Re: [asterisk-users] [unixODBC][MySQL][ODBC 8.0(a) Driver]Access denied for user
Hi Sir, Thanks for your reply. That issue has been fixed now. But after that I am having the below issue: Endpoints are unavailable: command: $ sudo asterisk -r *CLI> pjsip show endpoints Output: Endpoint: I/OAuth: Aor: Contact: Transport: Identify: Match: Channel: Exten: CLCID: == Endpoint: f30A0A01 Unavailable 0 of inf InAuth: f30A0A01/f30A0A01 Aor: f30A0A01 1 Transport: transport-udp udp 0 0 0.0.0.0:5060 Endpoint: f30B0B02 Unavailable 0 of inf InAuth: f30B0B02/f30B0B02 Aor: f30B0B02 1 Transport: transport-udp udp 0 0 0.0.0.0:5060 Objects found: 2 localhost*CLI> I already have posted a separate mail thread for the issue. Since I haven't received any reply for more than 12 Hours. I am sharing the same here also. With Hope, Prabhakaran On Thu, 5 Nov 2020, 22:13 Antony Stone, < antony.st...@asterisk.open.source.it> wrote: > On Thursday 05 November 2020 at 16:10:22, Prabhakaran Karuppaih wrote: > > > Hi Sir, > >You are right. The password present in the following file is > > wrong: > > /etc/asterisk/res_odbc.conf > > But right now that file is read only. How to make changes in it... > Please > > reply.. > > chmod +w /etc/asterisk/res_odbc.conf > > Antony. > > -- > How many Prolog programmers does it take to change a lightbulb? > No. > >Please reply to the > list; > please *don't* CC > me. > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] AST-2020-002: Outbound INVITE loop on challenge with different nonce.
Asterisk Project Security Advisory â AST-2020-002 ProductAsterisk SummaryOutbound INVITE loop on challenge with different nonce. Nature of Advisory Denial of Service SusceptibilityRemote Authenticated Sessions Severity Minor Exploits KnownYes Reported On July 28, 2020 Reported By Sebastian Damm, Ruslan Lazin Posted On November 5, 2020 Last Updated OnNovember 5, 2020 Advisory Contact bford AT sangoma DOT com CVE Name Description If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. Modules Affected res_pjsip Resolution In the fixed versions of Asterisk, a counter has been added that will automatically stop sending INVITEs after reaching the limit. Affected Versions Product Release Series Asterisk Open Source 13.xAll versions Asterisk Open Source 16.xAll versions Asterisk Open Source 17.xAll versions Asterisk Open Source 18.xAll versions Certified Asterisk 16.8All versions Corrected In Product Release Asterisk Open Source 13.37.1 Asterisk Open Source 16.14.1 Asterisk Open Source17.8.1 Asterisk Open Source18.0.1 Certified Asterisk 16.8-cert5 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2020-002-13.diff Asterisk 13 http://downloads.asterisk.org/pub/security/AST-2020-002-16.diff Asterisk 16 http://downloads.asterisk.org/pub/security/AST-2020-002-17.difAsterisk 17 http://downloads.asterisk.org/pub/security/AST-2020-002-18.difAsterisk 18 http://downloads.asterisk.org/pub/security/AST-2020-002-16.8.diff Certified Asterisk 16.8-cert5 Links https://issues.asterisk.org/jira/browse/ASTERISK-29013 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2020-002.pdf and http://downloads.digium.com/pub/security/AST-2020-002.html Revision History Date EditorRevisions Made November 5, 2020 Ben Ford Initial
[asterisk-users] AST-2020-001: Remote crash in res_pjsip_session
Asterisk Project Security Advisory - AST-2020-001 Product Asterisk Summary Remote crash in res_pjsip_session Nature of Advisory Denial of service Susceptibility Remote authenticated sessions SeverityModerate Exploits Known No Reported On August 31, 2020 Reported By Sandro Gauci Posted OnNovember 5, 2020 Last Updated On November 4, 2020 Advisory Contactkharwell AT sangoma DOT com CVE Name Description Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a âgapâ between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this âgapâ. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread. Note, however that this crash can only occur when using a connection oriented protocol (e.g. TCP, TLS) for the SIP transport. If you are using UDP then your system should not be affected. As well, the remote client must be authenticated, or Asterisk must be configured for anonymous calling in order for this problem to manifest. Modules Affected res_pjsip.c, res_pjsip_session.c, res_pjsip_pubsub.c Resolution Asterisk now returns the newly created dialog object both locked, and with its reference count increased. The lock, and added reference are then held until such a time it is safe to release both the lock, and decrement the reference count. Affected Versions Product Release Series Asterisk Open Source 13.x All releases Asterisk Open Source 16.x All releases Asterisk Open Source 17.x All releases Asterisk Open Source 18.x All releases Certified Asterisk 16.8 All releases Corrected In Product Release Asterisk Open Source 13.37.1, 16.14.1, 17.8.1, 18.0.1 Certified Asterisk 16.8-cert5 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2020-001-13.diff Asterisk 13 http://downloads.asterisk.org/pub/security/AST-2020-001-16.diff Asterisk 16 http://downloads.asterisk.org/pub/security/AST-2020-001-17.diff Asterisk 17 http://downloads.asterisk.org/pub/security/AST-2020-001-18.diff Asterisk 18 http://downloads.asterisk.org/pub/security/AST-2020-001-16.8.diff Certified Asterisk 16.8-cert5 Links https://issues.asterisk.org/jira/browse/ASTERISK-29057 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security
[asterisk-users] Asterisk 13.37.1, 16.14.1, 17.8.1, 18.0.1 and 16.8-cert5 Now Available (Security)
The Asterisk Development Team would like to announce security releases for Asterisk 13, 16, 17 and 18, and Certified Asterisk 16.8. The available releases are released as versions 13.37.1, 16.14.1, 17.8.1, 18.0.1 and 16.8-cert5. These releases are available for immediate download at https://downloads.asterisk.org/pub/telephony/asterisk/releases https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases The following security vulnerabilities were resolved in these versions: * AST-2020-001: Remote crash in res_pjsip_session Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. * AST-2020-002: Outbound INVITE loop on challenge with different nonce. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. For a full list of changes in the current releases, please see the ChangeLogs: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.37.1 https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-16.14.1 https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-17.8.1 https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.0.1 https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-16.8-cert5 The security advisories are available at: https://downloads.asterisk.org/pub/security/AST-2020-001.pdf https://downloads.asterisk.org/pub/security/AST-2020-002.pdf Thank you for your continued support of Asterisk!-- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [unixODBC][MySQL][ODBC 8.0(a) Driver]Access denied for user
On Thursday 05 November 2020 at 16:10:22, Prabhakaran Karuppaih wrote: > Hi Sir, >You are right. The password present in the following file is > wrong: > /etc/asterisk/res_odbc.conf > But right now that file is read only. How to make changes in it... Please > reply.. chmod +w /etc/asterisk/res_odbc.conf Antony. -- How many Prolog programmers does it take to change a lightbulb? No. Please reply to the list; please *don't* CC me. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Endpoints Unavailable - reg
command: $ sudo asterisk -r *CLI> pjsip show endpoints Output: Endpoint: I/OAuth: Aor: Contact: Transport: Identify: Match: Channel: Exten: CLCID: == Endpoint: f30A0A01 Unavailable 0 of inf InAuth: f30A0A01/f30A0A01 Aor: f30A0A01 1 Transport: transport-udp udp 0 0 0.0.0.0:5060 Endpoint: f30B0B02 Unavailable 0 of inf InAuth: f30B0B02/f30B0B02 Aor: f30B0B02 1 Transport: transport-udp udp 0 0 0.0.0.0:5060 Objects found: 2 localhost*CLI> -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [unixODBC][MySQL][ODBC 8.0(a) Driver]Access denied for user
Hi Sir, You are right. The password present in the following file is wrong: /etc/asterisk/res_odbc.conf But right now that file is read only. How to make changes in it... Please reply.. With Hope, Prabhakaran On Thu, 5 Nov 2020 at 20:12, Antony Stone < antony.st...@asterisk.open.source.it> wrote: > On Thursday 05 November 2020 at 15:35:51, Prabhakaran Karuppaih wrote: > > > [Nov 4 20:35:46] WARNING[2037]: res_odbc.c:1067 odbc_obj_connect: > > res_odbc: Error SQLConnect=-1 errno=1045 [unixODBC][MySQL][ODBC 8.0(a) > > Driver]Access denied for user 'asterisk'@'localhost' (using password: > > Check that the user 'asterisk' is allowed to connect to MySQL from > 'localhost' > using the password you have (hopefully) defined in /etc/odbc.ini and > /etc/asterisk/res_odbc.conf > > > Antony. > > -- > Don't procrastinate - put it off until tomorrow. > >Please reply to the > list; > please *don't* CC > me. > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: > https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] [unixODBC][MySQL][ODBC 8.0(a) Driver]Access denied for user
On Thursday 05 November 2020 at 15:35:51, Prabhakaran Karuppaih wrote: > [Nov 4 20:35:46] WARNING[2037]: res_odbc.c:1067 odbc_obj_connect: > res_odbc: Error SQLConnect=-1 errno=1045 [unixODBC][MySQL][ODBC 8.0(a) > Driver]Access denied for user 'asterisk'@'localhost' (using password: Check that the user 'asterisk' is allowed to connect to MySQL from 'localhost' using the password you have (hopefully) defined in /etc/odbc.ini and /etc/asterisk/res_odbc.conf Antony. -- Don't procrastinate - put it off until tomorrow. Please reply to the list; please *don't* CC me. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] [unixODBC][MySQL][ODBC 8.0(a) Driver]Access denied for user
Command: sudo asterisk -r Output: Running as user 'asterisk' Running under group 'asterisk' Connected to Asterisk 16.14.0 currently running on localhost (pid = 1925) [Nov 4 20:35:46] WARNING[2037]: res_odbc.c:1067 odbc_obj_connect: res_odbc: Error SQLConnect=-1 errno=1045 [unixODBC][MySQL][ODBC 8.0(a) Driver]Access denied for user 'asterisk'@'localhost' (using password: How to fix this? Please Help. Thanks. With Hope, Prabhakaran P.S: Work at Stake Because of this Error :frowning_face: -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Multiple IP addresses and using same IP for outbound calls as inbound
Thanks for the suggestions. We'd prefer not to complicate the architecture with additional proxies in front, so will try setting the Linux network routes to see if that helps. On Fri, 30 Oct 2020 at 16:24, John Runyon wrote: > David, can you play around with the routing table and get the OS to handle > it for you? So long as asterisk isn’t calling bind() (or is calling with > 0.0.0.0) I would imagine adding a route for the peer, with your normal > gateway, and the correct device would work. > > On Thu, Oct 29, 2020 at 10:04 PM David Cunningham < > dcunning...@voisonics.com> wrote: > >> Hi Dovid, >> >> We can change the SDP in Kamailio, but Asterisk will still send its RTP >> from its default address. The remote end is strict about accepting RTP from >> the specified source and won't accept it. Have you any suggestions to solve >> that problem? >> >> Thank you. >> >> >> On Fri, 30 Oct 2020 at 14:49, Dovid Bender wrote: >> >>> Why not use OpenSips/Kamailoo in between? Where you want 1.1.1.1 you >>> pass it along as is. Where you want 2.2.2.2 change the sdp in >>> opensips/kamailio >>> >>> On Thu, Oct 29, 2020 at 20:44 David Cunningham < >>> dcunning...@voisonics.com> wrote: >>> Hello, Does anyone know a way with chan_sip to tell Asterisk to use a specific IP address for its end of the communication for a specific device? Something like: [device] type = friend host = 11.22.11.22 ouraddress = 33.44.33.44 This is for use on a server with multiple IP addresses. There is the "extenip" setting, but it's really designed for NAT, and can only appear in the [general] section. Any suggestions would be greatly appreciated. On Sat, 24 Oct 2020 at 09:43, David Cunningham < dcunning...@voisonics.com> wrote: > OK, thank you George. > > > On Sat, 24 Oct 2020 at 03:16, George Joseph > wrote: > >> >> >> On Thu, Oct 22, 2020 at 4:13 PM David Cunningham < >> dcunning...@voisonics.com> wrote: >> >>> Hi George, >>> >>> Thank you for the response. I'm a little unclear on what you mean by >>> a transport. We're using chan_sip, not pjsip. >>> >>> Do you mean a device in sip.conf, using bindaddr to set the address >>> to bind for that device? We've only used bindaddr in the [general] >>> section >>> before, but if it will work in a device that could be the answer. >>> >> >> Sorry. I just assume chan_pjsip these days. Not sure how you'd do >> it for chan_sip. >> >> >> >>> >>> >>> On Fri, 23 Oct 2020 at 00:13, George Joseph >>> wrote: >>> On Wed, Oct 21, 2020 at 9:16 PM David Cunningham < dcunning...@voisonics.com> wrote: > Hello, > > We have an Asterisk server with two public IP addresses, let's say > 1.1.1.1 and 2.2.2.2. Normally calls come in to 1.1.1.1 and are > bridged with > a call dialled from Asterisk to an external destination. The external > destination sees the SIP packet as coming from 1.1.1.1 and the media > address in the SDP is 1.1.1.1, which is great. > > However if we receive a call in to 2.2.2.2 then the call dialled > from Asterisk to an external destination still comes from 1.1.1.1, > whereas > we want it to come from 2.2.2.2. The source of any dialled call (the > IP > packet and the SDP media address) should be the same as the address > the > related inbound call was received to. > > For example: > INVITE received to 1.1.1.1:5060 -> Asterisk dials > destinat...@termination.com -> INVITE sent from 1.1.1.1:5060 to > termination.com > INVITE received to 2.2.2.2:5060 -> Asterisk dials > destinat...@pstn.com -> INVITE sent from 2.2.2.2:5060 to pstn.com > > Does anyone know how this can be achieved? > If termination.com is only on 1.1.1.1 and pstn.com is only on 2.2.2.2, create 2 transports, one specifically bound to 1.1.1.1, transport-1.1.1.1 for instance, and another to 2.2.2.2: transport-2.2.2.2. The names aren't important as long as you can tell the difference. Then explicitly configure endpoint termination.com's "transport" parameter to "transport-1.1.1.1" and pstn.com's "transport" parameter to "transport-2.2.2.2". In your dialplan, you can see which endpoint the call came in on, and route it out the same endpoint. If both providers are available from both interfaces, you can create 2 endpoint for each provider: termination.com-1.1.1.1, pstn.com-1.1.1.1, termination.com-2.2.2.2 and pstn.com-2.2.2.2; Then configure each with the same transports as above.
