IRC log for #asterisk on 20170301

00:07.02*** part/#asterisk kharwell (kharwell@nat/digium/x-zqcgorwzjpyljnao)
00:16.43*** join/#asterisk tuxd00d (~tuxd00d@ip68-106-11-24.ph.ph.cox.net)
00:30.49*** join/#asterisk Aboba (~Bob@node-1w7jr9sqc1awvfovlnc7i7r2z.ipv6.telus.net)
03:06.33*** join/#asterisk fstd_ (~fstd@unaffiliated/fisted)
03:07.22*** join/#asterisk setham (~setham@unaffiliated/setham)
03:45.05drmessano[TK]D-Fender: When was the timing change made?  1.6.2.x?
03:46.54drmessanoAh 1.6.1.x
03:47.39drmessano8 years
04:01.00[TK]D-FenderYeah, it's been quite a while now.
04:01.15[TK]D-FenderIAX got it first, meetme only much later
04:09.21drmessanoYeah, meetme still needs DAHDI for mixing, though.
04:09.37drmessanoBut who still uses meetme?
04:09.54[TK]D-Fender<drmessano> Yeah, meetme still needs DAHDI for mixing, though. <- not anymore as I've heard
04:10.17drmessanoReally now?
04:10.39drmessanoWonder who payed for that lol
04:33.58*** join/#asterisk setham (~setham@unaffiliated/setham)
05:00.32igcewielingFYI, from https://wiki.asterisk.org/wiki/display/AST/Timing+Interfaces  "The only functionality that requires internal timing is IAX2 trunking. It may also be used when generating audio for playback, such as from a file. Even though internal timing is not a requirement for most Asterisk functionality, it may be advantageous to use it since the alternative is to use timing based on incoming frames of audio. If there ar
05:02.32igcewielingRead into that whatever you want.
05:26.12*** join/#asterisk robmal (r@wporzo.pl)
05:37.55*** join/#asterisk bof22 (~Thunderbi@185.13.183.107)
05:40.30drmessanoThat's pretty obvious
05:40.41drmessanoOnly IAX2 NEEDS Internal Timing
05:41.01drmessanoEven though internal timing is not a requirement for most Asterisk functionality, it may be advantageous to use it since the alternative is to use timing based on incoming frames of audio.
05:41.06SamotBy default, Asterisk will build and load all of the timing interfaces. These timing interfaces are "ordered" based on a hard-coded priority number defined in each of the modules. As of the time of this writing, the preferences for the modules is the following: res_timing_timerfd.so, res_timing_kqueue.so (where available), res_timing_dahdi.so,
05:41.06Samotres_timing_pthread.so.
05:41.10drmessanoThat's timing
05:41.23SamotWhy did you totally ignore the preceding paragraph?
05:41.28drmessanoThat doesn't at all support DAHDI
05:41.36drmessanoThats an argument for INTERNAL TIMING
05:41.37drmessanoAs in
05:41.42SamotNo one said that IAX doesn't require timing, DAHDI isn't used anymore for it.
05:41.48drmessanoIF YOU DONT NEED IT FOR IAX2, ITS STILL A GOOD IDEA TO HAVE IT
05:41.56drmessanoIndeed
05:41.56Samotres_timing_timerfd.so take top priority.
05:42.22drmessanoSo yes, I read into it..
05:43.27SamotAs did I.
05:43.44drmessanoThis still puts the need for DAHDI back to 2009, unless you have an interface that needs it
05:44.00drmessanoIts time to stop telling people they need it, like it's 2004\
05:46.50SamotI remember a time when we were going to party like 1999.
05:47.00SamotAnd now 1999 seems so lame.
05:54.56Samot#RememberDAHDITimers
05:55.04SamotIt will trend.
05:59.55drmessanoI do have to retract one thing I said
06:01.13drmessanoBecause so many people live in a CentOS world, it's actually 6 years due to CentOS 5 shipping 2.6.18 and 2.6.25 needed for timerfd
06:01.45drmessanoWhich I think is PART of why I started building on Ubuntu.. they got 2.6.27 back in 2008
06:33.40*** join/#asterisk gerhard7 (~gerhard7@ip5657ee30.direct-adsl.nl)
06:34.17*** join/#asterisk MaliutaLap (~nobusines@unaffiliated/maliuta)
06:58.31*** join/#asterisk jkroon (~jkroon@165.16.204.44)
06:59.46*** join/#asterisk tuxian (~tuxian@igilmour.plus.com)
07:25.34*** join/#asterisk KValchev (~KValchev@ns.atsoftconsult-bg.com)
08:05.10*** join/#asterisk gringo (~gringo@unaffiliated/gringo)
08:05.41*** join/#asterisk pchero_work (~pchero@2a00:c80:1072::141c)
08:24.50*** join/#asterisk floppy1 (~joeshmojo@101.165.145.178)
08:32.48*** join/#asterisk c0rnoTa (~c0rnoTa@109.248.224.152)
08:33.48*** part/#asterisk c0rnoTa (~c0rnoTa@109.248.224.152)
08:34.55*** join/#asterisk tzafrir (~tzafrir@local.xorcom.com)
09:05.00*** join/#asterisk sekil (~sekil@cable-89-216-225-143.dynamic.sbb.rs)
09:18.50*** join/#asterisk joako (~joako@opensuse/member/joak0)
09:25.18*** join/#asterisk troyt (~troyt@c-24-11-28-185.hsd1.ut.comcast.net)
09:32.12*** join/#asterisk MarkSX (~MarkSX@unaffiliated/marksx)
09:57.27*** join/#asterisk Kaian (~kaian@6.62-99-78.static.clientes.euskaltel.es)
10:14.06*** join/#asterisk ntz (~dpecka@opensuse/member/dpecka)
10:14.08ntzhello
10:14.44ntzstupid Q:, from extensions.ael doesn't work include ? I've put there: ``#include extensions.ael.d/*.include*
10:14.52ntz'' and it's ignored
10:24.33ntzsorry, resolved ....
10:24.53ntzI had there wrong comments, in ael must be c-style
10:52.24*** join/#asterisk genpaku (~genpaku@107.191.100.185)
11:02.06*** join/#asterisk imcdona (~imcdona@2607:f0d8:20:1001:94fe:2a00:16b0:7ff2)
11:12.19*** join/#asterisk davlefou (~davlefou@unaffiliated/davlefou)
11:20.17*** join/#asterisk genpaku (~genpaku@107.191.100.185)
11:50.13*** join/#asterisk Kaian (~kaian@6.62-99-78.static.clientes.euskaltel.es)
12:24.20*** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com)
12:30.08*** join/#asterisk u0m3_ (~u0m3@79.115.167.77)
12:43.54*** join/#asterisk troyt (~troyt@2601:681:4600:7e41:44dd:acff:fe85:9c8e)
12:57.29*** join/#asterisk zebu1er (~kvirc@78.193.254.50)
12:57.37zebu1erHi !
12:59.45zebu1erProgramaticaly (ami, ari, cm, how can I have an extension to ring, then the user set to an outer call on pickup ?
12:59.56zebu1erProgramaticaly (ami, ari, cli, ...) how can I have an extension to ring, then the user set to an outer call on pickup ?
13:00.46WIMPy"originate"
13:00.58WIMPyAvailable from CLI, AMI or call files.
13:02.37zebu1erWIMPy: But orginate expects a channel ID while in the examples I never see both the extension number and the callee number ?
13:03.20WIMPyIf you want to do via dialplan, use a local channel.
13:04.38zebu1erWIMPy: Channel will then contain the callee phone number ?
13:05.32WIMPyYour terminology is vague. In a local channel you give a context and an extension.
13:06.43zebu1erWIMPy: Yes I'm no clear w/ the channel concept, that's why I was unsure Orginate was what I need !
13:07.06*** join/#asterisk TECFALL (~dschuett@38.121.113.66)
13:08.32zebu1erWIMPy: What I want is that the extension user is put in relation with an external phone number that I specify in the request, so is it finally possible w/ Originate ?
13:09.03WIMPyThat's what it's there for.
13:10.58zebu1erWIMPy: So, having pjsip for the internal user and chansip for the trunk, how would it look like ?
13:11.34WIMPyDidn;t you just say you wanted to use extensions, not peers?
13:11.48WIMPy~wiki
13:12.20WIMPyOh, waht's it called?
13:12.33zebu1erWIMPy: Sorry, I must mess you up !
13:13.03WIMPyAnyway. it's all explained on wiki.asterisk.org.
13:13.06*** join/#asterisk [TK]D-Fender (~joe@216.191.106.165)
13:13.43TECFALLTrying to figure out a way to make a user press "1" when dialing out to someone that is off duty. How can I make this happen with what I have here: http://pastebin.com/8u7jtE4W
13:14.37zebu1erzebu1er: I just want someone of the enterprise having his Polycom phone (associated extension 5750) to ring, then on pick up beeing put in relation with someone outside via it's nationnal phoner number !
13:16.53TECFALLCan you have options under a Macro or do I need to use a context?
13:17.53[TK]D-Fendermacro IS a context
13:18.26[TK]D-Fenderif you want to get INPUT while in a macro use Read()
13:30.31*** join/#asterisk mknooihuisen (~mknooihui@12.150.48.70)
13:36.10*** join/#asterisk thiagoc_ (~thiagoc@unaffiliated/thiagoc)
13:43.27*** join/#asterisk BlackMaria (~BlackMari@dsl.198.58.161.196.ebox.ca)
13:45.20*** join/#asterisk d00gster_ (~d00gster@unaffiliated/d00gster)
13:50.08*** join/#asterisk genpaku (~genpaku@107.191.100.185)
13:54.16*** join/#asterisk genpaku (~genpaku@107.191.100.185)
13:59.00*** join/#asterisk andremar (~andremar@105.211.54.77.rev.vodafone.pt)
14:00.49*** join/#asterisk puzzled (~puzzled@2001:982:1097:1::1:3)
14:01.40somepoortechHey guys, anyone know of any maintained pre-built wanpipe drivers via package management (debian / centos preferred)
14:02.18*** join/#asterisk genpaku (~genpaku@107.191.100.185)
14:02.50*** join/#asterisk Oatmeal (~Suzeanne@c-68-45-50-54.hsd1.nj.comcast.net)
14:06.04*** join/#asterisk rwb (~Thunderbi@204.13.43.166)
14:06.57SamotWhat do you mean pre-built?
14:08.07[TK]D-FenderPackaged
14:08.17[TK]D-Fender"via package management" just like he said
14:08.38SamotI just woke up.
14:10.33*** join/#asterisk bof23 (~Thunderbi@185.13.183.107)
14:10.53[TK]D-FenderJust like avoiding hangovers the trick is to never sleep...
14:11.32AdNauseum[TK]D-Fender: no you're wrong. Avoid hangovers by drinking at least 8 glasses of water before you start drinking booze
14:11.55[TK]D-FenderYou can't get a hangover if you don't stop drinking
14:12.24AdNauseumyou ever heard of alcohol poisoning?
14:12.30[TK]D-FenderSir Osis Of DeLiver.  The Alcoholic knight.
14:12.48AdNauseumthat too
14:15.30*** join/#asterisk d00gster_ (~d00gster@unaffiliated/d00gster)
14:25.59*** join/#asterisk d00gster_ (~d00gster@unaffiliated/d00gster)
14:28.02AdNauseumneed to make sbc
14:28.59AdNauseumPerimeta SBC must be expensive
14:29.51SamotYes.
14:29.56SamotIt's MetaSwitch.
14:31.42AdNauseumSamot: those must be $$$
14:32.01AdNauseumperhaps thats overkill for us
14:32.02SamotYes
14:32.03*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
14:32.19AdNauseummaybe just setup kamailio
14:32.49SamotKamailio doesn't do media like those others do.
14:32.59AdNauseumno?
14:33.01AdNauseumhmm
14:33.03SamotNo.
14:40.20*** join/#asterisk cresl1n (Adium@asterisk/libpri-and-libss7-expert/Cresl1n)
14:40.20*** mode/#asterisk [+o cresl1n] by ChanServ
14:44.36*** join/#asterisk andremar (~andremar@105.211.54.77.rev.vodafone.pt)
14:49.46*** join/#asterisk bof22 (~Thunderbi@185.13.183.107)
14:52.24*** join/#asterisk MaliutaLap (~nobusines@unaffiliated/maliuta)
14:58.06AdNauseumif one doesn't allow just port 5060 but rather in iptables -s xx.xx.xx.xx to port 5060, how then does one allow a place like flowroute that uses several carriers?
14:59.59[TK]D-Fenderhow does their using multiple carries change your rule?
15:00.08[TK]D-FenderAre you talking DIRECTLY to those other IP's?
15:00.15[TK]D-FenderBecause if so the answer is pretty cler
15:00.18[TK]D-Fenderclear
15:00.20AdNauseumthey send calls to me
15:00.35[TK]D-FenderYou get what you get
15:00.39[TK]D-FenderGo account for it
15:00.41AdNauseumwe hardly ever use flowroute outbound
15:01.00AdNauseumyou get what you get???
15:01.05AdNauseumthat makes no sense
15:02.04SamotFlowroute is sending you the call.
15:02.06SamotThat's it.
15:02.12[TK]D-Fender<AdNauseum> if one doesn't allow just port 5060 but rather in iptables -s xx.xx.xx.xx to port 5060, how then does one allow a place like flowroute that uses several carriers? <- if it doesn't come from just them... DEAL WITH IT
15:02.15SamotThe SIP signaling is coming from them.
15:02.44SamotSo you open your 5060 rule to the IPs that the signaling is coming from.
15:02.49[TK]D-FenderThese shouldn't even be questions.
15:03.00SamotNo. Not a all.
15:03.07SamotThis is like SIP/VoIP 101.
15:04.03[TK]D-FenderNot even.  Networking 101
15:04.15[TK]D-FenderWhat IP are things actually coming from? DUH
15:04.40*** join/#asterisk bof22 (~Thunderbi@185.13.183.107)
15:05.13zafdoesn't flowroute only have like 2 source IPs for SIP?
15:05.24SamotYeah.
15:05.39SamotEven then, I'm not even sure.
15:05.50zafso must forward/allow those
15:05.56SamotYeah.
15:06.11SamotI only use one IP with them.
15:08.51*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
15:10.20igcewielingwhy not just forward the port?
15:10.51AdNauseumon flowroute site don't see the ip they will send from
15:11.17igcewieling<PROTECTED>
15:11.19igcewielingta da!
15:11.27igcewielingwell, that's not really a valid command, but you get the idea.
15:11.30AdNauseumthats insecure
15:11.32Samothttps://support.flowroute.com/customer/en/portal/articles/1852958-set-firewall-policies-for-flowroute-s-direct-audio
15:11.36SamotNo? They don't?
15:11.40igcewielingAdNauseum: only if you don't do anything before that line.
15:11.47AdNauseumif you deal with 10 itps's then just add them
15:12.38igcewielingOn systems *I* manage, we let the hackers in and toss them into a jail context.     That's not a good idea for most people though.
15:13.00SamotGenerally because you've just told the hacker they are in.
15:13.09AdNauseumiptables -A INPUT -s xx.xxx.176.212 -p udp -m udp --dport 5060
15:13.11SamotAs opposed to dropping them and making them think the IP doesn't responsd.
15:13.13SamotAs opposed to dropping them and making them think the IP doesn't respond.
15:13.24WIMPyMost of them don't expect an answer anyway.
15:13.32SamotSo why give them one?
15:13.42igcewielingSamot: *nod* if the packet is dropped they keep trying over and over and over and over and over.
15:13.50igcewielingif we let them, they stop.
15:14.07AdNauseumi cant remember who mentioned it but just using iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT is BAD
15:14.22igcewielingI disagree.
15:14.27WIMPy99% of what I get won't get the answer. The responses just get retransmitted until timeout.
15:14.32AdNauseumbecause you can have an attack
15:14.58igcewieling*shrug* you can do what you want.
15:15.00WIMPyYes, I'd definitely filter traffic on udp/5060.
15:15.20igcewielingI didn't say I I don't have other iptables rules.
15:15.27WIMPyOtherwise your logs will become unreadable.
15:16.36WIMPyIt makes sense to get rid of unwanted taffic ASAP.
15:16.46igcewielingall by itself, I agree opening up 5060 is bad.  Security should be done in layers.
15:16.46AdNauseumon our new centos 7 freepbx/a2billing i see absolutely no bans for 5060 but the freepbx only servers have lots of iptables bans for 5060. So i dont trust centos 7 with fail2ban. Having said that, i used our freepbx /etc/fail2ban/ in new centos 7 servers
15:17.42AdNauseumthat might be why, but still. I think it is safer to explicitly allow ip's to 5060
15:18.24WIMPyDoesn't work if you have users on the internet though.
15:18.45*** join/#asterisk bof22 (~Thunderbi@185.13.183.107)
15:19.07AdNauseumWIMPy: sure it does. All our clients connect to their hosted FreePBX which in turn sends/gets calls from our freepbx/a2billing boxes
15:19.22SamotSo what are you trying to do?1
15:19.30igcewielingOr of your carrier has a dozen or more IPs calls can come from.
15:19.32SamotLock down the A2Billing box?
15:19.34AdNauseumprotect the freepbx/a2billing
15:19.35AdNauseumyes
15:19.37SamotOK
15:19.46Samotso how many IPs does it expect to talk to?
15:19.52SamotIt's an "internal" system
15:20.01SamotSo lock it down to everything but those IPs.
15:20.02igcewielingVerizon SIP has a dozen or so.
15:20.02SamotDone.
15:20.05*** join/#asterisk kharwell (kharwell@nat/digium/x-hrnidzrsaqoybxsp)
15:20.05*** mode/#asterisk [+o kharwell] by ChanServ
15:20.06AdNauseumWIMPy: is right with just plain FreePBX as clients can be mobile or dhcp
15:20.11SamotSo what?
15:20.23SamotIf you only have 12 IPs, regardless of who's they are, that need access..
15:20.28SamotYou block everything but those 12 IPs.
15:20.30SamotDone.
15:20.32SamotSecure.
15:20.44SamotOnly the IPs that should be allowed are allowed.
15:20.49SamotEveryone is, kick to the curb.
15:21.04igcewielinguntil the carrier adds a new one and calls randomly stop working until you realize there is a new IP and update it on all the servers.
15:21.08AdNauseumSamot: no on client hosted freepbx boxes. the clients and I have some, can have dhcp in their places
15:21.13SamotThey will f'ing tell you.
15:21.21igcewielingSamot: bullshit.
15:21.23SamotBecause you know, you might have firewall rules.
15:21.26SamotOK
15:21.53AdNauseummaybe freepbx firewall rules account for dhcp clients
15:21.57AdNauseumbut i dont use it
15:22.00SamotYour carrier just randomly started sending calls from an IP you dont know about
15:22.01Samot?
15:22.09[TK]D-Fender<AdNauseum> i cant remember who mentioned it but just using iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT is BAD <- You don't know who, you don't know why.  Total waste
15:22.11SamotNever had that happen before, ever.
15:22.15WIMPyITSPs that change the IP during a dialog are even more annoying.
15:22.27AdNauseumnot the carrier, the SIP phones
15:22.46AdNauseumi use bria in smartphone, that ip changes all the time
15:22.54SamotThe FreePBX Firewall = IPTables
15:22.59AdNauseumyes
15:23.04AdNauseumi never tried it
15:23.18AdNauseumi have my own jucy lucy script :)
15:23.21[TK]D-FenderAdNauseum> on our new centos 7 freepbx/a2billing i see absolutely no bans for 5060 but the freepbx only servers have lots of iptables bans for 5060. So i dont trust centos 7 with fail2ban. Having said that, i used our freepbx /etc/fail2ban/ in new centos 7 servers <- Fail2nam is what the distro uses
15:23.34[TK]D-FenderSo if you don't see bans on this other system it's your setup failure
15:23.43[TK]D-FenderOr you simply aren't being attacked
15:23.52AdNauseum[TK]D-Fender: our centos 7 servers obviously don't use freepbx distro
15:24.02zafis Digium/DPMA on-topic here? trying to figure out if I can automate the registration utility
15:24.02[TK]D-FenderSee above
15:24.19WIMPyThat was quite a journey to debug, as sngrep lied about the source addresses so I only found out once i reverted to good old tcpdump.
15:24.23[TK]D-Fenderzaf, It's on-topic, though I can't personally answer your question
15:25.21AdNauseum[TK]D-Fender: when every one of our FreePBX 'ONLY' servers has LOTS of bans for Fail2ban-SIP but the centos 7 servers don't it is unnerving
15:25.42SamotYou just cant copy /etc/fail2ban from one server to another.
15:25.45AdNauseumit tells me fail2ban is not working for some reason
15:25.48SamotYou have to install fail2ban
15:25.51SamotDuh
15:25.53[TK]D-FenderReason = you
15:25.55igcewielingBTW, anyone else getting a lot of call attempts with this sort of header?  From: <sip:%e2%80%98hi%27or%e2%80%98x%e2%80%99%3d%27x%27@ip.p.add.ress
15:25.57SamotIt's not working because it's not installed.
15:25.58AdNauseumSamot you're probably right
15:26.06[TK]D-FenderProbably?
15:26.10[TK]D-FenderYOU had to have done it
15:26.15[TK]D-FenderWTF is with "probably"?
15:26.17AdNauseumSamot: fail2ban is installed
15:26.17WIMPyigcewieling: yes
15:26.25[TK]D-FenderSo go configure it
15:26.29AdNauseumi did
15:26.38igcewielingWIMPy: thanks.  Not just is.
15:26.44SamotNo, you copied shit over from another machine.
15:26.46[TK]D-FenderEither you're not being attacked or you configured it wrong.
15:26.55[TK]D-FenderOtherwise you'd be seeing bans
15:26.58AdNauseumrsync -az freepbx server /etc/fail2ban/ -> centos 7 server /etc/fail2ban/
15:27.07WIMPyigcewieling: They seem to spam the entire net.
15:27.23SamotIt's an SQL injection.
15:27.30SamotTrying to get in the subscriber database.
15:27.30igcewielingWIMPy: clever of them not to use a unique user agent.
15:28.01[TK]D-Fender<AdNauseum> rsync -az freepbx server /etc/fail2ban/ -> centos 7 server /etc/fail2ban/ <- this shows no responsibility for the CONTENTS.
15:28.04AdNauseumwhy wouldn't coping freepbx /etc/fail2ban work?
15:28.05WIMPyigcewieling: Don't they? Pretty easy to filter anyway :-)
15:28.11[TK]D-FenderIs the debug it tracks written in the same WAY?  In the same PLACE?
15:28.15[TK]D-FenderIs the daemon RUNNING?
15:28.27AdNauseumyes daemon is running
15:28.30[TK]D-Fenderfail2ban does not magically fail on CentOS7.
15:28.40[TK]D-FenderYOU did something wrong
15:28.41SamotYou also copy configs from ANOTHER SERVER
15:28.43AdNauseumto get it to work, one has to create the log files or it won't start
15:28.43WIMPyAh, that was the Cisco one.
15:28.47SamotDid you modify those configs?
15:28.50SamotOr just copy them?
15:28.51igcewielingyup.
15:28.57*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
15:29.00AdNauseumhas to be exact same log files as freepbx server
15:29.15[TK]D-FenderGo actually look at the configs and prove everything is in the same place with the proper setting sto ensure that logging is being done right
15:29.23AdNauseumroot      1514  0.1  0.8 1249208 15476 ?       Sl   09:55   0:02 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x -b
15:30.17*** join/#asterisk ruied (~ruied@81.84.234.209)
15:32.00AdNauseumgrep -i password /var/log/asterisk/fail2ban  <=  empty
15:32.19AdNauseumit ain't working
15:32.28Samothttps://www.irccloud.com/pastebin/k1ljxeWn/
15:32.30igcewielingwhat about your iptables?  that's where the bans go
15:32.39SamotThat's the asterisk.conf of /etc/fail2ban
15:32.54SamotWell part of it, that's what is looked for in the log files.
15:33.07SamotIf those things don't exist in the log files then fail2ban isn't going to catch anything.
15:33.49AdNauseumSamot:  was that action.d or filter.d ?
15:33.58SamotGo look.
15:33.59AdNauseumwhat you pasted
15:34.26WIMPyLooks like the user agent filters don't catch anything any more.
15:35.29[TK]D-FenderThis isn't #fail2ban
15:35.35[TK]D-FenderGo read their manual
15:35.43[TK]D-Fender#notourproblem
15:35.47AdNauseumhttps://www.irccloud.com/pastebin/RtImC36Q/
15:36.11*** join/#asterisk rmudgett (rmudgett@nat/digium/x-drvdayrwmcgobznd)
15:36.11*** mode/#asterisk [+o rmudgett] by ChanServ
15:36.24AdNauseumthats in centos 7, /etc/fail2ban/filter.d/asterisk.conf
15:36.32SamotK
15:36.36SamotSo what did I say?
15:36.45SamotIf it doesn't find those things in the log files, it won't do anything.
15:36.56Samotfail2ban looks at log files to take actions.
15:37.09SamotNot at the actually live activity on your server.
15:37.27AdNauseumyes, you did but how can it be every other FreePBX server has bans but the centos 7 servers dont
15:37.53Samot10:36:46 AM <Samot> If it doesn't find those things in the log files, it won't do anything.
15:37.59SamotDo those things EXIST in your logs?!
15:38.01AdNauseumi know ... hackers like centos 7 pbx '
15:38.39SamotIf you tell something to filter the logs for "Doghouse" and then do something...
15:38.48SamotBut the word "Doghouse" never appears in the logs..
15:38.52SamotWould you assume it's not working?
15:38.53AdNauseumi agree
15:39.05AdNauseumSamot: i just find very very strange
15:39.16SamotIf fail2ban should be triggering actions based on things in the log files..
15:39.22SamotMake sure those things are actually THERE
15:39.37[TK]D-FenderNothing is "strange"
15:39.44SamotIf they are and it's not doing what it's supposed to then there's an issue.
15:39.47SamotIf they are not..
15:39.53SamotThen how can you say it's not working?
15:40.03[TK]D-Fenderand hackers don't care about CentOS 7 more than anything else
15:40.25AdNauseumSamot: if you install iptables in centos 7, mask firewalld, run your iptables script, then iptables -nL, then run service iptables stop your rules are still in place.
15:40.36SamotI don't know.
15:40.40AdNauseumi do
15:40.40SamotI don't use CentOS
15:40.45AdNauseumok
15:40.52AdNauseumwell i am just telling you
15:41.05SamotYeah and I take that with a grain of salt.
15:41.06AdNauseumthere is something not right with centos 7 and iptables
15:41.17SamotYou also insist A2Billing requires CentOS 7.
15:41.24AdNauseumnot at all
15:41.44AdNauseumthe issue is, the site i used to build a2billing latest version ONLY has it for centos 7
15:41.55SamotThe only thing I can see wrong with your CentOS 7 and IPTables has nothing to do with either of them.
15:42.00[TK]D-FenderAdNauseum> there is something not right with centos 7 and iptables <- Where do we see logging proof that something was caught in the first palce?
15:42.05AdNauseumotherwise i would use centos 6 or even ubuntu
15:42.07[TK]D-FenderYou have proved NOTHING
15:42.10igcewielingsaving the rules on stop is configured in /etc/sysconfig/iptables-config with the IPTABLES_SAVE_ON_STOP= settings.
15:42.10[TK]D-FenderStop wastting our time
15:42.21SamotSo basically you were lazy and found the first thing to use.
15:42.23[TK]D-Fenderfail2ban logs what it bans <-
15:42.28SamotA YUGE waste.
15:42.34AdNauseumigcewieling: service iptables save
15:42.39[TK]D-FenderWhere is the ASTERISK log proving there is something that should have triggered?
15:42.43AdNauseumwrites out config to /etc/sysconfig/iptables
15:42.53[TK]D-FenderWhere is the fail2ban log showing it DECIDED to?
15:43.17sekilnewer fail2ban reads/writes to sqlitedb
15:43.24*** part/#asterisk igcewieling (~ewieling@162-236-85-155.lightspeed.moblal.sbcglobal.net)
15:43.25sekiland iptables rules are populated from it
15:43.33AdNauseum[TK]D-Fender: if you saw the cli in centos 7 servers, with verbose=10 you would not believe how much is missing from calls
15:43.38sekilI learned that a hard way
15:43.49[TK]D-FenderAdNauseum, Who cares about CLI?
15:43.51[TK]D-FenderCLI means NOTHING
15:43.53sekilthere's a way to disable that
15:43.55[TK]D-FenderLOGS <------------------
15:44.11SamotProve that X happened and that it didn't trigger Y
15:44.21[TK]D-FenderAdNauseum> [TK]D-Fender: if you saw the cli in centos 7 servers, with verbose=10 you would not believe how much is missing from calls <-  YOUR job to configure logging
15:44.25[TK]D-FenderGo hire someone else
15:44.32[TK]D-FenderYou don't have the wits for this.
15:44.36AdNauseum[TK]D-Fender: what i am trying to tell you is, centos 7 is a different breed of fish. Perhaps that is reason FreePBX team did not make a distro for centos 7
15:44.40SamotYou keep saying X should trigger Y but it's not and you're not showing anything.
15:44.41[TK]D-FenderBullshit
15:44.46SamotBS
15:44.56[TK]D-FenderThey HAVE a distro for CentOS7
15:44.59SamotSNG7/FreePBX 14 <-- CentOS 7
15:45.02AdNauseumreally?
15:45.04SamotYes.
15:45.09[TK]D-FenderThis is an APPLICATION CONFIGURATION screwup
15:45.13[TK]D-Fenderand it's YOUR fault
15:45.19SamotNot using CentOS 7 was other reasons.
15:45.20AdNauseumi saw sng as BETA on their web site
15:45.24SamotYes.
15:45.25SamotIt is.
15:45.30SamotBut it works.
15:45.34AdNauseumok
15:45.40[TK]D-FenderFail2ban isn't the reason it's still in beta
15:45.45SamotNot at all.
15:46.03SamotPlus I've tested the CentOS 7 manual installs..
15:46.07Samotfail2ban worked just fine.
15:46.08[TK]D-FenderYou're doing this by hand and you're incompetent.
15:46.10AdNauseumwell, installing a2billing with the instructions on the site for a2billing I used, screwed a distro i installed yesterday
15:46.23SamotBecause you didn't adjust for it.
15:46.29AdNauseumprobably not
15:46.40AdNauseumi just followed instructions on pbx site
15:46.41SamotWhen someone posts "pure asterisk" configurations you have to adjust for FreePBX
15:46.46SamotOf course you did.
15:46.57[TK]D-Fender"probably" <- the mark of a person who doesn't have a grasp on how things work and is actually accounting for differences.
15:47.15AdNauseum[TK]D-Fender: stfu
15:47.18[TK]D-Fender"I just" <- even worse.
15:47.33[TK]D-FenderWe don'tt see logs that should ahve triggered bans do we?
15:47.44SamotAdNauseum: Stop sucking off the free community to support your business.
15:47.46SamotHire someone.
15:47.54[TK]D-FenderWe don't see file conditions and locations do we?
15:48.07[TK]D-FenderSo don't waste our time
15:48.27[TK]D-FenderYou talk about things that have nothing to do with this
15:48.34[TK]D-FenderYou show no clua about any of this
15:49.06[TK]D-FenderAnd we aren't here to hand-hold you for business services you are supposed to be providing your customers.
15:49.17Samot^^^^^^^^^^^^^^^^^^^^6
15:49.18*** join/#asterisk bof22 (~Thunderbi@185.13.183.107)
15:49.28[TK]D-FenderIf you can't handle the job either hire someone who can or pick another line of business.
15:49.59[TK]D-Fender"I got this far" doesn't cut it.
15:50.26[TK]D-FenderWe've heard every excuse in the book and is spurring the creation of a new edition.
15:50.39SamotThis is a public utility not web hosting.
15:51.02sekilI have a q about 11 version
15:51.07Samot??
15:51.09sekilnot sure it's even supported anymore
15:51.09[TK]D-Fender"This ain't like dusting crops boy."
15:51.19[TK]D-Fendersekil, It isn't, but ask away
15:51.29sekilbut I rarely use * these days..
15:51.55sekil[TK]D-Fender: I had an issue with * before with outboundproxy setting..
15:52.14zafdusting crops is pretty complex, tbf
15:52.36sekil[TK]D-Fender: I needed to set the domain part of registering user to fqdn...and to send all sip signalling to ob proxy IP
15:52.44SamotCompared to jumping to hyperspace? Not really.
15:53.08sekil[TK]D-Fender: the issue was that * was trying to resolve fqdn domain after all..even if I had ob proxy set
15:53.22[TK]D-FenderHyperspace = LITERALLY Raw-Cat Sigh Hence
15:53.28sekil[TK]D-Fender: and that could not be resolved at all because it's a private domain of provider's
15:53.38AdNauseumlike your farm is next to a 'organic' farm, the plane with bug killer drops on the other farm, but the wind sends some of the spray to the organic farm. very organic!
15:53.48sekil[TK]D-Fender: so my question is ob proxy handling solved nowadays
15:54.52[TK]D-FenderOrganic does not mean that no pesticides are used.
15:55.11AdNauseumit refers to the ground
15:55.20AdNauseumand the pesticides land on the ground
15:55.22[TK]D-Fendersekil, We need proper details.
15:55.30sekil[TK]D-Fender: right..
15:55.43[TK]D-Fendersekil, And configs.  And debug.
15:55.45AdNauseumorganic = BS at the highest level. FAKE FOOD for $$$$$
15:55.55SamotMuch like your VoIP service.
15:55.58sekil[TK]D-Fender: so fromdomain is set to say example.com...outboundproxy set to say 10.0.0.2,force
15:55.59[TK]D-FenderNo, I'm pretty sure it's "real food".
15:56.03SamotGo fix your issues.
15:56.32AdNauseumreal food less the organic yes
15:56.37AdNauseum= fake
15:56.42sekil[TK]D-Fender: host is also set to ims.example.com..
15:56.52[TK]D-Fendersekil, Show, don't tell
15:57.02sekil[TK]D-Fender: ah
15:57.03sekilok
15:57.06Samot~pb
15:57.10infobotpastebin is probably a web-based service where you should paste anything over 3 lines so you don't flood the channel. Here are links to a few: http://pastebin.ca, http://channels.debian.net/paste, http://paste.lisp.org, http://bin.cakephp.org/; or install pastebinit with yum or aptitude.
15:58.55sekilhttp://paste.lisp.org/display/340263
15:59.18sekilin my view...* should ignore host fqdn and send all signaling to an IP of ob proxy..
15:59.23SamotAnd it's doing a lookup on ims.example.com?
15:59.26sekilbut that was not what was happening
15:59.27sekilyes
15:59.49SamotOn inbound or outbound calls?
15:59.58sekiloutbound
16:00.03sekiland registration
16:00.15sekilthis is on 11.x btw
16:00.16SamotSo it's sending the request there instead of the OB?
16:00.26SamotOr just failing the lookup?
16:00.33sekilyes..it was lookuping and I didn't want it to
16:00.40sekilcause it's not resolveable
16:01.17sekilit's just the domain part of all headers needs to be ims.example.com
16:01.44SamotSo set the host to the IP
16:01.52Samotand the fromdomain as the FQDN
16:02.11sekilthat was  screwing up  RURI domain
16:02.31SamotSo the RURI needs a FQDN?
16:02.33sekilfromdomain I did set to fqdn
16:02.35sekilyep
16:02.42sekiltelco switch needs it like so
16:03.07sekilafaik that ruri domain is set only via host
16:03.13sekils/that/the/
16:03.17SamotSo set the FQDN in /etc/hosts
16:03.25sekilso people do..
16:03.32sekiland I don't like it :)
16:03.40sekilis ob proxy thing solved maybe now
16:03.56SamotWhy they would have your host set to a FQDN that doesn't resolve..
16:03.59SamotIn any way...
16:04.20sekilbecause the transfer is not via public Internet
16:04.24SamotSo?
16:04.26sekilrather via private telco lines
16:04.44SamotIf you're on their private line, they should be resolving this in their DNS
16:05.00sekilwell I'm arguing that ob proxy would need to work like it should..
16:05.10Samotasterisk -rvvv
16:05.12sekilthat is ...don't care about dns when ob proxy set
16:05.14Samotsip set debug on
16:05.16Samot^^^ Show it.
16:05.25sekilsorry can't right now...
16:05.41sekilI was just asking if there was something similar solved recently
16:05.55SamotWe don't know what the actual issue is.
16:06.03sekilhmm
16:06.05SamotWe haven't seen the debug.
16:06.20sekilwell I can't show it now..
16:06.24sekilbut believe me
16:06.29SamotThe short answer is put the FQDN in /etc/hosts
16:06.35sekil* is doing dns lookup when it's not supposed to..
16:06.48Samotand look at 127.0.0.1 as the first DNS in resolv.conf
16:06.49sekiland thanks for /etc/hosts..I know of it..
16:07.04sekilbut that remains as an issue imo
16:07.06sekilnm
16:07.11sekilthanks anyway
16:07.20SamotUntil we can see what is happening, we can really say how to fix it.
16:07.27Samots/can/can't/
16:07.34Samotgrrr.
16:07.37sekilright...
16:07.38SamotYou know what I meant.
16:07.40sekilyes
16:07.41sekilsure
16:07.58sekilbottom line is...obproxy setting was not functioning..
16:08.08aandrew/win 28
16:08.15sekilnot sure if it does now...I'll retest
16:08.21sekiland get back
16:08.26sekilthanks to you all..
16:10.00[TK]D-FenderWhere's the4 debug?
16:11.39sekil[TK]D-Fender: did you ask me?
16:11.57[TK]D-Fenderyes
16:12.09[TK]D-Fender<[TK]D-Fender> sekil, We need proper details.
16:12.14[TK]D-Fender<[TK]D-Fender> sekil, And configs.  And debug.
16:12.43sekil[TK]D-Fender: right..I have to go now to pickup my kid...I will come back with it..
16:12.48sekilbye for now
16:21.22*** join/#asterisk putnopvut (putnopvut@asterisk/master-of-queues/mmichelson)
16:21.22*** mode/#asterisk [+o putnopvut] by ChanServ
16:21.32*** join/#asterisk Qwell (~north@asterisk/developer/Qwell)
16:21.32*** mode/#asterisk [+o Qwell] by ChanServ
16:30.51*** join/#asterisk Dovid (~dovid@ool-4573a525.dyn.optonline.net)
16:46.12*** join/#asterisk bof22 (~Thunderbi@185.13.183.107)
16:52.00*** join/#asterisk defsdoor (~andy@cpc35-sutt4-2-0-cust184.19-1.cable.virginm.net)
16:55.29*** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com)
16:57.19*** join/#asterisk igcewieling (~ewieling@162-236-85-155.lightspeed.moblal.sbcglobal.net)
16:58.17*** join/#asterisk MaliutaLap (~nobusines@unaffiliated/maliuta)
17:04.52MacroManCan you use a variable inside a variable in the dialplan?
17:06.50MacroManhttps://paste.ngx.cc/eb1b014d172f239a
17:07.49[TK]D-FenderShow us
17:07.54MacroManhttps://paste.ngx.cc/eb1b014d172f239a
17:08.17[TK]D-FenderShow us
17:08.25[TK]D-Fenderthe FAILURE <-
17:09.04MacroManI don't think my script is getting the value of ${EXTEN}
17:12.45MacroManI seem to be having a funny syntax error. I'll try to fix and ask back if I fail
17:13.56[TK]D-FenderWhere's the call .....
17:31.28*** join/#asterisk BBone_ (~Thunderbi@maila.fraserwoodindustries.com)
17:50.25*** join/#asterisk Aboba (~Bob@201-085.camosun.bc.ca)
18:03.05*** join/#asterisk bipolar (~bipolar@offsite.guru)
18:03.27*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
18:06.27igcewielingYou should be able to do something like Set(TRUNK_${BOB}=test)
18:07.10[TK]D-FenderIt's been an hour now... I'm not holding my breath...
18:07.19[TK]D-FenderAnd not what he's asking in that PB
18:07.33igcewielinghere is something similar CELGenUserEvent(SM_DIAL_${MASTER_CHANNEL(name)},tag='ast' Dial("${CHANNEL(name)}")
18:07.43[TK]D-FenderAnd while I have a strong suspicion of what the problem is I'm not going to ruin it by staing a guess blindly.
18:07.47[TK]D-Fenderstating*
18:09.14igcewielingIndeed.  I'm not trying to solve his problem.   I'm just showing possible ways to do something similar which might help him figure it out himself.
18:09.54[TK]D-FenderI just want to see the call I asked for an hour ago...
18:10.06[TK]D-Fenderbecause samples & guessing are a waste of time.
18:10.16[TK]D-FenderShow failure and we'll tell how to fix it.
18:12.36*** join/#asterisk u0m3 (~u0m3@79.115.167.77)
18:26.26*** join/#asterisk d00gster_ (~d00gster@unaffiliated/d00gster)
18:36.08*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
18:58.56*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
18:59.06*** join/#asterisk u0m3 (~u0m3@79.115.167.77)
19:12.26*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
19:26.27*** join/#asterisk fridgefire (~fridgefir@unaffiliated/michielbrink)
19:28.51*** join/#asterisk andremar (~andremar@105.211.54.77.rev.vodafone.pt)
19:42.49*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
19:58.24*** join/#asterisk fstd_ (~fstd@unaffiliated/fisted)
20:01.13*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
20:02.38*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
20:07.24*** join/#asterisk setham (~setham@unaffiliated/setham)
20:18.01*** join/#asterisk setham (~setham@unaffiliated/setham)
20:24.39*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
20:25.07*** join/#asterisk setham (~setham@unaffiliated/setham)
20:26.35*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
20:32.01*** join/#asterisk djadk (~djadk@148.0.20.176)
20:47.15*** join/#asterisk J0hnStee- (~J0hnSteel@92.55.116.178)
20:51.43*** join/#asterisk tzafrir (~tzafrir@bzq-82-81-175-197.red.bezeqint.net)
20:56.57*** join/#asterisk znf (~ibm86@toaster.linge-ma.ws)
21:22.15*** join/#asterisk davlefou (~davlefou@unaffiliated/davlefou)
21:26.03[TK]D-FenderAnd hours later ... nothing
21:26.07[TK]D-Fenderis unsurprised
21:38.43*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
21:40.03*** join/#asterisk cemotyz09 (~cemotyz09@cpe-70-121-157-202.satx.res.rr.com)
21:43.33*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
21:47.33*** join/#asterisk ipengineer (~zconkle@71.252.134.63)
22:03.17*** join/#asterisk MaliutaLap (~nobusines@unaffiliated/maliuta)
22:07.53*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
22:09.43*** join/#asterisk grognafk (d8433d14@gateway/web/freenode/ip.216.67.61.20)
22:10.04*** part/#asterisk grognafk (d8433d14@gateway/web/freenode/ip.216.67.61.20)
22:19.00*** join/#asterisk [TK]D-Fender (~joe@64.235.216.2)
22:33.05*** join/#asterisk rwb (~Thunderbi@65.183.151.239)
22:45.44*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
22:48.43*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
22:59.54*** join/#asterisk skywayskase (~skywayska@67.139.42.219)
23:20.53*** join/#asterisk jeffspeff (~Jeff@209.141.208.197)
23:40.48*** part/#asterisk kharwell (kharwell@nat/digium/x-hrnidzrsaqoybxsp)

Generated by irclog2html.pl Modified by Tim Riker to work with infobot.