| 00:10.41 | *** join/#asterisk pppingme (~pppingme@unaffiliated/pppingme) |
| 00:51.15 | *** join/#asterisk pvoigt (~Linux@unaffiliated/pvoigt) |
| 00:57.59 | *** join/#asterisk babak (uid19622@gateway/web/irccloud.com/x-lwgfwydfxakjraqn) |
| 01:07.23 | *** join/#asterisk chris349 (~office@104-12-70-21.lightspeed.miamfl.sbcglobal.net) |
| 01:08.13 | chris349 | Does anyone know how to force a Digium phone to take an extension? I reset it to default and its stuck at a screen that says "select your name and extension" but the list is empty, there is no name/extension to select. |
| 01:08.32 | chris349 | I already did a reset to factory defaults |
| 01:15.20 | *** join/#asterisk clopez_ (~tau@neutrino.es) |
| 01:19.56 | *** join/#asterisk infobot (ibot@rikers.org) |
| 01:19.56 | *** topic/#asterisk is #asterisk The Open Source PBX and Telephony Platform (asterisk.org) -=- LTS: 13.18.5 (2017/12/22), Standard: 15.1.5 (2017/12/22); DAHDI: DAHDI-linux 2.11.1 (2016/03/01), DAHDI-tools 2.11.1 (2016/03/01); libpri 1.6.0 (2017/01/27) -=- Wiki: wiki.asterisk.org -=- Code of Conduct: bit.ly/1hH6P22 -=- Logs: bit.ly/1s4AKKu |
| 01:21.56 | *** join/#asterisk Typhon (~Typhon@dslb-092-078-201-026.092.078.pools.vodafone-ip.de) |
| 01:26.56 | *** join/#asterisk AndyCap (~aoy@pdpc/supporter/sustaining/AndyCap) |
| 01:31.25 | *** join/#asterisk awkwardpenguin (~awkwardpe@172-222-167-081.dhcp.chtrptr.net) |
| 01:45.59 | *** join/#asterisk freebs (~freebs@unaffiliated/freebs) |
| 02:24.47 | *** join/#asterisk freebs (~freebs@unaffiliated/freebs) |
| 02:36.56 | *** join/#asterisk luckman212 (~luckman21@unaffiliated/luckman212) |
| 02:45.26 | *** join/#asterisk freebs (~freebs@unaffiliated/freebs) |
| 03:04.05 | *** join/#asterisk awkwardpenguin (~awkwardpe@172-222-167-081.dhcp.chtrptr.net) |
| 03:20.38 | *** join/#asterisk awkwardpenguin (~awkwardpe@172-222-167-081.dhcp.chtrptr.net) |
| 05:29.46 | *** join/#asterisk cemotyz09 (~cemotyz09@cpe-70-121-157-202.satx.res.rr.com) |
| 06:02.33 | *** join/#asterisk startledmarmot (~startledm@c-71-231-154-77.hsd1.wa.comcast.net) |
| 06:38.43 | *** join/#asterisk awkwardpenguin (~awkwardpe@172-222-167-081.dhcp.chtrptr.net) |
| 06:56.40 | *** join/#asterisk Kobaz (~kobaz@its.kobaz.net) |
| 07:02.06 | *** join/#asterisk awkwardpenguin (~awkwardpe@172-222-167-081.dhcp.chtrptr.net) |
| 07:23.38 | *** join/#asterisk awkwardpenguin (~awkwardpe@172-222-167-081.dhcp.chtrptr.net) |
| 07:42.41 | *** join/#asterisk [TK]D-Fender (~joe@64.235.216.2) |
| 07:54.56 | *** join/#asterisk sekil (~sekil@cable-89-216-231-52.dynamic.sbb.rs) |
| 08:00.11 | *** join/#asterisk tzafrir (~tzafrir@local.xorcom.com) |
| 08:28.17 | *** join/#asterisk pchero_work (~pchero@109.70.54.56) |
| 08:52.57 | *** join/#asterisk awkwardpenguin (~awkwardpe@172-222-167-081.dhcp.chtrptr.net) |
| 09:05.55 | *** join/#asterisk DanB (~DanB@clt-195.192.205.174.ip-anschluss.net) |
| 09:08.35 | *** join/#asterisk DanB (~DanB@clt-195.192.205.174.ip-anschluss.net) |
| 09:29.26 | *** join/#asterisk hehol (~hehol@gatekeeper.loca.net) |
| 09:31.01 | *** join/#asterisk babak (uid19622@gateway/web/irccloud.com/x-qcurtpkvqmezzwfs) |
| 09:40.43 | *** join/#asterisk Worldexe (~Worldexe@95-107-33-134.dsl.orel.ru) |
| 10:30.39 | *** join/#asterisk sekil (~sekil@nat-73.net011.net) |
| 10:55.10 | *** join/#asterisk awkwardpenguin (~awkwardpe@172-222-167-081.dhcp.chtrptr.net) |
| 10:58.39 | *** join/#asterisk defsdoor (~andy@cpc120600-sutt6-2-0-cust177.19-1.cable.virginm.net) |
| 11:30.58 | *** join/#asterisk pvoigt (~Linux@unaffiliated/pvoigt) |
| 11:36.24 | *** join/#asterisk pvoigt (~Linux@unaffiliated/pvoigt) |
| 11:53.29 | *** join/#asterisk lankanmon (~LKNnet@99.245.204.29) |
| 12:18.32 | *** join/#asterisk sekil (~sekil@89.216.27.60) |
| 12:22.01 | *** join/#asterisk drathir (~kamiljk8@unaffiliated/drathir) |
| 12:24.01 | *** join/#asterisk dadrc (~quassel@unaffiliated/dadrc) |
| 13:27.29 | *** join/#asterisk miralin (~Thunderbi@81.177.59.227) |
| 13:57.04 | *** join/#asterisk awkwardpenguin (~awkwardpe@172-222-167-081.dhcp.chtrptr.net) |
| 13:59.27 | *** join/#asterisk brad_mssw (~brad@66.129.88.50) |
| 14:14.13 | *** join/#asterisk u0m3_ (~u0m3@86.127.131.167) |
| 14:14.46 | *** join/#asterisk sekil (~sekil@nat-73.net011.net) |
| 14:23.58 | *** join/#asterisk Worldexe (~Worldexe@95-107-33-134.dsl.orel.ru) |
| 14:25.45 | *** join/#asterisk Worldexe_ (~Worldexe@95-107-33-134.dsl.orel.ru) |
| 14:29.39 | *** join/#asterisk rwb (~Thunderbi@74.85.159.242) |
| 14:47.33 | *** join/#asterisk tehgooch (~tehgooch@unaffiliated/tehgooch) |
| 15:11.44 | *** join/#asterisk kharwell (kharwell@nat/digium/x-ojtfgxarweoowwvb) |
| 15:11.44 | *** mode/#asterisk [+o kharwell] by ChanServ |
| 15:17.33 | *** join/#asterisk jkroon (~jkroon@197.96.224.13) |
| 15:25.40 | *** join/#asterisk bford (d8cff501@gateway/web/freenode/ip.216.207.245.1) |
| 15:25.41 | *** mode/#asterisk [+o bford] by ChanServ |
| 15:33.31 | *** join/#asterisk awkwardpenguin (~awkwardpe@172-222-167-081.dhcp.chtrptr.net) |
| 15:33.33 | *** join/#asterisk rwb1 (~Thunderbi@74.85.159.242) |
| 15:40.51 | *** join/#asterisk babak (uid19622@gateway/web/irccloud.com/x-bvojomdwrtbxmmhb) |
| 15:44.31 | *** join/#asterisk cresl1n (Adium@asterisk/libpri-and-libss7-expert/Cresl1n) |
| 15:44.31 | *** mode/#asterisk [+o cresl1n] by ChanServ |
| 15:58.47 | *** join/#asterisk jkroon (~jkroon@197.96.224.13) |
| 16:00.45 | *** join/#asterisk rmudgett (rmudgett@nat/digium/x-lumhcnpzumoouyzi) |
| 16:00.45 | *** mode/#asterisk [+o rmudgett] by ChanServ |
| 16:00.58 | *** join/#asterisk luckman212 (~luckman21@unaffiliated/luckman212) |
| 16:24.51 | Samot | file: What option is updated in the voicemail MIF to show it is an urgent message? Is the priority set to 1 or another number or does the flag= option get set to something? |
| 16:24.59 | file | no idea. |
| 16:26.13 | Samot | Well shoot. |
| 16:29.42 | *** join/#asterisk wonderworld (~ww@ip-88-152-174-32.hsi03.unitymediagroup.de) |
| 16:32.06 | wonderworld | hi, i am trying to secure asterisk in the proper way but i am failing miserably. i tried to permit/deny and contactpermit/deny everything to the ipranges i need, set allowguest=no and use strong passwords. still somehow an unknown ip managed to register to one of my peers. i really have now idea what is going on? config here: https://www.pastebin.ca/3954790 |
| 16:32.53 | *** join/#asterisk gtrmtx (~gtrmtx@47-219-18-204.tyrccmtk01.res.dyn.suddenlink.net) |
| 16:33.38 | wonderworld | i am having a hard time also understanding what the differnece between deny and contactdeny is. as i understand contactdeny would disallow registrations from ip-ranges (which doesn't seem to work for me). what does a simple "deny" do? |
| 16:41.56 | Samot | deny/permit are for over all access. |
| 16:42.18 | Samot | I don't need to be registered to make a call to Asterisk. |
| 16:42.51 | Samot | That's why there is an auth process (unless you set insecure=invite). |
| 16:43.12 | Samot | contactdeny means I can't save my location for Asterisk to send calls to |
| 16:45.09 | *** join/#asterisk jastapleton (~jastaplet@c-73-31-232-184.hsd1.va.comcast.net) |
| 16:45.18 | wonderworld | ok, so my syntax must be wrong, because someone from outside of my defined ip ranges was able to auth? |
| 16:46.51 | Samot | I would need to see the logs of that call to see what happened. |
| 16:47.18 | wonderworld | ok, i'll try to find them. does my config look OK to you? |
| 16:48.21 | Samot | permit=71.125.8.0/255.255.255.0 ; ALLOW IP-range of SIP provider |
| 16:48.36 | Samot | What does your SIP provider need a /24 for service? |
| 16:49.11 | wonderworld | no, i could tighten that more. but the ip that registered was from a completely different range |
| 16:49.15 | Samot | Are they sending/accepting calls over 254 addresses? |
| 16:49.24 | Samot | Registered? |
| 16:49.34 | wonderworld | sorry authed |
| 16:50.21 | Samot | All of your device peers are like the example [11]? |
| 16:50.29 | wonderworld | yes |
| 16:51.33 | Samot | Where is your localnet and externaladdr stuff? |
| 16:52.07 | wonderworld | ok, i don't have that. would i need it? |
| 16:52.41 | Samot | Well, your PBX is behind NAT? |
| 16:54.27 | Samot | All of your devices/phones are on the same local network as the PBX? |
| 16:55.07 | wonderworld | yes. i just want to leave things open because some people are going to be traveling and need to access the pbx from outside in the future |
| 16:56.53 | wonderworld | maybe things would be more simple if i would just setup some iptables rules? |
| 16:59.27 | Samot | OK. |
| 17:00.08 | Samot | So if you are going to have people traveling and accessing the PBX remotely having deny/permit rules is going to mess with that. |
| 17:00.36 | Samot | But if the PBX is behind NAT, it should have the externaladdr set to the WAN IP |
| 17:00.53 | Samot | And the localnet set to the LAN networks that are "local" to the PBX |
| 17:01.04 | Samot | i.e. don't need the WAN/external details. |
| 17:01.45 | Samot | I would be handling this in the firewall and/or with iptables on the server. |
| 17:02.01 | Samot | You can have iptables do rate limiting/checking, blocking, etc. |
| 17:02.13 | wonderworld | ok, i setup everything according to the documentation our sip provider provided. they didn't mention localnet and externaladdr in their documentation. but if it would solve my security problems, i would add them. |
| 17:02.22 | Samot | When you are "scanned/hit" they don't just send 1 attempt |
| 17:02.30 | Samot | They send 100's in a short burst. |
| 17:02.41 | wonderworld | yeah, i already setup fail2ban which seems to work |
| 17:02.43 | Samot | You can use rate limiting to handle that. |
| 17:02.49 | Samot | fail2ban is reactive. |
| 17:02.50 | wonderworld | catched 8 or 9 bots already |
| 17:02.54 | Samot | It looks at logs. |
| 17:02.54 | wonderworld | thas why |
| 17:03.11 | Samot | So in order for fail2ban to do anything it needs to read logs. |
| 17:03.22 | wonderworld | it does |
| 17:03.23 | Samot | If it makes it to the logs, it's already to late. |
| 17:03.29 | wonderworld | ok |
| 17:03.33 | Samot | If you are being hit hard |
| 17:03.42 | Samot | And fail2ban can't read the logs .... |
| 17:03.55 | wonderworld | i setup really secure passwords... 15 letters like IGHI6tjuzbgugziuFh |
| 17:03.55 | *** join/#asterisk [TK]D-Fender (~joe@64.235.216.2) |
| 17:04.00 | Samot | iptables does this at the system level. |
| 17:04.08 | *** join/#asterisk startledmarmot (~startledm@c-71-231-154-77.hsd1.wa.comcast.net) |
| 17:04.12 | Samot | If I flood you with 1500 requests... |
| 17:04.14 | wonderworld | i guess it should be impossible to bruteforce, but still they somehow made it |
| 17:04.52 | wonderworld | but i understand that the UDP flood is faster than fail2ban reading the logs. |
| 17:05.40 | wonderworld | so you think externaladdr and localnet would make my permit deny rules work? |
| 17:06.28 | [TK]D-Fender | not related. |
| 17:06.36 | [TK]D-Fender | permit & deny are their own thing. |
| 17:08.28 | Samot | 1) The PBX is behind NAT, externaladdr and localnet are kinda important for that |
| 17:08.39 | wonderworld | ok, i have been searching the logs and could't find a successful auth. the way i realized something went wrong was, when i did "sip show peers" in CLI and one of my peers had that outside ip address |
| 17:08.52 | Samot | OK |
| 17:08.58 | Samot | That is a REGISTER |
| 17:09.10 | Samot | If Asterisk has a peer location, they registered. |
| 17:10.07 | wonderworld | so nothing went wrong? permit/deny were working? |
| 17:10.20 | Samot | I don't know. |
| 17:10.29 | Samot | But if you did "sip show peers" |
| 17:10.38 | Samot | And a device had a peer listed... |
| 17:10.55 | Samot | That's an indicator they REGISTERed. |
| 17:11.12 | Samot | Which means they auth'd. |
| 17:11.47 | *** join/#asterisk jamesaxl (~James_Axl@109.172.62.242) |
| 17:11.56 | wonderworld | and that should be impossible with my permit deny rules? |
| 17:12.02 | [TK]D-Fender | Where are the configs to look at? |
| 17:12.13 | wonderworld | https://www.pastebin.ca/3954790 |
| 17:12.58 | [TK]D-Fender | and the status dump for the peer... |
| 17:15.16 | wonderworld | how would i generate that? |
| 17:15.40 | [TK]D-Fender | "sip show peer X" |
| 17:16.48 | *** join/#asterisk awkwardpenguin (~awkwardpe@172-222-167-081.dhcp.chtrptr.net) |
| 17:17.18 | wonderworld | thats the peer they managed to register or auth to -> https://www.pastebin.ca/3955442 |
| 17:18.35 | [TK]D-Fender | Addr->IP : (null) |
| 17:18.39 | [TK]D-Fender | not currently. |
| 17:18.54 | Samot | That doesn't help if they aren't registered now |
| 17:19.03 | Samot | Show the peer settings from sip.conf |
| 17:19.11 | [TK]D-Fender | Samot, previous PB |
| 17:19.27 | Samot | That was 11 |
| 17:19.29 | [TK]D-Fender | Of course I don't like seeing 11 in one, and 12 in another |
| 17:19.30 | Samot | This is 12 |
| 17:19.33 | Samot | Not the same. |
| 17:19.41 | Samot | I want confirmation. |
| 17:19.42 | [TK]D-Fender | My trust factor for redacted shit goes right out the window |
| 17:20.17 | *** join/#asterisk jkroon (~jkroon@197.96.224.13) |
| 17:20.41 | wonderworld | sorry guys, phone, back in a minute |
| 17:24.50 | wonderworld | peer 12 -> https://www.pastebin.ca/3955445 |
| 17:26.12 | [TK]D-Fender | Are ANY of them still showing any signs of the outside having registered? |
| 17:26.40 | wonderworld | nope. i became afraid and restarted the box and added the ip's in question manualy to iptables |
| 17:31.19 | jamesaxl | Hello |
| 17:32.08 | jamesaxl | Day after Day, I improve voip server features, I thank [TK]D-Fender Samot for many helps. |
| 17:34.36 | jamesaxl | [TK]D-Fender Samot gift => https://www.youtube.com/watch?v=VGD6ZLICTG0 |
| 17:38.33 | wonderworld | <PROTECTED> |
| 17:39.10 | *** join/#asterisk Typhon (~Typhon@ipservice-092-218-106-199.092.218.pools.vodafone-ip.de) |
| 17:49.11 | *** join/#asterisk jastapleton_ (~jastaplet@188.172.219.43) |
| 17:55.00 | *** join/#asterisk clarjon1 (~clarjon1@unaffiliated/clarjon1) |
| 17:56.42 | *** join/#asterisk Dovid (~dovid@ool-321d61ce.dyn.optonline.net) |
| 17:58.07 | *** join/#asterisk Iamnacho (~Iamnacho@ip72-213-25-54.om.om.cox.net) |
| 18:01.45 | *** join/#asterisk tzafrir (~tzafrir@62-90-199-247.barak.net.il) |
| 18:21.10 | *** join/#asterisk salviadud (~ralfalfa@187-167-79-163.static.axtel.net) |
| 18:37.40 | *** join/#asterisk pchero (~pchero@109.70.54.56) |
| 18:44.28 | *** join/#asterisk giesen (~ggiesen@2001:19f0:0:1019:5400:ff:fe25:bda6) |
| 18:47.01 | *** join/#asterisk RovingWriter (~RovingWri@unaffiliated/rovingwriter) |
| 18:49.21 | *** join/#asterisk mlhess (~mlhess@drupal.org/user/102818/view) |
| 18:59.17 | *** join/#asterisk chandoo (~chandoo@pool-74-105-13-92.nwrknj.fios.verizon.net) |
| 18:59.35 | chandoo | how to use OAuth with googlevoice in Asterisk 15 |
| 19:00.07 | chandoo | it is asking for refresh token, client id and secret , how to generate these |
| 19:00.11 | chandoo | for google voice |
| 19:04.01 | file | there is information in the sample config |
| 19:04.02 | file | https://github.com/asterisk/asterisk/blob/13/configs/samples/xmpp.conf.sample#L21 |
| 19:08.36 | chandoo | how to generate OAuth Client ID and secret , can i makeup my own? and input them at both locations? |
| 19:09.01 | file | that is in that same sample config, a few line sdown |
| 19:10.00 | *** join/#asterisk giesen (~ggiesen@2001:19f0:0:1019:5400:ff:fe25:bda6) |
| 19:16.56 | *** join/#asterisk jastapleton_ (~jastaplet@c-73-31-232-184.hsd1.va.comcast.net) |
| 19:48.53 | chandoo | `secret` must NOT be set if you use OAuth |
| 19:49.09 | chandoo | is that mean i have to set refresh token and client id only? |
| 20:00.03 | file | oauth_secret, oauth_clientid, and refresh_token must be set. |
| 20:20.25 | chandoo | i put all three details |
| 20:20.31 | chandoo | status shows disconnected |
| 20:20.38 | chandoo | i restarted amportal |
| 20:20.47 | chandoo | do i need to reboot the server? |
| 20:27.22 | *** join/#asterisk babak (uid19622@gateway/web/irccloud.com/x-ppwtwuvmeherztoz) |
| 20:28.16 | *** join/#asterisk defsdoor (~andy@cpc120600-sutt6-2-0-cust177.19-1.cable.virginm.net) |
| 20:29.42 | *** join/#asterisk rwb (~Thunderbi@65.183.151.121) |
| 20:31.28 | *** join/#asterisk startledmarmot (~startledm@c-71-231-154-77.hsd1.wa.comcast.net) |
| 20:38.01 | *** join/#asterisk bmg505 (~leon@196-210-77-27.dynamic.isadsl.co.za) |
| 21:09.14 | *** join/#asterisk Dovid (~dovid@ool-3f8fea4a.dyn.optonline.net) |
| 21:30.38 | *** join/#asterisk startledmarmot (~startledm@c-71-231-154-77.hsd1.wa.comcast.net) |
| 21:31.25 | *** join/#asterisk startledmarmot (~startledm@c-71-231-154-77.hsd1.wa.comcast.net) |
| 21:32.12 | *** join/#asterisk startledmarmot (~startledm@c-71-231-154-77.hsd1.wa.comcast.net) |
| 21:32.45 | *** join/#asterisk freebs (~freebs@unaffiliated/freebs) |
| 21:32.58 | *** join/#asterisk startledmarmot (~startledm@c-71-231-154-77.hsd1.wa.comcast.net) |
| 21:33.48 | *** join/#asterisk startledmarmot (~startledm@c-71-231-154-77.hsd1.wa.comcast.net) |
| 21:34.32 | *** join/#asterisk startledmarmot (~startledm@c-71-231-154-77.hsd1.wa.comcast.net) |
| 21:38.18 | *** join/#asterisk luckman212 (~luckman21@unaffiliated/luckman212) |
| 21:40.05 | *** join/#asterisk elguero (~miguel323@74-95-21-41-Connecticut.hfc.comcastbusiness.net) |
| 21:51.45 | *** join/#asterisk ch4plin (~ch4plin@2806:101e:6:2faf:5971:387e:d01b:c6cc) |
| 21:53.25 | ch4plin | hi everyone! I installed an asterisk box using a sangome card with openr2. Just a quick question, the customer is telling if is possible to volume up the call, is it possible? |
| 22:15.08 | *** join/#asterisk awkwardpenguin (~awkwardpe@172-222-167-081.dhcp.chtrptr.net) |
| 22:16.12 | [TK]D-Fender | check your gain settings in your dahdi configs |
| 22:49.18 | *** part/#asterisk gtrmtx (~gtrmtx@47-219-18-204.tyrccmtk01.res.dyn.suddenlink.net) |
| 22:54.43 | *** join/#asterisk TandyUK2 (~admin@TandyUK/staff/James) |
| 22:57.00 | ch4plin | [TK]D-Fender: you mean, to increase the rx/tx parameters? |
| 23:10.28 | [TK]D-Fender | yes |
| 23:19.09 | *** join/#asterisk Zanelos (~zach@4.71.171.253) |
| 23:21.00 | *** join/#asterisk paulgrmn__ (~paulgrmn@184.75.214.86) |
| 23:52.46 | *** part/#asterisk znoteer_ (~Wang@157.52.8.172) |
| 23:53.03 | *** join/#asterisk Zanelos (~zach@4.71.171.253) |