features:

  • Live administrator and supervisor call center status panel.
  • Area code breakdowns inclusive of calling and waiting time.
  • Agent billable and payable time with total sales, contacts and conversion statistics.
  • Live agent page with queue statistics and agent controls.
  • Total unanswered calls with disconnection time and position.
  • Complete call distribution statistic, including sales and contacts, by week, day or hour.
  • Administrator message broadcasting and SMS functionality.
  • Full agent availability with session and pauses details and history.
  • Inbound ACD call attempts with metrics available by operator, terminal and queue.
  • Detailed call information including the Asterisk Call ID and recorded call.
  • Total of answered calls including call length and waiting time metrics.
  • Inclusive SLA of answered and unanswered calls and disconnection causes.
  • Extensive Quality Assessment module.
  • Send automated nightly PDF/XLS exports by e-mail.
  • Hundreds of metrics computed.

Operations Managers can:

  • See accurate reports of all call center activities.
  • Run reports by single and by user-created queue groups.
  • Measure agents activities, business targets and conversion rates.
  • Fully configure security and privacy, queue-by-queue.

Team Leaders can:

  • Create real time call and agent reporting.
  • See agent status and real­time activities.
  • Remotely listen to live calls as they are handled.
  • Watch agent screens through a VNC client.

Agents can:

  • See the calls they’re handling and integrate with external CRM.
  • Pass data gathered from IVR menus or Caller­ID.
  • Set call status codes for all inbound and outbound traffic.
  • Log­on, log­off, go on pause and set pause reason codes.

IT Managers can:

  • Support single-server or Asterisk® clusters.
  • Support database and flat-file storage.
  • Tune Asterisk® interaction to minimize the load on the Asterisk® server.
  • Avoid patching or changing an existing Asterisk® installation.

To download a product feature sheet click here or call us for a quote.

Categories
Elastix Support Security

SSLv3 Poodle and Elastix

Google has just disclosed SSL POODLE vulnerability which is a design flaw in SSLv3.  By default SSLv3 is enabled by default in Elastix and many other servers, Since it is a design flaw in the protocol itself and not an implementation bug, there will be no patches. Only way to mitigate this is to disable SSLv3 in your web server or application using SSL.

How to test for SSL POODLE vulnerability?

The following simple script will test, its a re-write of Redhats that would give a false negative if the script fails in anyway giving a false sense of security.

#!/bin/bash
chmod 755 /usr/share/doc/bash-3.2/scripts/timeout
ret=$(echo Q | /usr/share/doc/bash-3.2/scripts/timeout 5 openssl s_client -connect "127.0.0.1:${2-443}" -ssl3)
if echo "${ret}" | grep -q 'Protocol.*SSLv3'; then
 if echo "${ret}" | grep -q 'Cipher.*0000'; then
 echo "SSL 3.0 disabled"
 else
 echo "SSL 3.0 enabled"
 fi
else
 echo "SSL disabled or other error"
fi

The outputs will be similar to below on Elastix

[root@elastix24 ~]# ./sslv3.sh 
depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
verify error:num=10:certificate has expired
notAfter=Jun 15 18:30:20 2014 GMT
verify return:1
depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
notAfter=Jun 15 18:30:20 2014 GMT
verify return:1
DONE
SSL 3.0 enabled

As we can see its enabled.

Now edit the file  /etc/httpd/conf.d/ssl.conf

and change line 100 (in Elastix 2.4)

from SLProtocol all -SSLv2    to  SLProtocol all -SSLv2 -SSLv3

The restart the httpd service.

then test again and you should get

13033:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086:SSL alert number 40
13033:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
SSL disabled or other error

If you want to read the background here is the relevant document

Click to access ssl-poodle.pdf

Categories
Asterisk Support Elastix Support Knowledge Base Security

Elastix 2.4 ARI vulnerability Patch

The recent vulnerability in the Asterisk and Freepbx ARI login.php file is not addressed in an update to ARI in the unembedded freepbx on Elastix 2.4.

This will mean that your systems will still be vulnerable.

We have produced a patch that you can apply to address this. The patch can be downloaded  from https://s3.amazonaws.com/filesandpatches/ari.patch and applied as detailed below.

logon to the server console

cd /var/www/html/recordings/includes
cp login.php /root/login.php.ari
wget https://s3.amazonaws.com/filesandpatches/ari.patch
patch < ari.patch 

Then to check either login to server ARI interface or 

cat login.php |grep json

and you should get the following output

$buf = json_decode($_COOKIE['ari_auth'],true);
$data = json_decode($crypt->decrypt($data,$ARI_CRYPT_PASSWORD),true);
$data = $crypt->encrypt(json_encode($data),$ARI_CRYPT_PASSWORD);
$buf = json_encode(array($data,$chksum));


also check to see if you have the file in the fw_ari directory.

ls -l /var/www/html/admin/modules/fw_ari/htdocs_ari/includes

if there is a login.php there then copy over the patched version.

cp /var/www/html/recordings/includes/login.php  /var/www/html/admin/modules/fw_ari/htdocs_ari/includes/login.php

After these actions check that the file ownership is still correct

if not 

chown asterisk:asterisk /var/www/html/recordings/includes/login.php 

This patch also applies to any older version of ARI out there.

also to be on the lookout for two suspicious files, named “c.sh” or “c2.pl” respectively. If you see these two files remove them immediately!

More details here. http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536 or here http://support.freepbx.org/node/92822

 

 

 

Categories
Case Studies Knowledge Base QueueMetrics Support

QueueMetrics

We have recently installed and customised a Queuemetrics solution for a customer. Their key reason for choosing Queuemetrics was the ability to use dynamic agents without the need of major Elastix reprogramming and a clear and simple interface.

It was also decided that users needed to be able to log into the system from their handsets as well as from a web interface, as the customer is hoping to roll out an agent portal in the future.

To enable Hotdesk the  following setting has to be set similar to below

# The value is interval time (in seconds) used by the analyzer to look back searching HOTDESK verbs in the queue log
default.hotdesking=86400

This meant some additional dialplans to allow logging in & out and pausing.

These are similar to the dialplans that the web portals use except that they have prompts and they also have to store the extension and agent id in the asterisk database.

;added dialplan for queuemetrics
; Add Member - 422
; User is asked for their loging agent id
exten => _422XXXX,1,Answer
exten => _422XXXX,2,Read(AGENTID,agent-login,4,,1,6)
exten => _422XXXX,3,Gotoif($["${AGENTID}" = ""]?end)
exten => _422XXXX,4,GotoIf($[${LEN(${AGENTID})} != 4]?2)
exten => _422XXXX,5,set(DB(qmagent/${CALLERID(num)})=${AGENTID})
exten => _422XXXX,6,Macro(queuelog,${EPOCH},${UNIQUEID},NONE,Agent/${AGENTID},HOTDESK,SIP/${CALLERID(num)})
exten => _422XXXX,7,AddQueueMember(${EXTEN:3:4},SIP/${CALLERID(num)})
exten => _422XXXX,8,SayDigits(${AGENTID})
exten => _422XXXX,9,Playback(agent-loginok)
exten => _422XXXX,10(end),Hangup
; Remove Member - 423
exten => _423XXXX,1,Answer
exten => _423XXXX,2,set(DEL_AGENT=${DB_DELETE(qmagent/${CALLERID(num)})})
exten => _423XXXX,3,RemoveQueueMember(${EXTEN:3:4},SIP/${CALLERID(num)})
exten => _423XXXX,4,Playback(agent-loggedoff)
exten => _423XXXX,5,Hangup
; extension 32: agent pause with hotdesking (with pause code)
exten => _32XX,1,Answer
exten => _32XX,2,set(AGENTCODE=${DB(qmagent/${CALLERID(num)})})
exten => _32XX,3,NoOp( "QM: Pausing Agent/${AGENTCODE} at extension SIP/${CALLERID(num)} with pause reason '${EXTEN:2:2}' made by '${QM_LOGIN}' " )
exten => _32XX,4,PauseQueueMember(,SIP/${CALLERID(num)})
exten => _32XX,5,System( echo "${EPOCH}|${UNIQUEID}|NONE|Agent/${AGENTCODE}|PAUSEREASON|${EXTEN:2:2}" >> /var/log/asterisk/queue_log )
exten => _32XX,6,Playback(dictate/paused)
exten => _32XX,7,Hangup
; extension 33: agent unpause with hotdesking
exten => 33,1,Answer
exten => 33,2,NoOp( "QM: Unpausing Agent/${AGENTCODE} at extension SIP/${CALLERID(num)} made by '${QM_LOGIN}' " )
exten => 33,3,UnpauseQueueMember(,SIP/${CALLERID(num)})
exten => 33,4,Playback(dictate/pause)
exten => 33,5,Playback(removed)
exten => 33,6,Hangup

These need to be added to your extensions_custom.conf file in a context that’s included in the from-internal  context.

Also a change has to be made to the dialplans in the extensions_queuemetrics.conf to store and delete the database entry as well.

The system has proved to deliver what was expected and will shortly be expanded to track outbound calls and the addition of custom wallboards similar to what we recently produced for another customer.

If you would like to talk about adding QueueMetrics to your Asterisk system or are looking for a complete phone system and queuemetrics platform please contact us.

Categories
Asterisk Support Elastix Support Knowledge Base

Installing DynDns update script on Centos

The following is a simple run-through on installing the dyndns client for updating the ip address on your hosts.

cd /usr/src

wget  http://cdn.dyndns.com/ddclient.tar.gz
tar -xzvf ddclient.tar.gz

cd ddclient-3.7.3/

mkdir /etc/ddclient

mkdir /var/cache/ddclient
cp ddclient /usr/local/sbin

cp sample-etc_ddclient.conf /etc/ddclient/ddclient.conf

cp sample-etc_rc.d_init.d_ddclient /etc/rc.d/init.d/ddclient
chkconfig --add ddclient

cd ..

vi  /etc/ddclient/ddclient.conf

add at the bottom of file

#
use=web
login=USERNAME
password=PASSWORD
server=members.dyndns.org  
protocol=dyndns2
# add your DNS name here as below 
DNSNAME.dyndns.biz
#
/etc/init.d/ddclient start

You will then need to check that your host address has updated on the dyndns site.

If you get perl io ssl errors in the logfile then:

yum install perl-IO-Socket-SSL
Categories
Asterisk Support Blog Elastix Support Knowledge Base Security

Shellshocked by Bash !

Well any one in IT and many people who never have anything todo with dirty working of *nix operating systems including Apples OSX cant have missed the news about the latest venerability. This is hot on the heels of teh OpenSSl one and the NTP one before that.

All these have different levels of risk, The NTP one was just a pain easily fixed and could cause little damage, The Openssl one was more of a risk as it allowed hackers to read the memory of systems using certain versions of OpenSSL nicknamed Heartbleed. Now the Bash one is fairly simple to exploit and has been now seen in the wild which in the case of Heartbleed it wasn’t really exploited in the wild.

So how do you test. simple , just type

env x='() { :;}; echo vulnerable’ bash -c “test”

and if it comes back saying Vulnerable update bash.

Great easy you say, well it was spent half a day checking 40 odd servers and updating bash. But then the update they rolled out want enough so today went back round updating again.

It has to be noted that some repositories were running slow and in teh case of one (SCHMOOZE) they hadn’t got the latest patch live by mid day.

It was pleasing how most suppliers were open and concise on what to check and how to fix. I was rather disappointed with  another Asterisk Based PBX distro who instead of publishing how to check and what to do, told users to download a script and run that, I don’t think its a good idea to hide security measures, If people deploy systems they need to know how to secure them.

I wonder whats next? , After spending 2 days on this now looking at setting up a Puppet server, This has cost me a day of my time and i’m meant to be installing a queuemetrics call center for a customer…