Tag: Linux

Categories
Asterisk Support Blog Elastix Support Knowledge Base Security

Shellshocked by Bash !

Well any one in IT and many people who never have anything todo with dirty working of *nix operating systems including Apples OSX cant have missed the news about the latest venerability. This is hot on the heels of teh OpenSSl one and the NTP one before that.

All these have different levels of risk, The NTP one was just a pain easily fixed and could cause little damage, The Openssl one was more of a risk as it allowed hackers to read the memory of systems using certain versions of OpenSSL nicknamed Heartbleed. Now the Bash one is fairly simple to exploit and has been now seen in the wild which in the case of Heartbleed it wasn’t really exploited in the wild.

So how do you test. simple , just type

env x='() { :;}; echo vulnerable’ bash -c “test”

and if it comes back saying Vulnerable update bash.

Great easy you say, well it was spent half a day checking 40 odd servers and updating bash. But then the update they rolled out want enough so today went back round updating again.

It has to be noted that some repositories were running slow and in teh case of one (SCHMOOZE) they hadn’t got the latest patch live by mid day.

It was pleasing how most suppliers were open and concise on what to check and how to fix. I was rather disappointed with  another Asterisk Based PBX distro who instead of publishing how to check and what to do, told users to download a script and run that, I don’t think its a good idea to hide security measures, If people deploy systems they need to know how to secure them.

I wonder whats next? , After spending 2 days on this now looking at setting up a Puppet server, This has cost me a day of my time and i’m meant to be installing a queuemetrics call center for a customer…

Categories
Knowledge Base

Getting bad ELF interpreter with Nagios

When using some Nagios plugins to check server load and disk space on 64bit systems you may get back

/lib/ld-linux.so.2: bad ELF interpreter: No such file or directory

This means that you dont have the required libraries, To install them on Centos

yum install glibc.i686

The solution above works on CentOS, Fedora, or Red Hat 64bit operating systems; on a Debian or Ubuntu derived system use :

 sudo apt-get install ia32-libs

 

 

Categories
Knowledge Base Security

Remote ssh tunnel script

We have various customers that have firewalls that only allow known trusted IP addresses through. Normally our office and our monitoring platform for example.

But if we are out and about we still sometimes need to access a system and its GUI, so we have created the simple script below that makes a ssh connection to the customer server and also tunnel to access any web gui.

This script is in place on the monitoring server so we can just ssh in to the monitoring platform and run the script. all that is needed is a single tunnel setup on the ssh client that i’m accessing the monitoring platform from.

#!/bin/bash
echo ssh tunnel tool. 2013 cyber-cottage.co.uk
echo Setting up a tunnel to $1
whois $1 |grep netname
if [ "$1" = '' ]; then
 echo "You have no remote destination set"
 echo "usage: remotetunnel.sh <remote server> <remote ssh port> <remote system port>"
 echo "For example remotetunnel.sh 81.22.23.24 8022 80"
 exit
fi
if [ "$3" = '' ]; then
echo "usage: remotetunnel.sh <remote server> <remote ssh port> <remote system port>"
echo "For example remotetunnel.sh 81.22.23.24 8022 80"
if [ "$2" = '' ]; then
 echo "You have no remote ssh or system port set, Setting ssh to port 22"
 port="22"
else
 port="$2"
fi
 echo "You have no remote system port set, Setting remote to port 80"
 rport="80"
else
 rport="$3"
fi
if [ "$port" = '' ]; then
 port=$2
fi
echo Remote system IP is $1
echo Remote ssh port is $port
echo Remote system port is $rport
read -p "Is this correct? (y/n) " RESP
if [ "$RESP" = "y" ]; then
 echo "Glad to hear it"
else
 exit
fi
ssh -L 9999:localhost:$rport  $1 -oport=$port
Categories
Asterisk Support Elastix Support Knowledge Base Technical

IAX2 Peers going unreachable.

In the past we have found that IAX@ peers have been reliable and solid.

But lately with the advent of bonded ADSL lines and other forms of aggregated lines we have seen issues where the IAX2 trunk will go down and a simple reload of Asterisk or even a restart doesn’t fix it.

Taken from Voip-info

A report of the problem by another user :

This is something I’ve run into myself and my VOIP IAX2 provider has this issue with many clients running Asterisk on TrixBox or other custom made systems behing a NAT (Linux) router.

If our PPPoE goes down, we have to reboot our Asterisk server to get our IAX2 trunk to re-register otherwise, it will try and just keep timing out. I have the 4569 forwarded internal (Pierre Belanger adds: in many cases, the 4569 port forwarding useless unless your Asterisk server provides service to IAX2 phones from the Internet, i.e. not on your local LAN).

I have a dirty script that avoids having to reboot the TrixBox and restore our service within 2 minutes of a blip automatically, and logs the ‘blips’ so i can see how ‘reliable’ our service is.

We have take the original script posted and made some changes, Notably it checks a defined peer name as we have seen that the problem doesn’t always affect all peers on a system.

======Code follows ======

#!/bin/sh
#We record the status of the IAX2 Trunk
cd /root/ # I have script live in root,
# Set the peer name to monitor here
# ******
peername="YOURIAX2PEERNAME"
# ******
date >> slap.log
echo "Testing $peername peer" >> slap.log
/usr/sbin/asterisk -rx 'iax2 show peers' |grep -i $peername >> slap.log
/usr/sbin/asterisk -rx 'iax2 show peers' |grep -i $peername > reg_status
sleep 1
#We then Scan the Status and see if we're online or not...
TEST="OK"
if grep $TEST reg_status > /dev/null
then
echo "All OK Here" >> slap.log
exit #Abort, we are online, all is well...
fi
#IF we're this far down, we've lost IAX. Log the incident.
echo "we have a problem with $peername, Restarting it" >> slap.log
#Restart the IAX2 trunk. Delay required for some reason.
/usr/sbin/asterisk -rx 'module unload chan_iax2.so' >> slap.log
sleep 90;
/usr/sbin/asterisk -rx 'module load chan_iax2.so' > /dev/null
echo "Restarted it Now lets check status" >> slap.log
sleep 5;
/usr/sbin/asterisk -rx 'iax2 show peers' |grep -i $peername >> slap.log
#We record the status of the IAX2 Trunk
/usr/sbin/asterisk -rx 'iax2 show peers' |grep -i $peername > reg_status
sleep 1
#We then Scan the Status and see if we're online or not...
TEST="OK"
if grep $TEST reg_status > /dev/null
then
echo "All OK Here" >> slap.log
exit #Abort, we are online, all is well...
fi
#IF we're this far down, we've lost IAX. Log the incident.
echo "we have a problem with $peername, Restarting it" >> slap.log
#Restart the IAX2 trunk. Delay required for some reason.
/usr/sbin/asterisk -rx 'module unload chan_iax2.so' >> slap.log
sleep 120;
/usr/sbin/asterisk -rx 'module load chan_iax2.so' > /dev/null
echo "Restarted it Now lets check status" >> slap.log
sleep 5;
/usr/sbin/asterisk -rx 'iax2 show peers' |grep -i $peername >> slap.log
#We record the status of the IAX2 Trunk

======Code ends======

This seems to do the trick and its cronned to run every night or hour in some cases.

UPDATE

on testing and speaking to suppliers. We would advise adding the following settings to your IAX2 peers

 

qualifysmoothing=yes
qualifyfreqnotok=30000
qualifyfreqok=120000
qualify=yes

With this added we have not seen any unexpected unreachables.

 

Categories
Case Studies

Multi-Site Multi-Country Asterisk network

UPDATE

We have recently added the 5th system to the customers international VoIP network. This system was for their Polish office and is linked to their Tokyo, Sydney, Singapore and London office systems.

Globe

For this site a Sangoma FREEPBX 60 system was chosen for ease of remote deployment and reliability.    The Tokyo & Sydney offices already has a Xorcom XR2000 systems whilst the London and Singapore offices have a Openvox  Asterisk solutions.  .

xe2000-xe3000

For the New International offices FreePBX systems were chosen as they provide a full turnkey system that can be sent out to the office plugged in. The systems initially obtain their IP address by DHCP and once a port is forwarded through the firewall to this address a fixed IP address is assigned and the customer firewall updated. Access to The GUI is by a SSH tunnel so that other than a random port for SSH and a port for IAX2 no other ports need to be opened on the customer firewall. Endpoint manager makes the deployment of handsets on the remote systems a simple and reliable process.

All systems have been linked by IAX2 trunks and the dial-plan configured so that desk to desk calls can be made between all offices and outgoing calls break out of the closest geographic system, for example a user in Sydney making a call to a UK number will have the call originate from the London system and the same goes for Tokyo, Singapore and Polish users calling UK or international numbers.

The network of systems is key to the support of the customers 24×7 support service. This is controlled by a dial-plan that is complicated by the fact that Japan does not have “Daylight saving” so even though the calls land on the UK system we had to configure the dial-plan to take into account local time in Tokyo and not base routing solely on UK time.  This has proved reliable and very successful.

All systems on the network are monitored 24×7 by our Nagios monitoring platform, Not only monitoring Asterisk but also monitoring the status of the international IAX2 trunks.

 

Categories
Asterisk Support Elastix Support Knowledge Base Technical

Running a Macro on answer for Asterisk queues.

asteriskThe Asterisk Queue application has an option that will run a macro on answer, This can be very useful when integrating with CRM such as Capsule or call centre applications.

This option isnt included in freepbx, Though this can be hand coded it isn’t best to do this when using Elastix, AsteriskNoW or any other freepbx based system.

To add this option We have written a couple of patched versions of the relevant freepbx pages that can be downloaded here , You will also need to add a extra field to the mysql database as follows

  1. Log in to mysql:   mysql -u root -p
  2. Enter password
  3. mysql> use asterisk
  4. mysql> ALTER TABLE `queues_config` ADD `qmacro` VARCHAR( 255 ) NULL;
  5. mysql> describe queues_config;

You should now have something like this:- | qmacro | varchar(255) | YES | | NULL | | as the last line of the table.

Now download the tar file and unpack it. then copy the two files to the /var/www/html/admin/modules/queues directory.

On loading the queue page in freepbx you will now have the “Queue macro on answer” box

queuemacro

In this box you put the macro name you wish to run when a member answers a call.

For example:-

[macro-logit]
exten => s,1,Noop( capsule crm intergration ${crminfo} ${CALLERID(all)})
exten => s,n,Set(foo=${CURL(http://127.0.0.1/directory/capsual.php?strCallid=${crminfo})})
exten => s,n,Noop(${foo})
exten => s,n,Hangup()

This a simple dialplan that runs a php script to log calls to the capsule crm

capsual.php

<?php
$today = date(“F j, Y, g:i a”);
$duedate1 = date(“Y-m-d”);
$duedate2 = date(“H:i:s”);
$Token = ‘YOUR CAPSUAL API CODE’;
$number = $_GET[‘strCallid’];
$datetime = $today;
$duedate = “$duedate1″.”T”.”$duedate2″.”Z”;
echo $duedate;
$myxml=”<?xml version=”1.0″ encoding=”UTF-8″?>n
<task>n
<description>Call recieved from $number at $datetime. Please update and assign this task if required</description>n
<dueDateTime>$duedate</dueDateTime>n
<category>incoming call</category>n
</task>”;
// The URL to connect with (note the /api/ that’s needed and note it’s person rather than party)
// SEE: http://capsulecrm.com/help/page/api_gettingstarted/
$capsulepage = “https://youraccount.capsulecrm.com/api/task”;
echo $capsulepage;
echo $number;
// Initialise the session and return a cURL handle to pass to other cURL functions.
$ch = curl_init($capsulepage);
// set appropriate options NB these are the minimum necessary to achieve a post with a useful response
// …can and should add more in a real application such as
// timeout CURLOPT_CONNECTTIMEOUT
// and useragent CURLOPT_USERAGENT
$options = array(CURLOPT_USERPWD => “$Token:x”,
CURLOPT_HTTPHEADER => array(‘Content-Type: application/xml’),
CURLOPT_HEADER => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $myxml
);
curl_setopt_array($ch, $options);
// Do the POST and collect the response for future printing etc then close the session
$response = curl_exec($ch);
$responseInfo = curl_getinfo($ch);
curl_close($ch);
echo $responseInfo;
echo $response;
?>

Have fun

 

Categories
Knowledge Base Technical

Flushing your sendmail queue.

Whenever sendmail has to deliver mails to other hosts which cannot be reached at that time, the messages are kept in the queue and are marked as “Deferred: Connection timed out”. Although the other hosts could be reached again and you want to tell sendmail to flush the mail queue, the command

sendmail -q -v

does not really try to reconnect to these hosts and still assumes that the connection timed out. The reason is that the hoststatus is cached, per default for a period of 30 minutes. Using

sendmail -OTimeout.hoststatus=0m -q -v

you can re-run the mail queue and force sendmail to reconnect to the hosts. You may want to define an alias for that, say, ‘sendmail-flush-timeouts’.

You can set further options in /etc/sendmail.cf.

Categories
Knowledge Base

Installing Asterisk 11 on Centos 6.3

asteriskThis is a short video tutorial on the installation of Asterisk 11, I have included the blog and video in one place for ease of viewing

First, you will want to be sure that your server OS is up to date.

yum update -y

Disable SELinux by changing “enforcing” to “disabled” in /etc/selinux/config. Use a text editor or copy and paste this command.

sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config

After you update and disable SELinux, you’ll need to reboot.

reboot

Next, you will want to resolve basic dependencies. (More information on Asterisk dependencies.)

yum install -y make wget openssl-devel ncurses-devel  newt-devel libxml2-devel kernel-devel gcc gcc-c++ sqlite-devel

Change into the /usr/src/ directory to store your source code.

cd /usr/src/

Download the source tarballs. These commands will get the current release of DAHDI 2.6, libpri 1.4 and Asterisk 11.

wget http://downloads.asterisk.org/pub/telephony/dahdi-linux-complete/dahdi-linux-complete-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/libpri/libpri-1.4-current.tar.gz
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11-current.tar.gz

Extract the files from the tarballs.

tar zxvf dahdi-linux-complete*
tar zxvf libpri*
tar zxvf asterisk*

For the next set of commands it is important to follow the proper order: DAHDI first, then libpri, then Asterisk.

Install DAHDI.

cd /usr/src/dahdi-linux-complete*
make && make install && make config

Install libpri.

cd /usr/src/libpri*
make && make install

Change to the Asterisk directory.

cd /usr/src/asterisk*

In the next step, running the “configure” script will vary depending on whether your system is 32-bit or 64-bit. (Watch the video for more details.) When the menuselect command runs, select your options, then choose “Save and Exit” and the install will continue.

Use this command if you are installing Asterisk on 32bit CentOS.

./configure && make menuselect && make && make install

Use this command if you are installing Asterisk on 64bit CentOS.

./configure --libdir=/usr/lib64 && make menuselect && make && make install

Optional: If you ran into errors you will want to clean the install directory before recompiling.

make clean && make distclean

Once you have an error-free install, copy the sample files from the configs subdirectory into /etc/asterisk.

make samples

Then add the Asterisk start script to the /etc/init.d/ directory

make config

Start DAHDI.

service dahdi start

Start Asterisk.

service asterisk start

Connect to the Asterisk CLI.

asterisk -rvvv

And now you have Asterisk 11 running on CentOS 6!

Original Article written by Billy Chia @ digium

Categories
Elastix Support Knowledge Base

Setting up extensions in Elastix

Elastix Asterisk IPPXThis is a short video on the setting up of extensions on the Elastix Asterisk based IPPX.

 

Categories
Knowledge Base

VoIP – Per Call Bandwidth

These protocol header assumptions are used for the calculations:

  • 40 bytes for IP (20 bytes) / User Datagram Protocol (UDP) (8 bytes) / Real-Time Transport Protocol (RTP) (12 bytes) headers.
  • Compressed Real-Time Protocol (cRTP) reduces the IP/UDP/RTP headers to 2or 4bytes (cRTP is not available over Ethernet).
  • 6 bytes for Multilink Point-to-Point Protocol (MP) or Frame Relay Forum (FRF).12 Layer 2 (L2) header.
  • 1 byte for the end-of-frame flag on MP and Frame Relay frames.
  • 18 bytes for Ethernet L2 headers, including 4 bytes of Frame Check Sequence (FCS) or Cyclic Redundancy Check (CRC).

Note: This table only contains calculations for the default voice payload

Codec Information Bandwidth Calculations
Codec & Bit Rate (Kbps) Codec Sample Size (Bytes) Codec Sample Interval (ms) Mean Opinion Score (MOS) Voice Payload Size (Bytes) Voice Payload Size (ms) Packets Per Second (PPS) Bandwidth MP or FRF.12 (Kbps) Bandwidth w/cRTP MP or FRF.12 (Kbps) Bandwidth Ethernet (Kbps)
G.711 (64 Kbps) 80 Bytes 10 ms 4.1 160 Bytes 20 ms 50 82.8 Kbps 67.6 Kbps 87.2 Kbps
G.729 (8 Kbps) 10 Bytes 10 ms 3.92 20 Bytes 20 ms 50 26.8 Kbps 11.6 Kbps 31.2 Kbps
G.723.1 (6.3 Kbps) 24 Bytes 30 ms 3.9 24 Bytes 30 ms 33.3 18.9 Kbps 8.8 Kbps 21.9 Kbps
G.723.1 (5.3 Kbps) 20 Bytes 30 ms 3.8 20 Bytes 30 ms 33.3 17.9 Kbps 7.7 Kbps 20.8 Kbps
G.726 (32 Kbps) 20 Bytes 5 ms 3.85 80 Bytes 20 ms 50 50.8 Kbps 35.6 Kbps 55.2 Kbps
G.726 (24 Kbps) 15 Bytes 5 ms 60 Bytes 20 ms 50 42.8 Kbps 27.6 Kbps 47.2 Kbps
G.728 (16 Kbps) 10 Bytes 5 ms 3.61 60 Bytes 30 ms 33.3 28.5 Kbps 18.4 Kbps 31.5 Kbps
G722_64k(64 Kbps) 80 Bytes 10 ms 4.13 160 Bytes 20 ms 50 82.8 Kbps 67.6Kbps 87.2 Kbps
ilbc_mode_20(15.2Kbps) 38 Bytes 20 ms NA 38 Bytes 20 ms 50 34.0Kbps 18.8 Kbps 38.4Kbps
ilbc_mode_30(13.33Kbps) 50 Bytes 30 ms NA 50 Bytes 30 ms 33.3 25.867 Kbps 15.73Kbps 28.8 Kbps

Explanation of Terms

Codec Bit Rate (Kbps) Based on the codec, this is the number of bits per second that need to be transmitted to deliver a voice call. (codec bit rate = codec sample size / codec sample interval).
Codec Sample Size (Bytes) Based on the codec, this is the number of bytes captured by the Digital Signal Processor (DSP) at each codec sample interval. For example, the G.729 coder operates on sample intervals of 10 ms, corresponding to 10 bytes (80 bits) per sample at a bit rate of 8 Kbps. (codec bit rate = codec sample size / codec sample interval).
Codec Sample Interval (ms) This is the sample interval at which the codec operates. For example, the G.729 coder operates on sample intervals of 10 ms, corresponding to 10 bytes (80 bits) per sample at a bit rate of 8 Kbps. (codec bit rate = codec sample size / codec sample interval).
MOS MOS is a system of grading the voice quality of telephone connections. With MOS, a wide range of listeners judge the quality of a voice sample on a scale of one (bad) to five (excellent). The scores are averaged to provide the MOS for the codec.
Voice Payload Size (Bytes) The voice payload size represents the number of bytes (or bits) that are filled into a packet. The voice payload size must be a multiple of the codec sample size. For example, G.729 packets can use 10, 20, 30, 40, 50, or 60 bytes of voice payload size.
Voice Payload Size (ms) The voice payload size can also be represented in terms of the codec samples. For example, a G.729 voice payload size of 20 ms (two 10 ms codec samples) represents a voice payload of 20 bytes [ (20 bytes * 8) / (20 ms) = 8 Kbps ]
PPS PPS represents the number of packets that need to be transmitted every second in order to deliver the codec bit rate. For example, for a G.729 call with voice payload size per packet of 20 bytes (160 bits), 50 packets need to be transmitted every second [50 pps = (8 Kbps) / (160 bits per packet) ]

 

Bandwidth Calculation Formulas

These calculations are used:

  • Total packet size = (L2 header: MP or FRF.12 or Ethernet) + (IP/UDP/RTP header) + (voice payload size)
  • PPS = (codec bit rate) / (voice payload size)
  • Bandwidth = total packet size * PPS