Menu
▾
▴
astlinux-users — AstLinux Users Mailing List
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
(2) |
Nov
(1) |
Dec
(20) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(91) |
Feb
(111) |
Mar
(226) |
Apr
(65) |
May
(197) |
Jun
(202) |
Jul
(92) |
Aug
(87) |
Sep
(120) |
Oct
(133) |
Nov
(89) |
Dec
(155) |
| 2008 |
Jan
(251) |
Feb
(136) |
Mar
(174) |
Apr
(149) |
May
(56) |
Jun
(32) |
Jul
(36) |
Aug
(171) |
Sep
(245) |
Oct
(244) |
Nov
(218) |
Dec
(272) |
| 2009 |
Jan
(113) |
Feb
(119) |
Mar
(192) |
Apr
(117) |
May
(93) |
Jun
(46) |
Jul
(80) |
Aug
(54) |
Sep
(109) |
Oct
(70) |
Nov
(145) |
Dec
(110) |
| 2010 |
Jan
(137) |
Feb
(87) |
Mar
(45) |
Apr
(157) |
May
(58) |
Jun
(99) |
Jul
(188) |
Aug
(136) |
Sep
(101) |
Oct
(100) |
Nov
(61) |
Dec
(60) |
| 2011 |
Jan
(84) |
Feb
(43) |
Mar
(70) |
Apr
(17) |
May
(69) |
Jun
(28) |
Jul
(43) |
Aug
(21) |
Sep
(151) |
Oct
(120) |
Nov
(84) |
Dec
(101) |
| 2012 |
Jan
(119) |
Feb
(82) |
Mar
(70) |
Apr
(115) |
May
(66) |
Jun
(131) |
Jul
(70) |
Aug
(65) |
Sep
(66) |
Oct
(86) |
Nov
(197) |
Dec
(81) |
| 2013 |
Jan
(65) |
Feb
(48) |
Mar
(32) |
Apr
(68) |
May
(98) |
Jun
(59) |
Jul
(41) |
Aug
(52) |
Sep
(42) |
Oct
(37) |
Nov
(10) |
Dec
(27) |
| 2014 |
Jan
(61) |
Feb
(34) |
Mar
(30) |
Apr
(52) |
May
(45) |
Jun
(40) |
Jul
(28) |
Aug
(9) |
Sep
(39) |
Oct
(69) |
Nov
(55) |
Dec
(19) |
| 2015 |
Jan
(13) |
Feb
(21) |
Mar
(5) |
Apr
(14) |
May
(30) |
Jun
(51) |
Jul
(31) |
Aug
(12) |
Sep
(29) |
Oct
(15) |
Nov
(24) |
Dec
(16) |
| 2016 |
Jan
(62) |
Feb
(76) |
Mar
(30) |
Apr
(43) |
May
(46) |
Jun
(62) |
Jul
(21) |
Aug
(49) |
Sep
(67) |
Oct
(27) |
Nov
(26) |
Dec
(38) |
| 2017 |
Jan
(7) |
Feb
(12) |
Mar
(69) |
Apr
(59) |
May
(54) |
Jun
(40) |
Jul
(76) |
Aug
(82) |
Sep
(92) |
Oct
(51) |
Nov
(32) |
Dec
(30) |
| 2018 |
Jan
(22) |
Feb
(25) |
Mar
(34) |
Apr
(35) |
May
(37) |
Jun
(21) |
Jul
(69) |
Aug
(55) |
Sep
(17) |
Oct
(67) |
Nov
(9) |
Dec
(5) |
| 2019 |
Jan
(19) |
Feb
(12) |
Mar
(15) |
Apr
(19) |
May
|
Jun
(27) |
Jul
(27) |
Aug
(25) |
Sep
(25) |
Oct
(27) |
Nov
(10) |
Dec
(14) |
| 2020 |
Jan
(22) |
Feb
(20) |
Mar
(36) |
Apr
(40) |
May
(52) |
Jun
(35) |
Jul
(21) |
Aug
(32) |
Sep
(71) |
Oct
(27) |
Nov
(11) |
Dec
(16) |
| 2021 |
Jan
(16) |
Feb
(21) |
Mar
(21) |
Apr
(27) |
May
(17) |
Jun
|
Jul
(2) |
Aug
(22) |
Sep
(23) |
Oct
(7) |
Nov
(11) |
Dec
(28) |
| 2022 |
Jan
(23) |
Feb
(18) |
Mar
(9) |
Apr
(15) |
May
(15) |
Jun
(7) |
Jul
(8) |
Aug
(15) |
Sep
(1) |
Oct
|
Nov
(11) |
Dec
(10) |
| 2023 |
Jan
(14) |
Feb
(10) |
Mar
(11) |
Apr
(13) |
May
(2) |
Jun
(30) |
Jul
(1) |
Aug
(15) |
Sep
(13) |
Oct
(3) |
Nov
(25) |
Dec
(5) |
| 2024 |
Jan
(3) |
Feb
(10) |
Mar
(9) |
Apr
|
May
(1) |
Jun
(15) |
Jul
(7) |
Aug
(10) |
Sep
(3) |
Oct
(8) |
Nov
(6) |
Dec
(15) |
| 2025 |
Jan
(3) |
Feb
(1) |
Mar
(7) |
Apr
(5) |
May
(13) |
Jun
(16) |
Jul
(1) |
Aug
(6) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Lonnie A. <li...@lo...> - 2017-09-11 01:51:48
|
Michael, Judging from your error log the Yealink's client CN (Common Name) did not match any of the allowed (non-checked) Clients in the server. As long as you are certain the Yealink client cert is good. You are not "sharing" a client certificate are you ? If you are do you have the "duplicate-cn" raw command added ? From the OpenVPN docs ... --duplicate-cn Allow multiple clients with the same common name to concurrently connect. In the absence of this option, OpenVPN will disconnect a client instance upon connection of a new client having the same common name. Sounds a little like what you are describing. else ... Is your Yealink running the latest (or recent) firmware ? AstLinux is using the latest OpenVPN series 2.4.x. You can increase the Log Verbosity: to High on the server and see if that helps to find a clue. Lonnie On Sep 10, 2017, at 8:08 PM, Michael Knill <mic...@ip...> wrote: > Hi Lonnie > > Do you mean Client Name? Yes I do have one disabled if so but it is not the one I was having problems with. > > After testing I can now confirm that this issue occurs when I configure up a new phone and it goes away (and VPN establishes) when I restart the OpenVPN server. > Can you think why this could be happening? > > Regards > Michael Knill > > -----Original Message----- > From: Lonnie Abelbeck <li...@lo...> > Reply-To: AstLinux List <ast...@li...> > Date: Monday, 11 September 2017 at 9:55 am > To: AstLinux List <ast...@li...> > Subject: Re: [Astlinux-users] OpenVPN on Yealink phones not very reliable > > Michael, > > On your OpenVPN Server configuration (at the bottom), you must have at least one CommonName disabled. > > Client Certificates and Keys: -> Disabled checked (correct ?) > > This will define the variable OVPN_VALIDCLIENTS and is checked with the /usr/sbin/openvpn-tls-verify script > > Is your Yealink using one of the "Disabled" CommonNames ? > > Lonnie > > > On Sep 10, 2017, at 6:34 PM, Michael Knill <mic...@ip...> wrote: > >> I am having some issues with setting up OpenVPN on my Yealink phones. It used to be easy to set up but now it's a bit flakey. >> Once its up it seems to be fine but getting it to that stage is an issue. >> >> I noticed that I am getting these in the logs: >> Mon Sep 11 08:05:39 2017 us=888912 115.187.181.61:36531 WARNING: Failed running command (--tls-verify script): external program exited with error status: 1 >> >> Im not sure what they mean? What could the problem be? >> >> Regards >> Michael Knill >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ >> Astlinux-users mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > |
|
From: Michael K. <mic...@ip...> - 2017-09-11 01:09:16
|
Hi Lonnie Do you mean Client Name? Yes I do have one disabled if so but it is not the one I was having problems with. After testing I can now confirm that this issue occurs when I configure up a new phone and it goes away (and VPN establishes) when I restart the OpenVPN server. Can you think why this could be happening? Regards Michael Knill -----Original Message----- From: Lonnie Abelbeck <li...@lo...> Reply-To: AstLinux List <ast...@li...> Date: Monday, 11 September 2017 at 9:55 am To: AstLinux List <ast...@li...> Subject: Re: [Astlinux-users] OpenVPN on Yealink phones not very reliable Michael, On your OpenVPN Server configuration (at the bottom), you must have at least one CommonName disabled. Client Certificates and Keys: -> Disabled checked (correct ?) This will define the variable OVPN_VALIDCLIENTS and is checked with the /usr/sbin/openvpn-tls-verify script Is your Yealink using one of the "Disabled" CommonNames ? Lonnie On Sep 10, 2017, at 6:34 PM, Michael Knill <mic...@ip...> wrote: > I am having some issues with setting up OpenVPN on my Yealink phones. It used to be easy to set up but now it's a bit flakey. > Once its up it seems to be fine but getting it to that stage is an issue. > > I noticed that I am getting these in the logs: > Mon Sep 11 08:05:39 2017 us=888912 115.187.181.61:36531 WARNING: Failed running command (--tls-verify script): external program exited with error status: 1 > > Im not sure what they mean? What could the problem be? > > Regards > Michael Knill > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Ast...@li... https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
|
From: Paul W. <pd...@ce...> - 2017-09-10 23:58:16
|
Lonnie,
Thanks! That's what I was looking for; a bare-bones "firewalls for
dummies" type approach.
Actually, I have to admit that I did turn the firewall on without any
rules set. Thank goodness for the local console! ;-)
PDW
-------- Original Message --------
> Hi Paul,
>
>> Actually, I never opened a port to the "outside world" on my ISP
>> router but would still like to use it within the LAN.
>
> Reading this I'm assuming your AstLinux box is *not* your edge router,
> but rather sits in your internal LAN.
>
> Warning, The following example is for an AstLinux box sitting in an
> internal LAN, behind a router/firewall.
>
>
> Go to the Network tab, select Firewall: [ enabled ] and click {
> Firewall Configuration }
>
>
> Note: Make sure you add rules before "restarting" the firewall.
>
> In the firewall configuration, this example adds rules to manage
> AstLinux (SSH, HTTP and HTTPS) and allows SIP inbound ...
>
> Add comments if you wish.
>
>
>
> Note: The Source fields here are "0/0" which is Any Host. If you only
> want your local LAN to have access to the AstLinux box use
> 10.10.1.0/24 (for example) or 10.0.0.0/8 to include a bunch of private
> addresses.
>
> Now that we have added firewall rules (check for errors) we can {
> Restart Firewall } x-Confirm
> the firewall will be enabled with these rules.
>
> You can enable the Adaptive Ban plugin by going back to the Network
> tab, Firewall Plugins: choose [ adaptive-ban ] and Click { Configure
> Plugin }
>
>
> Edit ENABLED=1 and { Save Changes } and from the edit tab you can
>
> { Reload/Restart } [ Restart Firewall ] x-Confirm
>
> That is the flow, add more as you get the feel of it.
>
> PS, worst case, if you added a rule to lock yourself out via SSH or
> HTTPS, use the console and
> --
> service iptables stop
> --
> and you will have access again.
>
> You should not need to add any IAX2 rules if it is outbound only.
>
> Lonnie
>
>
>
> On Sep 10, 2017, at 4:19 PM, Paul Wills
> <pd...@ce...
> <mailto:pd...@ce...>> wrote:
>
>> Greetings,
>>
>> I am trying to get the Adaptive Ban plugin to work but know nothing
>> about firewall configuration. Is there a guide to using the AstLinux
>> GUI firewall settings or, short of that, a suggested minimal
>> configuration for SSH, IAX2, and SIP? Actually, I never opened a
>> port to the "outside world" on my ISP router but would still like to
>> use it within the LAN.
>>
>> Thanks in advance,
>>
>> PDW
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org <http://Slashdot.org>!
>> http://sdm.link/slashdot
>> _______________________________________________
>> Astlinux-users mailing list
>> Ast...@li...
>> <mailto:Ast...@li...>
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>
>> Donations to support AstLinux are graciously accepted via PayPal to
>> pa...@kr....
>
|
|
From: Lonnie A. <li...@lo...> - 2017-09-10 23:54:55
|
Michael, On your OpenVPN Server configuration (at the bottom), you must have at least one CommonName disabled. Client Certificates and Keys: -> Disabled checked (correct ?) This will define the variable OVPN_VALIDCLIENTS and is checked with the /usr/sbin/openvpn-tls-verify script Is your Yealink using one of the "Disabled" CommonNames ? Lonnie On Sep 10, 2017, at 6:34 PM, Michael Knill <mic...@ip...> wrote: > I am having some issues with setting up OpenVPN on my Yealink phones. It used to be easy to set up but now it's a bit flakey. > Once its up it seems to be fine but getting it to that stage is an issue. > > I noticed that I am getting these in the logs: > Mon Sep 11 08:05:39 2017 us=888912 115.187.181.61:36531 WARNING: Failed running command (--tls-verify script): external program exited with error status: 1 > > Im not sure what they mean? What could the problem be? > > Regards > Michael Knill > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
|
From: Michael K. <mic...@ip...> - 2017-09-10 23:35:14
|
I am having some issues with setting up OpenVPN on my Yealink phones. It used to be easy to set up but now it's a bit flakey. Once its up it seems to be fine but getting it to that stage is an issue. I noticed that I am getting these in the logs: Mon Sep 11 08:05:39 2017 us=888912 115.187.181.61:36531 WARNING: Failed running command (--tls-verify script): external program exited with error status: 1 Im not sure what they mean? What could the problem be? Regards Michael Knill |
|
From: Lonnie A. <li...@lo...> - 2017-09-10 22:58:13
|
Hi Paul,
> Actually, I never opened a port to the "outside world" on my ISP router but would still like to use it within the LAN.
Reading this I'm assuming your AstLinux box is *not* your edge router, but rather sits in your internal LAN.
Warning, The following example is for an AstLinux box sitting in an internal LAN, behind a router/firewall.
Go to the Network tab, select Firewall: [ enabled ] and click { Firewall Configuration }
Note: Make sure you add rules before "restarting" the firewall.
In the firewall configuration, this example adds rules to manage AstLinux (SSH, HTTP and HTTPS) and allows SIP inbound ...
Add comments if you wish.
Note: The Source fields here are "0/0" which is Any Host. If you only want your local LAN to have access to the AstLinux box use 10.10.1.0/24 (for example) or 10.0.0.0/8 to include a bunch of private addresses.
Now that we have added firewall rules (check for errors) we can { Restart Firewall } x-Confirm
the firewall will be enabled with these rules.
You can enable the Adaptive Ban plugin by going back to the Network tab, Firewall Plugins: choose [ adaptive-ban ] and Click { Configure Plugin }
Edit ENABLED=1 and { Save Changes } and from the edit tab you can
{ Reload/Restart } [ Restart Firewall ] x-Confirm
That is the flow, add more as you get the feel of it.
PS, worst case, if you added a rule to lock yourself out via SSH or HTTPS, use the console and
--
service iptables stop
--
and you will have access again.
You should not need to add any IAX2 rules if it is outbound only.
Lonnie
On Sep 10, 2017, at 4:19 PM, Paul Wills <pd...@ce...> wrote:
> Greetings,
>
> I am trying to get the Adaptive Ban plugin to work but know nothing about firewall configuration. Is there a guide to using the AstLinux GUI firewall settings or, short of that, a suggested minimal configuration for SSH, IAX2, and SIP? Actually, I never opened a port to the "outside world" on my ISP router but would still like to use it within the LAN.
>
> Thanks in advance,
>
> PDW
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Ast...@li...
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr....
|
|
From: Paul W. <pd...@ce...> - 2017-09-10 21:19:17
|
Greetings, I am trying to get the Adaptive Ban plugin to work but know nothing about firewall configuration. Is there a guide to using the AstLinux GUI firewall settings or, short of that, a suggested minimal configuration for SSH, IAX2, and SIP? Actually, I never opened a port to the "outside world" on my ISP router but would still like to use it within the LAN. Thanks in advance, PDW |
|
From: Michael K. <mic...@ip...> - 2017-09-09 22:51:17
|
Heres mine ( [modules] autoload=yes ; Channel Event Logging modules are not used so removed noload => cel_custom.so noload => cel_manager.so noload => cel_odbc.so noload => cel_sqlite3_custom.so noload => app_celgenuserevent.so ; PJSIP is disabled until we are ready to use it noload => res_pjproject.so noload => res_pjsip.so noload => res_pjsip_acl.so noload => res_pjsip_authenticator_digest.so noload => res_pjsip_caller_id.so noload => res_pjsip_config_wizard.so noload => res_pjsip_dialog_info_body_generator.so noload => res_pjsip_diversion.so noload => res_pjsip_dlg_options.so noload => res_pjsip_dtmf_info.so noload => res_pjsip_empty_info.so noload => res_pjsip_endpoint_identifier_anonymous.so noload => res_pjsip_endpoint_identifier_ip.so noload => res_pjsip_endpoint_identifier_user.so noload => res_pjsip_exten_state.so noload => res_pjsip_header_funcs.so noload => res_pjsip_history.so noload => res_pjsip_logger.so noload => res_pjsip_messaging.so noload => res_pjsip_mwi.so noload => res_pjsip_mwi_body_generator.so noload => res_pjsip_nat.so noload => res_pjsip_notify.so noload => res_pjsip_one_touch_record_info.so noload => res_pjsip_outbound_authenticator_digest.so noload => res_pjsip_outbound_publish.so noload => res_pjsip_outbound_registration.so noload => res_pjsip_path.so noload => res_pjsip_pidf_body_generator.so noload => res_pjsip_pidf_digium_body_supplement.so noload => res_pjsip_pidf_eyebeam_body_supplement.so noload => res_pjsip_publish_asterisk.so noload => res_pjsip_pubsub.so noload => res_pjsip_refer.so noload => res_pjsip_registrar.so noload => res_pjsip_registrar_expire.so noload => res_pjsip_rfc3326.so noload => res_pjsip_sdp_rtp.so noload => res_pjsip_send_to_voicemail.so noload => res_pjsip_session.so noload => res_pjsip_sips_contact.so noload => res_pjsip_t38.so noload => res_pjsip_transport_management.so noload => res_pjsip_transport_websocket.so noload => res_pjsip_xpidf_body_generator.so noload => func_pjsip_aor.so noload => func_pjsip_contact.so noload => func_pjsip_endpoint.so ; ARI needs to go to unless I have a need for it noload => res_ari.so noload => res_ari_applications.so noload => res_ari_asterisk.so noload => res_ari_bridges.so noload => res_ari_channels.so noload => res_ari_device_states.so noload => res_ari_endpoints.so noload => res_ari_events.so noload => res_ari_model.so noload => res_ari_playbacks.so noload => res_ari_recordings.so noload => res_ari_sounds.so ; We are not using Homer so it is disabled noload => res_hep.so noload => res_hep_pjsip.so noload => res_hep_rtcp.so ; Other resource modules currently not needed noload => res_speech.so noload => res_phoneprov.so noload => res_ael_share.so noload => res_adsi.so noload => res_smdi.so noload => res_fax.so noload => res_fax_spandsp.so noload => res_stun_monitor.so noload => res_pktccops.so ; PBX modules currently not needed noload => pbx_ael.so noload => pbx_dundi.so ; Channel modules currently not needed noload => chan_oss.so noload => chan_mgcp.so noload => chan_skinny.so noload => chan_phone.so noload => chan_agent.so noload => chan_unistim.so noload => chan_alsa.so noload => chan_iax2.so ; Other application modules currently not needed noload => app_nbscat.so noload => app_amd.so noload => app_mp3.so noload => app_minivm.so noload => app_zapateller.so noload => app_ices.so noload => app_sendtext.so noload => app_speech_utils.so noload => app_flash.so noload => app_getcpeid.so noload => app_setcallerid.so noload => app_adsiprog.so noload => app_forkcdr.so noload => app_sms.so noload => app_morsecode.so noload => app_url.so noload => app_alarmreceiver.so noload => app_dahdiras.so noload => app_senddtmf.so noload => app_test.so noload => app_externalivr.so noload => app_image.so noload => app_festival.so ; Using SQLight3 so get rid of all the others noload => cdr_csv.so noload => cdr_custom.so noload => cdr_manager.so noload => cdr_syslog.so Regards Michael Knill -----Original Message----- From: Michael Keuter <li...@mk...> Reply-To: AstLinux List <ast...@li...> Date: Sunday, 10 September 2017 at 2:34 am To: AstLinux List <ast...@li...> Subject: Re: [Astlinux-users] migrated from Asterisk 8 to 13 BTW: I later figured out, that the wildcards (*) did NOT actually work for me in modules.conf! Sent from a mobile device. Michael > Am 09.09.2017 um 18:03 schrieb Lonnie Abelbeck <li...@lo...>: > > Shamus, > > Asterisk 13 Documentation > https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Documentation > > Michael Keuter posted his "noload" list a couple months ago: > ----- > noload => res_mwi_external.so ; Asterisk 13 > noload => res_mwi_external_ami.so ; Asterisk 13 > noload => res_ari_mailboxes.so ; Asterisk 13 > noload => res_pjsip*.so ; Asterisk 13 > noload => func_pjsip*.so ; Asterisk 13 > noload => res_pjsip_phoneprov_provider.so ; Asterisk 13 > noload => res_pktccops.so > noload => cel_custom.so > ----- > Ref: https://www.mail-archive.com/ast...@li.../msg08923.html > > Lonnie > > > >> On Sep 9, 2017, at 9:42 AM, Shamus Rask <sh...@sr...> wrote: >> >> I’ve copied over the default configuration files. It looks like the default are all commented out (i.e. blank), so they have no real impact. I wish there was a definitive list of what a minimal configuration of Asterisk looks like. Right now I’ve got the following config files in /etc/asterisk: >> acl.conf >> asterisk.conf >> cdr.conf >> cdr_adaptive_odbc.conf >> cdr_custom.conf >> cel.conf >> cel_custom.conf >> cel_odbc.conf >> cli_aliases.conf >> extensions.conf >> features.conf >> indications.conf >> logger.conf >> manager.conf >> modules.conf >> pjproject.conf >> josip.conf >> josip_wizard.conf >> res_cnfig_sqlite3.conf >> res_fax.conf >> rtp.conf >> sip.conf >> udptl.conf >> voicemail.conf >> >> >> I’m still looking for good Asterisk documentation. I have all of the O’Reilly books, but they capped v1.8. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Ast...@li... https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
|
From: Michael K. <li...@mk...> - 2017-09-09 16:33:42
|
BTW: I later figured out, that the wildcards (*) did NOT actually work for me in modules.conf! Sent from a mobile device. Michael > Am 09.09.2017 um 18:03 schrieb Lonnie Abelbeck <li...@lo...>: > > Shamus, > > Asterisk 13 Documentation > https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Documentation > > Michael Keuter posted his "noload" list a couple months ago: > ----- > noload => res_mwi_external.so ; Asterisk 13 > noload => res_mwi_external_ami.so ; Asterisk 13 > noload => res_ari_mailboxes.so ; Asterisk 13 > noload => res_pjsip*.so ; Asterisk 13 > noload => func_pjsip*.so ; Asterisk 13 > noload => res_pjsip_phoneprov_provider.so ; Asterisk 13 > noload => res_pktccops.so > noload => cel_custom.so > ----- > Ref: https://www.mail-archive.com/ast...@li.../msg08923.html > > Lonnie > > > >> On Sep 9, 2017, at 9:42 AM, Shamus Rask <sh...@sr...> wrote: >> >> I’ve copied over the default configuration files. It looks like the default are all commented out (i.e. blank), so they have no real impact. I wish there was a definitive list of what a minimal configuration of Asterisk looks like. Right now I’ve got the following config files in /etc/asterisk: >> acl.conf >> asterisk.conf >> cdr.conf >> cdr_adaptive_odbc.conf >> cdr_custom.conf >> cel.conf >> cel_custom.conf >> cel_odbc.conf >> cli_aliases.conf >> extensions.conf >> features.conf >> indications.conf >> logger.conf >> manager.conf >> modules.conf >> pjproject.conf >> josip.conf >> josip_wizard.conf >> res_cnfig_sqlite3.conf >> res_fax.conf >> rtp.conf >> sip.conf >> udptl.conf >> voicemail.conf >> >> >> I’m still looking for good Asterisk documentation. I have all of the O’Reilly books, but they capped v1.8. |
|
From: Lonnie A. <li...@lo...> - 2017-09-09 16:03:09
|
Shamus, Asterisk 13 Documentation https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Documentation Michael Keuter posted his "noload" list a couple months ago: ----- noload => res_mwi_external.so ; Asterisk 13 noload => res_mwi_external_ami.so ; Asterisk 13 noload => res_ari_mailboxes.so ; Asterisk 13 noload => res_pjsip*.so ; Asterisk 13 noload => func_pjsip*.so ; Asterisk 13 noload => res_pjsip_phoneprov_provider.so ; Asterisk 13 noload => res_pktccops.so noload => cel_custom.so ----- Ref: https://www.mail-archive.com/ast...@li.../msg08923.html Lonnie On Sep 9, 2017, at 9:42 AM, Shamus Rask <sh...@sr...> wrote: > I’ve copied over the default configuration files. It looks like the default are all commented out (i.e. blank), so they have no real impact. I wish there was a definitive list of what a minimal configuration of Asterisk looks like. Right now I’ve got the following config files in /etc/asterisk: > acl.conf > asterisk.conf > cdr.conf > cdr_adaptive_odbc.conf > cdr_custom.conf > cel.conf > cel_custom.conf > cel_odbc.conf > cli_aliases.conf > extensions.conf > features.conf > indications.conf > logger.conf > manager.conf > modules.conf > pjproject.conf > josip.conf > josip_wizard.conf > res_cnfig_sqlite3.conf > res_fax.conf > rtp.conf > sip.conf > udptl.conf > voicemail.conf > > > I’m still looking for good Asterisk documentation. I have all of the O’Reilly books, but they capped v1.8. > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
|
From: Shamus R. <sh...@sr...> - 2017-09-09 15:07:33
|
I’ve copied over the default configuration files. It looks like the default are all commented out (i.e. blank), so they have no real impact. I wish there was a definitive list of what a minimal configuration of Asterisk looks like. Right now I’ve got the following config files in /etc/asterisk: acl.conf asterisk.conf cdr.conf cdr_adaptive_odbc.conf cdr_custom.conf cel.conf cel_custom.conf cel_odbc.conf cli_aliases.conf extensions.conf features.conf indications.conf logger.conf manager.conf modules.conf pjproject.conf josip.conf josip_wizard.conf res_cnfig_sqlite3.conf res_fax.conf rtp.conf sip.conf udptl.conf voicemail.conf I’m still looking for good Asterisk documentation. I have all of the O’Reilly books, but they capped v1.8. |
|
From: Michael K. <li...@mk...> - 2017-09-09 11:03:06
|
> Am 09.09.2017 um 03:13 schrieb Shamus Rask <sh...@sr...>: > > I have just migrated from Asterisk 1.8 to 13. I run AstLinux as a VM, so the “migration” was simple–download/install a new VM, copy configs and shutdown old version. > > When I reload Asterisk, I now see many errors of the type: > > -- Reloading module 'res_pjsip_transport_management.so' (PJSIP Reliable Transport Management) > [Sep 8 20:58:53] ERROR[11524]: res_sorcery_config.c:230 sorcery_config_internal_load: Unable to load config file ‘pjsip.conf' > > > Have to admit that I’m not even sure of what the difference between PJSIP and SIP is, however I would like to clean up these errors. Do I need pjsip.conf in addition to sip.conf? If not, how do I prevent Aterisk from checking for it? > > cheers, > Shamus I would start with copying the missing default configuration files (stated in the error messages) from "/stat/etc/asterisk/". Then later you can look at "modules.conf" and disable functions you don't need. But keep in mind it is a big jump from 1.8 to 13. A lot has changed (also in "sip.conf"), some default values have flipped, some have gone, etc.. That can be some work to adjust everything. Be sure to read the documentation, at least the UPGRADE*.txt and CHANGES files. Michael http://www.mksolutions.info |
|
From: Shamus R. <sh...@sr...> - 2017-09-09 01:37:25
|
I have just migrated from Asterisk 1.8 to 13. I run AstLinux as a VM, so the “migration” was simple–download/install a new VM, copy configs and shutdown old version. When I reload Asterisk, I now see many errors of the type: -- Reloading module 'res_pjsip_transport_management.so' (PJSIP Reliable Transport Management) [Sep 8 20:58:53] ERROR[11524]: res_sorcery_config.c:230 sorcery_config_internal_load: Unable to load config file ‘pjsip.conf' Have to admit that I’m not even sure of what the difference between PJSIP and SIP is, however I would like to clean up these errors. Do I need pjsip.conf in addition to sip.conf? If not, how do I prevent Aterisk from checking for it? cheers, Shamus |
|
From: Michael K. <mic...@ip...> - 2017-09-05 22:06:54
|
Thanks Lonnie. I understand now. Yay! I will give it a try. Regards Michael Knill -----Original Message----- From: Lonnie Abelbeck <li...@lo...> Reply-To: AstLinux List <ast...@li...> Date: Wednesday, 6 September 2017 at 6:46 am To: AstLinux List <ast...@li...> Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux Michael, > "NAT EXT->LAN" rule with a specific "Source" address, ...E.g. will Astlinux ONLY NAT EXT->LAN the traffic from the specified source address? Yes. > Im also not quite sure what the NAT EXT: field is used for which appears when you select "NAT EXT->LAN" and would love someone to explain it to me. When you have multiple external *static* IPv4 addresses, NAT EXT: lets you restrict which "public" destination IPv4 address to apply the NAT rule to. The default "0/0" means any external IPv4 address, and would be required of you had a dynamic IPv4 external address. Lonnie On Sep 5, 2017, at 3:19 PM, Michael Knill <mic...@ip...> wrote: > Hi thanks Lonnie and Michael for your input. > > There are no remote clients so that should not be a problem. Michael the internal PBX is not Asterisk and is not managed by myself. As such, although I would like to proxy to the internal PBX, this will not be possible as I have no configuration access to it. > They were having issues previously which were resolved with fixed NAT rules on the current firewall so I will certainly still want to add this configuration on Astlinux. > > Basically from what I can see, it should work fine but I just wanted to check that if I add a "NAT EXT->LAN" rule with a specific "Source" address, then this traffic will be forwarded to the internal PBX but all other traffic using the same ports (e.g. 5060 and potentially media ports) will terminate locally on the Astlinux appliance. E.g. will Astlinux ONLY NAT EXT->LAN the traffic from the specified source address? > > Im also not quite sure what the NAT EXT: field is used for which appears when you select "NAT EXT->LAN" and would love someone to explain it to me. > > Thanks all. > > Regards > Michael Knill > > -----Original Message----- > From: Lonnie Abelbeck <li...@lo...> > Reply-To: AstLinux List <ast...@li...> > Date: Tuesday, 5 September 2017 at 11:05 pm > To: AstLinux List <ast...@li...> > Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux > > Hi Michael, > > It depends, if the pre-existing SIP PBX only does outbound calls (SIP trunking) then don't enable any "NAT EXT->LAN" to the SIP PBX and make sure the SIP PBX trunk registers or qualifies often enough to keep a firewall state open for inbound calls from the provider. You may have to forward the RTP media range, again depends, try without but be prepared to "NAT EXT->LAN" the RTP range if needed. > > If the pre-existing SIP PBX has to service remote "clients", that is more trouble with NAT, in that case I would consider using your AstLinux box at the edge to handle those and act as a proxy to the internal pre-existing SIP PBX. > > Lonnie > > > > On Sep 5, 2017, at 6:06 AM, Michael Knill <mic...@ip...> wrote: > >> Hi Michael >> >> Thanks for that but you misunderstand sorry. >> Astlinux is on the edge and a SIP PBX is on the inside that will eventually be replaced. >> >> Regards >> Michael Knill >> >> -----Original Message----- >> From: Michael Keuter <li...@mk...> >> Reply-To: AstLinux List <ast...@li...> >> Date: Tuesday, 5 September 2017 at 6:20 pm >> To: AstLinux List <ast...@li...> >> Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux >> >> >>> Am 05.09.2017 um 09:16 schrieb Michael Knill <mic...@ip...>: >>> >>> Hi group >>> >>> I have a bit of a tricky one that I want to run past the Astlinux firewall experts. >>> >>> Scenario: >>> An existing PBX (soon to be replaced) using an existing SIP Provider sitting BEHIND an Astlinux appliance which is connected to another SIP Provider. >>> >>> Should I just be able to do NAT EXT -> LAN to the internal PBX for 5060 & Media Ports using the Source IP Addresses of their current provider? Or do I need to add something in NAT EXT: ? >>> I just recall that I had issues with Astlinux and forwarding 5060 but that was a while ago. >>> >>> Thanks. >>> >>> Regards >>> Michael Knill >> >> Hi Michael, >> >> I had the same issue. It is quite easy: >> >> On the PBX behind the main AstLinux box set in sip.conf: >> >> ; NAT settings >> externaddr=xx.xx.xx.xx:5062 ; this tells the second provider to send the returning packets to port 5062! >> localnet=yy.yy.yy.yy/255.255.255.0 >> nat=force_rport,comedia >> >> Then on the main AstLinux box set NAT EXT -> LAN port 5062 to the IP of the 2nd PBX but on port 5060! >> Then just use different RTP ports then on the edge box. >> >> Michael >> >> http://www.mksolutions.info >> >> >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... >> >> > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Ast...@li... https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
|
From: Lonnie A. <li...@lo...> - 2017-09-05 20:46:25
|
Michael, > "NAT EXT->LAN" rule with a specific "Source" address, ...E.g. will Astlinux ONLY NAT EXT->LAN the traffic from the specified source address? Yes. > Im also not quite sure what the NAT EXT: field is used for which appears when you select "NAT EXT->LAN" and would love someone to explain it to me. When you have multiple external *static* IPv4 addresses, NAT EXT: lets you restrict which "public" destination IPv4 address to apply the NAT rule to. The default "0/0" means any external IPv4 address, and would be required of you had a dynamic IPv4 external address. Lonnie On Sep 5, 2017, at 3:19 PM, Michael Knill <mic...@ip...> wrote: > Hi thanks Lonnie and Michael for your input. > > There are no remote clients so that should not be a problem. Michael the internal PBX is not Asterisk and is not managed by myself. As such, although I would like to proxy to the internal PBX, this will not be possible as I have no configuration access to it. > They were having issues previously which were resolved with fixed NAT rules on the current firewall so I will certainly still want to add this configuration on Astlinux. > > Basically from what I can see, it should work fine but I just wanted to check that if I add a "NAT EXT->LAN" rule with a specific "Source" address, then this traffic will be forwarded to the internal PBX but all other traffic using the same ports (e.g. 5060 and potentially media ports) will terminate locally on the Astlinux appliance. E.g. will Astlinux ONLY NAT EXT->LAN the traffic from the specified source address? > > Im also not quite sure what the NAT EXT: field is used for which appears when you select "NAT EXT->LAN" and would love someone to explain it to me. > > Thanks all. > > Regards > Michael Knill > > -----Original Message----- > From: Lonnie Abelbeck <li...@lo...> > Reply-To: AstLinux List <ast...@li...> > Date: Tuesday, 5 September 2017 at 11:05 pm > To: AstLinux List <ast...@li...> > Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux > > Hi Michael, > > It depends, if the pre-existing SIP PBX only does outbound calls (SIP trunking) then don't enable any "NAT EXT->LAN" to the SIP PBX and make sure the SIP PBX trunk registers or qualifies often enough to keep a firewall state open for inbound calls from the provider. You may have to forward the RTP media range, again depends, try without but be prepared to "NAT EXT->LAN" the RTP range if needed. > > If the pre-existing SIP PBX has to service remote "clients", that is more trouble with NAT, in that case I would consider using your AstLinux box at the edge to handle those and act as a proxy to the internal pre-existing SIP PBX. > > Lonnie > > > > On Sep 5, 2017, at 6:06 AM, Michael Knill <mic...@ip...> wrote: > >> Hi Michael >> >> Thanks for that but you misunderstand sorry. >> Astlinux is on the edge and a SIP PBX is on the inside that will eventually be replaced. >> >> Regards >> Michael Knill >> >> -----Original Message----- >> From: Michael Keuter <li...@mk...> >> Reply-To: AstLinux List <ast...@li...> >> Date: Tuesday, 5 September 2017 at 6:20 pm >> To: AstLinux List <ast...@li...> >> Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux >> >> >>> Am 05.09.2017 um 09:16 schrieb Michael Knill <mic...@ip...>: >>> >>> Hi group >>> >>> I have a bit of a tricky one that I want to run past the Astlinux firewall experts. >>> >>> Scenario: >>> An existing PBX (soon to be replaced) using an existing SIP Provider sitting BEHIND an Astlinux appliance which is connected to another SIP Provider. >>> >>> Should I just be able to do NAT EXT -> LAN to the internal PBX for 5060 & Media Ports using the Source IP Addresses of their current provider? Or do I need to add something in NAT EXT: ? >>> I just recall that I had issues with Astlinux and forwarding 5060 but that was a while ago. >>> >>> Thanks. >>> >>> Regards >>> Michael Knill >> >> Hi Michael, >> >> I had the same issue. It is quite easy: >> >> On the PBX behind the main AstLinux box set in sip.conf: >> >> ; NAT settings >> externaddr=xx.xx.xx.xx:5062 ; this tells the second provider to send the returning packets to port 5062! >> localnet=yy.yy.yy.yy/255.255.255.0 >> nat=force_rport,comedia >> >> Then on the main AstLinux box set NAT EXT -> LAN port 5062 to the IP of the 2nd PBX but on port 5060! >> Then just use different RTP ports then on the edge box. >> >> Michael >> >> http://www.mksolutions.info >> >> >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... >> >> > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > |
|
From: Michael K. <mic...@ip...> - 2017-09-05 20:19:46
|
Hi thanks Lonnie and Michael for your input. There are no remote clients so that should not be a problem. Michael the internal PBX is not Asterisk and is not managed by myself. As such, although I would like to proxy to the internal PBX, this will not be possible as I have no configuration access to it. They were having issues previously which were resolved with fixed NAT rules on the current firewall so I will certainly still want to add this configuration on Astlinux. Basically from what I can see, it should work fine but I just wanted to check that if I add a "NAT EXT->LAN" rule with a specific "Source" address, then this traffic will be forwarded to the internal PBX but all other traffic using the same ports (e.g. 5060 and potentially media ports) will terminate locally on the Astlinux appliance. E.g. will Astlinux ONLY NAT EXT->LAN the traffic from the specified source address? Im also not quite sure what the NAT EXT: field is used for which appears when you select "NAT EXT->LAN" and would love someone to explain it to me. Thanks all. Regards Michael Knill -----Original Message----- From: Lonnie Abelbeck <li...@lo...> Reply-To: AstLinux List <ast...@li...> Date: Tuesday, 5 September 2017 at 11:05 pm To: AstLinux List <ast...@li...> Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux Hi Michael, It depends, if the pre-existing SIP PBX only does outbound calls (SIP trunking) then don't enable any "NAT EXT->LAN" to the SIP PBX and make sure the SIP PBX trunk registers or qualifies often enough to keep a firewall state open for inbound calls from the provider. You may have to forward the RTP media range, again depends, try without but be prepared to "NAT EXT->LAN" the RTP range if needed. If the pre-existing SIP PBX has to service remote "clients", that is more trouble with NAT, in that case I would consider using your AstLinux box at the edge to handle those and act as a proxy to the internal pre-existing SIP PBX. Lonnie On Sep 5, 2017, at 6:06 AM, Michael Knill <mic...@ip...> wrote: > Hi Michael > > Thanks for that but you misunderstand sorry. > Astlinux is on the edge and a SIP PBX is on the inside that will eventually be replaced. > > Regards > Michael Knill > > -----Original Message----- > From: Michael Keuter <li...@mk...> > Reply-To: AstLinux List <ast...@li...> > Date: Tuesday, 5 September 2017 at 6:20 pm > To: AstLinux List <ast...@li...> > Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux > > >> Am 05.09.2017 um 09:16 schrieb Michael Knill <mic...@ip...>: >> >> Hi group >> >> I have a bit of a tricky one that I want to run past the Astlinux firewall experts. >> >> Scenario: >> An existing PBX (soon to be replaced) using an existing SIP Provider sitting BEHIND an Astlinux appliance which is connected to another SIP Provider. >> >> Should I just be able to do NAT EXT -> LAN to the internal PBX for 5060 & Media Ports using the Source IP Addresses of their current provider? Or do I need to add something in NAT EXT: ? >> I just recall that I had issues with Astlinux and forwarding 5060 but that was a while ago. >> >> Thanks. >> >> Regards >> Michael Knill > > Hi Michael, > > I had the same issue. It is quite easy: > > On the PBX behind the main AstLinux box set in sip.conf: > > ; NAT settings > externaddr=xx.xx.xx.xx:5062 ; this tells the second provider to send the returning packets to port 5062! > localnet=yy.yy.yy.yy/255.255.255.0 > nat=force_rport,comedia > > Then on the main AstLinux box set NAT EXT -> LAN port 5062 to the IP of the 2nd PBX but on port 5060! > Then just use different RTP ports then on the edge box. > > Michael > > http://www.mksolutions.info > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Ast...@li... https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
|
From: Michael K. <li...@mk...> - 2017-09-05 13:51:11
|
> Am 05.09.2017 um 13:06 schrieb Michael Knill <mic...@ip...>: > > Hi Michael > > Thanks for that but you misunderstand sorry. > Astlinux is on the edge and a SIP PBX is on the inside that will eventually be replaced. > > Regards > Michael Knill Yes, I understood it right. That is the way to do it. I just assumed the SIP PBX inside is Asterisk-based as well. If not, maybe there is another way like my trick with "externaddr=xx.xx.xx.xx:5062". I did this with 3 separate AstLinux PBXs behind one single PFSense firewall on the edge. > -----Original Message----- > From: Michael Keuter <li...@mk...> > Reply-To: AstLinux List <ast...@li...> > Date: Tuesday, 5 September 2017 at 6:20 pm > To: AstLinux List <ast...@li...> > Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux > > >> Am 05.09.2017 um 09:16 schrieb Michael Knill <mic...@ip...>: >> >> Hi group >> >> I have a bit of a tricky one that I want to run past the Astlinux firewall experts. >> >> Scenario: >> An existing PBX (soon to be replaced) using an existing SIP Provider sitting BEHIND an Astlinux appliance which is connected to another SIP Provider. >> >> Should I just be able to do NAT EXT -> LAN to the internal PBX for 5060 & Media Ports using the Source IP Addresses of their current provider? Or do I need to add something in NAT EXT: ? >> I just recall that I had issues with Astlinux and forwarding 5060 but that was a while ago. >> >> Thanks. >> >> Regards >> Michael Knill > > Hi Michael, > > I had the same issue. It is quite easy: > > On the PBX behind the main AstLinux box set in sip.conf: > > ; NAT settings > externaddr=xx.xx.xx.xx:5062 ; this tells the second provider to send the returning packets to port 5062! > localnet=yy.yy.yy.yy/255.255.255.0 > nat=force_rport,comedia > > Then on the main AstLinux box set NAT EXT -> LAN port 5062 to the IP of the 2nd PBX but on port 5060! > Then just use different RTP ports then on the edge box. > > Michael Michael http://www.mksolutions.info |
|
From: Lonnie A. <li...@lo...> - 2017-09-05 13:04:47
|
Hi Michael, It depends, if the pre-existing SIP PBX only does outbound calls (SIP trunking) then don't enable any "NAT EXT->LAN" to the SIP PBX and make sure the SIP PBX trunk registers or qualifies often enough to keep a firewall state open for inbound calls from the provider. You may have to forward the RTP media range, again depends, try without but be prepared to "NAT EXT->LAN" the RTP range if needed. If the pre-existing SIP PBX has to service remote "clients", that is more trouble with NAT, in that case I would consider using your AstLinux box at the edge to handle those and act as a proxy to the internal pre-existing SIP PBX. Lonnie On Sep 5, 2017, at 6:06 AM, Michael Knill <mic...@ip...> wrote: > Hi Michael > > Thanks for that but you misunderstand sorry. > Astlinux is on the edge and a SIP PBX is on the inside that will eventually be replaced. > > Regards > Michael Knill > > -----Original Message----- > From: Michael Keuter <li...@mk...> > Reply-To: AstLinux List <ast...@li...> > Date: Tuesday, 5 September 2017 at 6:20 pm > To: AstLinux List <ast...@li...> > Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux > > >> Am 05.09.2017 um 09:16 schrieb Michael Knill <mic...@ip...>: >> >> Hi group >> >> I have a bit of a tricky one that I want to run past the Astlinux firewall experts. >> >> Scenario: >> An existing PBX (soon to be replaced) using an existing SIP Provider sitting BEHIND an Astlinux appliance which is connected to another SIP Provider. >> >> Should I just be able to do NAT EXT -> LAN to the internal PBX for 5060 & Media Ports using the Source IP Addresses of their current provider? Or do I need to add something in NAT EXT: ? >> I just recall that I had issues with Astlinux and forwarding 5060 but that was a while ago. >> >> Thanks. >> >> Regards >> Michael Knill > > Hi Michael, > > I had the same issue. It is quite easy: > > On the PBX behind the main AstLinux box set in sip.conf: > > ; NAT settings > externaddr=xx.xx.xx.xx:5062 ; this tells the second provider to send the returning packets to port 5062! > localnet=yy.yy.yy.yy/255.255.255.0 > nat=force_rport,comedia > > Then on the main AstLinux box set NAT EXT -> LAN port 5062 to the IP of the 2nd PBX but on port 5060! > Then just use different RTP ports then on the edge box. > > Michael > > http://www.mksolutions.info > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > |
|
From: Michael K. <mic...@ip...> - 2017-09-05 11:06:49
|
Hi Michael Thanks for that but you misunderstand sorry. Astlinux is on the edge and a SIP PBX is on the inside that will eventually be replaced. Regards Michael Knill -----Original Message----- From: Michael Keuter <li...@mk...> Reply-To: AstLinux List <ast...@li...> Date: Tuesday, 5 September 2017 at 6:20 pm To: AstLinux List <ast...@li...> Subject: Re: [Astlinux-users] Guidance on configuring NAT on Astlinux > Am 05.09.2017 um 09:16 schrieb Michael Knill <mic...@ip...>: > > Hi group > > I have a bit of a tricky one that I want to run past the Astlinux firewall experts. > > Scenario: > An existing PBX (soon to be replaced) using an existing SIP Provider sitting BEHIND an Astlinux appliance which is connected to another SIP Provider. > > Should I just be able to do NAT EXT -> LAN to the internal PBX for 5060 & Media Ports using the Source IP Addresses of their current provider? Or do I need to add something in NAT EXT: ? > I just recall that I had issues with Astlinux and forwarding 5060 but that was a while ago. > > Thanks. > > Regards > Michael Knill Hi Michael, I had the same issue. It is quite easy: On the PBX behind the main AstLinux box set in sip.conf: ; NAT settings externaddr=xx.xx.xx.xx:5062 ; this tells the second provider to send the returning packets to port 5062! localnet=yy.yy.yy.yy/255.255.255.0 nat=force_rport,comedia Then on the main AstLinux box set NAT EXT -> LAN port 5062 to the IP of the 2nd PBX but on port 5060! Then just use different RTP ports then on the edge box. Michael http://www.mksolutions.info ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Ast...@li... https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
|
From: Michael K. <li...@mk...> - 2017-09-05 08:19:52
|
> Am 05.09.2017 um 09:16 schrieb Michael Knill <mic...@ip...>: > > Hi group > > I have a bit of a tricky one that I want to run past the Astlinux firewall experts. > > Scenario: > An existing PBX (soon to be replaced) using an existing SIP Provider sitting BEHIND an Astlinux appliance which is connected to another SIP Provider. > > Should I just be able to do NAT EXT -> LAN to the internal PBX for 5060 & Media Ports using the Source IP Addresses of their current provider? Or do I need to add something in NAT EXT: ? > I just recall that I had issues with Astlinux and forwarding 5060 but that was a while ago. > > Thanks. > > Regards > Michael Knill Hi Michael, I had the same issue. It is quite easy: On the PBX behind the main AstLinux box set in sip.conf: ; NAT settings externaddr=xx.xx.xx.xx:5062 ; this tells the second provider to send the returning packets to port 5062! localnet=yy.yy.yy.yy/255.255.255.0 nat=force_rport,comedia Then on the main AstLinux box set NAT EXT -> LAN port 5062 to the IP of the 2nd PBX but on port 5060! Then just use different RTP ports then on the edge box. Michael http://www.mksolutions.info |
|
From: Michael K. <mic...@ip...> - 2017-09-05 07:16:49
|
Hi group I have a bit of a tricky one that I want to run past the Astlinux firewall experts. Scenario: An existing PBX (soon to be replaced) using an existing SIP Provider sitting BEHIND an Astlinux appliance which is connected to another SIP Provider. Should I just be able to do NAT EXT -> LAN to the internal PBX for 5060 & Media Ports using the Source IP Addresses of their current provider? Or do I need to add something in NAT EXT: ? I just recall that I had issues with Astlinux and forwarding 5060 but that was a while ago. Thanks. Regards Michael Knill |
|
From: Lonnie A. <li...@lo...> - 2017-09-04 16:32:49
|
Roberto, Firewall Plugins https://doc.astlinux-project.org/userdoc:tt_firewall_plugins On Sep 4, 2017, at 11:27 AM, Roberto Rivera <rri...@gm...> wrote: > David, > I don't see the Adaptive Ban option in the network tab. I see a Firewall configuration button. > > On Sun, Sep 3, 2017 at 2:18 PM, David Kerr <da...@ke...> wrote: > Hi Roberto, not sure if you got a reply to this. Adaptive Ban is included with AstLinux. On the network tab of the web interface look for the Adaptive Ban firewall plugin in the list and then click on Configure Plugin and make sure that ENABLED=1 > > You can also use an external block list that is updated with reported "bad" IP addresses. See instructions here... https://doc.astlinux-project.org/userdoc:tt_firewall_external_block_list > > Restart the firewall after making any changes. > > David > > > > On Thu, Aug 31, 2017 at 4:14 PM, Roberto Rivera <rri...@gm...> wrote: > Hi all, > I have a lot of foreign ip addresses making attempts to hack into my PBX. What is the easiest way to block these addresses? > I saw the Astlinux firewall documentation that says I need to go to the Network tab>click the firewall button in but then I'm not sure if there is anything else I need to do? I also saw something regarding Adaptive Ban. Is that included with Astlinux. > Any comments would be appreciated. > I'm using Alix box. > Thanks > > Sent from my iPhone > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot_______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
|
From: Roberto R. <rri...@gm...> - 2017-09-04 16:28:02
|
David, I don't see the Adaptive Ban option in the network tab. I see a Firewall configuration button. On Sun, Sep 3, 2017 at 2:18 PM, David Kerr <da...@ke...> wrote: > Hi Roberto, not sure if you got a reply to this. Adaptive Ban is included > with AstLinux. On the network tab of the web interface look for the > Adaptive Ban firewall plugin in the list and then click on Configure Plugin > and make sure that ENABLED=1 > > You can also use an external block list that is updated with reported > "bad" IP addresses. See instructions here... https://doc.astlinux- > project.org/userdoc:tt_firewall_external_block_list > > Restart the firewall after making any changes. > > David > > > > On Thu, Aug 31, 2017 at 4:14 PM, Roberto Rivera <rri...@gm...> > wrote: > >> Hi all, >> I have a lot of foreign ip addresses making attempts to hack into my PBX. >> What is the easiest way to block these addresses? >> I saw the Astlinux firewall documentation that says I need to go to the >> Network tab>click the firewall button in but then I'm not sure if there is >> anything else I need to do? I also saw something regarding Adaptive Ban. Is >> that included with Astlinux. >> Any comments would be appreciated. >> I'm using Alix box. >> Thanks >> >> Sent from my iPhone >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pa...@kr.... >> > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pa...@kr.... > |
|
From: Roberto R. <rri...@gm...> - 2017-09-04 16:12:59
|
Hi David, Just happened to check my email. Did not know it was included. Im gonna try your instructions right away. Takes some stress off me for now. I thought it had to be downloaded. Im gonna give this a try right now. Thank you very much for your reply Robert On Sun, Sep 3, 2017 at 2:18 PM, David Kerr <da...@ke...> wrote: > Hi Roberto, not sure if you got a reply to this. Adaptive Ban is included > with AstLinux. On the network tab of the web interface look for the > Adaptive Ban firewall plugin in the list and then click on Configure Plugin > and make sure that ENABLED=1 > > You can also use an external block list that is updated with reported > "bad" IP addresses. See instructions here... https://doc.astlinux- > project.org/userdoc:tt_firewall_external_block_list > > Restart the firewall after making any changes. > > David > > > > On Thu, Aug 31, 2017 at 4:14 PM, Roberto Rivera <rri...@gm...> > wrote: > >> Hi all, >> I have a lot of foreign ip addresses making attempts to hack into my PBX. >> What is the easiest way to block these addresses? >> I saw the Astlinux firewall documentation that says I need to go to the >> Network tab>click the firewall button in but then I'm not sure if there is >> anything else I need to do? I also saw something regarding Adaptive Ban. Is >> that included with Astlinux. >> Any comments would be appreciated. >> I'm using Alix box. >> Thanks >> >> Sent from my iPhone >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Astlinux-users mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pa...@kr.... >> > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pa...@kr.... > |
|
From: Michael K. <mic...@ip...> - 2017-09-04 00:48:05
|
Yes just found out that I only have a single core allocated to it so Im thinking that 2 may be the go. Im also assuming that I should be fine tuning Monit a bit more e.g. If it is only a single core, I should set loadavg (1m) > 2 and loadavg (5m) >1, Dual core 4 & 2 and quad core 8 & 4 etc. Is this correct? Regards Michael Knill -----Original Message----- From: Lonnie Abelbeck <li...@lo...> Reply-To: AstLinux List <ast...@li...> Date: Monday, 4 September 2017 at 10:02 am To: AstLinux List <ast...@li...> Subject: Re: [Astlinux-users] Load and Monit Alerts Michael, Out of curiosity, how may cores does your VM guest have ? If it is only 1 possibly that could be an issue, if so you might try 2. I haven't used Monit too much, so no insights there. Lonnie On Sep 3, 2017, at 6:11 PM, Michael Knill <mic...@ip...> wrote: > Hi Group > > I have just installed a new system in a very busy clinic and I am starting to get a few Monit Resource Limit Alerts. I have been getting loads >2 and >4. > The confusing thing is that it is a VM so Im not quite sure whether a) my load limit configuration is correct in Monit and b) I have enough resources allocated. > > Any ideas on what I should be doing here? > > Regards > Michael Knill ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Ast...@li... https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
63 messages has been excluded from this view by a project administrator.
