Categories
Asterisk Support Elastix Support Knowledge Base

Sip Config for Aretta CBeyond and Voiceflex with Asterisk

Since Version 1.8 in Asterisk we have seen some issues with DID calls from some suppliers.

The tell tail sign is that even though you have an inbound route that matches the DID it will still say in the verbose screen that nothing matched it in the inbound context, For example:-

Call from 'USERNAME' (XXX.XX.XXX.XX:5060) to extension '01234123412' rejected because extension not found in context 'from‐trunk'

and if you do “dialplan show 01234123412@from-trunk” sure enough there is one.

After much searching and experimentation below is a working freepbx config that has been tested with 1.8 and 11 and proves to be working with the suppliers above.

OUTBOUND

[peername]
username=USERNAME
type=peer
trustrpid=yes
sendrpid=yes
secret=PASSWORD
qualify=no
outboundproxy=sip.hostname.com
nat=yes
insecure=very
host=sip.hostname.com
fromdomain=sip.hostname.com
dtmfmode=auto
disallow=all
context=from-trunk
canreinvite=no
allow=ulaw
allow=alaw

INBOUND

[username]
type=peer
host=sip.hostname.com
dtmfmode=auto
disallow=all
context=from-trunk
canreinvite=no
allow=ulaw
allow=alaw

;registration string
USERNAME:PASSWORD@peername/USERNAME
Categories
Asterisk Support Elastix Support Knowledge Base

IAX2 Cause code

Here is a table of the IAX2 to assist with debugging IAX2 call issues

More IAX2 information can be found here and the RFC is here


CSV
 download is here
Number Cause Reference
1 Unassigned/unallocated number [RFC5457]
2 No route to specified transit network [RFC5457]
3 No route to specified transit network [RFC5457]
4-5 Unassigned
6 Channel unacceptable [RFC5457]
7 Call awarded and delivered [RFC5457]
8-15 Unassigned
16 Normal call clearing [RFC5457]
17 User busy [RFC5457]
18 No user response [RFC5457]
19 No answer [RFC5457]
20 Unassigned
21 Call rejected [RFC5457]
22 Number changed [RFC5457]
23-26 Unassigned
27 Destination out of order [RFC5457]
28 Invalid number format/incomplete number [RFC5457]
29 Facility rejected [RFC5457]
30 Response to status enquiry [RFC5457]
31 Normal, unspecified [RFC5457]
32-33 Unassigned
34 No circuit/channel available [RFC5457]
35-37 Unassigned
38 Network out of order [RFC5457]
39-40 Unassigned
41 Temporary failure [RFC5457]
42 Switch congestion [RFC5457]
43 Access information discarded [RFC5457]
44 Requested channel not available [RFC5457]
45 Pre-empted (causes.h only) [RFC5457]
46 Unassigned
47 Resource unavailable, unspecified (Q.931 only) [RFC5457]
48-49 Unassigned
50 Facility not subscribed (causes.h only) [RFC5457]
51 Unassigned
52 Outgoing call barred (causes.h only) [RFC5457]
53 Unassigned
54 Incoming call barred (causes.h only) [RFC5457]
55-56 Unassigned
57 Bearer capability not authorized [RFC5457]
58 Bearer capability not available [RFC5457]
59-62 Unassigned
63 Service or option not available (Q.931 only) [RFC5457]
64 Unassigned
65 Bearer capability not implemented [RFC5457]
66 Channel type not implemented [RFC5457]
67-68 Unassigned
69 Facility not implemented [RFC5457]
70 Only restricted digital information bearer capability is available (Q.931 only) [RFC5457]
71-78 Unassigned
79 Service or option not available (Q.931 only) [RFC5457]
80 Unassigned
81 Invalid call reference [RFC5457]
82 Identified channel does not exist (Q.931 only) [RFC5457]
83 A suspended call exists, but this call identity does not (Q.931 only) [RFC5457]
84 Call identity in use (Q.931 only) [RFC5457]
85 No call suspended (Q.931 only) [RFC5457]
86 Call has been cleared (Q.931 only) [RFC5457]
87 Unassigned
88 Incompatible destination [RFC5457]
89-90 Unassigned
91 Invalid transit network selection (Q.931 only) [RFC5457]
92-94 Unassigned
95 Invalid message, unspecified [RFC5457]
96 Mandatory information element missing (Q.931 only) [RFC5457]
97 Message type nonexistent/not implemented [RFC5457]
98 Message not compatible with call state [RFC5457]
99 Information element nonexistent [RFC5457]
100 Invalid information element contents [RFC5457]
101 Message not compatible with call state [RFC5457]
102 Recovery on timer expiration [RFC5457]
103 Mandatory information element length error (causes.h only) [RFC5457]
104-110 Unassigned
111 Protocol error, unspecified [RFC5457]
112-126 Unassigned
127 Internetworking, unspecified [RFC5457]
128-255 Unassigned

 

Categories
QueueMetrics Support Software

QueueMetrics,  The Advanced Call Center Software Solution Suite. Measure your targets, conversion rates and agent activities. Create accurate reports and statistics. Set security and privacy on individual queues. Support virtual and multi-tenant production environments.

But above all Improve your business.

 

This slideshow requires JavaScript.

QueueMetrics Features:

  • Live administrator and supervisor call center status panel.
  • Area code breakdowns inclusive of calling and waiting time.
  • Agent billable and payable time with total sales, contacts and conversion statistics.
  • Live agent page with queue statistics and agent controls.
  • Total unanswered calls with disconnection time and position.
  • Complete call distribution statistic, including sales and contacts, by week, day or hour.
  • Administrator message broadcasting and SMS functionality.
  • Full agent availability with session and pauses details and history.
  • Inbound ACD call attempts with metrics available by operator, terminal and queue.
  • Detailed call information including the Asterisk Call ID and recorded call.
  • Total of answered calls including call length and waiting time metrics.
  • Inclusive SLA of answered and unanswered calls and disconnection causes.
  • Extensive Quality Assessment module.
  • Send automated nightly PDF/XLS exports by e-mail.
  • Hundreds of metrics computed.

Operations Managers can:

  • See accurate reports of all call center activities.
  • Run reports by single and by user-created queue groups.
  • Measure agents activities, business targets and conversion rates.
  • Fully configure security and privacy, queue-by-queue.

Team Leaders can:

  • Create real time call and agent reporting.
  • See agent status and real­time activities.
  • Remotely listen to live calls as they are handled.
  • Watch agent screens through a VNC client.

Agents can:

  • See the calls they’re handling and integrate with external CRM.
  • Pass data gathered from IVR menus or Caller­ID.
  • Set call status codes for all inbound and outbound traffic.
  • Log­on, log­off, go on pause and set pause reason codes.

IT Managers can:

  • Support single-server or Asterisk® clusters.
  • Support database and flat-file storage.
  • Tune Asterisk® interaction to minimize the load on the Asterisk® server.
  • Avoid patching or changing an existing Asterisk® installation.

To download a product feature sheet click here or call us for a quote.

Categories
Elastix Support Security

SSLv3 Poodle and Elastix

Google has just disclosed SSL POODLE vulnerability which is a design flaw in SSLv3.  By default SSLv3 is enabled by default in Elastix and many other servers, Since it is a design flaw in the protocol itself and not an implementation bug, there will be no patches. Only way to mitigate this is to disable SSLv3 in your web server or application using SSL.

How to test for SSL POODLE vulnerability?

The following simple script will test, its a re-write of Redhats that would give a false negative if the script fails in anyway giving a false sense of security.

#!/bin/bash
chmod 755 /usr/share/doc/bash-3.2/scripts/timeout
ret=$(echo Q | /usr/share/doc/bash-3.2/scripts/timeout 5 openssl s_client -connect "127.0.0.1:${2-443}" -ssl3)
if echo "${ret}" | grep -q 'Protocol.*SSLv3'; then
 if echo "${ret}" | grep -q 'Cipher.*0000'; then
 echo "SSL 3.0 disabled"
 else
 echo "SSL 3.0 enabled"
 fi
else
 echo "SSL disabled or other error"
fi

The outputs will be similar to below on Elastix

[root@elastix24 ~]# ./sslv3.sh 
depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
verify error:num=10:certificate has expired
notAfter=Jun 15 18:30:20 2014 GMT
verify return:1
depth=0 /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain
notAfter=Jun 15 18:30:20 2014 GMT
verify return:1
DONE
SSL 3.0 enabled

As we can see its enabled.

Now edit the file  /etc/httpd/conf.d/ssl.conf

and change line 100 (in Elastix 2.4)

from SLProtocol all -SSLv2    to  SLProtocol all -SSLv2 -SSLv3

The restart the httpd service.

then test again and you should get

13033:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086:SSL alert number 40
13033:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
SSL disabled or other error

If you want to read the background here is the relevant document

Click to access ssl-poodle.pdf

Categories
Asterisk Support Elastix Support Knowledge Base Security

Elastix 2.4 ARI vulnerability Patch

The recent vulnerability in the Asterisk and Freepbx ARI login.php file is not addressed in an update to ARI in the unembedded freepbx on Elastix 2.4.

This will mean that your systems will still be vulnerable.

We have produced a patch that you can apply to address this. The patch can be downloaded  from https://s3.amazonaws.com/filesandpatches/ari.patch and applied as detailed below.

logon to the server console

cd /var/www/html/recordings/includes
cp login.php /root/login.php.ari
wget https://s3.amazonaws.com/filesandpatches/ari.patch
patch < ari.patch 

Then to check either login to server ARI interface or 

cat login.php |grep json

and you should get the following output

$buf = json_decode($_COOKIE['ari_auth'],true);
$data = json_decode($crypt->decrypt($data,$ARI_CRYPT_PASSWORD),true);
$data = $crypt->encrypt(json_encode($data),$ARI_CRYPT_PASSWORD);
$buf = json_encode(array($data,$chksum));


also check to see if you have the file in the fw_ari directory.

ls -l /var/www/html/admin/modules/fw_ari/htdocs_ari/includes

if there is a login.php there then copy over the patched version.

cp /var/www/html/recordings/includes/login.php  /var/www/html/admin/modules/fw_ari/htdocs_ari/includes/login.php

After these actions check that the file ownership is still correct

if not 

chown asterisk:asterisk /var/www/html/recordings/includes/login.php 

This patch also applies to any older version of ARI out there.

also to be on the lookout for two suspicious files, named “c.sh” or “c2.pl” respectively. If you see these two files remove them immediately!

More details here. http://community.freepbx.org/t/critical-freepbx-rce-vulnerability-all-versions-cve-2014-7235/24536 or here http://support.freepbx.org/node/92822

 

 

 

Categories
Asterisk Support Elastix Support FreePBX Knowledge Base

Using Gmail to send Voicemail emails

We have seen more and more ISPs blocking Port 25.  This means that sending emails natively from FreePBX or any Asterisk based IPBX for things such as voicemail notification can time out or be rejected.

To get round this you can send your email notifications via Gmail.

Firstly you need a Gmail account, once you have this jot down the user and password, you will need this later.

You now need to connect to your server via ssh as you have a couple of files to edit.

Firstly you need to enter the account details in sasl_passwd

vi /etc/postfix/sasl_passwd

and add

smtp.gmail.com:587 yourmailaddress@gmail.com:password

Save it, then edit main.cf

vi  /etc/postfix/main.cf

Then add at the end:

masquerade_domains = yourdomain.com
# The servers hostname below
myhostname = Asterisk.yourdomain.com
mydomain = Asterisk.yourdomain.com
# The email account its being sent from below
myorigin = voicemail@yourdomain.com

relayhost = smtp.gmail.com:587
mynetworks = 127.0.0.0/8
inet_interfaces = loopback-only
smtp_use_tls = yes
smtp_always_send_ehlo = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
smtp_generic_maps = hash:/etc/postfix/generic 
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt

Then enter the following commands at teh command line

postmap hash:/etc/postfix/sasl_passwd
/etc/init.d/postfix restart

Finally you need to make a change to your gmail account to “Allow users to manage their access to less secure apps” which is in the security section of the Gmail ‘Domain’ account setting if its a GSuite account then make sure “Less secure app access” is set to yes in the accounts ‘security section’ if you don’t do this you will see:

535-5.7.8 Username and Password not 
accepted. Learn more at?535 5.7.8 https://support.google.com/mail/?p=BadCredentials  

or 

530-5.7.0 Authentication Required. Learn more at 530 5.7.0 h
ttps://support.google.com/mail/?p=WantAuthError

Most likely the 535 error if ‘Less secure app access’ is not enabled.

You should now be able to send email via the gmail account.

It’s worth making a couple of changes to the gmail account, firstly set and out of office sayings it’s only a sending mailbox and another to delete messages in the inbox.

Categories
Asterisk Support Elastix Support Knowledge Base Technical

IAX2 Peers going unreachable.

In the past we have found that IAX@ peers have been reliable and solid.

But lately with the advent of bonded ADSL lines and other forms of aggregated lines we have seen issues where the IAX2 trunk will go down and a simple reload of Asterisk or even a restart doesn’t fix it.

Taken from Voip-info

A report of the problem by another user :

This is something I’ve run into myself and my VOIP IAX2 provider has this issue with many clients running Asterisk on TrixBox or other custom made systems behing a NAT (Linux) router.

If our PPPoE goes down, we have to reboot our Asterisk server to get our IAX2 trunk to re-register otherwise, it will try and just keep timing out. I have the 4569 forwarded internal (Pierre Belanger adds: in many cases, the 4569 port forwarding useless unless your Asterisk server provides service to IAX2 phones from the Internet, i.e. not on your local LAN).

I have a dirty script that avoids having to reboot the TrixBox and restore our service within 2 minutes of a blip automatically, and logs the ‘blips’ so i can see how ‘reliable’ our service is.

We have take the original script posted and made some changes, Notably it checks a defined peer name as we have seen that the problem doesn’t always affect all peers on a system.

======Code follows ======

#!/bin/sh
#We record the status of the IAX2 Trunk
cd /root/ # I have script live in root,
# Set the peer name to monitor here
# ******
peername="YOURIAX2PEERNAME"
# ******
date >> slap.log
echo "Testing $peername peer" >> slap.log
/usr/sbin/asterisk -rx 'iax2 show peers' |grep -i $peername >> slap.log
/usr/sbin/asterisk -rx 'iax2 show peers' |grep -i $peername > reg_status
sleep 1
#We then Scan the Status and see if we're online or not...
TEST="OK"
if grep $TEST reg_status > /dev/null
then
echo "All OK Here" >> slap.log
exit #Abort, we are online, all is well...
fi
#IF we're this far down, we've lost IAX. Log the incident.
echo "we have a problem with $peername, Restarting it" >> slap.log
#Restart the IAX2 trunk. Delay required for some reason.
/usr/sbin/asterisk -rx 'module unload chan_iax2.so' >> slap.log
sleep 90;
/usr/sbin/asterisk -rx 'module load chan_iax2.so' > /dev/null
echo "Restarted it Now lets check status" >> slap.log
sleep 5;
/usr/sbin/asterisk -rx 'iax2 show peers' |grep -i $peername >> slap.log
#We record the status of the IAX2 Trunk
/usr/sbin/asterisk -rx 'iax2 show peers' |grep -i $peername > reg_status
sleep 1
#We then Scan the Status and see if we're online or not...
TEST="OK"
if grep $TEST reg_status > /dev/null
then
echo "All OK Here" >> slap.log
exit #Abort, we are online, all is well...
fi
#IF we're this far down, we've lost IAX. Log the incident.
echo "we have a problem with $peername, Restarting it" >> slap.log
#Restart the IAX2 trunk. Delay required for some reason.
/usr/sbin/asterisk -rx 'module unload chan_iax2.so' >> slap.log
sleep 120;
/usr/sbin/asterisk -rx 'module load chan_iax2.so' > /dev/null
echo "Restarted it Now lets check status" >> slap.log
sleep 5;
/usr/sbin/asterisk -rx 'iax2 show peers' |grep -i $peername >> slap.log
#We record the status of the IAX2 Trunk

======Code ends======

This seems to do the trick and its cronned to run every night or hour in some cases.

UPDATE

on testing and speaking to suppliers. We would advise adding the following settings to your IAX2 peers

 

qualifysmoothing=yes
qualifyfreqnotok=30000
qualifyfreqok=120000
qualify=yes

With this added we have not seen any unexpected unreachables.

 

Categories
Handsets Products

RTX8630 IP DECT Multicell solution

The RTX8630 is complete cordless telephony solution offering a great scalability. The system is expandable and can grow with the business; from 1 to 40 bases and up to 200 users. The RXT8630 offers seamless call handover and repeater support. There is a choice of two different RTX DECT handsets, both with a high quality colour screen and wideband audio.

System features

  • Up to 200 users (200 handsets registered)
  • Scalable from 1 to 40 bases, with seamless handover
  • Allows up to 10 x simultaneous calls per base station (Expandable up to 400 calls per system)
  • Power over Ethernet (PoE): IEEE 802.3af Class 2
  • Range: upto 50m indoor and 300m outdoor per base
  • Repeaters supported
  • Bases are wall mountable using optional mounting kit (RTX8630Mount)
  • Choice of two handsets: RTX8430 and RTX8630
RTX8630 IP DECT Multicell solution
RTX8630 IP DECT Multicell solution
  • RTX8430 Entry level handset
    • 1.44″ TFT display
    • Local phone book with 50 entries (1 number/name)
    • Headset connector (3.5mm)
    • Battery life: Up to 8 hours talk time and up to 75 hours standby
  • RTX8630
    • 2″ TFT display
    • Local phone book with 100 entries (200 central entries)
    • Vibrate mode
    • Headset connector (3.5mm)
    • Battery life: Up to 18 hours talk time and up to 200 hours standby

Pricing:

RTX8630 Base RRP: £189.00+VAT

RTX8430 Handset RRP: £99.00+VAT

RTX8630 Handset RRP: £140.00+VAT

Call for availability and project pricing

Categories
Elastix Support Knowledge Base

Elastix Custom Extensions.

This Short Video shows you how to setup custom extensions in Elastix and FreePBX

These can be used for calling mobiles or other external numbers that you want users to be able to dial as if they were extensions.

 

 

 

Categories
Elastix Support Knowledge Base

Setting up timed call flow in Elastix

Screenshot from 2013-06-19 14:50:45If you want to set up timed call flow in Elastix but still have the ability to override for holidays and when the office is open late you have a few extra steps to add.

We will assume  you have your queues and extensions setup for this video. If you havent set your extensions up see our other video on setting up extensions.

 

 

We have used 2 day/night modes, One at before the call enters the time condition, This means that you can override day service for holidays etc and another at the end that means the call can be forced to go to a night queue instead of voicemail.

I hope you found this useful and keep coming back for more.