00:07.51 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
00:22.30 | *** join/#asterisk [TK]D-Fender (~joe@64.235.216.2) |
00:42.07 | *** join/#asterisk Sprocks (~Sprocks@bmtnon3746w-lp140-05-65-92-121-159.dsl.bell.ca) |
00:54.22 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
00:55.23 | *** join/#asterisk Iamnacho (~Iamnacho@ip24-252-4-195.om.om.cox.net) |
01:02.14 | *** join/#asterisk troyt (~troyt@c-24-11-28-185.hsd1.ut.comcast.net) |
01:13.23 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
01:57.09 | *** join/#asterisk Katty (uid62315@gateway/web/irccloud.com/x-jltcckohdygnyqtw) |
02:14.25 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
02:43.25 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
02:51.49 | *** join/#asterisk Dovid (~dovid@ool-4573a525.dyn.optonline.net) |
03:01.56 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
03:10.45 | *** join/#asterisk drale2k (~drale2k@46.101.230.32) |
03:21.25 | *** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com) |
04:10.28 | *** join/#asterisk fstd_ (~fstd@unaffiliated/fisted) |
04:30.29 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
05:03.22 | *** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com) |
05:21.01 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
05:41.31 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
05:44.59 | *** join/#asterisk zapata (~zapata@2a02:b18:581:10:20ee:93a4:7e22:a808) |
06:24.44 | *** join/#asterisk Jesterboxboy (~Thunderbi@80-109-194-26.cable.dynamic.surfer.at) |
06:34.15 | *** join/#asterisk miralin (~Thunderbi@195.19.212.23) |
06:36.32 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
06:54.49 | *** join/#asterisk bof22 (~Thunderbi@185.13.183.107) |
06:56.44 | *** join/#asterisk sl4ck (~slack@185.69.145.131) |
07:12.33 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
07:32.58 | *** join/#asterisk J0hnSteel (~J0hnSteel@92.55.117.100) |
07:36.03 | *** join/#asterisk miralin (~Thunderbi@195.19.212.23) |
07:46.32 | *** join/#asterisk sekil (~sekil@cable-89-216-194-244.dynamic.sbb.rs) |
07:49.12 | *** join/#asterisk sarthor (~sarthor@unaffiliated/sarthor) |
07:55.10 | *** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com) |
08:07.23 | *** join/#asterisk mirela666 (~mirkob@2a00:1950:400:0:2987:3fd:e34c:da41) |
08:10.05 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
08:14.22 | *** join/#asterisk pchero_work (~pchero@109.70.54.56) |
08:23.04 | *** join/#asterisk jkroon (~jkroon@105.3.106.249) |
08:37.21 | *** join/#asterisk Y04NN (~y04nn@178.18.54.206) |
08:57.25 | *** join/#asterisk sparetire (~sparetire@unaffiliated/sparetire) |
09:00.36 | *** join/#asterisk pawiecki (~pawiecki@router.dir.pl) |
09:02.37 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
09:06.22 | *** join/#asterisk jjrh (~jjrh@2607:f0b0:8:8035:5099:56c8:1eba:32f2) |
09:13.22 | pawiecki | Hi! I'm struggling with this issue, and after some googling, I'm still not sure what the problem is. I have * and DECT's. Now one DECT number is registered, can answer calls, but can't make them. Here's my config, and CLI error: https://da.gd/8Hhl What I don't understand is why would I get this messages, if my peers are registered from different devices (different IP's), and so far this problem was not occuring. |
09:30.12 | *** join/#asterisk miralin (~Thunderbi@195.19.212.23) |
09:36.11 | *** join/#asterisk Tiffon (~name@unaffiliated/tiff0n) |
09:54.08 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
10:02.11 | *** join/#asterisk friedrich (~friedrich@aextron.de) |
10:25.05 | *** join/#asterisk jkroon (~jkroon@196.33.18.28) |
10:33.48 | *** join/#asterisk miralin (~Thunderbi@195.19.212.23) |
11:20.25 | *** join/#asterisk andremar (~andremar@105.211.54.77.rev.vodafone.pt) |
11:42.51 | *** join/#asterisk miralin (~Thunderbi@195.19.212.23) |
11:57.11 | *** join/#asterisk J0hnSteel (~J0hnSteel@92.55.116.125) |
12:07.51 | *** join/#asterisk friedrich (~friedrich@aextron.de) |
12:21.29 | *** join/#asterisk friedrich (~friedrich@aextron.de) |
12:42.54 | *** join/#asterisk Dovid (~dovid@ool-4573a525.dyn.optonline.net) |
12:58.30 | *** join/#asterisk afournier (~admin@80.215.236.200) |
13:03.55 | afournier | let's say i have a device (100) registered to an asterisk server, when calling, the call is redirected to another asterisk (100 => asterisk => asterisk) the last one complains it failed to authenticate device "100". Is there a way to masquerade the From field, or simply accept every from for a given IP ? |
13:04.27 | afournier | s/every/any/ |
13:10.45 | sekil | afournier: yes on both counts |
13:12.47 | afournier | yes on both counts ? |
13:14.24 | *** join/#asterisk karelk (~karel@31.10.149.26) |
13:14.44 | sekil | yeah |
13:14.51 | sekil | there's a way to do both |
13:16.11 | afournier | ok |
13:16.23 | afournier | how would you do the second ? |
13:16.28 | afournier | allowguest=yes N |
13:16.35 | afournier | allowguest=yes ? |
13:16.48 | sekil | no |
13:17.05 | sekil | you set the host=<IPADDRESS> in the peer/friend setting |
13:17.24 | afournier | done already |
13:18.09 | sekil | that would allow everything from the first asterisk.. |
13:22.30 | *** join/#asterisk miralin (~Thunderbi@195.19.212.23) |
13:29.33 | *** join/#asterisk [TK]D-Fender (~joe@216.191.106.165) |
13:31.17 | afournier | hum... got it |
13:31.18 | afournier | it works |
13:35.39 | [TK]D-Fender | not the way |
13:35.46 | [TK]D-Fender | You're allowing random unauthed calls |
13:35.47 | [TK]D-Fender | BAS |
13:35.49 | [TK]D-Fender | BAD |
13:36.45 | [TK]D-Fender | fix your peers so they auth properly |
13:37.14 | sekil | yeah..well..it's from this one ip I guess |
13:37.31 | sekil | although it's better to do it properly |
13:37.55 | [TK]D-Fender | so just fix your peer |
13:38.17 | [TK]D-Fender | each side should have: |
13:38.41 | [TK]D-Fender | fromuser=DEFAULTUSER-NAME |
13:38.50 | [TK]D-Fender | sendrpid=yes |
13:38.54 | [TK]D-Fender | trustrpid=yes |
13:39.09 | [TK]D-Fender | and no need for "insecure" at all |
13:45.51 | *** join/#asterisk brad_mssw (~brad@66.129.88.50) |
13:53.53 | afournier | hum... ok |
13:58.28 | *** join/#asterisk davlefou (~davlefou@unaffiliated/davlefou) |
14:22.23 | *** join/#asterisk eric_hill (~eric_hill@wsip-184-180-163-60.ks.ks.cox.net) |
14:22.50 | *** join/#asterisk rwb (~Thunderbi@204.13.43.166) |
14:29.04 | *** join/#asterisk Rini (uid196547@gateway/web/irccloud.com/x-iqfkzfzwitmfpvrg) |
14:31.38 | *** join/#asterisk pawiecki (~pawiecki@router.dir.pl) |
14:32.31 | *** join/#asterisk pawiecki (~pawiecki@217.97.180.1) |
14:53.42 | *** join/#asterisk hehol (~hehol@gatekeeper.loca.net) |
14:57.11 | *** join/#asterisk afournier (~admin@80.215.236.200) |
15:05.44 | *** join/#asterisk rpifan (~rpi@c-24-98-49-231.hsd1.ga.comcast.net) |
15:10.13 | *** join/#asterisk Tim_Toady (~fuzzy@snf-33276.vm.okeanos.grnet.gr) |
15:13.38 | *** join/#asterisk kharwell (kharwell@nat/digium/x-ixoieixghgpepyad) |
15:13.38 | *** mode/#asterisk [+o kharwell] by ChanServ |
15:13.39 | *** join/#asterisk robink (~quassel@unaffilated/robink) |
15:19.20 | *** join/#asterisk troyt (~troyt@c-24-11-28-185.hsd1.ut.comcast.net) |
15:39.12 | *** join/#asterisk cresl1n (Adium@asterisk/libpri-and-libss7-expert/Cresl1n) |
15:39.12 | *** mode/#asterisk [+o cresl1n] by ChanServ |
16:02.18 | *** join/#asterisk andremar (~andremar@105.211.54.77.rev.vodafone.pt) |
16:17.13 | *** join/#asterisk Jesterboxboy (~Thunderbi@80-109-194-26.cable.dynamic.surfer.at) |
16:21.16 | *** join/#asterisk n3ob_ (~n3ob@pool-96-227-225-12.phlapa.fios.verizon.net) |
16:28.17 | *** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com) |
16:28.42 | *** join/#asterisk igcewieling (~ewieling@ip98-170-211-145.pn.at.cox.net) |
16:30.35 | *** join/#asterisk robink_ (~quassel@unaffilated/robink) |
16:37.10 | *** join/#asterisk rmudgett (rmudgett@nat/digium/x-kobunfqkhpzxfnqh) |
16:37.10 | *** mode/#asterisk [+o rmudgett] by ChanServ |
16:54.13 | *** join/#asterisk DBordello (62e3c8eb@gateway/web/freenode/ip.98.227.200.235) |
16:56.22 | DBordello | We currently have a Panasonic hybrid system, with about 10 phones. I would like better integration with the computer (dial from Outlook), and a better voice mail interface (an option to call back the number). These phones have ~40 soft buttons that allow us to see if others are on the phone. |
16:56.30 | DBordello | Are there some phones you would recommend that would allow a similar setup? |
16:57.18 | [TK]D-Fender | Tons of phones out there |
16:57.55 | [TK]D-Fender | Witth lots of buttons. And side-cars you can load up, etc |
16:59.27 | DBordello | I looked quickly at a few vendors, Polycom for instance. None of them seemed well suited for showing the status of ~10 extensions |
16:59.34 | DBordello | But I will look further. |
16:59.36 | *** join/#asterisk funxion (324d7d39@gateway/web/cgi-irc/kiwiirc.com/ip.50.77.125.57) |
16:59.52 | DBordello | Do you think Asterisk is a good solution for replacing a similar setup? |
17:00.24 | [TK]D-Fender | The phonoes do the phones part ... and there are outlook dialers that use AMI for * integration. |
17:00.39 | [TK]D-Fender | And you can do a call-back from app_voicemail. |
17:00.49 | [TK]D-Fender | So tthat sounds like a "yes" by default |
17:01.37 | DBordello | I figured as much. Just wanted some more insight before I jumped it. I have a sad little 1 extension setup on my desk. |
17:04.54 | DBordello | Wowzers, the GS-GXP2170 looks full functioning, and inexpensive |
17:05.43 | [TK]D-Fender | ~gs |
17:05.44 | infobot | GrandSuck phones & gateways are cheap junk which should be avoided with extreme prejudice. |
17:05.46 | igcewieling | ha! |
17:05.56 | [TK]D-Fender | ~grandstream |
17:05.56 | infobot | well, grandstream is the Yugo of VoIP hardware. Run... Run away now. Though, therealcircut says that they're not that bad. |
17:05.56 | DBordello | Okay :) |
17:06.08 | [TK]D-Fender | They're "meh". |
17:06.25 | [TK]D-Fender | might work, but you'll be lacking in features & qualitty |
17:06.27 | DBordello | What do you recommend for quality executive phones? |
17:06.42 | igcewieling | Polycom phones. |
17:06.51 | [TK]D-Fender | Polycom, Aastra/Mitel, |
17:07.14 | DBordello | Polycom I can believe, I have an old 501 sitting on my desk that has been rock solid |
17:07.38 | [TK]D-Fender | indeed very old |
17:08.24 | DBordello | I bought it 5 years ago to play with Asterisk (at home). It has done what I have asked of it (often with some config file convincing) |
17:09.56 | DBordello | While probably not a big deal, the polycom phones seem to be lacking in hard/soft keys |
17:10.31 | igcewieling | DBordello: search for "polycom sidecar" |
17:11.28 | igcewieling | Only the VVX series of their phones support the most recent firmware. The older Soundpoint phones don't seem to be getting anything but bug fixes. |
17:11.51 | [TK]D-Fender | Because ... older |
17:18.44 | DBordello | What would be the best way of bringing PSTN in to the system? We currently are using Comcast for internet, and 5 lines. |
17:18.56 | DBordello | SIP provider? Interface with the Comcast lines somehow? |
17:19.47 | igcewieling | Don't expect to interface with any major carrier with SIP. |
17:20.42 | igcewieling | You would need analog cards if you want to connect the POTS lines to the PBX. |
17:20.57 | DBordello | Are analog lines better than going with a SIP provider? |
17:21.02 | igcewieling | I suggest finding a SIP provider instead of using analog. |
17:21.12 | DBordello | I would figure as much |
17:21.13 | igcewieling | no. analog is the worst, but it is also the cheapest. |
17:21.36 | DBordello | Got it. |
17:22.03 | igcewieling | on systems I install, there is always a 2 port FXO card for backup analog lines for when the main lines are down. |
17:23.12 | DBordello | That is a good idea |
17:24.30 | *** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com) |
17:24.55 | DBordello | It sounds like I need to simply chose the correct phone, grab a few, and dig in |
17:28.13 | *** part/#asterisk afournier (~admin@80.215.236.200) |
17:28.34 | igcewieling | in your case it might not matter if your provider puts the phone service on the same coax as the internet. |
17:29.27 | igcewieling | I've been pushing for putting in GSM cards and use cellular during an provider/carrier outage, but the cards are expensive. |
17:30.39 | DBordello | While the phone service is on the same physical line, it isn't VOIP over the internet segment. It is a separate (presumably higher QoS) service. |
17:30.51 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
17:36.19 | igcewieling | I'm referring to a cable failure, not a simple ISP failure. |
17:37.03 | DBordello | Got it |
17:37.12 | igcewieling | Over and over and over again, when our T-1s go down, the analogs go down too because they are riding the same cable bundle. It doesn't always happen, but it happen often enough to be a problem. |
18:39.52 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
18:40.29 | *** join/#asterisk friedrich (~friedrich@aextron.de) |
19:05.04 | *** join/#asterisk davlefou (~davlefou@unaffiliated/davlefou) |
19:05.53 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
19:23.50 | *** join/#asterisk miralin (~Thunderbi@194.8.128.47) |
19:31.54 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
19:50.48 | *** join/#asterisk ChkDigit (~u388mw@74.3.144.66) |
20:04.14 | *** join/#asterisk DBordello (62e3c8eb@gateway/web/freenode/ip.98.227.200.235) |
20:09.11 | *** join/#asterisk friedrich (~friedrich@aextron.de) |
20:16.55 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
20:20.11 | DBordello | Anythoughts on Snom or Yealink phones? |
20:22.48 | Samot | Decent. I prefer Snom over Yealink. |
20:23.09 | *** join/#asterisk KNERD (~KNERD@2604:a880:1:20::9b:4001) |
20:26.11 | DBordello | I like the combination of hard keys and a display |
20:34.16 | *** join/#asterisk sawgood (~sawgood@unaffiliated/sawgood) |
20:34.19 | *** join/#asterisk Jesterboxboy (~Thunderbi@80-109-194-26.cable.dynamic.surfer.at) |
20:34.35 | *** join/#asterisk robmal (robmal@anarxi.st) |
20:44.14 | *** join/#asterisk nix8n82 (~AndChat58@63-155-104-69.chyn.qwest.net) |
20:46.30 | DBordello | Although the Yealink T48G is sexy looking |
20:52.26 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
20:54.28 | *** join/#asterisk robmal (r@wporzo.pl) |
21:11.30 | *** join/#asterisk mub (~jub@static-173-53-12-18.rcmdva.fios.verizon.net) |
21:22.57 | *** join/#asterisk tomcruise (tom@eyeswideshut.xs4all.nl) |
21:38.48 | *** join/#asterisk agoodm (~alan@host81-149-38-69.in-addr.btopenworld.com) |
21:43.01 | agoodm | Im fairly experienced with Asterisk; but am having mind block while trying to troubleshoot an issue with a clients installation. This setup was working properly until the server was rebooted. after a reboot the server is unable to qualify the external sip peers it uses to talk to the pstn. Please could someone point me in the right direction for figuring out why the qualify is failing (host appears unreachable, despite host bein |
21:43.01 | agoodm | g available) |
21:55.43 | igcewieling | try enabling dnsmgr and make sure all interface IPs are listed in /etc/hosts |
21:56.06 | *** join/#asterisk slav3_sergal (~frankthet@unaffiliated/slav3-kitten/x-0866809) |
21:57.42 | *** join/#asterisk seiggy (~seiggy@74.203.105.194) |
21:58.26 | seiggy | I could use some help trying to setup Kamailio as a load balancer for asterisk using WebRTC. I can get signaling to work just fine, but I've tried about a dozen things and I cannot get the RTP stream to work |
21:58.54 | seiggy | anyone know of anyone that could help for a few hours at a resonable rate that's done this before? |
21:59.48 | igcewieling | I'd rather have a root canal. |
22:00.33 | seiggy | at this point me too |
22:01.04 | seiggy | is there a better solution for load balancing WebRTC traffic to multiple asterisk servers? |
22:01.24 | seiggy | I can get everything working for a single asterisk server |
22:01.41 | seiggy | but as soon as I try to use 2 servers and throw in Kamailio as a load balancer, it all goes to hell |
22:03.03 | agoodm | igcewieling, I should have been clearer. with qualify=no the sip peer is working as intended |
22:04.10 | igcewieling | agoodm: fixing it with qualify no is just hiding the problem. |
22:04.27 | agoodm | with qualify=yes the peer is alwas unreachable and thus asterisk refuses to use it. I've ran a tcpdump dst or src ipaddress -w somefile.dump and i am seeing an options request and a status 200 ok back from the host... but asterisk is saying that the host is unreachable |
22:04.44 | agoodm | igcewieling, I know :) but I am struggling to fathom what is going on :( |
22:04.55 | agoodm | igcewieling, as packet capture looks fine |
22:05.58 | igcewieling | does your capture include ICMP? |
22:06.08 | *** join/#asterisk rwb (~Thunderbi@65-183-151-239-dhcp.burlingtontelecom.net) |
22:06.33 | agoodm | igcewieling, all traffic to/from the affected host |
22:07.18 | agoodm | igcewieling, basically tcpdump src or dst 94.75.247.45 -i ppp0 -w localphone2.dump |
22:08.38 | WIMPy | s/src or dst/host/ |
22:09.16 | agoodm | igcewieling, WIMPy http://imgur.com/a/AovQU |
22:22.05 | *** join/#asterisk Y04NN (~y04nn@2a01:e34:ef37:5870:5074:9ce0:914c:a946) |
22:23.56 | *** join/#asterisk bravvve (~user@41.100.78.71) |
22:24.36 | bravvve | hi,i have server installed and i need some one to tested it with me |
22:26.54 | agoodm | bravvve, what testing do you need? |
22:27.26 | bravvve | connection from outof my network |
22:27.45 | agoodm | bravvve, an unauthenticated call? |
22:27.58 | bravvve | yes |
22:28.12 | agoodm | bravvve, please provide details and ill see what i can do |
22:30.21 | bravvve | serveur TCP 41.100.78.71:5062 user id :2205 password:p2205 |
22:30.44 | agoodm | bravvve, thats not an unauthenticated call so sorry i cant help |
22:31.10 | agoodm | bravvve, also with user/password combo like that open to the world expect to get hacked within hours |
22:32.02 | bravvve | agoodm:hacked how?stoping service? |
22:32.13 | igcewieling | heh, "The Pantelegraph was invented by the Italian physicist Giovanni Caselli. He introduced the first commercial telefax service between Paris and Lyon in 1865, some 11 years before the invention of the telephone." |
22:32.56 | agoodm | bravvve, there are a lot of people actively scanning for extensions with weak credentials and once found abusing them to perform toll fraud |
22:36.05 | igcewieling | as of 2011 the top catagory for fraud was "Compromised PBX/Voicemail Systems" |
22:36.41 | agoodm | igcewieling, little wonder when people blindly connect their pbx to the internet with stupid usernames/password combination :( |
22:36.56 | igcewieling | A smidgen under $5 million in losses for that catagory |
22:37.12 | igcewieling | agoodm: or expose their FreePBX GUI to the internet |
22:37.41 | agoodm | igcewieling, haha. I got hit a few years ago. ever since I've been very very very anal about security |
22:38.16 | agoodm | igcewieling, for me I had typoed in sip.conf the secret= parameter name... default is no secret :( or it used to be |
22:38.18 | bravvve | i have no anglophone,is there any risk? |
22:38.23 | igcewieling | agoodm: I work for a (small) phone company and am the one who prevents fraudulent use of our services. |
22:38.54 | agoodm | igcewieling, sounds fun :) more fun than my perplexing issue today :( |
22:40.00 | igcewieling | agoodm: We rarely have a problem anymore. At most a customer PBX gets hacked and triggers either our own internal fraud alterts or the carrier fraud alerts. |
22:40.46 | igcewieling | (where customer pbx == customer installed, managed, non-asterisk pbx) |
22:42.08 | agoodm | igcewieling, mine was caught by the carriers fraud alerts thankfully, but then my auto failover kicked it over to the physical pstn phone line and they didnt catch it for several hours, about £400 worth of phone calls :( ultimately they decided that the bill must be due to fraud due to dialling patterns and waived the bill thankfully. after my close shave I learnt a lot more about security and implemented my new found knowlege :- |
22:42.08 | agoodm | P this was back in 2009 |
22:45.08 | bravvve | well,i'd installed asterisk to use it to communicate with my friends,and get some experience with it |
22:46.02 | agoodm | bravvve, grab a copy of the source code, and look at the file README-SERIOUSLY-bestpractices.txt |
22:46.19 | agoodm | bravvve, read it and implement the suggestions, if you dont you're going to end up in a world of hurt |
22:46.54 | agoodm | bravvve, hint: dont make your extension names easilly guessable if you can help it and make absolutly sure that your secrets are not easy to guess. |
22:47.53 | bravvve | agoodm:what problem can i get for example |
22:48.01 | agoodm | bravvve, toll fraud |
22:48.32 | bravvve | agoodm:am connected with adsl |
22:48.54 | *** join/#asterisk [TK]D-Fender (~joe@64.235.216.2) |
22:49.10 | agoodm | bravvve, an attacker could perform any action that your 'authenticated user' could perform. including making chargable calls if you have the ability configured |
22:49.52 | agoodm | bravvve, if you make any stupid enough mistakes then an attacker could make chargable calls without authentication as well |
22:50.47 | bravvve | agoodm:what chargable calls meen? |
22:51.01 | agoodm | agoodm, they could perform actions that cost money |
22:51.08 | agoodm | bravvve, ** |
22:52.29 | bravvve | using adsl connection???? |
22:52.49 | agoodm | igcewieling, I copied the sip.conf section from my broken server to another server thats working fine and the qualify is working properly from there so I guess at least I know my asterisk config is correct |
22:53.10 | agoodm | igcewieling, but I cant fathom why asterisk isnt seeing the packets that I am seeing in my capture :( |
22:53.32 | agoodm | bravvve, lets turn this around... what functions have you implemented in your phone system ? |
22:53.39 | [TK]D-Fender | Show us |
22:53.51 | *** join/#asterisk lankanmon (~LKNnet@2607:fea8:d20:239:1cac:8830:f3f7:fd5a) |
22:54.12 | agoodm | [TK]D-Fender, me? |
22:54.35 | [TK]D-Fender | yes |
22:54.37 | bravvve | non,just adsl modem |
22:54.59 | agoodm | [TK]D-Fender, http://i.imgur.com/MtN1Qwd.jpg |
22:55.30 | [TK]D-Fender | now for the chanell driver status dump and system firewall... |
22:55.37 | agoodm | bravvve, well, security is a good place to start your journey, otherwise your not going to have much fun |
22:56.16 | agoodm | [TK]D-Fender, firewall is coming up... could you explain how to do a channel driver status dump? do you mean sip show peers ? |
22:56.34 | [TK]D-Fender | and "sip show settings" <- |
22:56.51 | [TK]D-Fender | And show you're enabling SIP debug |
22:58.13 | bravvve | non,just adsl modem |
22:58.42 | agoodm | http://pastebin.com/L3ezNrNj |
22:59.00 | agoodm | [TK]D-Fender, sip debug im about to complete |
22:59.47 | agoodm | [TK]D-Fender, sip debug is basically just showing that its retransmitting to that peer over and over again |
23:00.17 | agoodm | [TK]D-Fender, however if you look at my imgur link above youll see that the other side is replying - but asterisk doesnt seem to be seeing the packets |
23:03.53 | agoodm | [TK]D-Fender, http://pastebin.com/JXCaghMA |
23:04.02 | [TK]D-Fender | 3890 133K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 |
23:05.07 | agoodm | [TK]D-Fender, thats the last rule in the chain... above that is 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5060 |
23:05.07 | agoodm | <PROTECTED> |
23:05.27 | agoodm | [TK]D-Fender, I've also temporarilly disabled the rules that were rate limiting but that hasnt helped |
23:08.41 | agoodm | [TK]D-Fender, for the sake of my sanity I've added a log before the final drop on the input chain, and we're not getting that far |
23:08.44 | [TK]D-Fender | Trash everything you can |
23:08.48 | [TK]D-Fender | that list is crazy big |
23:08.56 | [TK]D-Fender | if that's your actual * server |
23:09.07 | [TK]D-Fender | Or is this another *NIX gateway box? |
23:09.13 | agoodm | [TK]D-Fender, its a big network and this is the gateway machine as well as the phone system |
23:09.29 | [TK]D-Fender | A lot of eggs in one basket and inviting trouble |
23:09.36 | [TK]D-Fender | NOT a good idea |
23:10.20 | agoodm | [TK]D-Fender, I've got literally dozens of boxes like this... this is one of the more complex admittedly as there is two sites linked with microwave links, two internet connections, tons of vlans with different access privs etc |
23:11.10 | [TK]D-Fender | Packets aren't making it because of firewalls. |
23:11.17 | [TK]D-Fender | That's really the bottom line |
23:11.28 | [TK]D-Fender | If you can't see the answer then it isn't hitting the stack for * to see |
23:11.39 | [TK]D-Fender | So stare at it until yopu find the mistake |
23:11.48 | [TK]D-Fender | because there is no other blocking layer from * |
23:12.03 | agoodm | [TK]D-Fender, the sensible thing here seems to be bung a log in before the accept rule to ensure we're getting to it... ill try it 1 sec |
23:18.13 | agoodm | [TK]D-Fender, well not getting that far, detective work time :) |
23:20.09 | [TK]D-Fender | Step 1; strip EVERYTHING |
23:21.14 | agoodm | [TK]D-Fender, step 2 would be drive to site with a monitor keyboard and mouse :D im running some checks now :) ill be sure to share what I find so we can all laugh at my blindness later :) |
23:21.52 | [TK]D-Fender | A1 |
23:28.31 | *** join/#asterisk Jesterboxboy (~Thunderbi@80-109-194-26.cable.dynamic.surfer.at) |
23:29.51 | *** part/#asterisk kharwell (kharwell@nat/digium/x-ixoieixghgpepyad) |
23:36.43 | agoodm | [TK]D-Fender something very weird is going on with this box :( I inserted an iptables log line into the top of the INPUT table... basically iptables -I INPUT -s 94.75.247.45 -j LOG --log-prefix LocalPhone |
23:37.23 | agoodm | [TK]D-Fender, I did this on two boxes, one that is working and the troublesome one, the one thats working sees the traffic hitting INPUT and logs as you would expect... the problematic one doesnt |
23:37.59 | agoodm | [TK]D-Fender, im starting to think the problematic box might be rootkitted or something weird like that |
23:38.38 | *** join/#asterisk Y04NN (~y04nn@2a01:e34:ef37:5870:e005:7d88:56c1:cbe1) |
23:39.22 | WIMPy | Did you say the box is multihomed? |
23:39.40 | agoodm | WIMPy, yes, but one internet connection is disabled at present for debugging |
23:40.03 | agoodm | WIMPy, so we just have ppp0 with external connectivity essentially atm |
23:40.04 | WIMPy | What does disabled mean? |
23:40.32 | WIMPy | Nothing interesting in your routing table? |
23:40.46 | agoodm | WIMPy, the modem for it is physically disconnected |
23:40.52 | WIMPy | ... with the rp filter biting you? |
23:41.35 | agoodm | WIMPy, mmm could be |
23:41.52 | WIMPy | I don't care if the 2nd link is working. Is it configured? |
23:42.05 | agoodm | WIMPy, the second link isnt configured |
23:43.19 | agoodm | WIMPy, I am seeing the traffic in a tcpdump but its not hitting *. I am also not seeing the traffic get logged with an iptables -I INPUT -s ipaddress -j LOG |
23:43.36 | agoodm | WIMPy, so its getting lost somewhere before iptables i guess |
23:45.28 | WIMPy | So what's in your PREROUTING? |
23:46.31 | agoodm | the multi homed-ness basically cant work at present because the second sites internet connection is no longer existent due to company related issues (part of the company went bust and the supplier pulled the plug on that connection) but basically we had the ability to swap to using a different default gateway. the script basically killed the pppoe connection and did a root add default gw anotheripaddress anotherinterface |
23:47.33 | agoodm | WIMPy, we just have some DNAT rules, basically port forward 80 to the web server, 3389 to some box that needs rdp etc |
23:48.56 | *** join/#asterisk TandyUK (~admin@87.252.44.195) |
23:49.02 | agoodm | theres also a metric butt load of rules in mangle tables to mark up the traffic for the QoS but none of that can cause drops :) |
23:49.48 | agoodm | I'm going to grab a known good firewall template copy it over, make some minor modifications and see if its still broken |
23:51.07 | [TK]D-Fender | actuall, pastebin the OUTGOING that's working |
23:51.13 | [TK]D-Fender | I want to see what it's using |
23:51.40 | agoodm | [TK]D-Fender, output policy is accept and there are 0 rules |
23:51.50 | *** join/#asterisk pcarlino (~pablo@2800:810:410:580:157f:e8ce:95a8:7473) |
23:53.42 | pcarlino | hi somebody knows if i can make "a camera connected to the asterisk server"the video source for a sip call |
23:54.09 | Samot | You need an IP camera that supports SIP. |
23:55.10 | Samot | Generally phones that can support video either have a built in camera or a camera addon that can be plugged into the phone. |
23:57.21 | pcarlino | Samot yes but i need to send a cctv video. Is that possible. |
23:57.41 | Samot | There are IP cameras for this. |
23:58.10 | Samot | There are entire IP based video surveillance systems. |
23:58.14 | pcarlino | Samot the video is going to only a phone. I dont need two way video |
23:58.24 | Samot | I know. |
23:58.30 | Samot | There are IP based systems for this. |
23:58.55 | Samot | That will relay the data via the Internet and do digital storage locally or remotely. |
23:59.47 | pcarlino | yes. The problem is i,trying somthing and i haven't that money to spend. |
23:59.50 | [TK]D-Fender | agoodm, I want to see the PACKET |
23:59.54 | [TK]D-Fender | I know it goes out |
23:59.58 | Samot | Are you saying you want the camera to start a video call to a phone? |