IRC log for #asterisk on 20191216

00:03.27*** join/#asterisk anderj101 (~anderj101@mail.thehouseofbacon.com)
06:06.04*** join/#asterisk infobot (ibot@c-174-52-60-165.hsd1.ut.comcast.net)
06:06.04*** topic/#asterisk is AstriCon 2019 in Atlanta! http://www.astricon.net/ -- #asterisk The Open Source PBX and Telephony Platform (asterisk.org) -=- LTS: 13.29.2 (2019/11/21) 16.6.2 (2019/11/21) Standard: 17.0.1 (2019/11/21); DAHDI: 3.0.0 (2018/11/15); libpri 1.6.0 (2017/01/27) -=- Wiki: wiki.asterisk.org -=- Code of Conduct: bit.ly/1hH6P22
06:09.21*** part/#asterisk PiRATA (PiRATA@PiRATA.bnc.ircnow.org)
06:14.50*** join/#asterisk joako (~joako@opensuse/member/joak0)
06:36.15*** join/#asterisk netman (~netman@185.94.249.222)
06:39.24*** join/#asterisk tomaluca95 (~quassel@kde/developer/tomaluca)
06:44.05*** join/#asterisk igcewieling (~ewieling@208.94.98.135)
06:44.18*** part/#asterisk igcewieling (~ewieling@208.94.98.135)
06:54.16*** join/#asterisk _mwoodj_ (~mwoodj@pdpc/sponsor/digium/hyper-eye)
07:08.56*** join/#asterisk tsal (~tsal@i59F4AB81.versanet.de)
07:14.30*** join/#asterisk igcewieling (~ewieling@208.94.98.135)
07:24.09*** join/#asterisk MICROburst (~Thunderbi@x4d0d9828.dyn.telefonica.de)
07:34.21*** join/#asterisk scampbell (~scampbell@mail.scampbell.net)
07:40.06*** join/#asterisk pchero_work (~pchero@87.213.247.82)
07:47.58*** join/#asterisk i9zO5AP (~BQcdf9eiZ@41.248.193.64)
07:59.30wyoungdrmessano: so what's expensive?
08:00.55*** join/#asterisk pabe (~pabe@81.24.66.208)
08:04.56*** join/#asterisk pabe (~pabe@81.24.66.208)
08:15.18*** join/#asterisk cp- (~cp-@b157153.ppp.asahi-net.or.jp)
08:18.30*** join/#asterisk Someone_Else (~Someone_E@deze-server.isvanmij.nl)
08:21.50*** join/#asterisk defsdoor (~Andrew@cpc120600-sutt6-2-0-cust232.19-1.cable.virginm.net)
08:35.20*** join/#asterisk miralin (~Thunderbi@178.34.160.8)
08:49.05*** join/#asterisk shootbird (~quassel@beepbeep.serverpit.com)
08:51.58*** join/#asterisk miralin1 (~Thunderbi@178.34.160.8)
09:17.53*** join/#asterisk hehol (~hehol@gatekeeper.loca.net)
09:51.34*** join/#asterisk sekil (~sekil@178-222-22-196.dynamic.isp.telekom.rs)
09:54.15*** join/#asterisk sekil (~sekil@178-222-22-196.dynamic.isp.telekom.rs)
09:57.25*** join/#asterisk sekil (~sekil@178-222-22-196.dynamic.isp.telekom.rs)
10:05.52*** join/#asterisk cranq (~crank@107.161.164.124)
10:06.03*** join/#asterisk t (tom@freenode/staff/tomaw)
10:06.11*** join/#asterisk Champi (Champi@damn.e-leet.be)
10:06.24*** join/#asterisk m4rcu5 (nobody@84-106-248-133.cable.dynamic.v4.ziggo.nl)
10:06.33*** join/#asterisk driz (~driz@199.60.101.194)
10:07.00*** join/#asterisk anderj101 (~anderj101@mail.thehouseofbacon.com)
10:07.02*** join/#asterisk gavlee (~gav@unaffiliated/gavlee)
10:07.06*** join/#asterisk tehgooch (tehgooch@unaffiliated/tehgooch)
10:07.17*** join/#asterisk NightMonkey (~NightMonk@pdpc/supporter/professional/nightmonkey)
10:07.21*** join/#asterisk doop (~doop@colostomy.club)
10:10.20*** join/#asterisk yokel (~yokel@unaffiliated/contempt)
10:10.32*** join/#asterisk seanbright (~sean@asterisk/community-developer/seanbright)
10:10.32*** mode/#asterisk [+o seanbright] by ChanServ
10:23.39*** join/#asterisk stux|work (stux@2a01:270:2050:1337::1)
10:32.41*** join/#asterisk bengoa (~alberto@194.50.55.200)
10:56.07*** join/#asterisk miralin1 (~Thunderbi@178.34.160.8)
11:12.35*** join/#asterisk pa (~pa@unaffiliated/pa)
11:16.04*** join/#asterisk pchero_work (~pchero@87.213.247.82)
11:18.36*** join/#asterisk admin0 (~admin0@148.251.135.28)
11:19.04admin0for using asterisk wtih mysql/postgres, is there a page which lists the table i need to create in the db ? or will asterisk create it itself ?
11:31.39*** join/#asterisk sibiria (~sibiria@unaffiliated/sibiria)
11:46.54*** join/#asterisk Helenah (~s98259@unaffiliated/iveeee)
12:05.25*** join/#asterisk miralin1 (~Thunderbi@178.34.160.8)
12:11.40*** join/#asterisk gerhard7 (~gerhard7@ip5657ee30.direct-adsl.nl)
12:20.37TandyUKhow do i verify that a tls cert is correctly installedi n asterisk... ive used https://www.geocerts.com/ssl-checker among other to validate the one on our web portal is correct, but not sure how to check the one asterisk is using is correct
12:20.59TandyUKwe keep getting security warnigns when trying to log mobile apps into a sip account
12:21.28TandyUKtrust the cert, and its fine, but there should be no need to do that if the cert/ca certs are done properly
12:22.24sibiriayou could start with verifying that the certificate was issued by the CA, and that the cert and key match eachother
12:22.42TandyUKthe cert itself is identical to the one we're using for https
12:22.59sibiriabut if your clients reject the CA it's obviously a case of their CA storage not being adequate
12:23.11TandyUKi suspect somethign is wrong in the ca cert chain
12:23.26sibiriaare you using lets encrypt?
12:23.30TandyUKno
12:24.10TandyUKhttps://www.geocerts.com/ssl-checker   check "voip.tandyuk.com" port 5555 on there and you can see the full chain
12:25.11sibiriai'm sure it's fine
12:25.20sibiriabut your clients need to have that CA in their store regardless
12:26.01jkroonTandyUK, openssl s_client -connect server:port </dev/null
12:26.14jkrooncheck that it's the cert you're expecting, including the chain.
12:26.22sibiriaor just wget verbosely etc.
12:26.31sibiriaor curl etc.
12:26.45jkroonindeed.
12:27.06jkroonwget + curl will fail if you're hitting SIP/TLS, but should be OK for SIP/WSS
12:27.22jkroonit will however fail with protocol errors, not cert errors :)
12:27.25TandyUKspecifically its SIP/TLS that i need to verify
12:27.48jkroonyou have your options above.
12:28.10jkrooni found that older phone dislike >> sha1 ... so on those you're pretty screwed.
12:34.30*** join/#asterisk Alblasco1702 (~Alblasco1@ip5456b46b.speed.planet.nl)
12:36.57TandyUKok sorted cheers guys
12:37.07TandyUKit was using the wrong ca chain bundle
13:06.10*** join/#asterisk _0x5eb_ (~seb@seb-hpws2.elen.ucl.ac.be)
13:15.05*** join/#asterisk mTeK (~quassel@192.151.137.68)
13:27.05*** join/#asterisk miralin1 (~Thunderbi@178.34.160.8)
13:45.29*** join/#asterisk sekil (~sekil@178-222-22-196.dynamic.isp.telekom.rs)
13:49.24*** join/#asterisk sahmed (~sahmed@cpe-70-114-236-63.austin.res.rr.com)
13:53.54*** join/#asterisk i9zO5AP (~BQcdf9eiZ@41.248.193.64)
14:03.52*** join/#asterisk Corydon76 (~quassel@96.69.98.139)
14:03.52*** mode/#asterisk [+o Corydon76] by ChanServ
14:09.01*** join/#asterisk Sibert (54c6ffa2@mx1.dekimo.be)
14:09.08SibertHello everyone
14:09.39SibertI'm having an issue with asterisk where it's seemingly limiting the outgoing 'To' field to 255 chars
14:09.50SibertDoes anyone know why that is and if I can get around that?
14:13.06Corydon76Seems like it might be a hardcoded buffer limit.  Why do you need more than 255 characters?
14:14.17admin0for using asterisk wtih mysql/postgres, is there a page which lists the table i need to create in the db ? or will asterisk create it itself ?
14:15.46SibertCorydon76, I'm using a proxy which supports push notifications (flexisip), which adds the necessary information to the contact
14:15.56SibertThis information is quite long
14:17.10SamotWhat should the To header look like?
14:17.14Corydon76Sibert: you'll probably have to modify the length of the buffer in the code and recompile.
14:17.40Corydon76Remember that it's going to be 256, since it needs the ending nul byte
14:17.46Sibertyeah oke
14:17.46sibiriaSibert: if this is with chan_sip, maybe try using pjsip to see if the limit is the same there
14:17.55sibiria(or browse the appropriate part of the pjsip source)
14:18.10SibertI just found this in the output:
14:18.35Sibertsibiria, I'm not sure what it's using, it's a legacy project and I only know half what I'm doing
14:18.40Corydon76admin0: You're going to need to be more specific.  There are lots of ways that Asterisk can use a database.
14:18.41SibertIs there an easy way to find out?
14:18.48sibiriai'd be betting that it's using chan_sip then
14:19.03Samot9:17:11 AM <Samot> What should the To header look like?
14:19.15SamotThere are limits.
14:19.16sibiriayes: inspect modules.conf to see what's being loaded, or run asterisk -x 'sip show peers' to confirm
14:19.22Samottags can only be 255 characters.
14:19.49admin0Corydon76, i just need one way that works fine .. where i can create sip accounts and the cdr is stored internally in the database
14:19.53SibertSamot, you're saying there's no solution?
14:20.02SamotThat's not what I said at all.
14:20.11SamotI asked to see what the To header should look like in full..
14:20.18SamotSo I could see it's formating
14:20.20Corydon76admin0: those are two different tables and even two different connectors.
14:20.22SamotSo I could see it's formatting
14:20.22SibertOh yeah give me a second, sorry
14:20.46Corydon76admin0: I assume for the first, you're talking about SIP realtime?
14:20.50SamotHow the tags are added, how many, how long are they, is the header properly formatted by the proxy
14:21.30Sibertsip:117@172.20.10.44:5061;app-id=<length 35>;pn-type=firebase;pn-timeout=0;pn-tok=<token with length 152> ;pn-silent=1;CtRt19224c02021ba6dc=tcp:172.20.10.43
14:21.37Sibertthis is the header that's being cut off
14:22.16Sibertthe tags are added using the linphone sdk in the client
14:22.19*** join/#asterisk brad_mssw (~brad@66.129.88.50)
14:22.35Corydon76admin0: I don't know of a single case where Asterisk creates the table.  The problem is that there are so many different databases, and while they are governed by a common standard, the creation of tables is something best left to an administrator.  If you look in the contrib directory of the source, there should be some sample table creation scripts for some databases.
14:23.22Sibertsibiria, I don't seem to have a modules.conf
14:23.25SamotWell that header looks like.
14:23.31Samoter fine
14:23.55Sibertsibiria nvm found idk how I didn't see it
14:24.03SamotYeah, I'd try doing this with PJSIP and make sure it's not a Chan_SIP limitation.
14:24.36Sibertokay, I'll try to figure that out
14:24.39Sibertthanks for the pointers
14:24.41*** join/#asterisk dacod (~dacod@201.47.74.146)
14:25.35Corydon76admin0: in the case of CDRs, I engineered the tables to be _extremely_ flexible.  Asterisk scans the table structure and then matches CDRs elements and variables into the table layout.
14:26.01*** join/#asterisk bford (uid283514@gateway/web/irccloud.com/x-bmrchlszyzmtbsjp)
14:26.01*** mode/#asterisk [+o bford] by ChanServ
14:26.46Corydon76Therefore, if you want to set a new CDR variable, something that doesn't exist anywhere else, and that field name exists in your CDR table, it will be logged, just as you might like.
14:26.52Sibertsibiria, neither modules.conf nor sip show peers seems to have a clear indication of what's being used
14:29.22sibiriaif you get a positive response from "sip show peers" you are using chan_sip
14:29.56sibiriaotherwise you'll get something along the lines of "no such command" or so
14:30.26Sibertokay thanks
14:30.27sibiriato speak to pjsip, try:  asterisk -x 'pjsip show contacts' (and/or show endpoints for more details)
14:30.33SibertThen I'm using chan_sip
14:32.33*** join/#asterisk Janos (~Janos@201.204.94.76)
14:34.33SibertHm
14:34.48SibertI'm running asterisk 11.13, which doesn't seem to have support for pjsip
14:34.51Sibertis that correct?
14:37.37sibiriano i think pjsip was available in 11. i think your build wasn't configured to include it
14:37.49fileit was not
14:38.05SibertOkay
14:38.34sibiriai recall using pjsip before ast 13
14:38.40sibiriabut maybe it was on 12
14:38.49seanbright12 was the first release with pjsip support
14:39.20SibertOkay
14:39.39SibertSo in my current situation, I can't move forward unless I update asterisk
14:40.28SamotWell considering that means whatever version you are on is completely unsupported......
14:40.38SamotUpdating might be a wise choice.
14:41.10SibertYeah I suppose it is, but this is a inherited project full of dirty hacks, so I'm not sure if it's really an option
14:41.45SamotI'm not sure what a dirty hack would be in Asterisk.
14:41.58SamotSince there really isn't a default or standard setup for it.
14:43.03SibertWell okay, to be fair, I'm not sure if it's dirty hacks, but web pages that directly write in the dialplan with hardcoded calls at least feel like dirty hacks
14:43.51seanbrightok
14:44.02SamotFreePBX is a GUI that writes dialplan.
14:44.13SamotIt lets you make calls from the GUI
14:44.20SamotOffers Click to Call for web pages
14:44.45SamotPerhaps what you are looking at is a poorly implemented GUI to manage things.
14:45.54SamotSo what version of Asterisk is this system running?
14:49.06*** join/#asterisk rmudgett (rmudgett@nat/digium/x-hglmwhdmueyjzuau)
14:49.06*** mode/#asterisk [+o rmudgett] by ChanServ
14:54.06*** join/#asterisk gtjoseph (~gtjoseph@unaffiliated/gtj)
14:54.06*** mode/#asterisk [+o gtjoseph] by ChanServ
15:08.37*** join/#asterisk joepublic (~joepublic@fsf/member/joepublic)
15:12.22*** join/#asterisk kharwell (uid358942@gateway/web/irccloud.com/x-jxoopdijzvuekjws)
15:12.22*** mode/#asterisk [+o kharwell] by ChanServ
15:22.30SibertSamot, 11.13.1
15:28.31*** join/#asterisk saint_ (~saint_@unaffiliated/saint-/x-0540772)
15:41.41igcewielinga new attack?  144.91.82.224 - - [16/Dec/2019:10:36:48 -0500] "GET /prov/yealink/y000000000044.cfg HTTP/1.1" 404 228 "-" "libwww-perl/5.833"
15:43.48Corydon76Do Yealink phones give up their configuration (including a password) to anyone?
15:58.09*** join/#asterisk stux|work (stux@cosmo.lunarshells.com)
16:14.02jkroonCorydon76, no, but i've also started seeing attacks on MAC address based provisioning, which generally does contain MACs.  So far these seem to be targeted brute-force.  Meaning the attacker would have had to action some system-specific research first.  Just hoping that the RPS style systems have some decent anti-hacking mechanisms in place.
16:17.22Corydon76jkroon: yeah, I don't know.  It's one of the reasons why I keep provisioned systems off the Wild West of public addresses.
16:18.41Corydon76If I were ever in a situation where the provisioning was not onsite, I'd be strongly motivated to do the query over a VPN and protect both the provisoned system, as well as the provisioning system from random queries.
16:33.22igcewielingI would not be a problem if failed2ban didn't fail to ban them.
16:45.34joepublicin addition to fail2ban i have a few servers that run a homemade service that looks over netstat, picks out sketchy entries, bans then with iptables, and shares their ip addresses with each other
16:48.27*** join/#asterisk hfb (~hfb@47.139.16.144)
17:03.18jkroonCorydon76, we have multiple layers of security to avoid issues.
17:04.08jkroonigcewieling, the one that scares me is a redirect coming off of an RPS.  anything else I believe we've got covered.  but still, multiple layers of safety is in order when dealing with the wild-west-web.
17:04.42TandyUKyealink RPS allows you to set a user/password on the http server, as well as fully encrypt the config files, so even if someone did manage to hack it, theyre not getting anything useful
17:05.14TandyUKand for a device to be given the user/pass/url, i have to register the device on there first
17:05.33igcewielingRPS?
17:05.48TandyUKredirection and provisioning service iirc
17:05.54igcewielingag provisioning
17:06.45igcewielingwe do provisioning via FTP so http prov attacks are an annoyance only.
17:16.58*** join/#asterisk salviadud (~ralfalfa@187-162-213-198.static.axtel.net)
17:21.37*** join/#asterisk Penguin (~xwQ5kwYl6@the.penguins.got.out.of.the.systems.at.penguinsystems.net)
17:26.36*** join/#asterisk joepublic (~joepublic@fsf/member/joepublic)
17:30.55*** join/#asterisk SirNueromancer (~textual@2600:1700:e43:8820:3c7c:d4e4:20d3:95f8)
17:36.58*** join/#asterisk joepublic (~Joseph@fsf/member/joepublic)
17:38.38*** join/#asterisk miralin1 (~Thunderbi@178.34.160.8)
17:51.14*** join/#asterisk spatel (~spatel@110.224.208.226)
18:04.09*** join/#asterisk Janos (~Janos@201.204.94.76)
18:09.53*** join/#asterisk NotHere (~steve@ipa95.9.tellas.gr)
18:15.52*** join/#asterisk netman (~netman@185.94.249.222)
18:30.16*** join/#asterisk pa (~pa@unaffiliated/pa)
18:55.21*** join/#asterisk Janos (~Janos@201.204.94.76)
19:26.20*** join/#asterisk miralin1 (~Thunderbi@host-46-45-217-207.stavropol.ru)
19:41.54*** join/#asterisk miralin (~Thunderbi@host-46-45-217-207.stavropol.ru)
19:45.53*** join/#asterisk adpaolucci (~adpaolucc@devnullhost.com)
19:49.52*** join/#asterisk miralin (~Thunderbi@178.34.160.8)
19:50.17*** join/#asterisk alexandre9099 (~alexandre@unaffiliated/alexandre9099)
19:53.37igcewielingDoes Intel no longer make network reference cards?  Looks to me they only do chipsets now.
19:55.01igcewielingreference network cards.  Like they do with motherboard chipets.   I can buy an intel branded board with Intel chipset XXXYYY or I can buy some other company motherboard which uses the that chipset.
19:55.39*** join/#asterisk hfb (~hfb@47.139.16.213)
20:07.14*** join/#asterisk miralin (~Thunderbi@195.209.246.194)
20:28.07*** join/#asterisk hfb (~hfb@47.139.16.213)
20:29.35drmessanoigcewieling: https://www.intel.com/content/www/us/en/products/network-io/ethernet/gigabit-adapters.html
20:31.20drmessanoGig-E adapters are basically obsolete now, so most of them are current but legacy
20:44.11joepublicif 10gb adapters were not priced as if made out of solid gold, gigabit adapters would be obsolete.
20:54.38drmessanoEh wat?
20:55.48drmessano$100 for a generic 10Gbe adapter
20:57.22drmessanoMost motherboards have 1GBe onboard, so 10GBe adapters are addons.  Only reason cheap 1GBe adapters even exist on the market is addons or replacements
20:57.55*** join/#asterisk miralin (~Thunderbi@host-46-45-217-207.stavropol.ru)
20:58.58drmessanoBut priced like they are mode of solid gold?  Never seen that
20:59.55file10G would actually be useful for me in a way, but I still shrug
21:01.57drmessanoYou can just about implement a 10GBe fiber link for a couple hundred bucks
21:02.30igcewielingI need to match the hardware in a failover server.
21:03.38drmessanoand?
21:04.20igcewielingotherwise I might consider something faster
21:04.42drmessanoSo why can't you find it?
21:05.12igcewielingI was searching on the chipset I needed and was getting only intel chip docs and non-intel cards.
21:05.33igcewielingor ones which claimed to be intel, but didn't look like they were.
21:06.05igcewielingIf I'd searched for something more generic I suspect I'd have found the cards without the link you kindly provided.
21:06.05drmessanoEhhh.. "didn't look like they were"... If you mean bulk packaging, welcome to 2019
21:06.19drmessanoI haven't seen intel cards in retail packaging in years.. brown box or plastic
21:06.44igcewielingI mean like I could not find the word "intel" anywhere on the pcboard in the pics.
21:07.26drmessano*shrug* what chipset is it?
21:11.51igcewieling82576  I found what I was looking for.
21:14.50drmessanoYeah that's a common one
21:16.12drmessanoHowever, it's out of date, hence the trouble finding it
21:16.20drmessanoI was using those a decade ago
21:16.49igcewieling*nod*  Plenty of non-intel branded cards using the chipset though.
21:17.14drmessanoRight, because Intel doesn't make them anymore, I guess
21:17.38drmessanoSo it's not that they got out of the game, you're looking for an old card
21:23.43*** join/#asterisk cyclaw (~gentoorax@gateway/tor-sasl/gentoorax)
22:14.53*** join/#asterisk jetlag (~jetlag@c-71-226-222-56.hsd1.nj.comcast.net)
22:42.22*** join/#asterisk pchero (~pchero@2a02:a210:2241:6480:6878:6441:1803:9010)
22:46.53*** join/#asterisk AsteriskRoss (~AsteriskR@r01.nt-r1.nor.gb.voicehost.co.uk)
23:04.41joepublicAm i correct in assuming that an old-ish machine with a core 2 duo and 4gb ram will do nicely for low pbx call volume (12-ish extensions, 3-ish simultaneous calls)?
23:07.09*** join/#asterisk mbecroft (mb@ak2.becroft.co.nz)
23:10.38Samotyes
23:11.25joepublicthank you.
23:12.34joepublicnother clueless question, do sip to sip pass through the server or connect peer to peer?
23:12.52joepublicthe word "calls" was supposed to be in there; please mentally insert it
23:24.13electronic_eeljoepublic: sip usually passes through the server
23:24.27electronic_eelbut sip is just the control channel, not the actual voice data
23:24.44electronic_eelvoice is usually rtp
23:25.22electronic_eelrtp can pass throught the server (direct media option off) or connect peer to peer (direct media option on=
23:25.24electronic_eel)
23:26.44*** join/#asterisk Heart_And_Chops (~Heart_And@S0106cc2de0099182.no.shawcable.net)
23:26.46drmessanodirect rtp almost never works if the peer is behind a firewall
23:26.52drmessanoSo don't even think about it
23:27.51electronic_eelhis 12-ish extensions could do direct rtp for internal calls if they are within the same local net
23:28.21electronic_eelbut running it through the server doesn't really add a lot of load
23:30.18drmessanoI've never seen a need to run direct rtp in-house.
23:30.56drmessanoIf I have ever seen it implemented, it's putting endpoints and proxies together so one proxy isn't handling all the audio
23:31.50*** join/#asterisk hfb (~hfb@47.139.16.213)
23:33.11electronic_eelI haven't had any problems with setting direct_media=off and letting asterisk handle all the audio
23:46.10*** join/#asterisk [TK]D-Fender (~joe@64.235.216.2)

Generated by irclog2html.pl Modified by Tim Riker to work with infobot.