Re: [Astlinux-users] AstLinux VM under UnRaid
Great! Thanks for the note. Lonnie > On Jun 10, 2024, at 7:56 PM, Ionel Chila via Astlinux-users > wrote: > > That was easy. Looks like it worked perfect under UnRaid VM. I will ne to > document and take some screenshots for future installations. I need to now > configure and do some testing. Will keep you updated. > > > > > > >> On Jun 10, 2024, at 6:52 PM, Lonnie Abelbeck >> wrote: >> >> /mnt/kd/rc.conf.d/user.conf > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] AstLinux VM under UnRaid
Hi Ionel, Do you use still use DAHDI PCI hardware? If so, that is a problem as the AstLinux VM ISO does not include the DAHDI PCI firmware files. If you are still using DAHDI PCI hardware I would keep your dedicated hardware. On the other hand, if your setup is VoIP-only, I have not used UnRaid, but it seems to use KVM/QEMU, so in theory it should work. Just like Proxmox, you may want to enable the QEMU Guest Agent: -- /mnt/kd/rc.conf.d/user.conf QEMU_GUEST_AGENT="yes" -- It should be easy to give it a try using UnRaid with the AstLinux VM ISO. Lonnie > On Jun 10, 2024, at 6:20 PM, Ionel Chila via Astlinux-users > wrote: > > I am running two UnRaid NAS and they have a very rich ecosystems as far as > dockers and VM goes. I was wondering if anyone managed to install and run an > AstLinux VM under UnRaid? I would love to retire my home-pbx dedicated > hardware and run this VM in my existing UnRaid setup. > > Thanks for your advise. > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] Announcing AstLinux Release: 1.5.4
Announcing AstLinux Release: 1.5.4 More Info: AstLinux Project https://www.astlinux-project.org/ AstLinux 1.5.4 Highlights: * Asterisk Versions: 16.30.0, 18.22.0, 20.7.0 * Linux Kernel 5.10.216, security and bug fixes * RUNNIX, version bump to runnix-0.6.18 * atlantic, enable the Marvell (Aquantia) 10-Gigabit Ethernet Network Driver (Aquantia AQC107/AQC113/etc. support) * r8125, version 9.013.02, Realtek RTL8125 2.5-Gigabit Ethernet Network Driver * libcurl (curl) version bump to 8.7.1, security fixes: CVE-2024-0853, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466 * expat, version bump to 2.6.2, security fixes: CVE-2023-52425, CVE-2023-52426, CVE-2024-28757 * libxml2, version bump to 2.11.8, security fixes: CVE-2024-25062, CVE-2024-34459 * php, version 7.2.34, add security fixes: CVE-2024-2756, CVE-2024-3096 * sngrep, version bump to 1.8.1, security fix: CVE-2024-3120 * tinyproxy, version bump to 1.11.2, security fix: CVE-2023-49606 * unbound, version bump to 1.19.3, security fixes: CVE-2023-50387, CVE-2023-50868, CVE-2024-1931 * fping, version bump to 5.2 * htop, version bump to 3.3.0 * msmtp, version bump to 1.8.26 * sqlite, version bump to 3.45.3 * stunnel, version bump to 5.72 * vnStat, version bump to 2.12 * ca-certificates, update trusted root certificates 2024-03-11 * mac2vendor, oui.txt database snapshot 2024-05-22 * Asterisk '16se' (stable edition) version 16.30.0 is the last Asterisk 16.x "Legacy" version, built --without-pjproject and --without-dahdi * Package upgrades providing important security and bug fixes Full ChangeLog: https://raw.githubusercontent.com/astlinux-project/astlinux/1.5.4/docs/ChangeLog.txt All users are encouraged to upgrade, read the ChangeLog for the details. AstLinux Team ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Announcing AstLinux Release: 1.5.2
Hi Peter, What you need to do is first perform a "System tab -> "Revert to Previous" Then (no need to reboot) perform an "Upgrade with New". This will use your changed repository URL, and since the previous version is different from the latest it will allow the upgrade. Lonnie > On Mar 22, 2024, at 7:10 AM, Dr. Peter Voigt wrote: > > Well, I have some time left and would like to upgrade to ast18. > > I am currently on 1.5.3 of ast16se. I've just changed the repository URL > from https://mirror.astlinux-project.org/ast16se-firmware-1.x > to https://mirror.astlinux-project.org/ast18-firmware-1.x > and checked for new firmware (System -> System Firmware Upgrade:). > However: "You are running the newest available version: astlinux-1.5.3". > > Can I upgrade the Asterisk version only, if there is also a new AstLinux > release > available or what else might be wrong? > > Peter > > > On Fri, 2023-11-17 at 15:03 -0600, Lonnie Abelbeck wrote: >> +1 what Michael said ... my thoughts. >> >> Given, currently using ast16: >> >> 1) If currently using chan_pjsip, migrate to ast18. >> >> 2) If currently using dahdi (ex. pcie telephony card), migrate to ast18. >> >> 3) Else next step, change the "ast16" to "ast16se", ex. >> -- >> Prefs -> System & Staff Tab Options: Repository URL: >> https://mirror.astlinux-project.org/ast16se-firmware-1.x >> -- >> This should be quick and painless and will give you the latest security fixes >> in the packages with 1.5.2. >> >> 3a) Consider migrating to "ast18" when you have time to research the >> differences and testing. >> >> >> Additionally, it is recommended any "ast13se" systems be migrated to at least >> "ast16se". Relatively painless, but still requires some research and testing >> as with any version change of Asterisk. >> >> >> Lonnie >> >> >> >>> On Nov 17, 2023, at 12:21 PM, Dr. Peter Voigt wrote: >>> >>> Hi Michael, >>> >>> thanks for feedback. I will try the upgrade to ast18 as soon as I've some >>> time >>> left necessary to deal with obviously arising error messages and required >>> configuration changes. May be I'll have to contact the list again, if >>> something >>> goes wrong. >>> >>> >>> On Fri, 2023-11-17 at 19:06 +0100, Michael Keuter wrote: >>>> Hi Peter, >>>> >>>> it is just a matter of changing the repository URL (you must run a lower >>>> version). >>>> >>>> I would suggest you choose ast18 cause Asterisk is EOL now. >>>> 20 is not well tested yet, it runs fine for me though. >>>> There was much changed between 16 and 18 (a few missing new config files >>>> => >>>> error messages.) >>>> The originals are in "/stat/etc/asterisk/". >>>> >>>>> Am 17.11.2023 um 18:21 schrieb Dr. Peter Voigt : >>>>> >>>>> I am currently on the ast16 branch and ask myself, if I should switch to >>>>> ast16se >>>>> or to one of the higher version branches ast18/ast20. >>>>> >>>>> And another question: Is upgrading just a matter of changing the >>>>> repository >>>>> URL >>>>> according to >>>>> https://doc.astlinux-project.org/userdoc:tt_asterisk_upgrade_version >>>>> or will I have to adapt or re-create my Asterisk configuration? >>>>> >>>>> Regards, >>>>> Peter >>>>> >>>>> >>>>> On Thu, 2023-11-16 at 07:33 -0600, Lonnie Abelbeck wrote: >>>>>> Announcing AstLinux Release: 1.5.2 >>>>>> >>>>>> More Info: AstLinux Project >>>>>> https://www.astlinux-project.org/ >>>>>> >>>>>> Changes to supported firmware builds: >>>>>> * Previous 'ast13se' and 'ast16' firmware branches are no longer >>>>>> updated. >>>>>> * New 'ast16se' firmware branch, Asterisk 16.x built --without- >>>>>> pjproject >>>>>> and - >>>>>> -without-dahdi >>>>>> * Previous 'ast18' firmware branch, Asterisk 18.x built --with- >>>>>> pjproject >>>>>> and - >>>>>> -with-dahdi >>>>>> * New 'ast20' firmware branch, Asteris
Re: [Astlinux-users] Ubiquiti Unifi
Hi Michael, Unifi access points and switches have played well with others over the years. Unifi routing products, while based on linux, never had a good track record of interoperability, particularly with VPNs. It would seem straightforward for Unifi to support sourcing manual Wireguard configs in addition to the pretty GUI Wireguard configs ... maybe someday. Personally, I would not even try to get AstLinux Strongswan to work with Unifi's IPsec. Lonnie > On Mar 7, 2024, at 12:17 AM, Michael Knill > wrote: > > Noone > > Regards > Michael Knill > From: Michael Knill > Sent: Friday, 23 February 2024 2:50 PM > To: AstLinux List (astlinux-users@lists.sourceforge.net) > > Subject: [Astlinux-users] Ubiquiti Unifi > > Im kicking and screaming all the way, but I will probably be moving to the > Ubiquiti Unifi ecosystem (we already use their WAP’s). > As part of this, I will be implementing some of their gateways (routers) > which I really need to connect via VPN to Astlinux in the cloud. > They now support Wireguard but only as a client or server and not as a site > to site VPN which they support Open VPN and IPsec only. In the Wireguard > client configuration they emulate a mobile client so all traffic is from the > gateway address (NAT). > > So just wondering if Im going to be able to get this working with OpenVPN as > per below: > > > > Looks like it only support Pre-Shared Key and not certificates? > > Could probably use Strongswan with IPsec but would rather not unless someone > has got this working or something similar. > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Asterisk appeared to crash after ACME deploy
> I recall having a case where acme.sh generated two certs and the deploy > script was called for the second cert, but asterisk was not done starting up > and something similar happened. To be more clear, "asterisk was not done starting up" from deploying the first certificate and then tried to deploy again for the second certificate. Lonnie > On Feb 22, 2024, at 3:37 PM, Lonnie Abelbeck > wrote: > > Hi Michael, > > I had my Jetway NF9HG-2930 die a year or so ago, I know Michael Keuter had a > couple NF9HG-2930s die. Though in my case it would not power up anymore. > > This case does seem to be different. > > Hmmm, is your ACME only a single domain (cert)? > > I recall having a case where acme.sh generated two certs and the deploy > script was called for the second cert, but asterisk was not done starting up > and something similar happened. > > Lonnie > > > > > >> On Feb 22, 2024, at 2:39 PM, Michael Knill >> wrote: >> >> Running version 1.5.0 on Jetway NF9HG-2930. >> >> --- >> Feb 22 23:00:42 30390_Ortho-ACT_CM1 daemon.err lighttpd[30995]: >> (server.c.2029) server stopped by UID = 0 PID = 7065 >> Feb 22 23:00:43 30390_Ortho-ACT_CM1 daemon.err lighttpd[7087]: >> (server.c.1436) server started (lighttpd/1.4.51) >> Feb 22 23:00:43 30390_Ortho-ACT_CM1 user.notice acme-client: New ACME >> certificates deployed for HTTPS and 'lighttpd' restarted >> Feb 22 23:00:44 30390_Ortho-ACT_CM1 user.notice acme-client: New ACME >> certificates deployed for SIP-TLS and 'asterisk' restart when convenient >> requested >> Feb 22 23:00:44 30390_Ortho-ACT_CM1 local0.err asterisk[31159]: >> ERROR[31178]: astobj2_container.c:492 in ao2_iterator_init: FRACK!, Failed >> assertion user_data is NULL (0) >> Feb 22 23:00:44 30390_Ortho-ACT_CM1 local0.err asterisk[31159]: >> ERROR[31178]: :0 in : Got 11 backtrace records # 0: >> /usr/sbin/asterisk(__ao2_ref+0x5de) [0x46213e] # 1: >> /usr/sbin/asterisk(ao2_iterator_init+0x2f) [0x464a1f] # 2: >> /usr/lib/asterisk/modules/app_queue.so(+0xef4d) [0x14f159681f4d] # 3: >> /usr/sbin/asterisk() [0x51849e] # 4: /usr/sbin/asterisk() [0x5206a4] # 5: >> /usr/sbin/asterisk() [0x573c60] # 6: >> /usr/sbin/asterisk(ast_taskprocessor_execute+0x16f) [0x591f0f] # 7: >> /usr/sbin/asterisk() [0x591fb0] # 8: /usr/sbin/asterisk() [0x >> Feb 22 23:00:44 30390_Ortho-ACT_CM1 local0.err asterisk[31159]: >> ERROR[31178]: app_queue.c:2823 in extension_state_cb: FRACK!, Failed >> assertion user_data is NULL (0) >> Feb 22 23:00:44 30390_Ortho-ACT_CM1 local0.err asterisk[31159]: >> ERROR[31178]: :0 in : Got 11 backtrace records # 0: /usr/sbin/asterisk() >> [0x461502] # 1: /usr/sbin/asterisk(__ao2_iterator_next+0x1d8) [0x464e28] # >> 2: /usr/lib/asterisk/modules/app_queue.so(+0xef9c) [0x14f159681f9c] # 3: >> /usr/sbin/asterisk() [0x51849e] # 4: /usr/sbin/asterisk() [0x5206a4] # 5: >> /usr/sbin/asterisk() [0x573c60] # 6: >> /usr/sbin/asterisk(ast_taskprocessor_execute+0x16f) [0x591f0f] # 7: >> /usr/sbin/asterisk() [0x591fb0] # 8: /usr/sbin/asterisk() [0x5a0c5a] # 9: >> >> ……. more of the same ……... >> >> Feb 22 23:00:44 30390_Ortho-ACT_CM1 user.info kernel: asterisk[31178]: >> segfault at 58 ip 004f4da0 sp 14f15a55ba58 error 4 in >> asterisk[43d000+1d6000] >> Feb 22 23:00:44 30390_Ortho-ACT_CM1 user.info kernel: Code: c0 74 1f 85 f6 >> 74 1b 89 f2 48 39 d0 72 14 48 8b 47 68 48 63 f6 48 8b 44 f0 f8 c3 0f 1f 80 >> 00 00 00 00 31 c0 c3 0f 1f 44 00 00 <48> 8b 47 58 c3 66 66 2e 0f 1f 84 00 00 >> 00 00 00 49 89 f9 41 b8 af >> Feb 22 23:00:45 30390_Ortho-ACT_CM1 user.info safe_asterisk: Asterisk exited >> on signal 11. >> Feb 22 23:00:45 30390_Ortho-ACT_CM1 user.info safe_asterisk: Automatically >> restarting Asterisk. >> Feb 22 23:00:46 30390_Ortho-ACT_CM1 user.notice acme-client: New ACME >> certificates deployed for XMPP and 'prosody' restarted >> --- >> >> Im thinking of putting this one in the cloud as this box has been there for >> a while, but wondering if this is a bug or something else? I cant recall >> seeing it before. >> >> Thanks >> Michael Knill >> >> >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Asterisk appeared to crash after ACME deploy
A 60 second delay should do it, but I would question why you need two certs. In my case I was testing something and switched to using only one cert. Lonnie > On Feb 22, 2024, at 3:41 PM, Michael Knill > wrote: > > Ah interesting I do have two certs. Should I add a delay before the second > deploy script? > > Regards > Michael Knill > > > From: Lonnie Abelbeck > Date: Friday, 23 February 2024 at 8:38 am > To: AstLinux Users Mailing List > Subject: Re: [Astlinux-users] Asterisk appeared to crash after ACME deploy > > Hi Michael, > > I had my Jetway NF9HG-2930 die a year or so ago, I know Michael Keuter had a > couple NF9HG-2930s die. Though in my case it would not power up anymore. > > This case does seem to be different. > > Hmmm, is your ACME only a single domain (cert)? > > I recall having a case where acme.sh generated two certs and the deploy > script was called for the second cert, but asterisk was not done starting up > and something similar happened. > > Lonnie > > > > > > > On Feb 22, 2024, at 2:39 PM, Michael Knill > > wrote: > > > > Running version 1.5.0 on Jetway NF9HG-2930. > > > > --- > > Feb 22 23:00:42 30390_Ortho-ACT_CM1 daemon.err lighttpd[30995]: > > (server.c.2029) server stopped by UID = 0 PID = 7065 > > Feb 22 23:00:43 30390_Ortho-ACT_CM1 daemon.err lighttpd[7087]: > > (server.c.1436) server started (lighttpd/1.4.51) > > Feb 22 23:00:43 30390_Ortho-ACT_CM1 user.notice acme-client: New ACME > > certificates deployed for HTTPS and 'lighttpd' restarted > > Feb 22 23:00:44 30390_Ortho-ACT_CM1 user.notice acme-client: New ACME > > certificates deployed for SIP-TLS and 'asterisk' restart when convenient > > requested > > Feb 22 23:00:44 30390_Ortho-ACT_CM1 local0.err asterisk[31159]: > > ERROR[31178]: astobj2_container.c:492 in ao2_iterator_init: FRACK!, Failed > > assertion user_data is NULL (0) > > Feb 22 23:00:44 30390_Ortho-ACT_CM1 local0.err asterisk[31159]: > > ERROR[31178]: :0 in : Got 11 backtrace records # 0: > > /usr/sbin/asterisk(__ao2_ref+0x5de) [0x46213e] # 1: > > /usr/sbin/asterisk(ao2_iterator_init+0x2f) [0x464a1f] # 2: > > /usr/lib/asterisk/modules/app_queue.so(+0xef4d) [0x14f159681f4d] # 3: > > /usr/sbin/asterisk() [0x51849e] # 4: /usr/sbin/asterisk() [0x5206a4] # 5: > > /usr/sbin/asterisk() [0x573c60] # 6: > > /usr/sbin/asterisk(ast_taskprocessor_execute+0x16f) [0x591f0f] # 7: > > /usr/sbin/asterisk() [0x591fb0] # 8: /usr/sbin/asterisk() [0x > > Feb 22 23:00:44 30390_Ortho-ACT_CM1 local0.err asterisk[31159]: > > ERROR[31178]: app_queue.c:2823 in extension_state_cb: FRACK!, Failed > > assertion user_data is NULL (0) > > Feb 22 23:00:44 30390_Ortho-ACT_CM1 local0.err asterisk[31159]: > > ERROR[31178]: :0 in : Got 11 backtrace records # 0: /usr/sbin/asterisk() > > [0x461502] # 1: /usr/sbin/asterisk(__ao2_iterator_next+0x1d8) [0x464e28] # > > 2: /usr/lib/asterisk/modules/app_queue.so(+0xef9c) [0x14f159681f9c] # 3: > > /usr/sbin/asterisk() [0x51849e] # 4: /usr/sbin/asterisk() [0x5206a4] # 5: > > /usr/sbin/asterisk() [0x573c60] # 6: > > /usr/sbin/asterisk(ast_taskprocessor_execute+0x16f) [0x591f0f] # 7: > > /usr/sbin/asterisk() [0x591fb0] # 8: /usr/sbin/asterisk() [0x5a0c5a] # 9: > > > > ……. more of the same ……... > > > > Feb 22 23:00:44 30390_Ortho-ACT_CM1 user.info kernel: asterisk[31178]: > > segfault at 58 ip 004f4da0 sp 14f15a55ba58 error 4 in > > asterisk[43d000+1d6000] > > Feb 22 23:00:44 30390_Ortho-ACT_CM1 user.info kernel: Code: c0 74 1f 85 f6 > > 74 1b 89 f2 48 39 d0 72 14 48 8b 47 68 48 63 f6 48 8b 44 f0 f8 c3 0f 1f 80 > > 00 00 00 00 31 c0 c3 0f 1f 44 00 00 <48> 8b 47 58 c3 66 66 2e 0f 1f 84 00 > > 00 00 00 00 49 89 f9 41 b8 af > > Feb 22 23:00:45 30390_Ortho-ACT_CM1 user.info safe_asterisk: Asterisk > > exited on signal 11. > > Feb 22 23:00:45 30390_Ortho-ACT_CM1 user.info safe_asterisk: Automatically > > restarting Asterisk. > > Feb 22 23:00:46 30390_Ortho-ACT_CM1 user.notice acme-client: New ACME > > certificates deployed for XMPP and 'prosody' restarted > > --- > > > > Im thinking of putting this one in the cloud as this box has been there for > > a while, but wondering if this is a bug or something else? I cant recall > > seeing it before. > > > > Thanks > > Michael Knill > > > > > > ___ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforg
Re: [Astlinux-users] Asterisk appeared to crash after ACME deploy
Hi Michael, I had my Jetway NF9HG-2930 die a year or so ago, I know Michael Keuter had a couple NF9HG-2930s die. Though in my case it would not power up anymore. This case does seem to be different. Hmmm, is your ACME only a single domain (cert)? I recall having a case where acme.sh generated two certs and the deploy script was called for the second cert, but asterisk was not done starting up and something similar happened. Lonnie > On Feb 22, 2024, at 2:39 PM, Michael Knill > wrote: > > Running version 1.5.0 on Jetway NF9HG-2930. > > --- > Feb 22 23:00:42 30390_Ortho-ACT_CM1 daemon.err lighttpd[30995]: > (server.c.2029) server stopped by UID = 0 PID = 7065 > Feb 22 23:00:43 30390_Ortho-ACT_CM1 daemon.err lighttpd[7087]: > (server.c.1436) server started (lighttpd/1.4.51) > Feb 22 23:00:43 30390_Ortho-ACT_CM1 user.notice acme-client: New ACME > certificates deployed for HTTPS and 'lighttpd' restarted > Feb 22 23:00:44 30390_Ortho-ACT_CM1 user.notice acme-client: New ACME > certificates deployed for SIP-TLS and 'asterisk' restart when convenient > requested > Feb 22 23:00:44 30390_Ortho-ACT_CM1 local0.err asterisk[31159]: ERROR[31178]: > astobj2_container.c:492 in ao2_iterator_init: FRACK!, Failed assertion > user_data is NULL (0) > Feb 22 23:00:44 30390_Ortho-ACT_CM1 local0.err asterisk[31159]: ERROR[31178]: > :0 in : Got 11 backtrace records # 0: /usr/sbin/asterisk(__ao2_ref+0x5de) > [0x46213e] # 1: /usr/sbin/asterisk(ao2_iterator_init+0x2f) [0x464a1f] # 2: > /usr/lib/asterisk/modules/app_queue.so(+0xef4d) [0x14f159681f4d] # 3: > /usr/sbin/asterisk() [0x51849e] # 4: /usr/sbin/asterisk() [0x5206a4] # 5: > /usr/sbin/asterisk() [0x573c60] # 6: > /usr/sbin/asterisk(ast_taskprocessor_execute+0x16f) [0x591f0f] # 7: > /usr/sbin/asterisk() [0x591fb0] # 8: /usr/sbin/asterisk() [0x > Feb 22 23:00:44 30390_Ortho-ACT_CM1 local0.err asterisk[31159]: ERROR[31178]: > app_queue.c:2823 in extension_state_cb: FRACK!, Failed assertion user_data is > NULL (0) > Feb 22 23:00:44 30390_Ortho-ACT_CM1 local0.err asterisk[31159]: ERROR[31178]: > :0 in : Got 11 backtrace records # 0: /usr/sbin/asterisk() [0x461502] # 1: > /usr/sbin/asterisk(__ao2_iterator_next+0x1d8) [0x464e28] # 2: > /usr/lib/asterisk/modules/app_queue.so(+0xef9c) [0x14f159681f9c] # 3: > /usr/sbin/asterisk() [0x51849e] # 4: /usr/sbin/asterisk() [0x5206a4] # 5: > /usr/sbin/asterisk() [0x573c60] # 6: > /usr/sbin/asterisk(ast_taskprocessor_execute+0x16f) [0x591f0f] # 7: > /usr/sbin/asterisk() [0x591fb0] # 8: /usr/sbin/asterisk() [0x5a0c5a] # 9: > > ……. more of the same ……... > > Feb 22 23:00:44 30390_Ortho-ACT_CM1 user.info kernel: asterisk[31178]: > segfault at 58 ip 004f4da0 sp 14f15a55ba58 error 4 in > asterisk[43d000+1d6000] > Feb 22 23:00:44 30390_Ortho-ACT_CM1 user.info kernel: Code: c0 74 1f 85 f6 74 > 1b 89 f2 48 39 d0 72 14 48 8b 47 68 48 63 f6 48 8b 44 f0 f8 c3 0f 1f 80 00 00 > 00 00 31 c0 c3 0f 1f 44 00 00 <48> 8b 47 58 c3 66 66 2e 0f 1f 84 00 00 00 00 > 00 49 89 f9 41 b8 af > Feb 22 23:00:45 30390_Ortho-ACT_CM1 user.info safe_asterisk: Asterisk exited > on signal 11. > Feb 22 23:00:45 30390_Ortho-ACT_CM1 user.info safe_asterisk: Automatically > restarting Asterisk. > Feb 22 23:00:46 30390_Ortho-ACT_CM1 user.notice acme-client: New ACME > certificates deployed for XMPP and 'prosody' restarted > --- > > Im thinking of putting this one in the cloud as this box has been there for a > while, but wondering if this is a bug or something else? I cant recall seeing > it before. > > Thanks > Michael Knill > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] VMware by Broadcom
Hi Group, With the VMware transition from perpetual licensing to new subscription offerings, and the end of free ESXi [1], should the VMware support in AstLinux change in any way? If you are currently using AstLinux in a VMware instance, will you continue to do so for the future or switch to some other hypervisor? There is some extra bloat added to the AstLinux VM ISO to support VMware (ex. open-vm-tools) I'm curious how AstLinux VM users are reacting to the VMware transition. Lonnie [1] https://kb.vmware.com/s/article/2107518 ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] Announcing AstLinux Release: 1.5.3
Announcing AstLinux Release: 1.5.3 More Info: AstLinux Project https://www.astlinux-project.org/ AstLinux 1.5.3 Highlights: * Asterisk Versions: 16.30.0, 18.20.2, 20.5.2 * Linux Kernel 5.10.205, security and bug fixes * RUNNIX, version bump to runnix-0.6.17 * i40e, enable the Intel 10-Gigabit Ethernet Network Driver (Intel X710/XL710/XXV710/X722 support) * r8125, version 9.012.04, Realtek RTL8125 2.5-Gigabit Ethernet Network Driver * OpenSSH, version bump to 8.4p1, security fixes: CVE-2021-28041, CVE-2021-41617, CVE-2023-48795, CVE-2023-51385 * libcurl (curl) version bump to 8.5.0, security fixes: CVE-2023-46218, CVE-2023-46219 * libxml2, version bump to 2.11.6 * chrony, version bump to 4.5 * php, version 7.2.34, add security fix: CVE-2023-3823 * sngrep, version bump to 1.8.0 * sqlite, version bump to 3.44.2 * udev (eudev), version bump to 3.2.14 * unbound, version bump to 1.19.0 * ca-certificates, update trusted root certificates 2023-12-12 * Asterisk '16se' (stable edition) version 16.30.0 is the last Asterisk 16.x "Legacy" version, built --without-pjproject and --without-dahdi * Package upgrades providing important security and bug fixes Full ChangeLog: https://raw.githubusercontent.com/astlinux-project/astlinux/1.5.3/docs/ChangeLog.txt All users are encouraged to upgrade, read the ChangeLog for the details. AstLinux Team ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] AstLinux Pre-Release: astlinux-1.5-5979-ce0ecf
Announcing AstLinux Pre-Release: astlinux-1.5-5979-ce0ecf
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
** The AstLinux Team is regularly upgrading packages containing security and
bug fixes as well as adding new features of our own.
-- Linux Kernel 5.10.205 (version bump), security and bug fixes
-- i40e, enable the Intel 10-Gigabit Ethernet Network Driver (Intel
X710/XL710/XXV710/X722 support)
-- r8125, version 9.012.04, Realtek RTL8125 2.5-Gigabit Ethernet Network Driver
-- OpenSSH, version bump to 8.4p1, security fixes: CVE-2021-28041,
CVE-2021-41617, CVE-2023-48795, CVE-2023-51385
-- libcurl (curl) version bump to 8.5.0, security fixes: CVE-2023-46218,
CVE-2023-46219
-- php, version 7.2.34, add security fix: CVE-2023-3823
-- chrony, version bump to 4.5
-- empty, version bump to 0.6.23c
Note: Minor tweaks to any scripts using 'empty' may be needed. Example:
empty -w "$expect" -> empty -w "$expect" ''
-- sngrep, version bump to 1.8.0
-- sqlite, version bump to 3.44.2
-- unbound, version bump to 1.19.0
-- ca-certificates, update trusted root certificates 2023-12-12
-- Asterisk 16.30.0 ('16se' no change)
Last Asterisk 16.x "Legacy" version, built --without-pjproject and
--without-dahdi
-- Asterisk 18.20.2 (version bump) and 20.5.2 (version bump)
Built --with-pjproject and --with-dahdi
-- DAHDI, dahdi-linux 3.2.0 (no change) and dahdi-tools 3.2.0 (no change)
Add build fix to include "astribank" utilities
-- Added rc.conf variable DAHDI_DISABLE, disable DAHDI when set to "yes",
defaults to "no".
-- Complete Pre-Release ChangeLog:
https://astlinux-project.org/beta/astlinux-changelog/ChangeLog.txt
The "AstLinux Pre-Release ChangeLog" and "Pre-Release Repository URL" entries
can be found under the "Development" tab of the AstLinux Project web site ...
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
AstLinux Team
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] dyndns-host-open plugin update time
I looked at the code, in function apply_rules() [1] of the dyndns-host-open-helper. Yes, as you describe, if any of the DNS lookups fail (via the iptables call) the DYNDNS_CHAIN falls-back to any valid pre-existing rules. DNS is known for issues, so much so T-shirts were designed [2], we felt intermittent loss of DNS should not effect the dyndns-host-open plugin functionality. I'm not sure if we want to change the logic to support the special case where DNS is working but one (of several defined) hostnames is failing. In Michael's example, his new configuration error may not have been caught as soon as it was if the failing hostname was ignored. Lonnie [1] https://github.com/astlinux-project/astlinux/blob/84746e877f445144b6e2de02281813d55c0bd1de/package/arnofw/aif/share/arno-iptables-firewall/plugins/dyndns-host-open-helper#L94 [2] https://www.jeffgeerling.com/blog/2022/it-was-dns-t-shirt-on-redshirtjeffcom > On Dec 11, 2023, at 12:18 AM, Michael Knill > wrote: > > Ah I have found the problem. > We deleted one of the dyndns-host-open domains from our DNS but not from > Astlinux which meant that ALL domains in dyndns-host-open.conf failed for > that box? > I must admit that this is not particularly optimal. Is this standard > behaviour? > > Regards > Michael Knill > > > From: Michael Keuter > Date: Thursday, 7 December 2023 at 7:37 pm > To: AstLinux Users Mailing List > Subject: Re: [Astlinux-users] dyndns-host-open plugin update time > > The default time is 900 seconds. You can edit it in the config file. > Make sure it is enabled (at the top). > > Sent from a mobile device. > > Michael Keuter > > > Am 07.12.2023 um 06:25 schrieb Michael Knill > : > > > Hi Group > > Just wondering how long it takes the dyndns-host-open plugin to update. I > have been waiting for well over a day now and some sites can see the two > servers with nslookup but have not updated iptables. > > Any ideas? > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Announcing AstLinux Release: 1.5.2
+1 what Michael said ... my thoughts. Given, currently using ast16: 1) If currently using chan_pjsip, migrate to ast18. 2) If currently using dahdi (ex. pcie telephony card), migrate to ast18. 3) Else next step, change the "ast16" to "ast16se", ex. -- Prefs -> System & Staff Tab Options: Repository URL: https://mirror.astlinux-project.org/ast16se-firmware-1.x -- This should be quick and painless and will give you the latest security fixes in the packages with 1.5.2. 3a) Consider migrating to "ast18" when you have time to research the differences and testing. Additionally, it is recommended any "ast13se" systems be migrated to at least "ast16se". Relatively painless, but still requires some research and testing as with any version change of Asterisk. Lonnie > On Nov 17, 2023, at 12:21 PM, Dr. Peter Voigt wrote: > > Hi Michael, > > thanks for feedback. I will try the upgrade to ast18 as soon as I've some time > left necessary to deal with obviously arising error messages and required > configuration changes. May be I'll have to contact the list again, if > something > goes wrong. > > > On Fri, 2023-11-17 at 19:06 +0100, Michael Keuter wrote: >> Hi Peter, >> >> it is just a matter of changing the repository URL (you must run a lower >> version). >> >> I would suggest you choose ast18 cause Asterisk is EOL now. >> 20 is not well tested yet, it runs fine for me though. >> There was much changed between 16 and 18 (a few missing new config files => >> error messages.) >> The originals are in "/stat/etc/asterisk/". >> >>> Am 17.11.2023 um 18:21 schrieb Dr. Peter Voigt : >>> >>> I am currently on the ast16 branch and ask myself, if I should switch to >>> ast16se >>> or to one of the higher version branches ast18/ast20. >>> >>> And another question: Is upgrading just a matter of changing the repository >>> URL >>> according to >>> https://doc.astlinux-project.org/userdoc:tt_asterisk_upgrade_version >>> or will I have to adapt or re-create my Asterisk configuration? >>> >>> Regards, >>> Peter >>> >>> >>> On Thu, 2023-11-16 at 07:33 -0600, Lonnie Abelbeck wrote: >>>> Announcing AstLinux Release: 1.5.2 >>>> >>>> More Info: AstLinux Project >>>> https://www.astlinux-project.org/ >>>> >>>> Changes to supported firmware builds: >>>> * Previous 'ast13se' and 'ast16' firmware branches are no longer updated. >>>> * New 'ast16se' firmware branch, Asterisk 16.x built --without-pjproject >>>> and - >>>> -without-dahdi >>>> * Previous 'ast18' firmware branch, Asterisk 18.x built --with-pjproject >>>> and - >>>> -with-dahdi >>>> * New 'ast20' firmware branch, Asterisk 20.x built --with-pjproject and -- >>>> with-dahdi >>>> >>>> AstLinux 1.5.2 Highlights: >>>> * Asterisk Versions: 16.30.0, 18.20.0, 20.5.0 >>>> >>>> * Linux Kernel 5.10.197, security and bug fixes >>>> * RUNNIX, version bump to runnix-0.6.16 >>>> * OpenSSL, version bump to 1.1.1w, security fixes: CVE-2023-3446, CVE- >>>> 2023- >>>> 3817 >>>> * libcurl (curl) version bump to 8.4.0, security fixes: CVE-2023-38039, >>>> CVE- >>>> 2023-38545, CVE-2023-38546 >>>> * LibreTLS, version bump to 3.8.1 >>>> * libpng, version bump to 1.6.40 >>>> * libsodium, version bump to 1.0.19 >>>> * libxml2, version bump to 2.11.5 >>>> * chrony, version bump to 4.4 >>>> * ne, version bump to 3.3.3 >>>> * msmtp, version bump to 1.8.25 >>>> * netsnmp, version bump to 5.9.4 >>>> * pjsip version bump to 2.13.1 >>>> * screen, version 4.9.1, security fix: CVE-2023-24626 >>>> * sqlite, version bump to 3.43.2 >>>> * sqliteodbc, version bump to 0.1 >>>> * tiff, version bump to 4.6.0 >>>> * unbound, version bump to 1.18.0 >>>> * unixodbc, version bump to 2.3.12 >>>> * vnStat, version bump to 2.11 >>>> * zabbix, version bump to 4.0.50 >>>> * Asterisk '16se' (stable edition) version 16.30.0 is the last Asterisk >>>> 16.x >>>> "Legacy" version, built --without-pjproject and --without-dahdi >>>> * Package upgrades providing important security and bug fixes >>>> >>>> Full ChangeLog: >>>> https://raw.githubusercontent.com/astli
[Astlinux-users] Announcing AstLinux Release: 1.5.2
Announcing AstLinux Release: 1.5.2 More Info: AstLinux Project https://www.astlinux-project.org/ Changes to supported firmware builds: * Previous 'ast13se' and 'ast16' firmware branches are no longer updated. * New 'ast16se' firmware branch, Asterisk 16.x built --without-pjproject and --without-dahdi * Previous 'ast18' firmware branch, Asterisk 18.x built --with-pjproject and --with-dahdi * New 'ast20' firmware branch, Asterisk 20.x built --with-pjproject and --with-dahdi AstLinux 1.5.2 Highlights: * Asterisk Versions: 16.30.0, 18.20.0, 20.5.0 * Linux Kernel 5.10.197, security and bug fixes * RUNNIX, version bump to runnix-0.6.16 * OpenSSL, version bump to 1.1.1w, security fixes: CVE-2023-3446, CVE-2023-3817 * libcurl (curl) version bump to 8.4.0, security fixes: CVE-2023-38039, CVE-2023-38545, CVE-2023-38546 * LibreTLS, version bump to 3.8.1 * libpng, version bump to 1.6.40 * libsodium, version bump to 1.0.19 * libxml2, version bump to 2.11.5 * chrony, version bump to 4.4 * ne, version bump to 3.3.3 * msmtp, version bump to 1.8.25 * netsnmp, version bump to 5.9.4 * pjsip version bump to 2.13.1 * screen, version 4.9.1, security fix: CVE-2023-24626 * sqlite, version bump to 3.43.2 * sqliteodbc, version bump to 0.1 * tiff, version bump to 4.6.0 * unbound, version bump to 1.18.0 * unixodbc, version bump to 2.3.12 * vnStat, version bump to 2.11 * zabbix, version bump to 4.0.50 * Asterisk '16se' (stable edition) version 16.30.0 is the last Asterisk 16.x "Legacy" version, built --without-pjproject and --without-dahdi * Package upgrades providing important security and bug fixes Full ChangeLog: https://raw.githubusercontent.com/astlinux-project/astlinux/1.5.2/docs/ChangeLog.txt All users are encouraged to upgrade, read the ChangeLog for the details. AstLinux Team ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] GL.iNet. How good is it?
I have always heard good things about the GL.iNet products, but never personally tested one. Are you considering the older (inexpensive) Mango/Shadow or the newer Brume 2 gateway ? Their continued firmware support looks good. [1] GL.iNet embraced WireGuard early on, which was a perfect match for their lower-end CPUs. Lonnie [1] https://dl.gl-inet.com/ > On Nov 16, 2023, at 5:01 AM, Michael Keuter wrote: > > Hi Michael, > > I have a few of them privately as travelrouter (Creta + Beryl), and 2 of them > at customers (Creta), but only for remote VPN use. > I have tested them not with AstLinux yet. They are running stable, and they > are based on OpenWRT (but an older version). > > Michael > > http://www.mksolutions.info > >> Am 16.11.2023 um 10:12 schrieb Michael Knill >> : >> >> Hi All >> I am looking to start using these as my telephony gateway VPN router device >> e.g. phones within a clients network using this gateway to connect via >> Wireguard VPN to the cloud Astlinux system. >> It looks perfect and initial playing has been positive. You can even cloud >> manage it which is a bonus. >> Just checking if anyone has had any experience with GL.iNet products and >> this is not too good to be true. >> Regards >> Michael Knill > > > > > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] No eth0 after upgrading Astlinux
Hi Gerard,
AstLinux Hyper-V support [1] needs a Board Type of "genx86_64-vm", so check by
typing "cat /proc/cmdline" in the CLI and look for the string "
astlinux=genx86_64-vm " as that is what you want. If you only have the string
" astlinux=genx86_64 " then that is the issue.
The (non-VM) Board Type of "genx86_64" may have been able to run Hyper-V at
some point, you really need a Board Type of "genx86_64-vm". The VM version has
specific hv_netvsc and hv_utils modules that support Hyper-V virtual IO drivers.
Note, your upgrade did not change the board type, so you can test the above
with the old astlinux-1.3.8 version.
Let us know if this is the issue, before any more diagnosis.
Lonnie
[1] https://doc.astlinux-project.org/userdoc:guest_vm_hyperv
> On Nov 4, 2023, at 3:27 PM, Gerard van Til wrote:
>
> Thanks Michael and Lonnie (I already hoped to receive answers from both of
> you :-)).
>
> @Lonnie: unfortunately, I cannot access the GUI anymore, so we'll have to
> deal with Linux commands
> I entered the commands you asked for, and because I have console-only access,
> I'll have to send the answers as screenshot:
>
>
>
> @Michael: "upgrade-run-image show" shows me that I upgraded from 1.3.8 to
> 1.4.4.
> Current version is: astlinux-1.4.4
> Previous saved version is: astlinux-1.3.8
>
> I did a revert using the second command Michael provided, and that worked:
> the system is back again. Thanks!
> I created a snapshot of this machine before the revert, so we can investigate
> further what happened if you want. But I guess I can reproduce this behaviour
> by upgrading again.
> The (virtual) network adapter in this machine is a legacy one according to
> Hyper-V: "Realtek PCIe GBE Family controller". Maybe that is related to the
> issue?
>
> Thanks both!
> Regards;
> Gerard
>
> Op za 4 nov 2023 om 18:32 schreef Michael Keuter :
>
>
> > Am 04.11.2023 um 18:16 schrieb Lonnie Abelbeck :
> >
> >>
> >> On Nov 4, 2023, at 11:12 AM, Gerard van Til wrote:
> >>
> >> Goodafternoon,
> >>
> >> I just upgraded my AstLinux using the UI, but after rebooting, my eth0
> >> seems to be gone, so I have no internet access anymore. Luckily, this
> >> AstLinux is running on a virtual machine under Windows Hyper-V, and I can
> >> access it using the Hyper-V manager. I can login with the root user, and
> >> should be able to enter commands. If anyone can help me with the Linux
> >> commands to restore this box to its previous version before the upgrade,
> >> that would be great!
> >>
> >> Regards;
> >> Gerard / Netherlands
> >
> > Hi Gerard,
> >
> > First answering your last question, to revert back to the pervious version,
> > simply:
> >
> > System tab -> System Firmware Upgrade: [ Revert to Previous ] - { Firmware
> > } - _x_ Confirm
> >
> > System tab -> Reboot/Restart System: [ Now ] - { Reboot } - _x_ Confirm
> >
> >
> > Before you do that, let's try to understand the issue.
> >
> > Are you at the latest AstLinux 1.5.1 ?
> >
> > What is the output of:
> > --
> > lscpu | grep -i '^hypervisor vendor:'
> > --
> >
> > What is the output of:
> > --
> > lsmod
> > --
> >
> >
> > Sadly I have no way to test Hyper-V, so your help is appreciated.
> >
> > Lonnie
>
> If you cannot access the GUI, the same can be done from the command line:
>
> Check installed versions:
>
> --
> upgrade-run-image show
> --
>
> Revert to former version:
>
> --
> upgrade-run-image revert
> reboot
> --
>
> Good luck
>
> Michael
>
> http://www.mksolutions.info
>
>
>
>
>
> ___
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
> ___
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] No eth0 after upgrading Astlinux
> On Nov 4, 2023, at 11:12 AM, Gerard van Til wrote:
>
> Goodafternoon,
>
> I just upgraded my AstLinux using the UI, but after rebooting, my eth0 seems
> to be gone, so I have no internet access anymore. Luckily, this AstLinux is
> running on a virtual machine under Windows Hyper-V, and I can access it using
> the Hyper-V manager. I can login with the root user, and should be able to
> enter commands. If anyone can help me with the Linux commands to restore this
> box to its previous version before the upgrade, that would be great!
>
> Regards;
> Gerard / Netherlands
Hi Gerard,
First answering your last question, to revert back to the pervious version,
simply:
System tab -> System Firmware Upgrade: [ Revert to Previous ] - { Firmware } -
_x_ Confirm
System tab -> Reboot/Restart System: [ Now ] - { Reboot } - _x_ Confirm
Before you do that, let's try to understand the issue.
Are you at the latest AstLinux 1.5.1 ?
What is the output of:
--
lscpu | grep -i '^hypervisor vendor:'
--
What is the output of:
--
lsmod
--
Sadly I have no way to test Hyper-V, so your help is appreciated.
Lonnie
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] Announcing AstLinux Pre-Release: astlinux-1.5-5906-4212c3
Thanks for the report. Much Appreciated. > On Oct 21, 2023, at 1:52 PM, Gonzalo Ibáñez wrote: > > So far so good; testing Asterisk 20 branch with dahdi enabled. > > g729 binaries compiled for Asterisk 18 work ok with Asterisk 20. > > Thanks to 'ignorestatechanges' and 'ignoredialchanges' variables in cdr.conf > I got rid of multiple cdr logs for a single call. > > Regards. > ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] AstLinux Pre-Release: astlinux-1.5-5906-4212c3
Announcing AstLinux Pre-Release: astlinux-1.5-5906-4212c3
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
** IMPORTANT NOTICE
-- Changes to supported firmware builds:
== Previous 'ast13se' and 'ast16' firmware branches are no longer
updated.
== New 'ast16se' firmware branch, Asterisk 16.x built
--without-pjproject and --without-dahdi
== Previous 'ast18' firmware branch, Asterisk 18.x built
--with-pjproject and --with-dahdi
== New 'ast20' firmware branch, Asterisk 20.x built --with-pjproject
and --with-dahdi
** The AstLinux Team is regularly upgrading packages containing security and
bug fixes as well as adding new features of our own.
-- Linux Kernel 5.10.197 (version bump), security and bug fixes
-- OpenSSL, version bump to 1.1.1w, security fixes: CVE-2023-3446, CVE-2023-3817
-- chrony, version bump to 4.4
-- cron (busybox), add logging methods and levels. The defaults remain the
same as previous.
New rc.conf variables: CRON_LOG_METHOD and CRON_LOG_LEVEL
-- libcurl (curl) version bump to 8.3.0, security fix: CVE-2023-38039
-- libxml2, version bump to 2.11.5
-- msmtp, version bump to 1.8.24
-- netsnmp, version bump to 5.9.4
-- screen, version 4.9.1, security fix: CVE-2023-24626
-- smartctl (smartmontools), version bump to 7.4, drivedb.h snapshot 2023-08-19
-- sqlite, version bump to 3.43.1
-- tinyproxy, version 1.11.1, now included in the standard builds, but disabled
by default
-- unixodbc, version bump to 2.3.12
-- upgrade-run-image, limit "noram" loop mount from being removed during
upgrade.
-- unbound, version bump to 1.18.0
-- vnStat, version bump to 2.11
-- zlib, version bump to 1.3
-- ca-certificates, update trusted root certificates 2023-08-22
-- Asterisk 16.30.0 ('16se' version bump)
Last Asterisk 16.x "Legacy" version, built --without-pjproject and
--without-dahdi
-- Asterisk 18.19.0 (version bump) and 20.4.0 (new version)
Built --with-pjproject and --with-dahdi
Disable: STIR/SHAKEN support
-- DAHDI, dahdi-linux 3.2.0 (no change) and dahdi-tools 3.2.0 (no change)
Add build fix to include "astribank" utilities
-- Added rc.conf variable DAHDI_DISABLE, disable DAHDI when set to "yes",
defaults to "no".
-- pjsip 2.13.1 (version bump)
-- libpri, version bump to 1.6.1
-- Complete Pre-Release ChangeLog:
https://astlinux-project.org/beta/astlinux-changelog/ChangeLog.txt
The "AstLinux Pre-Release ChangeLog" and "Pre-Release Repository URL" entries
can be found under the "Development" tab of the AstLinux Project web site ...
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
AstLinux Team
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] Stopping logging of Crontab
Hi Michael, Looking at the /etc/init.d/crond init script, here [1] If the line "crond" was changed to "crond -L /var/log/crond.log" it would disable syslog and use that file ... but may need rotating if it gets large. If the line "crond" was changed to "crond -L /dev/null" it would disable syslog and disable logging (ie. to /dev/null). BTW, I manually tested both cases to be certain. Lonnie [1] https://github.com/astlinux-project/astlinux/blob/09e87eff8bca82bf4afab8dbe09560737dd80d5c/project/astlinux/target_skeleton/etc/init.d/crond#L38 > On Sep 27, 2023, at 8:01 PM, Michael Knill > wrote: > > Hi group > > Replying to this email again. I do understand below but just wondering if > there is any way to turn off Cron logging totally or send to a separate log > file? > > Regards > Michael Knill > > > From: Lonnie Abelbeck > Date: Friday, 31 March 2023 at 1:01 am > To: AstLinux Users Mailing List > Subject: Re: [Astlinux-users] Stopping logging of Crontab > > Hi Michael, > > The (busybox) crond daemon has a syslog level setting which defaults to 8, > the least verbose log level. So no help there. > > Using the filter for the Status Tab, is a reasonable idea. > > > Personally, when executing shell commands on a regular interval of > seconds/minutes, I prefer to use a bash shell script and the sleep builtin. > (Using the sleep builtin keeps from spawning a new process whenever 'sleep' > is called). > > The simplest example of this is the 'msmtpqueue' bash script [1] > > Basic code setup and loop: > -- > #!/bin/bash > > LOCKFILE="/var/lock/foobar.lock" > > # Robust 'bash' method of creating/testing for a lockfile > if ! ( set -o noclobber; echo "$$" > "$LOCKFILE" ) 2>/dev/null; then > echo "foobar: already running, lockfile \"$LOCKFILE\" exists, process id: > $(cat "$LOCKFILE")." > return 9 > fi > > # Load 'sleep' builtin if it exists > if [ -f /usr/lib/bash/sleep ]; then > enable -f /usr/lib/bash/sleep sleep > fi > > #seconds to wait > wait=300 > > trap 'rm -f "$LOCKFILE"; exit $?' INT TERM EXIT > > while true; do > # do stuff > > sleep $wait > done > > rm -f "$LOCKFILE" > trap - INT TERM EXIT > -- > > Look at the actual code [1] for finer details. Another fairly simple > example, asterisk-sip-monitor [2] which adds a PID file that can be removed > to exit the script. > > Lonnie > > [1] > https://github.com/astlinux-project/astlinux/blob/master/package/msmtp/msmtpqueue.sh > > [2] > https://github.com/astlinux-project/astlinux/blob/master/package/asterisk/asterisk-sip-monitor > > > > > > > On Mar 29, 2023, at 11:39 PM, Michael Knill > > wrote: > > > > Short of putting in a filter for the Status Tab, is there any way to stop > > Crontab logging to Syslog. > > I now have a process that is run every 10 minutes and its annoying that it > > logs to Syslog each time. > > > > Regards > > > > Michael Knill > > Managing Director > > > > D: +61 2 6189 1360 > > P: +61 2 6140 4656 > > E: michael.kn...@ipcsolutions.com.au > > W: ipcsolutions.com.au > > > > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Syslogd to remote
Try looking via: -- grep -rs 'SYSLOGHOST=' /etc/ grep -rs 'SYSLOGHOST=' /mnt/kd/ grep -rs 'SYSLOGHOST=' /mnt/asturw/ -- Lonnie > On Sep 20, 2023, at 11:56 AM, Ionel Chila via Astlinux-users > wrote: > > Thanks Lonnie and that is where I am going crazy LOL. In my rc.conf I have > nothing defined for SYSLOGHOST= > > Not sure if I plugged that value somewhere else? Or I have a startup script > I know is running and sending logs to my .77 :) > > > >> On Sep 20, 2023, at 11:43 AM, Lonnie Abelbeck >> wrote: >> >> >> >>> On Sep 20, 2023, at 10:37 AM, Ionel Chila via Astlinux-users >>> wrote: >>> >>> For the love of my life I can't find the settings from my syslog that is >>> currently sending logs to an external server. Can't find the config file >>> nor anyweher in the web gui menu? Am I going crazy here? >>> I know I am sending stuff out :) >>> >>> HOME-PBX init.d # ps -ef |grep syslog >>> 310 root syslogd -s 1024 -b 2 >>> 935 root syslogd -R 192.168.0.77:514 -L -O /var/log/messages >> >> Hi Ionel, >> >> You have the SYSLOGHOST variable defined (ie. SYSLOGHOST="192.168.0.77:514") >> >> For documentation reference look in /stat/etc/rc.conf [1] >> >> Lonnie >> >> [1] >> https://github.com/astlinux-project/astlinux/blob/0c813dffa5d59ffa34d39624eb6a63ae7662a535/project/astlinux/target_skeleton/stat/etc/rc.conf#L476 >> >> >> >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Syslogd to remote
> On Sep 20, 2023, at 10:37 AM, Ionel Chila via Astlinux-users > wrote: > > For the love of my life I can't find the settings from my syslog that is > currently sending logs to an external server. Can't find the config file nor > anyweher in the web gui menu? Am I going crazy here? > I know I am sending stuff out :) > > HOME-PBX init.d # ps -ef |grep syslog > 310 root syslogd -s 1024 -b 2 > 935 root syslogd -R 192.168.0.77:514 -L -O /var/log/messages > Hi Ionel, You have the SYSLOGHOST variable defined (ie. SYSLOGHOST="192.168.0.77:514") For documentation reference look in /stat/etc/rc.conf [1] Lonnie [1] https://github.com/astlinux-project/astlinux/blob/0c813dffa5d59ffa34d39624eb6a63ae7662a535/project/astlinux/target_skeleton/stat/etc/rc.conf#L476 ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] AstLinux Pre-Release: astlinux-1.5-5875-b12fc0
Announcing AstLinux Pre-Release: astlinux-1.5-5875-b12fc0
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
** IMPORTANT NOTICE
-- Changes to supported firmware builds:
== Previous 'ast13se' and 'ast16' firmware branches are no longer
updated.
== New 'ast16se' firmware branch, Asterisk 16.x built
--without-pjproject and --without-dahdi
== Previous 'ast18' firmware branch, Asterisk 18.x built
--with-pjproject and --with-dahdi
== New 'ast20' firmware branch, Asterisk 20.x built --with-pjproject
and --with-dahdi
** The AstLinux Team is regularly upgrading packages containing security and
bug fixes as well as adding new features of our own.
-- Linux Kernel 5.10.191 (version bump), security and bug fixes
-- OpenSSL, version bump to 1.1.1v, security fixes: CVE-2023-3446, CVE-2023-3817
-- chrony, version bump to 4.4
-- libcurl (curl) version bump to 8.2.1, security fixes: CVE-2023-32001
-- libxml2, version bump to 2.11.5
-- msmtp, version bump to 1.8.24
-- netsnmp, version bump to 5.9.4
-- screen, version 4.9.1, security fix: CVE-2023-24626
-- tinyproxy, version 1.11.1, now included in the standard builds, but disabled
by default
-- unixodbc, version bump to 2.3.12
-- upgrade-run-image, limit "noram" loop mount from being removed during
upgrade.
-- vnStat, version bump to 2.11
-- zlib, version bump to 1.3
-- Asterisk 16.30.0 ('16se' version bump)
Last Asterisk 16.x "Legacy" version, built --without-pjproject and
--without-dahdi
-- Asterisk 18.19.0 (version bump) and 20.4.0 (new version)
Built --with-pjproject and --with-dahdi
-- DAHDI, dahdi-linux 3.2.0 (no change) and dahdi-tools 3.2.0 (no change)
Add build fix to include "astribank" utilities
-- Added rc.conf variable DAHDI_DISABLE, disable DAHDI when set to "yes",
defaults to "no".
-- pjsip 2.13.1 (version bump)
-- libpri, version bump to 1.6.1
-- Complete Pre-Release ChangeLog:
https://astlinux-project.org/beta/astlinux-changelog/ChangeLog.txt
The "AstLinux Pre-Release ChangeLog" and "Pre-Release Repository URL" entries
can be found under the "Development" tab of the AstLinux Project web site ...
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
AstLinux Team
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] Accessing devices behind Astlinux
Hi Michael, I don't have any personal experience to share, but Tom Lawrence has a related video [1] Youtube: SSH Jump Server Access and How To Pivot Using OpenVPN & Proxychains I suspect this could all be done with SSH+SOCKS (Proxychains) and no OpenVPN tunnel as his example does. Key takeaways are to encrypt the Jump Server's drive (and backup), keep it local and secure from the internet, limit remote AstLinux SSH access via its firewall and Jump Server ssh key. Alternatively, some sort of automation to keep the remote AstLinux SSH keys updated from one hardened location. Lonnie [1] https://www.youtube.com/watch?v=jqudlmfG0zA > On Aug 18, 2023, at 2:17 AM, Michael Knill > wrote: > > Hi All > > Here is the issue: > We access devices behind Astlinux currently using SSH Tunnelling and SOCKS. > It works well however it is becoming increasingly difficult in managing local > authentication to do this such as using SSH Keys. > We are going to be bringing on additional staff and I don’t want to have to > go into every system to add credentials or keys every time we bring on a new > staffmember. > > Just wondering if there are any options for external authentication of SSH > rather than local on Astlinux e.g. using RADIUS > Could there be any other options e.g. HTTPS proxy? > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Looking to implement DNS-TLS
Sounds like you have a use case to implement the the /mnt/kd/dnsmasq.static trick/workaround. Lonnie > On Aug 10, 2023, at 6:38 PM, Michael Knill > wrote: > > Hi Lonnie > > Whoops sorry for assuming you are psychic. It’s the dyndns-host-open plugin > for the firewall. > You mentioned with the /mnt/kd/dnsmasq.static trick (I called it workaround) > that it should only be implemented if it was not working. But DNS not working > would be a bad thing and although I have a static entry for access in the > firewall it would prevent access for all other addresses and ports using the > dyndns-host-open plugin. > > Yes I suspect it would be rare but the impact would be high if it happened. > > Regards > Michael Knill > > > From: Lonnie Abelbeck > Date: Thursday, 10 August 2023 at 11:26 pm > To: AstLinux Users Mailing List > Subject: Re: [Astlinux-users] Looking to implement DNS-TLS > > Hi Michael, > > Not sure what you mean by "dyn-dns plugin"? Plugin to what? > > In this day and age, certificates that depend on the system to have a valid > time are quite common. > > If you are using Network tab -> "Dynamic DNS Update:", the update will use > HTTPS (via curl) to secure your credentials, which will require a valid > system time. Note the "Dynamic DNS Update:" (set external DNS record) has > nothing to do with "DNS-TLS" (retrieve DNS). > > The AstLinux system clock is maintained via one or more of: > > 1) CMOS flash with battery RTC (bare metal) > > 2) Virtual Machine host provides date/time (VM) > > 3) Time is set on startup using chrony using Network tab -> "Network Time > Settings:" > > > While I have not had any practical issues over the years using "DNS-TLS", you > can either use a manual IPv4 address in "Network Time Settings:" or use the > /mnt/kd/dnsmasq.static trick as described here [1] to "almost" guarantee the > clock is valid at startup. > > Lonnie > > [1] > https://doc.astlinux-project.org/userdoc:tt_dns_tls_proxy#possible_startup_issues > > > > > > On Aug 10, 2023, at 1:28 AM, Michael Knill > > wrote: > > > > Hi Group > > > > I’m currently using the dyn-dns plugin and wanting to extend it for > > additional Astlinux access. > > I’m concerned that DNS traffic is currently not being encrypted so I want > > to use DNS-TLS. > > > > I have two questions: > >• As you have mentioned in the notes, as it relies on reasonably > > correct time which needs DNS to be set correctly, I am concerned that we > > will not be able to access the system with dyn-dns if this occurs. Should I > > implement the workaround for this in /mnt/kd/dnsmasq.static always? > >• I currently have 1.1.1.1 & 8.8.8.8 configured as my standard DNS. > > I assume this is not possible with the DNS Proxy and DNSSEC? I do realise > > that Anycast DNS is very close to 100% uptime but I’m just cautious. > > > > Regards > > > > Michael Knill > > Managing Director > > > > D: +61 2 6189 1360 > > P: +61 2 6140 4656 > > E: michael.kn...@ipcsolutions.com.au > > W: ipcsolutions.com.au > > > > > > Smarter Business Communications > > > > ___ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > > pay...@krisk.org. > > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Looking to implement DNS-TLS
Hi Michael, Not sure what you mean by "dyn-dns plugin"? Plugin to what? In this day and age, certificates that depend on the system to have a valid time are quite common. If you are using Network tab -> "Dynamic DNS Update:", the update will use HTTPS (via curl) to secure your credentials, which will require a valid system time. Note the "Dynamic DNS Update:" (set external DNS record) has nothing to do with "DNS-TLS" (retrieve DNS). The AstLinux system clock is maintained via one or more of: 1) CMOS flash with battery RTC (bare metal) 2) Virtual Machine host provides date/time (VM) 3) Time is set on startup using chrony using Network tab -> "Network Time Settings:" While I have not had any practical issues over the years using "DNS-TLS", you can either use a manual IPv4 address in "Network Time Settings:" or use the /mnt/kd/dnsmasq.static trick as described here [1] to "almost" guarantee the clock is valid at startup. Lonnie [1] https://doc.astlinux-project.org/userdoc:tt_dns_tls_proxy#possible_startup_issues > On Aug 10, 2023, at 1:28 AM, Michael Knill > wrote: > > Hi Group > > I’m currently using the dyn-dns plugin and wanting to extend it for > additional Astlinux access. > I’m concerned that DNS traffic is currently not being encrypted so I want to > use DNS-TLS. > > I have two questions: > • As you have mentioned in the notes, as it relies on reasonably > correct time which needs DNS to be set correctly, I am concerned that we will > not be able to access the system with dyn-dns if this occurs. Should I > implement the workaround for this in /mnt/kd/dnsmasq.static always? > • I currently have 1.1.1.1 & 8.8.8.8 configured as my standard DNS. I > assume this is not possible with the DNS Proxy and DNSSEC? I do realise that > Anycast DNS is very close to 100% uptime but I’m just cautious. > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] What is .wh.__dir_opaque
Hi Michael, AstLinux version 1.3.8 and older used a unionfs driver (kernel based) that used "whiteout" files added to the filesystem (ex. .wh.__dir_opaque) to note added/removed directories, among other things. AstLinux version 1.3.10 and newer uses a different unionfs driver (FUSE based), so the old whiteout files (ex. .wh.__dir_opaque) are no longer used/needed. These whiteout files are of zero size, so the simplest is to ignore them. If you want to remove the old whiteout files, you can. Lonnie > On Aug 3, 2023, at 4:59 AM, Michael Knill > wrote: > > Hi Group > > Im getting ‘.wh.__dir_opaque’ files in a number of directories on an old > Astlinux system that I have recently upgraded. > Just wondering what they are and whether I should delete them? > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] Announcing AstLinux Release: 1.5.1
Announcing AstLinux Release: 1.5.1 More Info: AstLinux Project https://www.astlinux-project.org/ AstLinux 1.5.1 Highlights: * Asterisk Versions: 13.38.3, 16.30.0, 18.18.0 * Linux Kernel 5.10.179, security and bug fixes * RUNNIX, version bump to runnix-0.6.15 * OpenSSL, version bump to 1.1.1u, security fixes: CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650 * libcurl (curl) version bump to 8.1.2, security fixes: CVE-2023-27537, CVE-2023-27536, CVE-2023-27535, CVE-2023-27534, CVE-2023-27533, CVE-2023-28319, CVE-2023-28320, * CVE-2023-28321, CVE-2023-28322 * libcap, version bump to 2.69, security fixes: CVE-2023-2602, CVE-2023-2603 * libpcap, version bump to 1.10.4 * libxml2, version bump to 2.10.4, security fixes: CVE-2023-29469, CVE-2023-28484 * dnsmasq, version 2.84, security fix: CVE-2023-28450 * Fossil, (major) version bump to 2.22 * ncurses, version bump to 6.4, security fix: CVE-2023-29491 * pjsip version bump to 2.13 * sngrep, version bump to 1.7.0 * sqlite, version bump to 3.42.0 * tiff, version bump to 4.5.1 * tcpdump, version bump to 4.99.4 * udev (eudev), version bump to 3.2.12 * zabbix, version bump to 4.0.47, security fix: CVE-2023-29456 * Asterisk '13se' (stable edition) version 13.38.3 is the last Asterisk 13.x "Legacy" version, built --without-pjproject * Package upgrades providing important security and bug fixes Full ChangeLog: https://raw.githubusercontent.com/astlinux-project/astlinux/1.5.1/docs/ChangeLog.txt All users are encouraged to upgrade, read the ChangeLog for the details. AstLinux Team ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Opus codec for home assitant
Hi Sándor,
> I can hear the beep of Home Assistant, and after I say something, it happily
> announces, that he couldn't understand that :)
Excellent! Great to hear.
BTW, if needed there are OPUS CODEC custom config settings in Asterisk by
editing /etc/asterisk/codecs.conf and at the end of the file "OPUS Examples",
commented-out by default.
As for attribution, no personal credit is needed, but mentioning the AstLinux
Project would be fine. Be sure to mention the Asterisk OPUS CODEC "Usage
Tracking" as some may be uncomfortable with that.
For the record, I have no experience with Home Assistant, but I found this
"Support for other codecs in VOIP integration" [1] which describes your issue
here.
Even if Home Assistant supported ulaw/alaw in the future, having an Asterisk
PBX managing the voice calls could be generally useful. The AstLinux Project
provides a small footprint solution for those willing to do some CLI asterisk
configuration.
Lonnie
[1]
https://community.home-assistant.io/t/support-for-other-codecs-in-voip-integration/568580
> On Jun 28, 2023, at 11:49 PM, Sándor Balázs wrote:
>
> Hi Lonnie,
>
> Thank you for your quick, and very accurate response!
> This was everything I needed. I can hear the beep of Home Assistant, and
> after I say something, it happily announces, that he couldn't understand that
> :)
> (this is most likely a voice recognition issue, I didn't finished configuring
> that yet)
> So thank you very much again!
>
> I'm planning to create a tutorial about how to get Home Assistant working
> with older cisco phones for voice control.
> Can I use your description for this purpose? If so, then do you have a
> contact information you would like to be used in the attribution?
>
> Sándor
>
> Feladó: Lonnie Abelbeck
> Elküldve: 2023. június 28., szerda 22:27
> Címzett: AstLinux Users Mailing List
> Tárgy: Re: [Astlinux-users] Opus codec for home assitant
>
> Hi Sándor,
>
> Thanks for giving AstLinux a spin.
>
> First, answer your Status page question. Asterisk supports either the older
> chan_sip or newer chan_pjsip SIP drivers. Asterisk 18's default config only
> loads chan_pjsip and not chan_sip, so the 'sip show registry' and 'sip show
> peers' CLI commands are not supported by chan_pjsip. The web interface Prefs
> tab can be used to uncheck "Show SIP Trunk Registrations" and "Show SIP Peer
> Status" if you decide to not use chan_sip.
>
> AstLinux does not include the OPUS CODEC as part of the standard build. Two
> reasons...
>
> 1) While it may seem the OPUS CODEC is free to use [1], patent issues may
> still exist. Perform proper due diligence.
>
> 2) Asterisk/Digium/Sangoma have built in a "Usage Tracking" feature [2].
> Both codec_opus.so and format_ogg_opus.so modules are linked with libcurl.so
> to provide the "Usage Tracking" feature.
>
>
> OK, with that out of the way, I took your challenge to add the OPUS CODEC to
> AstLinux. I used Asterisk 18 as you did. Proceeded to install in a VM.
> =-=-=
>
> == First, in order to write to /usr/lib/asterisk/modules/ you must set an
> advanced configuration option. Using the web interface:
> Network tab -> Advanced Configuration -> User System Variables: { Edit User
> Variables }
>
> add the line...
>
> ASTERISK_RW_MODULES_DIR="yes"
>
> click { Save Changes } followed by clicking { Reload/Restart } [ Apply
> user.conf variables ] - x Confirm
>
> == Using the AstLinux CLI, restart asterisk
>
> pbx ~ # service asterisk stop
> Stopping Asterisk...
> pbx ~ # service asterisk init
> Starting Asterisk...
>
> == Now download and add the codec_opus modules from Digium.
>
> pbx ~ # mkdir /mnt/kd/opus
>
> pbx ~ # cd /mnt/kd/opus
>
> pbx opus # curl -O
> https://downloads.digium.com/pub/telephony/codec_opus/asterisk-18.0/x86-64/codec_opus-18.0_1.3.0-x86_64.tar.gz
>
> pbx opus # tar xzvf codec_opus-18.0_1.3.0-x86_64.tar.gz
>
> pbx opus # cd codec_opus-18.0_1.3.0-x86_64
>
> pbx codec_opus-18.0_1.3.0-x86_64 # cp *_opus.so /usr/lib/asterisk/modules/
>
> == The codec_opus_config-en_US.xml file needs to be copied (AstLinux specific
> location)
>
> pbx codec_opus-18.0_1.3.0-x86_64 # cp codec_opus_config-en_US.xml
> /stat/var/lib/asterisk/documentation/thirdparty/
>
> == As a quick sanity check, use the AstLinux "show-union" command, it should
> look like...
>
> pbx codec_opus-18.0_1.3.0-x86_64 # show-union
> /mnt/asturw/usr/lib/asterisk/modules/codec_opus.so
> /mnt/asturw/usr/lib/asterisk/modules/format_ogg_opus.so
> /mnt/asturw/etc/shadow-
&
Re: [Astlinux-users] Opus codec for home assitant
Hi Sándor,
Thanks for giving AstLinux a spin.
First, answer your Status page question. Asterisk supports either the older
chan_sip or newer chan_pjsip SIP drivers. Asterisk 18's default config only
loads chan_pjsip and not chan_sip, so the 'sip show registry' and 'sip show
peers' CLI commands are not supported by chan_pjsip. The web interface Prefs
tab can be used to uncheck "Show SIP Trunk Registrations" and "Show SIP Peer
Status" if you decide to not use chan_sip.
AstLinux does not include the OPUS CODEC as part of the standard build. Two
reasons...
1) While it may seem the OPUS CODEC is free to use [1], patent issues may still
exist. Perform proper due diligence.
2) Asterisk/Digium/Sangoma have built in a "Usage Tracking" feature [2]. Both
codec_opus.so and format_ogg_opus.so modules are linked with libcurl.so to
provide the "Usage Tracking" feature.
OK, with that out of the way, I took your challenge to add the OPUS CODEC to
AstLinux. I used Asterisk 18 as you did. Proceeded to install in a VM.
=-=-=
== First, in order to write to /usr/lib/asterisk/modules/ you must set an
advanced configuration option. Using the web interface:
Network tab -> Advanced Configuration -> User System Variables: { Edit User
Variables }
add the line...
ASTERISK_RW_MODULES_DIR="yes"
click { Save Changes } followed by clicking { Reload/Restart } [ Apply
user.conf variables ] - x Confirm
== Using the AstLinux CLI, restart asterisk
pbx ~ # service asterisk stop
Stopping Asterisk...
pbx ~ # service asterisk init
Starting Asterisk...
== Now download and add the codec_opus modules from Digium.
pbx ~ # mkdir /mnt/kd/opus
pbx ~ # cd /mnt/kd/opus
pbx opus # curl -O
https://downloads.digium.com/pub/telephony/codec_opus/asterisk-18.0/x86-64/codec_opus-18.0_1.3.0-x86_64.tar.gz
pbx opus # tar xzvf codec_opus-18.0_1.3.0-x86_64.tar.gz
pbx opus # cd codec_opus-18.0_1.3.0-x86_64
pbx codec_opus-18.0_1.3.0-x86_64 # cp *_opus.so /usr/lib/asterisk/modules/
== The codec_opus_config-en_US.xml file needs to be copied (AstLinux specific
location)
pbx codec_opus-18.0_1.3.0-x86_64 # cp codec_opus_config-en_US.xml
/stat/var/lib/asterisk/documentation/thirdparty/
== As a quick sanity check, use the AstLinux "show-union" command, it should
look like...
pbx codec_opus-18.0_1.3.0-x86_64 # show-union
/mnt/asturw/usr/lib/asterisk/modules/codec_opus.so
/mnt/asturw/usr/lib/asterisk/modules/format_ogg_opus.so
/mnt/asturw/etc/shadow-
/mnt/asturw/etc/passwd
/mnt/asturw/etc/passwd-
/mnt/asturw/etc/shadow
/mnt/asturw/stat/var/lib/asterisk/documentation/thirdparty/codec_opus_config-en_US.xml
/mnt/asturw/stat/var/www/admin/.htpasswd
== Finally, restart asterisk to use the new modules
pbx codec_opus-18.0_1.3.0-x86_64 # service asterisk stop
Stopping Asterisk...
pbx codec_opus-18.0_1.3.0-x86_64 # service asterisk init
Starting Asterisk...
=-=-=
I hope this gets you started.
Be aware that there is some Asterisk knowledge required to perform the CODEC
translation task you desire.
Lonnie
[1] https://opus-codec.org/license/
[2] Opus Software Codec for Asterisk README: "Usage Tracking" The codec_opus
module will periodically attempt to send usage statistics to an Asterisk
community server. The statistics are sent at most every 24 hours.
> On Jun 28, 2023, at 9:39 AM, Sándor Balázs wrote:
>
> I have some older cisco phones with SIP and alaw/ulaw support. And I want to
> connect to home assistant.
> The direct IP call thing failed for some reason and not knowing what the
> reason might be, I turned to asterisk. I didn't want to install linux for
> this... but of course this thing is linux only...
> So I happily found this project, and got my VM working in a few minutes.
> astlinux-1.5.0 x86_64 - Asterisk 18.16.0
>
> I want to note here, that on the Status page these messages appear instead of
> the content of the div...
> SIP Trunk Registrations: No such command 'sip show registry' (type 'core show
> help sip show' for other possible commands)
> SIP Peer Status: No such command 'sip show peers' (type 'core show help sip
> show' for other possible commands)
>
> So after some experimenting I noticed, that microsip can only communicate
> with home assistant only if the opus codec is enabled.
> so home assitant supposedly uses opus. My phones do not support opus, and
> there is no way I can get CISCO to create a firmware that does.
>
> So of course I googled it. And asterisk can translate between codecs. I found
> a maillist thread that said, that version 13 is the first version containing
> OPUS. I use version 18 so it's not a problem. Itried to enable it in
> astlinux, but after a few attempts I came to the conclusion, that I might
> miss the "codec_opus.so" in "/usr/lib/asterisk/modules/".
> Firstly it said, that it is read only... so I remounted it as read-write but
> then it complains about not enought space, as it is 100% utilised...
>
> So my question is:
> Where can I download the
Re: [Astlinux-users] Running ipsec behind Astlinux
Hi Michael,
First, answering your followup question:
> (Actually if this works...) Do I need any firewall rules for this? I did have
> AH, ESP and UDP500/4500 NAT’d previously.
No you don't, the AIF ipsec-vpn plugin automatically opens ports for an
AstLinux IPsec VPN endpoint as well as supporting forwarding NAT'ed IPsec
traffic. Since you don't have the AstLinux IPsec VPN enabled, the described
"hack" is to to enable the plugin to support forwarding NAT'ed IPsec traffic.
> Interestingly I had a Cisco router working behind it fine but we couldn’t get
> the second VPN up.
Ahhh, that explains a lot.
Note that NAT works with UDP and TCP by using the inbound/outbound 'port' and
inbound/outbound IP address to create a connection tracking hash table.
Clients behind NAT can use multiple UDP/TCP connections to the same public
server since they will each use different ports via NAT at the edge.
Now with IPsec using ESP, a raw IP protocol, there are no ports for the NAT
connection tracking to use for uniqueness. As a result, only one IPsec ESP
client connection can be established to the same public server behind NAT. A
second IPsec ESP client connection will fail as long as the NAT table has an
active, previous IPsec ESP client connection.
The solution to this is to configure the IPsec server and client to use IPsec
NATT (NAT Transversal) where the IPsec payload uses 4500/UDP instead of ESP.
In both cases IPsec IKE uses 500/UDP to negotiate the connection.
In summary (as I see it):
1) If your goal is to establish more than one IPsec ESP client connection to
the *same* public server, the AIF ipsec-vpn plugin "hack" will not help you.
2) If you can use IPsec NATT (NAT Transversal), the AIF ipsec-vpn plugin "hack"
is not needed, that should work with most any NAT router.
Lonnie
Or, just use WireGuard :-)
> On Jun 21, 2023, at 1:01 AM, Michael Knill
> wrote:
>
> Thanks Lonnie. I will give it a try.
> Interestingly I had a Cisco router working behind it fine but we couldn’t get
> the second VPN up. We changed it out for a TP-Link router so the customer
> could manage themselves and that didn’t work at all.
>
> Regards
> Michael Knill
>
>
> From: Lonnie Abelbeck
> Date: Tuesday, 20 June 2023 at 11:44 pm
> To: AstLinux Users Mailing List
> Subject: Re: [Astlinux-users] Running ipsec behind Astlinux
>
> Hi Michael,
>
> Good question...
>
> It sounds like AstLinux needs to perform IPsec pass-through while the
> AstLinux IPsec VPN is not enabled.
>
> As a quick "hack", using the Network tab ...
>
> Firewall Plugins: [ ipsec-vpn ] - { Configure Plugin }
>
> Ignore the "*** Do Not Edit Below Here ***" note and set ENABLED=1 in the
> lower section, per this diff:
>
> -- diff --
> # AstLinux specific mappings, either edit your /mnt/kd/rc.conf file
> # or, use Network tab -> [IPsec Configuration] from the web interface.
> #
> --
> # Indent script section so script variables won't be merged
>
> - ENABLED=0
> + ENABLED=1
>IPSEC_ALLOWED_HOSTS="0/0"
>IPSEC_VPN_NETS=""
>IPSEC_NAT_TRAVERSAL=0
>vpntype_ipsec=0
> -- diff --
>
> "Save Changes" and "Restart Firewall" to apply the change.
>
> Please report back if this solves your issue.
>
> BTW, alternatively, if the internal IPsec client was configured to use NAT
> Traversal, that should also work without AstLinux firewall tweaks.
>
> Lonnie
>
>
>
> > On Jun 20, 2023, at 3:19 AM, Michael Knill
> > wrote:
> >
> > Hi Group
> >
> > I have an ipsec VPN device behind Astlinux and it cannot connect. When I
> > stick the device behind a 4G enabled Mikrotik router then it works fine.
> > What could be the problem? Are there any additional rules I need to add?
> >
> > This is certainly very annoying and hopefully I can fix it before it uses
> > up all my 4G data.
> >
> > Regards
> >
> > Michael Knill
> > Managing Director
> >
> > D: +61 2 6189 1360
> > P: +61 2 6140 4656
> > E: michael.kn...@ipcsolutions.com.au
> > W: ipcsolutions.com.au
> >
> >
> > Smarter Business Communications
> >
> > ___
> > Astlinux-users mailing list
> > Astlinux-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/astlinux-users
> >
> > Donations to support AstLinux are graciously accepted via PayPal to
> > pay...@krisk.org.
>
>
>
> ___
>
Re: [Astlinux-users] Running ipsec behind Astlinux
Hi Michael,
Good question...
It sounds like AstLinux needs to perform IPsec pass-through while the AstLinux
IPsec VPN is not enabled.
As a quick "hack", using the Network tab ...
Firewall Plugins: [ ipsec-vpn ] - { Configure Plugin }
Ignore the "*** Do Not Edit Below Here ***" note and set ENABLED=1 in the lower
section, per this diff:
-- diff --
# AstLinux specific mappings, either edit your /mnt/kd/rc.conf file
# or, use Network tab -> [IPsec Configuration] from the web interface.
#
--
# Indent script section so script variables won't be merged
- ENABLED=0
+ ENABLED=1
IPSEC_ALLOWED_HOSTS="0/0"
IPSEC_VPN_NETS=""
IPSEC_NAT_TRAVERSAL=0
vpntype_ipsec=0
-- diff --
"Save Changes" and "Restart Firewall" to apply the change.
Please report back if this solves your issue.
BTW, alternatively, if the internal IPsec client was configured to use NAT
Traversal, that should also work without AstLinux firewall tweaks.
Lonnie
> On Jun 20, 2023, at 3:19 AM, Michael Knill
> wrote:
>
> Hi Group
>
> I have an ipsec VPN device behind Astlinux and it cannot connect. When I
> stick the device behind a 4G enabled Mikrotik router then it works fine.
> What could be the problem? Are there any additional rules I need to add?
>
> This is certainly very annoying and hopefully I can fix it before it uses up
> all my 4G data.
>
> Regards
>
> Michael Knill
> Managing Director
>
> D: +61 2 6189 1360
> P: +61 2 6140 4656
> E: michael.kn...@ipcsolutions.com.au
> W: ipcsolutions.com.au
>
>
> Smarter Business Communications
>
> ___
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] Problems with voicemail and Asterisk 16 on Astlinux 1.4.7
Hi Michael, I looked through the Asterisk code, this is basic core code, but some 'code stirring' has occurred between 13 and 16. If you can replicate it in the lab, does Astlinux 1.5.0 / 13se work as expected with your voicemail.conf? Does the error occur only on long (longer) voicemails? Does the error occur intermittently or all the time? Any pattern? Lonnie > On Jun 13, 2023, at 5:52 AM, Michael Knill > wrote: > > Hi Group > > Im trying to find out why I am getting voicemail errors on Asterisk 16 on > Astlinux 1.4.7 and hoping someone may have an idea where I should start > investigating. Im getting reports and example voicemails where the person has > been cut off mid recording only on Asterisk 16 on Astlinux 1.4.7. > Im intermittently getting the following which from testing happens prior to > it dropping out: > Jun 13 13:18:47 25160-Clinic88-CM1 local0.warn asterisk[1203]: > WARNING[1533][C-04bc]: file.c:293 in ast_writestream: Translated frame > write failed > Jun 13 13:18:47 25160-Clinic88-CM1 local0.warn asterisk[1203]: > WARNING[1533][C-04bc]: app.c:2010 in __ast_play_and_record: Error writing > frame > > Nothing on 1.3.10 using Asterisk 13. Both have the same voicemail config: > [general] > format = wav > maxsecs = 180 > minsecs = 1 > maxmsg = 1000 > maxgreet = 60 > maxsilence = 0 > minpassword = 4 > silencethreshold = 128 > maxlogins = 3 > nextaftercmd = yes > sendvoicemail = yes > review = yes > operator = yes > forcename = yes > forcegreetings = yes > tempgreetwarn = yes > callback = DialPlan1 > exitcontext = voicemail-exit > externpass = /mnt/kd/scripts/vm_password_sync > externnotify = php /mnt/kd/scripts/voicemailnotify.php > > I have tried Astlinux 1.5.0 and it still happens. I cant seem to find any > related bugs. > > Any ideas? > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] AstLinux Pre-Release: astlinux-1.5-5809-61d23a
Announcing AstLinux Pre-Release: astlinux-1.5-5809-61d23a
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
** The AstLinux Team is regularly upgrading packages containing security and
bug fixes as well as adding new features of our own.
-- Linux Kernel 5.10.178 (version bump), security and bug fixes
-- OpenSSL, version bump to 1.1.1u, security fixes: CVE-2023-0464,
CVE-2023-0465, CVE-2023-0466, CVE-2023-2650
-- libcurl (curl) version bump to 8.1.2, security fixes: CVE-2023-27535,
CVE-2023-28319, etc.
-- dnsmasq, version 2.84, security fix: CVE-2023-28450
-- Fossil, (major) version bump to 2.22
-- keepalived, version bump to 2.2.8
-- libpcap, version bump to 1.10.4
-- libxml2, version bump to 2.10.4, security fixes: CVE-2023-29469,
CVE-2023-28484
-- ncurses, version bump to 6.4, security fix: CVE-2023-29491 using
--disable-root-environ build
-- pciutils, version bump to 3.10.0
-- sqlite, version bump to 3.42.0
-- sngrep, version bump to 1.7.0
-- tcpdump, version 4.99.4
-- udev (eudev), version bump to 3.2.12
-- zabbix, version bump to 4.0.46
-- ca-certificates, update trusted root certificates 2023-05-30
-- mac2vendor, oui.txt database snapshot 2023-06-10
-- Time Zone Database update, tzdata2023c and php-timezonedb-2023.3
-- Asterisk 13.38.3 ('13se' no change)
Last Asterisk 13.x "Legacy" version, built --without-pjproject
-- Asterisk 16.30.0 (no change) and 18.18.0 (version bump)
Add Asterisk 16.x pjsip_pubsub-fixes-for-pjsip-2.13 patch
-- DAHDI, dahdi-linux 3.2.0 (no change) and dahdi-tools 3.2.0 (no change)
-- pjsip 2.13 (version bump)
-- Complete Pre-Release ChangeLog:
https://astlinux-project.org/beta/astlinux-changelog/ChangeLog.txt
The "AstLinux Pre-Release ChangeLog" and "Pre-Release Repository URL" entries
can be found under the "Development" tab of the AstLinux Project web site ...
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
AstLinux Team
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] Astlinux reliability
> On Jun 9, 2023, at 9:54 PM, Michael Knill > wrote: > > System Uptime: 989 days, 1:29 > > Its on an APU2 in a hospital environment so never had a power failure. > Yes I should have upgraded it long ago but pretty cool! > > Regards > Michael Knill Hey Michael, Thanks for reporting! Over the years, I also have witnessed multi-year uptimes for special situation AstLinux boxes. Lonnie ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] EXTIF_ALIAS
Hi David, To be clear the variable name is 'EXTIP_ALIAS' -- ## External Interface Alias (Virtual) IPv4 Addresses ## If EXTIP (or EXT2IP) is set, using a 'static' configuration, alias interfaces ## on EXTIF (or EXT2IF) may be defined creating $EXTIF:1, $EXTIF:2, etc. . ## Multiple IPv4 addresses are space separated. #EXTIP_ALIAS="192.168.25.3 192.168.25.4" #EXT2IP_ALIAS="192.168.25.3 192.168.25.4" -- This was added to support certain business level ISPs that allowed more than one static IP address on the external interface. This would be used via the firewall 'NAT EXT->LAN' and the 'NAT EXT' setting to selectively NAT inbound traffic to LAN devices for multiple static external IPv4 addresses. Keep in mind this only applies to static external IP addresses provided by your ISP. Also the static external link setting (and any /mnt/kd/rc.elocal added routes) should be maintained with with the link cycling ... unlike with DHCP where the IP/routes are cleared/changed on a link cycling. > I want to add an alias of 192.168.100.xx/24 to my external interface, with > that I can access 192.168.100.1 which is the IP address of my (everyone's?) > cable modem. Hmm, I'm not sure why you would need that. I personally can reach my cable modem at https://192.168.100.1/ from my LAN. If you changed the firewall defaults, such as set the firewall RESERVED_NET_DROP setting to "1" in user.conf, that would block 192.168.100.1 access. Lonnie > On Jun 8, 2023, at 9:28 AM, David Kerr wrote: > > Astlinux network initialization script has the ability to add an additional > IP address to external interfaces. You can define a list of IP addresses in > the EXTIF_ALIAS and EXT2IF_ALIAS variables in user.conf. However the script > is hard coded to apply a /32 network mask. Was this deliberate? > > I want to add an alias of 192.168.100.xx/24 to my external interface, with > that I can access 192.168.100.1 which is the IP address of my (everyone's?) > cable modem. I have been doing this manually in rc.local but discovered that > this is not resilient to the link going down/up, which is when I discovered > that the network script has this alias support. But the /32 netmask prevents > routing to any other devices because the subnet is, well, zero in length. > > It feels like the network script should either require that the netmask is > included in the EXTIF_ALIAS, or test to see if one is specified and only add > /32 if none is provided (I suggest /32 for backward compatibility only... I > think it should have defaulted to /24). > > Thoughts? > David > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Hello all and I need help.
Yup, and the PCI-ids removal here: https://github.com/asterisk/dahdi-linux/commit/29cb229cd3f1d252872b7f1924b6e3be941f7ad3 Lonnie > On Jun 5, 2023, at 8:51 AM, Michael Keuter wrote: > > The references were removed in 2018: > > https://github.com/asterisk/dahdi-linux/commit/75620dd9ef6ac746745a1ecab4ef925a5b9e2988 > >> Am 05.06.2023 um 15:11 schrieb Lonnie Abelbeck : >> >> Hi Tahiro, >> >> A quick look at the dahdi-linux code for the "wcb4xxp", the PCI-ids appear >> to be defined here [1] >> >> But my gut feeling, there may be more to it than simply adding a line to >> DEFINE_PCI_DEVICE_TABLE >> >> Question, are Digium wcb4xxp ISDN cards available on the used market at a >> reasonable price? >> >> Lonnie >> >> [1] >> https://github.com/asterisk/dahdi-linux/blob/4397c55319154a8dc89022f6f75c683d6af12d54/drivers/dahdi/wcb4xxp/base.c#LL3642C1-L3651C3 >> >> >> >>> On Jun 5, 2023, at 2:51 AM, Tahiro Hashizume via Astlinux-users >>> wrote: >>> >>> Alright, I hope the attached TXT file clarifies the situation I am facing. >>> Looks to me like the driver in question does not have the necessary PCI-ID >>> listed. >>> >>> On Thu, Jun 1, 2023 at 4:33 PM Tahiro Hashizume >>> wrote: >>> Hi Michael, >>> >>> The telephone service provided by the local telco (NTT East of Japan) is >>> based on a very standard format (SIP+RTSP with SIP session timer of 300 >>> seconds) provided on a closed network over fiber. >>> Yet I still consider the interfacing of asterisk with the local telco via >>> ISDN to be a valid option for the following reasons: >>> A.) The information required for SIP registration incl. account, domain and >>> SIP server address(es) are provided via vendor-specific options of >>> DHCPv4+DHCPv6-PD. >>> Given the format of the service (as mentioned above), direct-interfacing of >>> asterisk with telco is no rocket science in principle, but doing so with >>> some reliability is another thing. >>> While there is sip-proxy software (non-OSS) available for Linux which also >>> functions as a DHCP client, I find it rather silly to use it. >>> B.)The local telco also requires that any non-hardware/non-certified >>> IP-PBXes directly interfaced with their VoIP servers via IPv4/IPv6 to be >>> inspected for security and compatibility. In terms of direct-interfacing >>> asterisk with the telco, this means having asterisk config files checked by >>> telco's engineers (AND THE INSPECTION COSTS A LOT!!!). The aforementioned >>> sip-proxy is certified-compatible with the telco and effectively eliminates >>> the need for inspection. >>> >>> Given that B400P available through the local distributor is a >>> telco-certified device and the telco also provides a ISDN gateway for the >>> service (which has either two or four BRIs and ethernet), ISDN-interfacing >>> of asterisk is a seemingly decent choice. Yes, it's a problem so easy to >>> solve in principle but not so in reality. >>> >>> Now, the card is listed in lspci, but is not visible from DAHDI utilities. >>> My guess is that it's due to the PCI VID of B400P that is not listed in >>> "modinfo wcb4xxp". Documentation by OpenVox also says that a little >>> patching is necessary, so things make sense overall. >>> >>> I'll include the PID and VID with the next email should there be a demand >>> for it. >>> >>> Any comments and ideas are appreciated. >>> >>> Tahiro >>> >>> On Mon, May 29, 2023 at 6:38 PM Michael Keuter >>> wrote: >>> >>> >>>> Am 29.05.2023 um 07:39 schrieb Tahiro Hashizume via Astlinux-users >>>> : >>>> >>>> Dear whom it may concern. >>>> >>>> I've recently got my hands on a OpenVox B400P ISDN BRI card. >>>> It seems that DAHDI included with Astlinux isn't built to support the card >>>> and I'm now trying to figure out how to build the image with the support >>>> included. >>>> It's been a while since I started fiddling with OSS and I have been fairly >>>> comfortable building stuff from sources although I am not yet able to >>>> write my own Makefile and so on. >>>> Any ideas on how I should get started? >>>> >>>> P.S.-I have managed to build the toolchain and Astlinux image by default
Re: [Astlinux-users] Hello all and I need help.
Hi Tahiro, A quick look at the dahdi-linux code for the "wcb4xxp", the PCI-ids appear to be defined here [1] But my gut feeling, there may be more to it than simply adding a line to DEFINE_PCI_DEVICE_TABLE Question, are Digium wcb4xxp ISDN cards available on the used market at a reasonable price? Lonnie [1] https://github.com/asterisk/dahdi-linux/blob/4397c55319154a8dc89022f6f75c683d6af12d54/drivers/dahdi/wcb4xxp/base.c#LL3642C1-L3651C3 > On Jun 5, 2023, at 2:51 AM, Tahiro Hashizume via Astlinux-users > wrote: > > Alright, I hope the attached TXT file clarifies the situation I am facing. > Looks to me like the driver in question does not have the necessary PCI-ID > listed. > > On Thu, Jun 1, 2023 at 4:33 PM Tahiro Hashizume wrote: > Hi Michael, > > The telephone service provided by the local telco (NTT East of Japan) is > based on a very standard format (SIP+RTSP with SIP session timer of 300 > seconds) provided on a closed network over fiber. > Yet I still consider the interfacing of asterisk with the local telco via > ISDN to be a valid option for the following reasons: > A.) The information required for SIP registration incl. account, domain and > SIP server address(es) are provided via vendor-specific options of > DHCPv4+DHCPv6-PD. > Given the format of the service (as mentioned above), direct-interfacing of > asterisk with telco is no rocket science in principle, but doing so with some > reliability is another thing. > While there is sip-proxy software (non-OSS) available for Linux which also > functions as a DHCP client, I find it rather silly to use it. > B.)The local telco also requires that any non-hardware/non-certified IP-PBXes > directly interfaced with their VoIP servers via IPv4/IPv6 to be inspected for > security and compatibility. In terms of direct-interfacing asterisk with the > telco, this means having asterisk config files checked by telco's engineers > (AND THE INSPECTION COSTS A LOT!!!). The aforementioned sip-proxy is > certified-compatible with the telco and effectively eliminates the need for > inspection. > > Given that B400P available through the local distributor is a telco-certified > device and the telco also provides a ISDN gateway for the service (which has > either two or four BRIs and ethernet), ISDN-interfacing of asterisk is a > seemingly decent choice. Yes, it's a problem so easy to solve in principle > but not so in reality. > > Now, the card is listed in lspci, but is not visible from DAHDI utilities. My > guess is that it's due to the PCI VID of B400P that is not listed in > "modinfo wcb4xxp". Documentation by OpenVox also says that a little patching > is necessary, so things make sense overall. > > I'll include the PID and VID with the next email should there be a demand for > it. > > Any comments and ideas are appreciated. > > Tahiro > > On Mon, May 29, 2023 at 6:38 PM Michael Keuter wrote: > > > > Am 29.05.2023 um 07:39 schrieb Tahiro Hashizume via Astlinux-users > > : > > > > Dear whom it may concern. > > > > I've recently got my hands on a OpenVox B400P ISDN BRI card. > > It seems that DAHDI included with Astlinux isn't built to support the card > > and I'm now trying to figure out how to build the image with the support > > included. > > It's been a while since I started fiddling with OSS and I have been fairly > > comfortable building stuff from sources although I am not yet able to write > > my own Makefile and so on. > > Any ideas on how I should get started? > > > > P.S.-I have managed to build the toolchain and Astlinux image by default > > config for Asterisk 18.x. > > > > Regards. > > Hi Tahiro, > > the only BRI driver in DAHDI is the WCB4XXP for 2-8 port HFS-chip cards. > > https://doc.astlinux-project.org/userdoc:dahdi > > So in principle this should work for your card: > > DAHDIMODS="wcb4xxp dahdi_echocan_oslec" > > I have switched all my ISDN based installations to berofix cards/boxes over > 10 years ago. > And now none is still in production :-). > > Michael > > http://www.mksolutions.info ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] USB disk automount in Astlinux
> The idea was to mount the disk not only at startup but each time the disk is > plugged and keep it switched off most of the time but I'll have to mount it > with a custom script instead of automatically. Gonzalo, Make certain you 'umount' before unplugging or powering down the USB disk. Periodic network/cloud backups also work well. BTW, AstLinux supports a 'wol-host' command to wake a network device that supports Wake-on-LAN ... some testing is required for particular hardware. -- Usage: wol-host [options...] ipv4_addr|name Options: --mac MACManually define the MAC address, aa:bb:cc:dd:ee:ff, default none/auto-lookup -p pass Append aa:bb:cc:dd[:ee:ff] password to the WoL packet, default none -P, --ping Follow WoL packet with a series of ICMP (ping) packets to host. -t secs Max time (in secs) to send ping packets, default 180 -v Verbose mode -h, --help Show this help text -- So, if everything works correctly, an AstLinux script could initiate a backup by first sending a WoL packet to wake a network file server, perform the backup and then let the network file server sleep after a period of inactivity. Lonnie > On Apr 29, 2023, at 4:52 AM, Gonzalo wrote: > > Hi, > > Thank you Ionel and Lonnie. > > The idea was to mount the disk not only at startup but each time the disk is > plugged and keep it switched off most of the time but I'll have to mount it > with a custom script instead of automatically. > I have a remote controlled switch which I use to power on the disk each time > I want to perform a backup. > > Regards. > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] USB disk automount in Astlinux
1.1G454.4M623.4M 42% /etc > none144.7M144.7M 0 100% > /mnt/unionfs/asturo/stat > unionfs 1.1G454.4M623.4M 42% > /mnt/unionfs/union/stat > unionfs 1.1G454.4M623.4M 42% /stat > /dev/sda357.5G 25.9G 28.6G 48% /mnt/kd > /dev/sda1 191.7M130.4M 61.3M 68% /oldroot/cdrom > /dev/sdb1 112.2G 6.6G 99.9G 6% /mnt/kd/USB > HOME-PBX etc # > > >> On Apr 28, 2023, at 6:58 PM, Lonnie Abelbeck >> wrote: >> >> /etc/udev/rules.d > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] USB disk automount in Astlinux
Ionel, Did you have to edit/add anything to /etc/udev/rules.d to make that work? Puzzled. Gonzalo, If you only wanted it to mount on startup, create /mnt/kd/rc.local and make script executable (vfat example). -- /mnt/kd/rc.local -- #!/bin/sh DISK="/dev/sdb1" DISK_MP="/tmp/USB" mkdir -p "$DISK_MP" if [ -e "$DISK" ]; then mount -t vfat $DISK $DISK_MP fi -- Make the script executable # chmod +x /mnt/kd/rc.local Now, on each reboot, the USB drive will be mounted if it exists. AstLinux does not support any automount functionally. Lonnie > On Apr 28, 2023, at 5:55 PM, Ionel Chila via Astlinux-users > wrote: > > A line in /etc/fstab will do the trick. Figure out what what dev is your USB > drive and the partition type and change the line accordingly > > My example below is for my 256G USB drive I use for backing up my configs > > /dev/sdb1 /mnt/kd/USB ext3 noauto,noatime 0 0 > > > > >> On Apr 28, 2023, at 5:34 PM, Gonzalo wrote: >> >> Hi, >> >> What would be the best way to configure automount for an external usb disk >> in Astlinux? >> >> The goal is to get the disk mounted automatically on a fixed path every time >> the disk is plugged into Astlinux box. >> >> Thanks. >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Firewall / Adaptive Ban for external / internet brute force attacks
Hi Ionel, > Is it possible to create a rule and say only this “extension” can log in and > everything else drop? No, that would require some sort of deep inspection at the firewall level. A couple of ideas... 1) Using 'sipgrep' from the AstLinux CLI, have your brother call you and see what the "User-Agent:" header is: -- User-Agent: ___ -- Then using the "sip-user-agent" firewall plugin [1] in whitelist mode, define SIP_USER_AGENT_PASS_TYPES For example: -- SIP_USER_AGENT_PASS_TYPES="___" -- That should reduce a lot of of 5060 spam. Note -> If you have other external SIP endpoints you would need to add (space separate) their User-Agent to SIP_USER_AGENT_PASS_TYPES as well. 2) If your brother's network can perform dynamic DNS, then the "DynDNS Host Open plugin" could be used on only allow your brother, and then remove the "Pass EXT->Local UDP 0/0 5060" firewall rule. For example: -- DYNDNS_HOST_OPEN_UDP="x.duckdns.org~5060" -- 3) If your brother's IP address does not change much, say it is "1.2.3.4" perform a -- whois 1.2.3.4 | grep '^CIDR:' -- and use that CIDR instead of 0/0 in the UDP 5060 firewall rule. Something like "Pass EXT->Local UDP 1.2.0.0/16 5060" Lonnie [1] https://doc.astlinux-project.org/userdoc:tt_firewall_plugins#sip-user-agent > On Apr 22, 2023, at 12:05 PM, Ionel Chila via Astlinux-users > wrote: > > I had to open port 5060 to the internet for my brother PAP2-NA to get in. > Initially I started getting a lot of brute force attacks but the > “adaptive-ban” plugins took care of it. Now I am getting a different type > of attacks? See logs bellow. > > I do have a firewall from UDMP-SE and this PBX is on a DMZ. I forward port > 5060 on my WAN to this PBX. > > Is it possible to create a rule and say only this “extension” can log in and > everything else drop? For instance the PAP2-NA extension is 505 for the > purpose of this exercise. > > Thanks in advance > Ionel > > > Apr 22 10:55:29 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: > chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on > transmission 1447810443-1891497107-14325089 for seqno 2 (Critical Response) > -- See https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions > Packet timed out after 32000ms with no response > Apr 22 10:56:26 HOME-PBX local0.notice asterisk[1092]: > NOTICE[1285][C-0027]: chan_sip.c:19672 in > send_check_user_failure_response: Failed to authenticate device < > sip:9998@192.168.0.15:5060 >> ;tag=1922473623 for INVITE, code = -1 > Apr 22 10:56:58 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: > chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on > transmission 1920380597-2112014333-1667702904 for seqno 2 (Critical Response) > -- See > https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions > Packet timed out after 32000ms with no response > Apr 22 10:57:38 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: > chan_sip.c:4210 in retrans_pkt: Timeout on 1138283951-307500403-1980426376 on > non-critical invite transaction. > Apr 22 10:57:55 HOME-PBX local0.notice asterisk[1092]: > NOTICE[1285][C-0029]: chan_sip.c:19672 in > send_check_user_failure_response: Failed to authenticate device < > sip:9998@192.168.0.15:5060 >> ;tag=739451700 for INVITE, code = -1 > Apr 22 10:58:27 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: > chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on > transmission 76533194-1510649679-2136561043 for seqno 2 (Critical Response) > -- See > https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions > Packet timed out after 32000ms with no response > Apr 22 11:02:56 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: > chan_sip.c:4210 in retrans_pkt: Timeout on 2133735229-376621693-426493952 on > non-critical invite transaction. > Apr 22 11:03:00 HOME-PBX local0.notice asterisk[1092]: > NOTICE[1285][C-002b]: chan_sip.c:19672 in > send_check_user_failure_response: Failed to authenticate device < > sip:8889@192.168.0.15:5060 >> ;tag=595665381 for INVITE, code = -1 > Apr 22 11:03:32 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: > chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on > transmission 1076661996-1742674713-465326551 for seqno 2 (Critical Response) > -- See > https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions > Packet timed out after 32000ms with no response > Apr 22 11:04:30 HOME-PBX local0.notice asterisk[1092]: > NOTICE[1285][C-002c]: chan_sip.c:19672 in > send_check_user_failure_response: Failed to authenticate device < > sip:8889@192.168.0.15:5060 >> ;tag=43636851 for INVITE, code = -1 > Apr 22 11:05:02 HOME-PBX local0.warn asterisk[1092]: WARNING[1285]: > chan_sip.c:4151 in retrans_pkt: Retransmission timeout reached on > transmission 172031-387023100-315880286 for seqno 2 (Critical Response) > -- See > https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions >
Re: [Astlinux-users] Stopping logging of Crontab
Hi Michael, The (busybox) crond daemon has a syslog level setting which defaults to 8, the least verbose log level. So no help there. Using the filter for the Status Tab, is a reasonable idea. Personally, when executing shell commands on a regular interval of seconds/minutes, I prefer to use a bash shell script and the sleep builtin. (Using the sleep builtin keeps from spawning a new process whenever 'sleep' is called). The simplest example of this is the 'msmtpqueue' bash script [1] Basic code setup and loop: -- #!/bin/bash LOCKFILE="/var/lock/foobar.lock" # Robust 'bash' method of creating/testing for a lockfile if ! ( set -o noclobber; echo "$$" > "$LOCKFILE" ) 2>/dev/null; then echo "foobar: already running, lockfile \"$LOCKFILE\" exists, process id: $(cat "$LOCKFILE")." return 9 fi # Load 'sleep' builtin if it exists if [ -f /usr/lib/bash/sleep ]; then enable -f /usr/lib/bash/sleep sleep fi #seconds to wait wait=300 trap 'rm -f "$LOCKFILE"; exit $?' INT TERM EXIT while true; do # do stuff sleep $wait done rm -f "$LOCKFILE" trap - INT TERM EXIT -- Look at the actual code [1] for finer details. Another fairly simple example, asterisk-sip-monitor [2] which adds a PID file that can be removed to exit the script. Lonnie [1] https://github.com/astlinux-project/astlinux/blob/master/package/msmtp/msmtpqueue.sh [2] https://github.com/astlinux-project/astlinux/blob/master/package/asterisk/asterisk-sip-monitor > On Mar 29, 2023, at 11:39 PM, Michael Knill > wrote: > > Short of putting in a filter for the Status Tab, is there any way to stop > Crontab logging to Syslog. > I now have a process that is run every 10 minutes and its annoying that it > logs to Syslog each time. > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] Bmax B1 Plus Celeron N3350 Fanless Mini PC
Hi, We have added a new addition to our "Generic x86_64" hardware list, under "Mini PC Hardware" ... Bmax B1 Plus Celeron N3350 Fanless Mini PC [1] https://doc.astlinux-project.org/userdoc:board_bmax_b1_plus The Bmax B1 Plus Mini PC can be purchased new for ~$100 USD. The value proposition is key, running AstLinux quite nicely, albeit with a single ethernet interface. Alternatively, similarly priced Mini PCs with SATA storage or reused thin clients may have a similar value proposition. I personally purchased the Bmax B1 Plus via Amazon for $95 USD (after discount and coupon), the only additionally cost was a Silicon Power 128GB A55 M.2 type 2280 SATA SSD for $15 USD. The Bmax B1 Plus has onboard soldered 6 GB of RAM, N3350 dual core 2400 MHz CPU. The Bmax B1 Plus is fanless, and only draws 3 Watts when idle. The Bmax B1 Plus initial setup requires some BIOS configuration [1], disabling eMMC support is key and will prevent booting to Windows. Then boot via USB (FAT32/Master-Boot-Record formatted) containing the AstLinux Installer ISO files. Install to the internal M.2 type 2280 SATA SSD. The M.2 SATA SSD is trivial to install, and the BIOS is not limited like some Mini PCs are. Both Legacy and UEFI are supported with Linux, but UEFI is the default. Summary: The Bmax B1 Plus runs AstLinux well, and coupled with configuring LXC containers and its 6 GB of RAM, this box offers a lot at a very competitive price. Think of it as AstLinux features (Asterisk, Firewall, VPN, etc.) coupled with LXC x86_64 RaspberryPi-like replacement features. Surprisingly, even with the Realtek NIC, the little box can serve as a WireGuard VPN endpoint at near 1 Gbps line speed. The single ethernet interface is the primary drawback, but VLANs are your friend, allowing LXC containers to use an internal bridged VLAN and/or support an internal LAN (VLAN) network for phones/devices while connected to a managed ethernet switch. Lonnie ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] Announcing AstLinux Release: 1.5.0
Announcing AstLinux Release: 1.5.0 More Info: AstLinux Project https://www.astlinux-project.org/ New 1.5.x series based on Linux Kernel 5.10: * Toolchain: glibc 2.31, binutils 2.35.1, gcc 9.4.0, using crosstool-ng-1.25.0 * Filesystem: use ext4 driver instead of ext2. Enable feature 'extra_isize' for new installs, without journal * Network Drivers: wireguard, igb, igc and e1000e drivers are now native with the 5.10 kernel * DAHDI: dahdi-linux 3.2.0 and dahdi-tools 3.2.0 AstLinux 1.5.0 Highlights: * Asterisk Versions: 13.38.3, 16.30.0, 18.16.0 * Linux Kernel 5.10.162, security and bug fixes * RUNNIX, version bump to runnix-0.6.14 * OpenSSL, version bump to 1.1.1t, security fixes: CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304 * LibreTLS, version bump to 3.7.0 * libcurl (curl) version bump to 7.88.1, security fixes: CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916 * pjsip version 2.12.1, backport security fixes: CVE-2022-23537, CVE-2022-23547 * e2fsprogs, version bump to 1.46.6 * htop, version bump to 3.2.2 * libpcap, version bump to 1.10.3 * libsrtp, version bump to 2.5.0 * Monit, version bump to 5.33.0 * set-kcmd-cstate, new command to manage whether 'processor.max_cstate=1' is passed to the kernel or not (default) * sqlite, version bump to 3.40.1 * stunnel, version bump to 5.68 * sudo, version 1.8.32, add security fix: CVE-2023-22809 * tiff, version bump to 4.5.0, security fixes: many, add patch for CVE-2022-48281 * tcpdump, version 4.99.3 * unbound, version bump to 1.17.1 * Asterisk '13se' (stable edition) version 13.38.3 is the last Asterisk 13.x "Legacy" version, built --without-pjproject * Package upgrades providing important security and bug fixes Full ChangeLog: https://raw.githubusercontent.com/astlinux-project/astlinux/1.5.0/docs/ChangeLog.txt All users are encouraged to upgrade, read the ChangeLog for the details. AstLinux Team ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Streaming music player
> On Feb 22, 2023, at 2:36 AM, Michael Keuter wrote: > > > >> Am 22.02.2023 um 02:29 schrieb Michael Knill >> : >> >> Hi Guys >> >> Everything I read mentions that mpg123 is required for this but it does not >> appear to be in Astlinux. >> Could I just add the binary to /mnt/kd/bin do you think? >> >> Regards >> >> Michael Knill >> Managing Director > > Hi Michael, > > you can easily use "sox" instead of "mpg123" for streaming. Like: > > > wget -q -O - $URL | sox -t mp3 $FOPTS - -t raw -r 8000 -c 1 - > > > Michael > http://www.mksolutions.info Agreed, sox supports more encoding types than mpg123, IIRC. This wiki entry has some good tidbits... External Music on Hold Source https://doc.astlinux-project.org/userdoc:tt_external_moh_source Lonnie ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] AstLinux Pre-Release: astlinux-1.5-5724-2f90aa
Announcing AstLinux Pre-Release: astlinux-1.5-5724-2f90aa
** New 1.5.x series based on Linux Kernel 5.10
-- New toolchain: glibc 2.31, binutils 2.35.1, gcc 9.4.0, using
crosstool-ng-1.25.0
** The AstLinux Team is regularly upgrading packages containing security and
bug fixes as well as adding new features of our own.
-- Linux Kernel 5.10.162 (major version bump), security and bug fixes
-- filesystem, use ext4 driver instead of ext2. Enable feature 'extra_isize'
for new installs, without journal.
Note: With 'extra_isize' added for new installs, disks must be mounted
as ext4, but they can be mounted read-only using ext2.
-- wireguard, igb, igc and e1000e drivers are now native with the 5.10 kernel
-- OpenSSL, version bump to 1.1.1t, security fixes: CVE-2023-0286,
CVE-2023-0215, CVE-2022-4450, CVE-2022-4304
-- libcurl (curl) version bump to 7.87.0, security fixes: CVE-2022-43551,
CVE-2022-43552
-- LibreTLS, version bump to 3.7.0
-- libpcap, version bump to 1.10.3
-- libsrtp, version bump to 2.5.0
-- e2fsprogs, version bump to 1.46.6
-- htop, version bump to 3.2.2
-- linux-firmware, version bump to 20210919, provide binary blobs for r8169 and
tg3 NIC drivers
-- sqlite, version bump to 3.40.1
-- stunnel, version bump to 5.68
-- sudo, version 1.8.32, add security fix: CVE-2023-22809
-- tcpdump, version 4.99.3
-- tiff, version bump to 4.5.0, security fixes: many
-- unbound, version bump to 1.17.1
-- Asterisk 13.38.3 ('13se' no change)
Last Asterisk 13.x "Legacy" version, built --without-pjproject
-- Asterisk 16.30.0 (version bump) and 18.16.0 (version bump)
-- DAHDI, dahdi-linux 3.2.0 (version bump) and dahdi-tools 3.2.0 (version bump)
Note: Retain patch to support (wctdm24xxp) TDM800P/AEX800 and
TDM410P/AEX410 PCI cards.
Note: Retain patch to support (wctdm) TDM400P PCI cards.
Note: Retain patch to support (wcfxo) X100P PCI cards.
-- pjsip 2.12.1 (no change)
-- Complete Pre-Release ChangeLog:
https://astlinux-project.org/beta/astlinux-changelog/ChangeLog.txt
The "AstLinux Pre-Release ChangeLog" and "Pre-Release Repository URL" entries
can be found under the "Development" tab of the AstLinux Project web site ...
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
AstLinux Team
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] Large number of Firewall entries
Michael,
Controlling the client is not ideal.
Not sure if it is worth the trouble, but rather than removing the IP address,
you could mark it with a unique prefix, like:
#block#1.2.3.4
Then add another sed one-liner for a different set-name that gets added in a
new unique chain which gets added as -I to the INPUT chain, like the adaptive
ban plugin does. This order will make a -j DROP for udp 5060 act before the
conntrack states.
Lonnie
> On Jan 2, 2023, at 6:16 PM, Michael Knill
> wrote:
>
> Thanks Lonnie. Sorry you had to roll your sleeves up. :-)¡
>
> Yes that makes perfect sense and it did what you said when tested. I really
> should have known this but it caught me out. I did stop SIP traffic going out
> but it was the remote peer's OPTIONS pings that was holding it up.
> We will test parsing sip_peers.conf looking at host= to pick up all the IP
> Addresses on the system and add them to the ipset.
>
> One thing I was thinking is that if we are sending OPTIONS pings to all these
> peers from the softswitch then theoretically we should not need to create any
> firewall rules as the session will already be set up in conntrack. I tested
> it by turning off OPTIONS pings at both ends, waiting for conntrack to time
> out and then turn on OPTIONS pings at the peer end. It did not work until I
> turned on OPTIONS pings at the softswitch end whereby I could make and
> receive calls again.
>
> Is this a bit risky do you think? Can you think of any breaking scenarios?
>
> Regards
> Michael Knill
>
>
>
> On 3/1/2023, 9:07 am, "Lonnie Abelbeck" <mailto:li...@lonnie.abelbeck.com>> wrote:
>
>
> Hi Michael,
>
>
> I rolled up my sleeves, and gave this a test in my lab:
>
>
> -- snip /etc/arno-iptables-firewall/custom-rules --
>
>
> ipset_ext_input_allow()
> {
> local proto="$1" port="$2" set="$3" file="$4"
>
>
> if [ ! -f "$file" ]; then
> echo "[CUSTOM RULE] ipset_ext_input_allow: File not found: $file"
> return
> fi
>
>
> echo "[CUSTOM RULE] IPSet Pass EXT->Local for Proto: $proto, Port: $port,
> Set: $set, IPsetFile: $file"
>
>
> ipset create -exist $set hash:net
> ipset flush $set
>
>
> sed -n -r -e "s/^([0-9][0-9./]+)([[:space:]].*|)$/add -exist ${set} \1/p"
> "$file" | ipset restore
>
>
> ip4tables -A EXT_INPUT_CHAIN -m set --match-set $set src -p $proto --dport
> $port -j ACCEPT
> }
> ipset_ext_input_allow udp 5060 udp_sip_hosts /tmp/sip-whitelist.netset
>
>
> --
>
>
> -- /tmp/sip-whitelist.netset --
> ##
> 1.2.3.4 #test
> #10.10.50.1
> 10.10.50.55
> #10.10.0.0/16
>
>
> --
>
>
> It worked as expected. Restarting the firewall "arno-iptables-firewall
> restart" applies the current IPv4 .netset file.
>
>
>
>
>> If I then remove the address and restart the firewall, the address is
>> removed from the list (ipset list confirms this) but the address is still
>> open in the firewall. I cannot remove it unless I reboot the system.
>
>
> What you are seeing is the iptables conntrack state table, eventually the UDP
> state will expire after 120 seconds (unless traffic resets the state)
>
>
> Source Port (#'s) Destination Port Protocol Packets Bytes TTL
> 10.10.50.1 5060 10.10.50.64 5060 UDP 24 13856 1:29
>
>
> After the TTL counts down to 0 then the conntrack state disappears. The
> iptables conntrack state table makes the firewall much more efficient. This
> behavior has always existed.
>
>
> So in your testing, if you wait 2 minutes after you remove an IP and apply
> the change, the IP will be blocked for UDP 5060 traffic.
>
>
> If you are getting a constant stream of UDP 5060 traffic from that IP then
> you would need to take additional measures to block further traffic. For
> example, if you allowed a remote SIP endpoint to register more often than 120
> seconds, removing the IP from the "allowed" ipset would not "block" it until
> the conntrack state disappears.
>
>
> Make sense?
>
>
> Lonnie
>
>
>
>
>
>
>> On Jan 2, 2023, at 2:26 PM, Michael Knill > <mailto:michael.kn...@ipcsolutions.com.au>> wrote:
>>
>> Hi Lonnie
>>
>> Thanks for this. Unfortunately I still need to reboot the system for it to
>> reread the netset rules if I remove an ipset entry.
>> Here is my custom-rules.conf:
>>
>> ipset create -exist udp_sip_hosts hash:net
>> ipset flush udp_sip_hosts
>> ipset add -exist udp_sip_hosts
>> i
Re: [Astlinux-users] Large number of Firewall entries
Hi Michael,
I rolled up my sleeves, and gave this a test in my lab:
-- snip /etc/arno-iptables-firewall/custom-rules --
ipset_ext_input_allow()
{
local proto="$1" port="$2" set="$3" file="$4"
if [ ! -f "$file" ]; then
echo "[CUSTOM RULE] ipset_ext_input_allow: File not found: $file"
return
fi
echo "[CUSTOM RULE] IPSet Pass EXT->Local for Proto: $proto, Port: $port,
Set: $set, IPsetFile: $file"
ipset create -exist $set hash:net
ipset flush $set
sed -n -r -e "s/^([0-9][0-9./]+)([[:space:]].*|)$/add -exist ${set} \1/p"
"$file" | ipset restore
ip4tables -A EXT_INPUT_CHAIN -m set --match-set $set src -p $proto --dport
$port -j ACCEPT
}
ipset_ext_input_allow udp 5060 udp_sip_hosts /tmp/sip-whitelist.netset
--
-- /tmp/sip-whitelist.netset --
##
1.2.3.4 #test
#10.10.50.1
10.10.50.55
#10.10.0.0/16
--
It worked as expected. Restarting the firewall "arno-iptables-firewall
restart" applies the current IPv4 .netset file.
> If I then remove the address and restart the firewall, the address is removed
> from the list (ipset list confirms this) but the address is still open in the
> firewall. I cannot remove it unless I reboot the system.
What you are seeing is the iptables conntrack state table, eventually the UDP
state will expire after 120 seconds (unless traffic resets the state)
Source Port (#'s) Destination PortProtocolPackets
Bytes TTL
10.10.50.1 506010.10.50.64 5060UDP 24
13856 1:29
After the TTL counts down to 0 then the conntrack state disappears. The
iptables conntrack state table makes the firewall much more efficient. This
behavior has always existed.
So in your testing, if you wait 2 minutes after you remove an IP and apply the
change, the IP will be blocked for UDP 5060 traffic.
If you are getting a constant stream of UDP 5060 traffic from that IP then you
would need to take additional measures to block further traffic. For example,
if you allowed a remote SIP endpoint to register more often than 120 seconds,
removing the IP from the "allowed" ipset would not "block" it until the
conntrack state disappears.
Make sense?
Lonnie
> On Jan 2, 2023, at 2:26 PM, Michael Knill
> wrote:
>
> Hi Lonnie
>
> Thanks for this. Unfortunately I still need to reboot the system for it to
> reread the netset rules if I remove an ipset entry.
> Here is my custom-rules.conf:
>
> ipset create -exist udp_sip_hosts hash:net
> ipset flush udp_sip_hosts
> ipset add -exist udp_sip_hosts
> iptables -A EXT_INPUT_CHAIN -m set --match-set udp_sip_hosts src -p udp
> --dport 5060 -j ACCEPT
>
>
> If I add another IP Address to the list as below and restart the firewall it
> works fine and I see it when I do an ipset list:
> ipset add -exist udp_sip_hosts <1st ip address>
> ipset add -exist udp_sip_hosts <2nd ip address>
>
> If I then remove the address and restart the firewall, the address is removed
> from the list (ipset list confirms this) but the address is still open in the
> firewall. I cannot remove it unless I reboot the system.
> Obviously not workable I'm afraid.
>
> Regards
> Michael Knill
>
>
>
> On 3/1/2023, 3:22 am, "Lonnie Abelbeck" <mailto:li...@lonnie.abelbeck.com>> wrote:
>
>
> Hi Michael,
>
>
> Referring to the "apply_ipset_netset()" function (here [1])
>
>
> Add "-exist" to the "create" and "add" (man-page [2]) commands.
>
>
> Note that you can create the ipset from a text file within the
> /etc/arno-iptables-firewall/custom-rules script. Edit your text file and
> reload the firewall.
>
>
> Using "ipset create -exist ..." will not fail if the ipset already exists.
> "ipset flush ..." will clear any pre-existing ipset.
>
>
> Tip -> I would probably use "hash:net" instead of "hash:ip" so you could use
> CIDRs if you wanted.
>
>
> custom-rules script snippet
> --
> ipset create -exist udp_sip_hosts hash:net
> ipset flush udp_sip_hosts
>
>
> ## either a one-liner from a text file "sip-whitelist.netset"
> sed -n -r -e "s/^([0-9][0-9./]+)([[:space:]].*|)$/add -exist udp_sip_hosts
> \1/p" sip-whitelist.netset | ipset restore
>
>
> ## Or, loop getting IPv4s from a text file "sip-whitelist.netset"
> ipset add -exist udp_sip_hosts
> ## done-loop
>
>
> iptables -A EXT_INPUT_CHAIN -m set --match-set udp_sip_hosts src -p udp
> --dport 5060 -j ACCEPT
> --
>
>
> Lonnie
>
>
> [1]
> https://github.com/astlinux-proj
Re: [Astlinux-users] Large number of Firewall entries
> On Jan 2, 2023, at 10:35 AM, Michael Keuter wrote: > > > >> Am 02.01.2023 um 17:21 schrieb Lonnie Abelbeck : >> >> Hi Michael, >> >> Referring to the "apply_ipset_netset()" function (here [1]) >> >> Add "-exist" to the "create" and "add" (man-page [2]) commands. >> >> Note that you can create the ipset from a text file within the >> /etc/arno-iptables-firewall/custom-rules script. Edit your text file and >> reload the firewall. >> >> Using "ipset create -exist ..." will not fail if the ipset already exists. >> "ipset flush ..." will clear any pre-existing ipset. >> >> Tip -> I would probably use "hash:net" instead of "hash:ip" so you could use >> CIDRs if you wanted. >> >> custom-rules script snippet >> -- >> ipset create -exist udp_sip_hosts hash:net >> ipset flush udp_sip_hosts >> >> ## either a one-liner from a text file "sip-whitelist.netset" >> sed -n -r -e "s/^([0-9][0-9./]+)([[:space:]].*|)$/add -exist udp_sip_hosts >> \1/p" sip-whitelist.netset | ipset restore >> >> ## Or, loop getting IPv4s from a text file "sip-whitelist.netset" >> ipset add -exist udp_sip_hosts >> ## done-loop >> >> iptables -A EXT_INPUT_CHAIN -m set --match-set udp_sip_hosts src -p udp >> --dport 5060 -j ACCEPT >> -- >> >> Lonnie >> >> [1] >> https://github.com/astlinux-project/astlinux/blob/d95ba9c3914b135da4440cb95f32af61a41d4650/package/arnofw/aif/bin/arno-iptables-firewall#L4275 >> >> [2] https://ipset.netfilter.org/ipset.man.html >> >> >>>> On Jan 1, 2023, at 11:44 PM, Michael Knill >>>> wrote: >>> >>> Hi All >>> Merry Christmas and Happy New Year. >>> >>> Just rejuvenating this thread as I am building our new softswitch and >>> playing with ipset as you offered below. >>> We have done the following: >>> >>> Using CLI: >>> ipset create udp_sip_hosts hash:ip >>> ipset add udp_sip_hosts >>> >>> In custom-rules.conf >>> iptables -A EXT_INPUT_CHAIN -m set --match-set udp_sip_hosts src -p udp >>> --dport 5060 -j ACCEPT >>> >>> It all seems to work fine but I obviously am an iptables noob as I have no >>> idea what to do when I make changes to the ipset as it does not change even >>> after a firewall restart. >>> I'm sure there is something I need to do which will get iptables to reread >>> the ipset? >>> >>> Thanks guys. >>> >>> Regards >>> Michael Knill >>> >>> >>> >>> On 27/9/2021, 10:54 am, "Lonnie Abelbeck" >> <mailto:li...@lonnie.abelbeck.com>> wrote: >>> >>> >>> Michael, >>> >>> >>> The /mnt/kd/arno-iptables-firewall/custom-rules is a basic shell script, so >>> parsing sip.conf using 'sed' or such should be reasonably straightforward. >>> >>> >>> BTW, for extra credit, if you combined all the allowed SIP IPs into an >>> ipset (ex. udp_sip_hosts), you can very efficiently match all of them with >>> only one rule: >>> -- >>> iptables -A EXT_INPUT_CHAIN -m set --match-set udp_sip_hosts src -p udp >>> --dport 5060 -j ACCEPT >>> -- >>> That would allow you to rebuild only the "udp_sip_hosts" ipset when the >>> sip.conf got changed, without rebuilding the firewall. Though requires some >>> 'ipset' command knowledge, though not complex at all. >>> >>> >>> Example 'ipset' usage in AstLinux: >>> https://github.com/astlinux-project/astlinux/blob/d95ba9c3914b135da4440cb95f32af61a41d4650/package/arnofw/aif/bin/arno-iptables-firewall#L4275 >>> >>> <https://github.com/astlinux-project/astlinux/blob/d95ba9c3914b135da4440cb95f32af61a41d4650/package/arnofw/aif/bin/arno-iptables-firewall#L4275> >>> >>> >>> If you only use IPv4 a lot of the example can be simplified. >>> >>> >>> Lonnie >>> >>> >>> >>> >>> >>> >>>> On Sep 26, 2021, at 7:17 PM, Michael Knill >>>> >>> <mailto:michael.kn...@ipcsolutions.com.au>> wrote: >>>> >>>> Thanks Lonnie. >>>> >>>> Actually now that I think about it, is there any reason why the custom >>>&
Re: [Astlinux-users] Large number of Firewall entries
Hi Michael,
Referring to the "apply_ipset_netset()" function (here [1])
Add "-exist" to the "create" and "add" (man-page [2]) commands.
Note that you can create the ipset from a text file within the
/etc/arno-iptables-firewall/custom-rules script. Edit your text file and
reload the firewall.
Using "ipset create -exist ..." will not fail if the ipset already exists.
"ipset flush ..." will clear any pre-existing ipset.
Tip -> I would probably use "hash:net" instead of "hash:ip" so you could use
CIDRs if you wanted.
custom-rules script snippet
--
ipset create -exist udp_sip_hosts hash:net
ipset flush udp_sip_hosts
## either a one-liner from a text file "sip-whitelist.netset"
sed -n -r -e "s/^([0-9][0-9./]+)([[:space:]].*|)$/add -exist udp_sip_hosts
\1/p" sip-whitelist.netset | ipset restore
## Or, loop getting IPv4s from a text file "sip-whitelist.netset"
ipset add -exist udp_sip_hosts
## done-loop
iptables -A EXT_INPUT_CHAIN -m set --match-set udp_sip_hosts src -p udp --dport
5060 -j ACCEPT
--
Lonnie
[1]
https://github.com/astlinux-project/astlinux/blob/d95ba9c3914b135da4440cb95f32af61a41d4650/package/arnofw/aif/bin/arno-iptables-firewall#L4275
[2] https://ipset.netfilter.org/ipset.man.html
> On Jan 1, 2023, at 11:44 PM, Michael Knill
> wrote:
>
> Hi All
> Merry Christmas and Happy New Year.
>
> Just rejuvenating this thread as I am building our new softswitch and playing
> with ipset as you offered below.
> We have done the following:
>
> Using CLI:
> ipset create udp_sip_hosts hash:ip
> ipset add udp_sip_hosts
>
> In custom-rules.conf
> iptables -A EXT_INPUT_CHAIN -m set --match-set udp_sip_hosts src -p udp
> --dport 5060 -j ACCEPT
>
> It all seems to work fine but I obviously am an iptables noob as I have no
> idea what to do when I make changes to the ipset as it does not change even
> after a firewall restart.
> I'm sure there is something I need to do which will get iptables to reread
> the ipset?
>
> Thanks guys.
>
> Regards
> Michael Knill
>
>
>
> On 27/9/2021, 10:54 am, "Lonnie Abelbeck" <mailto:li...@lonnie.abelbeck.com>> wrote:
>
>
> Michael,
>
>
> The /mnt/kd/arno-iptables-firewall/custom-rules is a basic shell script, so
> parsing sip.conf using 'sed' or such should be reasonably straightforward.
>
>
> BTW, for extra credit, if you combined all the allowed SIP IPs into an ipset
> (ex. udp_sip_hosts), you can very efficiently match all of them with only one
> rule:
> --
> iptables -A EXT_INPUT_CHAIN -m set --match-set udp_sip_hosts src -p udp
> --dport 5060 -j ACCEPT
> --
> That would allow you to rebuild only the "udp_sip_hosts" ipset when the
> sip.conf got changed, without rebuilding the firewall. Though requires some
> 'ipset' command knowledge, though not complex at all.
>
>
> Example 'ipset' usage in AstLinux:
> https://github.com/astlinux-project/astlinux/blob/d95ba9c3914b135da4440cb95f32af61a41d4650/package/arnofw/aif/bin/arno-iptables-firewall#L4275
>
> <https://github.com/astlinux-project/astlinux/blob/d95ba9c3914b135da4440cb95f32af61a41d4650/package/arnofw/aif/bin/arno-iptables-firewall#L4275>
>
>
> If you only use IPv4 a lot of the example can be simplified.
>
>
> Lonnie
>
>
>
>
>
>
>> On Sep 26, 2021, at 7:17 PM, Michael Knill
>> > <mailto:michael.kn...@ipcsolutions.com.au>> wrote:
>>
>> Thanks Lonnie.
>>
>> Actually now that I think about it, is there any reason why the custom rule
>> could not parse sip.conf for host= and open up all Public IP's?
>> It would mean that you would need to restart the firewall every time you
>> modified sip.conf but I'm sure we could build this into our portal very
>> simply.
>>
>> Regards
>> Michael Knill
>>
>> On 27/9/21, 9:47 am, "Lonnie Abelbeck" > <mailto:li...@lonnie.abelbeck.com>> wrote:
>>
>> Hi Michael,
>>
>> With 300 rules and the same across all your boxes, I would use
>> /mnt/kd/arno-iptables-firewall/custom-rules to define these.
>>
>> Very similar to the deny_ext_local() example I posted recently, but the
>> reverse ... pass_ext_local() using -j ACCEPT
>>
>> Without testing, something like ...
>> --
>> pass_ext_local()
>> {
>> local proto="$1" host="$2" port="$3"
>>
>> echo "[CUSTOM RULE] Pass EXT->Local for Proto: $proto, Host: $host, Port:
>> $port"
>> iptables -A EXT_INPUT_CHAIN -s $host -p $proto --dport $port -j ACCEPT
>
Re: [Astlinux-users] DAHDI cards and AstLinux 1.5.x testing
Hi Gonzalo, Thanks very much for the timely testing. Great results. Perfect. Lonnie > On Dec 30, 2022, at 4:54 PM, Gonzalo Ibáñez wrote: > > Hi, > > So far so good, everything ok and sound quality from/to analog lines is ok: > > | > | A | Release: astlinux-1.5-5689-b4e39c - Asterisk 18.15.1 > | s | Host Name: > | t | Last Boot: 2022-12-30 21:26 > | L | Linux: 5.10.158-astlinux x86_64 > | i | CPU: Intel Atom N2800 (4x) @ 1866 MHz > | n | RAM: 1982 MB > | u | Board Type: genx86_64 > | x |Hardware: Generic x86_64 > | > > [ 16.650210] dahdi: loading out-of-tree module taints kernel. > [ 16.652463] dahdi: Version: 3.2.0 > [ 16.653220] dahdi: Telephony Interface Registered on major 196 > [ 16.679708] No freshmaker chip > [ 17.400332] Module 0: Installed -- AUTO FXO (SPAIN mode) > [ 17.888371] Module 1: Installed -- AUTO FXS/DPO > [ 18.389722] Module 2: Installed -- AUTO FXS/DPO > [ 18.390139] Module 3: Not installed > [ 18.392192] Found a Wildcard TDM: Wildcard TDM400P REV I (3 modules) > [ 18.441892] dahdi_echocan_oslec: Registered echo canceler 'OSLEC' > [ 38.318682] ioctl: Start OnHookTrans, card 1 > [ 38.959017] ioctl: Start OnHookTrans, card 2 > > # lsdahdi > ### Span 1: WCTDM/4 "Wildcard TDM400P REV I Board 5" (MASTER) > 1 FXOFXSKS (In use) (EC: OSLEC - INACTIVE) > 2 FXSFXOKS (In use) (EC: OSLEC - INACTIVE) > 3 FXSFXOKS (In use) (EC: OSLEC - INACTIVE) > 4 unknownReserved > > # asterisk -rx "dahdi show status" > Description Alarms IRQbpviol CRCFra > Codi Options LBO > Wildcard TDM400P REV I Board 5 OK 0 0 0 CAS Unk > 0 db (CSU)/0-133 feet (DSX-1) > > > Thanks again and a happy new year to everybody. > > Regards. > De: Ionel Chila > Enviado: viernes, 30 de diciembre de 2022 21:10 > Para: Lonnie Abelbeck > Cc: AstLinux Users Mailing List ; > Gonzalo Ibáñez > Asunto: Re: DAHDI cards and AstLinux 1.5.x testing > > Lonnie, > > First of all Merry Christmas and Happy New Year. As always you’re being > awesome and thanks for thinking of us through this upgrade process as well > thanks for working so hard through your holidays. > > I can confirm that everything works perfect after this upgrade Sir. Should I > stay on this version or reverse back and wait for the official release? > > THANKS again Sir > > > > > > > > > > > > > > On Dec 30, 2022, at 1:18 PM, Lonnie Abelbeck > > wrote: > > > > Hi ... specially Ionel and Gonzalo (or others) for DAHDI testing. > > > > You previously tested the AstLinux 1.4.x series with DAHDI 3.1.0, at that > > time we patched dahdi-linux to include PCI card support for: wctdm24xxp, > > wctdm and wcfxo > > > > Gonzalo indicated it worked: > > -- > >> | > >> | A | Release: astlinux-1.4-4806-e5d33e - Asterisk 13.34.0 > >> | s | Host Name: > >> | t | Last Boot: 2020-08-30 12:38 > >> | L | Linux: 4.19.140-astlinux x86_64 > >> | i | CPU: Intel Atom N2800 (4x) @ 1866 MHz > >> | n | RAM: 1983 MB > >> | u | Board Type: genx86_64 > >> | x |Hardware: Generic x86_64 > >> | > >> > >> > >> [ 24.405610] dahdi: Version: 3.1.0 > >> [ 24.409381] dahdi: Telephony Interface Registered on major 196 > >> [ 24.435136] No freshmaker chip > >> [ 25.149448] Module 0: Installed -- AUTO FXO (SPAIN mode) > >> [ 25.635354] Module 1: Installed -- AUTO FXS/DPO > >> [ 25.719428] Excessive leakage detected on module 2: 1 volts (03) after > >> 34 ms > >> [ 25.719490] ProSLIC module 2 failed leakage test. Check for short > >> circuit > >> [ 26.126341] Module 2: Installed -- AUTO FXS/DPO > >> [ 26.126752] Module 3: Not installed > >> [ 26.136305] Found a Wildcard TDM: Wildcard TDM400P REV I (3 modules) > >> [ 26.182717] dahdi_echocan_oslec: Registered echo canceler 'OSLEC' > >> [ 44.144753] ioctl: Start OnHookTrans, card 1 > >> [ 45.064225] ioctl: Start OnHookTrans, card 2 > > -- > > > > > > It is more than 2 years later and the AstLinux Team is working on the > > AstLinux 1.5.x series with DAHDI 3.2.0 and Linux Kernel 5.10.y, we have > > included the same patches to maintain PCI card support for: wctdm24xxp, > > wctdm and wcfxo > > > > While the Linux Kernel 5.10.y drivers
Re: [Astlinux-users] DAHDI cards and AstLinux 1.5.x testing
Hi Ionel, > I can confirm that everything works perfect after this upgrade Sir. Excellent! > Should I stay on this version or reverse back and wait for the official > release? I am personally running astlinux-1.5-5689-b4e39c ... there are no issues that I am currently aware of. You can always revert later if you see issues. BTW, the official astlinux-1.5.0 release will most likely be 8-10 weeks away. Lonnie > On Dec 30, 2022, at 2:10 PM, Ionel Chila wrote: > > Lonnie, > > First of all Merry Christmas and Happy New Year. As always you’re being > awesome and thanks for thinking of us through this upgrade process as well > thanks for working so hard through your holidays. > > I can confirm that everything works perfect after this upgrade Sir. Should I > stay on this version or reverse back and wait for the official release? > > THANKS again Sir > > > > PM.png> > > > > > >> On Dec 30, 2022, at 1:18 PM, Lonnie Abelbeck >> wrote: >> >> Hi ... specially Ionel and Gonzalo (or others) for DAHDI testing. >> >> You previously tested the AstLinux 1.4.x series with DAHDI 3.1.0, at that >> time we patched dahdi-linux to include PCI card support for: wctdm24xxp, >> wctdm and wcfxo >> >> Gonzalo indicated it worked: >> -- >>> | >>> | A | Release: astlinux-1.4-4806-e5d33e - Asterisk 13.34.0 >>> | s | Host Name: >>> | t | Last Boot: 2020-08-30 12:38 >>> | L | Linux: 4.19.140-astlinux x86_64 >>> | i | CPU: Intel Atom N2800 (4x) @ 1866 MHz >>> | n | RAM: 1983 MB >>> | u | Board Type: genx86_64 >>> | x |Hardware: Generic x86_64 >>> | >>> >>> >>> [ 24.405610] dahdi: Version: 3.1.0 >>> [ 24.409381] dahdi: Telephony Interface Registered on major 196 >>> [ 24.435136] No freshmaker chip >>> [ 25.149448] Module 0: Installed -- AUTO FXO (SPAIN mode) >>> [ 25.635354] Module 1: Installed -- AUTO FXS/DPO >>> [ 25.719428] Excessive leakage detected on module 2: 1 volts (03) after >>> 34 ms >>> [ 25.719490] ProSLIC module 2 failed leakage test. Check for short >>> circuit >>> [ 26.126341] Module 2: Installed -- AUTO FXS/DPO >>> [ 26.126752] Module 3: Not installed >>> [ 26.136305] Found a Wildcard TDM: Wildcard TDM400P REV I (3 modules) >>> [ 26.182717] dahdi_echocan_oslec: Registered echo canceler 'OSLEC' >>> [ 44.144753] ioctl: Start OnHookTrans, card 1 >>> [ 45.064225] ioctl: Start OnHookTrans, card 2 >> -- >> >> >> It is more than 2 years later and the AstLinux Team is working on the >> AstLinux 1.5.x series with DAHDI 3.2.0 and Linux Kernel 5.10.y, we have >> included the same patches to maintain PCI card support for: wctdm24xxp, >> wctdm and wcfxo >> >> While the Linux Kernel 5.10.y drivers build properly, we have no way to test >> if things still work using those cards. >> >> >> It now needs testing ... there is a new Pre-Release Version: >> astlinux-1.5-5689-b4e39c >> >> Info: >> https://www.astlinux-project.org/dev.html >> >> With the console, use the CLI to upgrade via the appropriate Pre-Release >> Repository URL for your Asterisk version. >> >> If you want to, revert back to your previous image with "upgrade-run-image >> revert" and "kernel-reboot" CLI commands. >> >> In theory, it should just work. >> >> Please post your test results here. >> >> Thanks! >> >> Lonnie >> > ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] DAHDI cards and AstLinux 1.5.x testing
Hi ... specially Ionel and Gonzalo (or others) for DAHDI testing. You previously tested the AstLinux 1.4.x series with DAHDI 3.1.0, at that time we patched dahdi-linux to include PCI card support for: wctdm24xxp, wctdm and wcfxo Gonzalo indicated it worked: -- > | > | A | Release: astlinux-1.4-4806-e5d33e - Asterisk 13.34.0 > | s | Host Name: > | t | Last Boot: 2020-08-30 12:38 > | L | Linux: 4.19.140-astlinux x86_64 > | i | CPU: Intel Atom N2800 (4x) @ 1866 MHz > | n | RAM: 1983 MB > | u | Board Type: genx86_64 > | x |Hardware: Generic x86_64 > | > > > [ 24.405610] dahdi: Version: 3.1.0 > [ 24.409381] dahdi: Telephony Interface Registered on major 196 > [ 24.435136] No freshmaker chip > [ 25.149448] Module 0: Installed -- AUTO FXO (SPAIN mode) > [ 25.635354] Module 1: Installed -- AUTO FXS/DPO > [ 25.719428] Excessive leakage detected on module 2: 1 volts (03) after 34 > ms > [ 25.719490] ProSLIC module 2 failed leakage test. Check for short circuit > [ 26.126341] Module 2: Installed -- AUTO FXS/DPO > [ 26.126752] Module 3: Not installed > [ 26.136305] Found a Wildcard TDM: Wildcard TDM400P REV I (3 modules) > [ 26.182717] dahdi_echocan_oslec: Registered echo canceler 'OSLEC' > [ 44.144753] ioctl: Start OnHookTrans, card 1 > [ 45.064225] ioctl: Start OnHookTrans, card 2 -- It is more than 2 years later and the AstLinux Team is working on the AstLinux 1.5.x series with DAHDI 3.2.0 and Linux Kernel 5.10.y, we have included the same patches to maintain PCI card support for: wctdm24xxp, wctdm and wcfxo While the Linux Kernel 5.10.y drivers build properly, we have no way to test if things still work using those cards. It now needs testing ... there is a new Pre-Release Version: astlinux-1.5-5689-b4e39c Info: https://www.astlinux-project.org/dev.html With the console, use the CLI to upgrade via the appropriate Pre-Release Repository URL for your Asterisk version. If you want to, revert back to your previous image with "upgrade-run-image revert" and "kernel-reboot" CLI commands. In theory, it should just work. Please post your test results here. Thanks! Lonnie ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] Announcing AstLinux Release: 1.4.8
Announcing AstLinux Release: 1.4.8 More Info: AstLinux Project https://www.astlinux-project.org/ AstLinux 1.4.8 Highlights: * Asterisk Versions: 13.38.3, 16.29.1, 18.15.1 * Support for UEFI boot in addition to Legacy BIOS boot * Linux Kernel 4.19.266, security and bug fixes * igc, backport from linux-5.4.211, Intel i225/i226 2.5-Gigabit Ethernet Network Driver * r8125, version 9.010.01, Realtek RTL8125 2.5-Gigabit Ethernet Network Driver * RUNNIX, version bump to runnix-0.6.13 * OpenSSL, version bump to 1.1.1s * ddclient, ddclient-curl version 3.8.3-07, add IPv64 (https://ipv64.net/) service type for both IPv4 and IPv6 * libcurl (curl) version bump to 7.86.0, security fixes: CVE-2022-35252, CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916 * netsnmp, version bump to 5.9.3, security fixes: CVE-2022-24805, CVE-2022-24809, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24810 * pjsip version 2.12.1, backport two security fixes (c4d3498 and 450baca) from pjproject 2.13 * sqlite, version bump to 3.39.4 * strongSwan, version 5.5.3, security fix: CVE-2022-40617 * unbound, version bump to 1.17.0, security fix: CVE-2022-3204 * vnStat, version bump to 2.10 * zabbix, version bump to 4.0.44 * VMware Tools (open-vm-tools) version 10.3.10, security fix: CVE-2022-31676 * Network tab, Dynamic DNS Update, add "IPv64" service type. More Info: https://ipv64.net/ * Asterisk '13se' (stable edition) version 13.38.3 is the last Asterisk 13.x "Legacy" version, built --without-pjproject * Package upgrades providing important security and bug fixes Full ChangeLog: https://raw.githubusercontent.com/astlinux-project/astlinux/1.4.8/docs/ChangeLog.txt All users are encouraged to upgrade, read the ChangeLog for the details. AstLinux Team ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] No "eth0" device found on HP T510 Thin Client - astlinux 1.4.7
> On Dec 9, 2022, at 2:57 AM, Michael Keuter wrote: > > > >> Am 09.12.2022 um 04:33 schrieb Tim Griffin : >> >> Hi all; I've just blown the dust off of an HP T150 thin client box (4GB >> RAM/16GB Flash, VIA Eden X2 U4200 processor @ 1Ghz) and installed the latest >> x64 version of ASTLinux (1.4.7). >> The operating system installs without error, but after booting, and despite >> apparently installing the >> "Intel PRO/1000 Network Driver 3.8.7-NAPI" driver, ASTLinux cannot find >> "eth0", and there is consequently no network available. >> >> Yet, if I boot the machine just to a RUNNIX shell, "lspci" shows the network >> adapter (Broadcom Inc. BCM57780 Gigabit Ethernet PCIe (rev 01)) installed as >> "eth0" (albeit without an IP address): >> >> >> If I let ASTLinux boot to completion, it seems to load the "Intel PRO/1000 >> Network Driver 3.8.7-NAPI" and the "8139 Fast Ethernet drive 0.9.28", but >> then cannot find "eth0" (last line of screen shot). >> >> >> >> >> When boot into ASTLinux, my installation does not have anything pertaining >> to "net" in the /etc/udev/rules directory either: >> >> >> >> I can confirm that the network cable was attached to the box and >> connection/activity indicators were illuminated, so the hardware seems okay. >> >> After booting into ASTLinux, "ifconfig" shows the following: >> >> >> >> One other interesting anomaly is that "eth0" *is* reported right at the end >> of the boot: >> >> >> >> But then the OS doesn't seem to initialize "eth0" leaving the environment >> networkless. >> >> While I am relatively used to working on Ubuntu servers, I've never had to >> operate at the level of network interface drivers, so I'm a little lost as >> to where to look for the problem and how to attempt a resolution. >> >> Is there something about 1.4.7 that it would not necessarily include and >> enable a network driver for this adapter? >> >> >> Thanks! >> Tim > > Hi Tim, > > the available network drivers can be found in "/etc/rc.modules". > I think for Broadcom NICs you can try the "tg3" driver. > > Michael Hi Tim, Your mistake was to use the "Guest VM x86-64bit (Video Console):" ISO (genx86_64-vm) instead of the "Generic x86-64bit (Video Console):" ISO (genx86_64) more tuned to your hardware. Probably a misclick. -- Quick solution modprobe tg3 and see if the NIC comes alive, if so, edit /etc/rc.modules and add tg3 and comment out virtio_net -- Better solution Reinstall via USB boot drive using the "Generic x86-64bit (Video Console):" ISO download (genx86_64) Cool to see such an old box come alive! Lonnie ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Turning of DHCP logging
Michael, BTW the "daemon.err udhcpc" are not actually error logs, just informational logs in this case. The .err only log marking was a bug/feature in Busybox log messages. [1] Lonnie [1] https://github.com/mirror/busybox/commit/253c4e787a799a3e1f92957ed791b5222f8d2f64 > On Nov 1, 2022, at 9:57 PM, Michael Knill > wrote: > > Hi Lonnie > > Yes that would be nice. My lease time is 300s. > Still not sure why I'm getting those errors though. > > Regards > Michael Knill > > > > On 2/11/2022, 11:56 am, "Lonnie Abelbeck" <mailto:li...@lonnie.abelbeck.com>> wrote: > > > Addendum: > For my cable modem, only one "sending discover" is needed for this udhcpc > session: > -- > Oct 27 15:26:45 gw-lan daemon.err udhcpc[595]: started, v1.30.1 > Oct 27 15:26:45 gw-lan daemon.err udhcpc[595]: sending discover > Oct 27 15:26:45 gw-lan daemon.err udhcpc[595]: sending select for 98.xx.xx.xx > Oct 27 15:26:45 gw-lan daemon.err udhcpc[595]: lease of 98.xx.xx.xx obtained, > lease time 86400 > -- > My IP address is somewhat "sticky" associated with my external interface MAC > address. If the MAC address changed or 24 hours of no activity then it may > take a little longer and more "sending discover" messages to grab an IP. > > > Lonnie > > > > >> On Nov 1, 2022, at 7:28 PM, Lonnie Abelbeck > <mailto:li...@lonnie.abelbeck.com>> wrote: >> >>> It does not have this error from the same provider on other broadband types. >> >> Which "broadband types" are you talking about, is IPoE a cable modem or >> something else? >> >> Lonnie >> >> >> >> >>> On Nov 1, 2022, at 4:44 PM, Michael Knill >>> mailto:michael.kn...@ipcsolutions.com.au>> >>> wrote: >>> >>> Thanks Lonnie. Yes there does seem to be a problem as I do get the standard >>> lease obtained logs: >>> Nov 2 06:54:54 30590-Canb_Comm-CM1 daemon.err udhcpc[358]: sending renew to >>> 103.55.93.1 >>> Nov 2 06:54:54 30590-Canb_Comm-CM1 daemon.err udhcpc[358]: lease of >>> 103.55.93.92 obtained, lease time 300 >>> >>> It does not have this error from the same provider on other broadband >>> types. Do you have any idea what it could be? >>> >>> Regards >>> Michael Knill >>> >>> >>> >>> On 2/11/2022, 8:12 am, "Lonnie Abelbeck" >> <mailto:li...@lonnie.abelbeck.com> <mailto:li...@lonnie.abelbeck.com >>> <mailto:li...@lonnie.abelbeck.com>>> wrote: >>> >>> >>> Normally you would see 3 or 4 of those logs before DHCP client was >>> successful. >>> >>> >>> After many "sending discover" udhcpc will drop to the background and >>> continue. Possibly DHCP is acquired after 30 seconds or so? >>> >>> >>> For local networks, this is not normal. You can't disable the logs as there >>> should not be an endless stream of them. >>> >>> >>> Lonnie >>> >>> >>> >>> >>> >>> >>>> On Nov 1, 2022, at 3:10 PM, Michael Knill >>>> mailto:michael.kn...@ipcsolutions.com.au><mailto:michael.kn...@ipcsolutions.com.au<mailto:michael.kn...@ipcsolutions.com.au>>> >>>> wrote: >>>> >>>> Hi Group >>>> >>>> This is a new service that we have not used before. They use IPoE and so I >>>> have configured the WAN to be DHCP. >>>> It all appears to be working but I am getting lots of logs: >>>> Nov 2 06:55:46 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>>> discover >>>> Nov 2 06:55:48 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>>> discover >>>> Nov 2 06:55:50 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>>> discover >>>> Nov 2 06:55:52 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>>> discover >>>> Nov 2 06:55:54 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>>> discover >>>> Nov 2 06:55:56 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>>> discover >>>> Nov 2 06:56:18 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>>> discover >>>> Nov 2 06:56:20 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>>> discover >>>> Nov 2 06:56:22 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: s
Re: [Astlinux-users] Turning of DHCP logging
Addendum: For my cable modem, only one "sending discover" is needed for this udhcpc session: -- Oct 27 15:26:45 gw-lan daemon.err udhcpc[595]: started, v1.30.1 Oct 27 15:26:45 gw-lan daemon.err udhcpc[595]: sending discover Oct 27 15:26:45 gw-lan daemon.err udhcpc[595]: sending select for 98.xx.xx.xx Oct 27 15:26:45 gw-lan daemon.err udhcpc[595]: lease of 98.xx.xx.xx obtained, lease time 86400 -- My IP address is somewhat "sticky" associated with my external interface MAC address. If the MAC address changed or 24 hours of no activity then it may take a little longer and more "sending discover" messages to grab an IP. Lonnie > On Nov 1, 2022, at 7:28 PM, Lonnie Abelbeck wrote: > >> It does not have this error from the same provider on other broadband types. > > Which "broadband types" are you talking about, is IPoE a cable modem or > something else? > > Lonnie > > > > >> On Nov 1, 2022, at 4:44 PM, Michael Knill >> wrote: >> >> Thanks Lonnie. Yes there does seem to be a problem as I do get the standard >> lease obtained logs: >> Nov 2 06:54:54 30590-Canb_Comm-CM1 daemon.err udhcpc[358]: sending renew to >> 103.55.93.1 >> Nov 2 06:54:54 30590-Canb_Comm-CM1 daemon.err udhcpc[358]: lease of >> 103.55.93.92 obtained, lease time 300 >> >> It does not have this error from the same provider on other broadband types. >> Do you have any idea what it could be? >> >> Regards >> Michael Knill >> >> >> >> On 2/11/2022, 8:12 am, "Lonnie Abelbeck" > <mailto:li...@lonnie.abelbeck.com>> wrote: >> >> >> Normally you would see 3 or 4 of those logs before DHCP client was >> successful. >> >> >> After many "sending discover" udhcpc will drop to the background and >> continue. Possibly DHCP is acquired after 30 seconds or so? >> >> >> For local networks, this is not normal. You can't disable the logs as there >> should not be an endless stream of them. >> >> >> Lonnie >> >> >> >> >> >> >>> On Nov 1, 2022, at 3:10 PM, Michael Knill >>> mailto:michael.kn...@ipcsolutions.com.au>> >>> wrote: >>> >>> Hi Group >>> >>> This is a new service that we have not used before. They use IPoE and so I >>> have configured the WAN to be DHCP. >>> It all appears to be working but I am getting lots of logs: >>> Nov 2 06:55:46 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>> discover >>> Nov 2 06:55:48 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>> discover >>> Nov 2 06:55:50 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>> discover >>> Nov 2 06:55:52 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>> discover >>> Nov 2 06:55:54 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>> discover >>> Nov 2 06:55:56 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>> discover >>> Nov 2 06:56:18 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>> discover >>> Nov 2 06:56:20 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>> discover >>> Nov 2 06:56:22 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending >>> discover >>> >>> Is this normal? Can I turn them off? >>> >>> Regards >>> >>> Michael Knill >>> Managing Director >>> >>> D: +61 2 6189 1360 >>> P: +61 2 6140 4656 >>> E: michael.kn...@ipcsolutions.com.au >>> <mailto:michael.kn...@ipcsolutions.com.au> >>> W: ipcsolutions.com.au >>> >>> >>> Smarter Business Communications >>> >>> ___ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> <mailto:Astlinux-users@lists.sourceforge.net> >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users<https://lists.sourceforge.net/lists/listinfo/astlinux-users> >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org<mailto:pay...@krisk.org>. >> >> >> >> >> >> >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> <mailto:Astlinux-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/astlinux-users<https://lists.source
Re: [Astlinux-users] Turning of DHCP logging
> It does not have this error from the same provider on other broadband types. Which "broadband types" are you talking about, is IPoE a cable modem or something else? Lonnie > On Nov 1, 2022, at 4:44 PM, Michael Knill > wrote: > > Thanks Lonnie. Yes there does seem to be a problem as I do get the standard > lease obtained logs: > Nov 2 06:54:54 30590-Canb_Comm-CM1 daemon.err udhcpc[358]: sending renew to > 103.55.93.1 > Nov 2 06:54:54 30590-Canb_Comm-CM1 daemon.err udhcpc[358]: lease of > 103.55.93.92 obtained, lease time 300 > > It does not have this error from the same provider on other broadband types. > Do you have any idea what it could be? > > Regards > Michael Knill > > > > On 2/11/2022, 8:12 am, "Lonnie Abelbeck" <mailto:li...@lonnie.abelbeck.com>> wrote: > > > Normally you would see 3 or 4 of those logs before DHCP client was successful. > > > After many "sending discover" udhcpc will drop to the background and > continue. Possibly DHCP is acquired after 30 seconds or so? > > > For local networks, this is not normal. You can't disable the logs as there > should not be an endless stream of them. > > > Lonnie > > > > > > >> On Nov 1, 2022, at 3:10 PM, Michael Knill >> mailto:michael.kn...@ipcsolutions.com.au>> >> wrote: >> >> Hi Group >> >> This is a new service that we have not used before. They use IPoE and so I >> have configured the WAN to be DHCP. >> It all appears to be working but I am getting lots of logs: >> Nov 2 06:55:46 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover >> Nov 2 06:55:48 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover >> Nov 2 06:55:50 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover >> Nov 2 06:55:52 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover >> Nov 2 06:55:54 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover >> Nov 2 06:55:56 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover >> Nov 2 06:56:18 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover >> Nov 2 06:56:20 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover >> Nov 2 06:56:22 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover >> >> Is this normal? Can I turn them off? >> >> Regards >> >> Michael Knill >> Managing Director >> >> D: +61 2 6189 1360 >> P: +61 2 6140 4656 >> E: michael.kn...@ipcsolutions.com.au >> <mailto:michael.kn...@ipcsolutions.com.au> >> W: ipcsolutions.com.au >> >> >> Smarter Business Communications >> >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> <mailto:Astlinux-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/astlinux-users<https://lists.sourceforge.net/lists/listinfo/astlinux-users> >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org<mailto:pay...@krisk.org>. > > > > > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > <mailto:Astlinux-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/astlinux-users<https://lists.sourceforge.net/lists/listinfo/astlinux-users> > > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org<mailto:pay...@krisk.org>. > > > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Turning of DHCP logging
Normally you would see 3 or 4 of those logs before DHCP client was successful. After many "sending discover" udhcpc will drop to the background and continue. Possibly DHCP is acquired after 30 seconds or so? For local networks, this is not normal. You can't disable the logs as there should not be an endless stream of them. Lonnie > On Nov 1, 2022, at 3:10 PM, Michael Knill > wrote: > > Hi Group > > This is a new service that we have not used before. They use IPoE and so I > have configured the WAN to be DHCP. > It all appears to be working but I am getting lots of logs: > Nov 2 06:55:46 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover > Nov 2 06:55:48 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover > Nov 2 06:55:50 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover > Nov 2 06:55:52 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover > Nov 2 06:55:54 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover > Nov 2 06:55:56 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover > Nov 2 06:56:18 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover > Nov 2 06:56:20 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover > Nov 2 06:56:22 30590-Canb_Comm-CM1 daemon.err udhcpc[24542]: sending discover > > Is this normal? Can I turn them off? > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Wireguard significantly delays Astlinux bootup when using hostname for peer
Hi Michael, I don't have any special incantation ... when DNS fails it can be very problematic. Using an IP address in WG, or use "DNS Forwarder Hosts:" to locally define the DNS A record. If connectivity is not the DNS issue, then a more robust DNS server set. I doubt you learned anything new here. :-) Lonnie > On Oct 31, 2022, at 9:47 PM, Michael Knill > wrote: > > Hi Group > > When using Wireguard with hostnames, I have noticed that if there is no DNS > available, Wireguard prevents Astlinux from booting up for a very long period > of time as it sits and waits for the resolution of the hostname it has in the > peer configuration. > > Is there a way to prevent this from happening as its very problematic? > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] Announcing AstLinux Release: 1.4.7
Announcing AstLinux Release: 1.4.7 More Info: AstLinux Project https://www.astlinux-project.org/ AstLinux 1.4.7 Highlights: * Asterisk Versions: 13.38.3, 16.27.0, 18.13.0 * Support for UEFI boot in addition to Legacy BIOS boot * Linux Kernel 4.19.254, security and bug fixes * igc, backport from linux-5.4.208, Intel i225 2.5-Gigabit Ethernet Network Driver * r8125, version 9.009.02, Realtek RTL8125 2.5-Gigabit Ethernet Network Driver * igb, version bump to 5.11.4, Intel 1.0-Gigabit Ethernet Network Driver * RUNNIX, version bump to runnix-0.6.12 * OpenSSL, version bump to 1.1.1q, security fixes: CVE-2022-2068, CVE-2022-2097 * WireGuard VPN, module 1.0.20220627 (version bump), tools 1.0.20210914 (no change) * htop, version bump to 3.2.1 * libcurl (curl) version bump to 7.84.0, security fixes: CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208 * pjsip version bump to 2.12.1, security fixes: many * sqlite, version bump to 3.39.2, security fix: CVE-2022-35737 * unbound, version bump to 1.16.2, security fixes: CVE-2022-30698, CVE-2022-30699 * zabbix, version bump to 4.0.43 * Asterisk '13se' (stable edition) version 13.38.3 is the last Asterisk 13.x "Legacy" version, built --without-pjproject * Package upgrades providing important security and bug fixes Full ChangeLog: https://raw.githubusercontent.com/astlinux-project/astlinux/1.4.7/docs/ChangeLog.txt All users are encouraged to upgrade, read the ChangeLog for the details. AstLinux Team ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] MSMTP: E-Mail From root?
Dan, great to hear that did the trick. Yes, the SMTP_FROM is required by some providers. Michael has needed SMTP_FROM for years, my email provider has not ever required SMTP_FROM (the default r...@domain.tld is fine). Adding to the confusion is the SMTP_FROM is different from the "From:" email header. Lonnie > On Aug 7, 2022, at 12:36 PM, Dan Ryson wrote: > > Michael and Lonnie, > > Thank you. That worked perfectly. > > A review of prior e-mails from the PBX all show a "from" address of root. > This "new" symptom appears to have been triggered by a change at my e-mail > provider. > > Best wishes, > > Dan > > On 8/7/22 11:24, Michael Keuter wrote: >> You need to define SMTP_FROM="u...@host.com" >> for your sender address in your user.conf >> >> Sent from a mobile device. >> >> Michael Keuter >> >>> Am 07.08.2022 um 17:02 schrieb Dan Ryson : >>> >>> >>> All, >>> >>> I've been trying to figure out why I'm experiencing a new MSMTP symptom on >>> two completely separate PBXs; both running AstLinux 1.4.6. Within the last >>> few weeks, I've started seeing bounce messages like the one pasted below. >>> For some reason, mail appears to be going out with a "from" address of >>> root. >>> >>> sip mail.err msmtp: host=smtp.ryson.org tls=on auth=on user=d...@ryson.org >>> from=r...@ryson.org recipients=d...@ryson.org smtpstatus=550 smtpmsg='550 >>> sorry, you can?t send as this user' errormsg='envelope from address >>> r...@ryson.org not accepted by the server' exitcode=EX_DATAERR >>> >>> I see the same thing with the Test SMTP Mail Relay dialog under the Network >>> tab while entering my e-mail address to both the "to" and "from" text >>> boxes. >>> >>> >>> >>> The symptom also occurs from the command line (with some portions redacted): >>> >>> sip kd # echo "hello there username." | msmtp --debug -a default >>> d...@ryson.org >>> loaded system configuration file /etc/msmtprc >>> ignoring user configuration file /root/.msmtprc: No such file or directory >>> using account default from /etc/msmtprc >>> host = smtp.ryson.org >>> port = 465 >>> source ip = (not set) >>> proxy host = (not set) >>> proxy port = 0 >>> socket = (not set) >>> timeout = 30 seconds >>> protocol = smtp >>> domain = localhost >>> auth = LOGIN >>> <-- 235 ok, go ahead (#2.0.0) >>> --> MAIL FROM: >>> --> RCPT TO: >>> --> DATA >>> <-- 550 sorry, you can't send as this user >>> msmtp: envelope from address r...@ryson.org not accepted by the server >>> msmtp: server message: 550 sorry, you can't send as this user >>> msmtp: could not send mail (account default from /etc/msmtprc) >>> >>> As always, I'd appreciate any insight. >>> >>> Thanks, >>> >>> Dan >>> ___ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >> >> >> >> ___ >> Astlinux-users mailing list >> >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] MSMTP: E-Mail From root?
Hi Dan, Is the issue with the same email provider? Try adding to your /mnt/kd/rc.conf.d/user.conf file (example) -- SMTP_FROM="d...@ryson.org" -- Then from the CLI to apply the change: -- gen-rc-conf service msmtp restart -- Lonnie > On Aug 7, 2022, at 9:35 AM, Dan Ryson wrote: > > All, > > I've been trying to figure out why I'm experiencing a new MSMTP symptom on > two completely separate PBXs; both running AstLinux 1.4.6. Within the last > few weeks, I've started seeing bounce messages like the one pasted below. > For some reason, mail appears to be going out with a "from" address of root. > > > sip mail.err msmtp: host=smtp.ryson.org tls=on auth=on user=d...@ryson.org > from=r...@ryson.org recipients=d...@ryson.org smtpstatus=550 smtpmsg='550 > sorry, you can?t send as this user' errormsg='envelope from address > r...@ryson.org not accepted by the server' exitcode=EX_DATAERR > > I see the same thing with the Test SMTP Mail Relay dialog under the Network > tab while entering my e-mail address to both the "to" and "from" text boxes. > > > > The symptom also occurs from the command line (with some portions redacted): > > sip kd # echo "hello there username." | msmtp --debug -a default > d...@ryson.org > loaded system configuration file /etc/msmtprc > ignoring user configuration file /root/.msmtprc: No such file or directory > using account default from /etc/msmtprc > host = smtp.ryson.org > port = 465 > source ip = (not set) > proxy host = (not set) > proxy port = 0 > socket = (not set) > timeout = 30 seconds > protocol = smtp > domain = localhost > auth = LOGIN > <-- 235 ok, go ahead (#2.0.0) > --> MAIL FROM: > --> RCPT TO: > --> DATA > <-- 550 sorry, you can't send as this user > msmtp: envelope from address r...@ryson.org not accepted by the server > msmtp: server message: 550 sorry, you can't send as this user > msmtp: could not send mail (account default from /etc/msmtprc) > > As always, I'd appreciate any insight. > > Thanks, > > Dan > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Using VMware Templates
Good catch David, it is good practice to always remove the /etc/udev/rules.d/70-persistent-net.rules file (if it exists) when creating a template AstLinux system. Though for the VM case, the standard udev rules do not generate /etc/udev/rules.d/70-persistent-net.rules for virtual interfaces. But for bare-metal you will need to remove the /etc/udev/rules.d/70-persistent-net.rules file for a template system. As you know David, for very special cases where you have a VM with a mix of virtual NICs and PCIe passthrough real NICs the /etc/udev/rules.d/70-persistent-net.rules file will be created, but without the virtual interfaces. Regardless, as you suggested, remove /etc/udev/rules.d/70-persistent-net.rules for template systems. Lonnie > On Aug 6, 2022, at 9:47 AM, David Kerr wrote: > > Lonnie, > What about /etc/udev/rules.d/70-persistent-net.rules does it need to be > regenerated too? > > David. > > On Sat, Aug 6, 2022 at 9:57 AM Lonnie Abelbeck > wrote: > Hi Michael, > > You are missing an important set of keys: > -- > Server SSH Keys – 'rm /mnt/kd/ssh/ssh_host_*' are removed so host server keys > are regenerated > -- > > BTW, the ssh/ssh_host_* are for the sshd server, the ssh_root_keys/ are for > outbound 'root' user ssh keys. > > As you mentioned (implied), everything in /mnt/kd/ssl/* should be removed > (including dirs). > > As for the Zabbix keys, AstLinux does not generate those ... possibly Zabbix > does with the proper configuration path to /mnt/kd/ssl/... > > Off hand, I can't think of any other secure identity bits and shouldn't be > propagated from VM to VM. > > > Lonnie > > > > From: Michael Knill > > Reply to: AstLinux List > > Date: Saturday, 6 August 2022 at 12:38 pm > > To: AstLinux List > > Subject: [Astlinux-users] Using VMware Templates > > > > Hi Group > > > > I'm using Astlinux in VMware vCloud and for quick deployment I have build a > > base system and created a template from it. This means I can rapidly deploy > > a new system without having to build it. > > > > I'm just wanting to check that I haven’t missed anything regarding what I > > do to the template build and what I do after provisioning a new system. > > Note I have not included Asterisk configuration in this list. > > > > • Network configuration – Build template will be DHCP only. The new > > address and hostname will added into the Network Tab or > > rc.conf.d/gui.network.conf directly > > • HTTPS and TLS Certs – These will be regenerated on the new > > provisioned system with an ACME Issue > > • Root SSH Keys – ssh_root_keys directory is removed in the template > > so it is regenerated > > • Wireguard Key – wireguard/wg0.privatekey is removed in the template > > so it is regenerated > > • Zabbix Key – ssl/zabbix_secret.psk is removed in the template so it > > is regenerated (when you access the Zabbix Tab I believe) > > • OpenVPN Keys – These are not generated by default in the build > > system so will need to be created if required anyway > > • Tarsnap – tarsnap directory is removed in the template so it needs > > to be generated > > > > Can you think of anything else I require? > > Thanks all. > > > > Regards > > > > Michael Knill > > Managing Director > > > > D: +61 2 6189 1360 > > P: +61 2 6140 4656 > > E: michael.kn...@ipcsolutions.com.au > > W: ipcsolutions.com.au > > > > > > Smarter Business Communications > > > > ___ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > > pay...@krisk.org. > > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Using VMware Templates
Hi Michael, You are missing an important set of keys: -- Server SSH Keys – 'rm /mnt/kd/ssh/ssh_host_*' are removed so host server keys are regenerated -- BTW, the ssh/ssh_host_* are for the sshd server, the ssh_root_keys/ are for outbound 'root' user ssh keys. As you mentioned (implied), everything in /mnt/kd/ssl/* should be removed (including dirs). As for the Zabbix keys, AstLinux does not generate those ... possibly Zabbix does with the proper configuration path to /mnt/kd/ssl/... Off hand, I can't think of any other secure identity bits and shouldn't be propagated from VM to VM. Lonnie > From: Michael Knill > Reply to: AstLinux List > Date: Saturday, 6 August 2022 at 12:38 pm > To: AstLinux List > Subject: [Astlinux-users] Using VMware Templates > > Hi Group > > I'm using Astlinux in VMware vCloud and for quick deployment I have build a > base system and created a template from it. This means I can rapidly deploy a > new system without having to build it. > > I'm just wanting to check that I haven’t missed anything regarding what I do > to the template build and what I do after provisioning a new system. Note I > have not included Asterisk configuration in this list. > > • Network configuration – Build template will be DHCP only. The new > address and hostname will added into the Network Tab or > rc.conf.d/gui.network.conf directly > • HTTPS and TLS Certs – These will be regenerated on the new > provisioned system with an ACME Issue > • Root SSH Keys – ssh_root_keys directory is removed in the template so > it is regenerated > • Wireguard Key – wireguard/wg0.privatekey is removed in the template > so it is regenerated > • Zabbix Key – ssl/zabbix_secret.psk is removed in the template so it > is regenerated (when you access the Zabbix Tab I believe) > • OpenVPN Keys – These are not generated by default in the build system > so will need to be created if required anyway > • Tarsnap – tarsnap directory is removed in the template so it needs to > be generated > > Can you think of anything else I require? > Thanks all. > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] AstLinux Pre-Release: astlinux-1.4-5547-ae3467
Announcing AstLinux Pre-Release: astlinux-1.4-5547-ae3467
** The AstLinux Team is regularly upgrading packages containing security and
bug fixes as well as adding new features of our own.
-- Linux Kernel 4.19.254 (version bump), security and bug fixes
-- RUNNIX, version bump to runnix-0.6.12, with Linux Kernel 4.19.254
== gnu-efi, version bump to 3.0.14
-- igc, backport from linux-5.4.208, Intel i225 2.5-Gigabit Ethernet Network
Driver
-- r8125, version 9.009.02, Realtek RTL8125 2.5-Gigabit Ethernet Network Driver
-- igb, version bump to 5.11.4, Intel 1.0-Gigabit Ethernet Network Driver
-- OpenSSL, version bump to 1.1.1q, security fixes: CVE-2022-2068, CVE-2022-2097
-- WireGuard VPN, module 1.0.20220627 (version bump), tools 1.0.20210914 (no
change)
-- OpenSSH, version 8.1p1, close SSH connections on shutdown, poweroff, reboot
and kernel-reboot
-- libcurl (curl) version bump to 7.84.0, security fixes: CVE-2022-32205,
CVE-2022-32206, CVE-2022-32207, CVE-2022-32208
-- htop, version bump to 3.2.1
-- sqlite, version bump to 3.39.2, security fix: CVE-2022-35737
-- unbound, version bump to 1.16.2, security fixes: CVE-2022-30698,
CVE-2022-30699
-- zabbix, version bump to 4.0.43
-- Asterisk 13.38.3 ('13se' no change)
Last Asterisk 13.x "Legacy" version, built --without-pjproject
-- Asterisk 16.27.0 (version bump) and 18.13.0 (version bump)
-- pjsip 2.12 (version bump)
-- Complete Pre-Release ChangeLog:
https://astlinux-project.org/beta/astlinux-changelog/ChangeLog.txt
The "AstLinux Pre-Release ChangeLog" and "Pre-Release Repository URL" entries
can be found under the "Development" tab of the AstLinux Project web site ...
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
AstLinux Team
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] Storage performance
Hi Michael, Out of curiosity, what do you mean by "Virtual DC" ? I'm not familiar with that term. If you are using AstLinux 1.4.3 or later, the kernel /proc/[pid]/io stats are enabled. So, look for "read_bytes" and "write_bytes" in the output of the 'init' process: -- cat /proc/1/io -- For Asterisk, this should work: -- cat /proc/$(pgrep -f '^asterisk')/io -- See how quickly "read_bytes" and "write_bytes" increase over a set period of time. Next convert into IOP by guessing an average block size. Note: some of this Disk IO is to RAM based tmpfs, but would give you a worst case scenario. Additionally, 'htop' supports IO_RATE column (DISK R/W) that can monitor IO. Lonnie > On Jul 20, 2022, at 2:29 PM, Michael Knill > wrote: > > Hi Group > > I am virtualising most Astlinux installs and now moving to Virtual DC’s where > I have more control of the type of resources I allocate. One of these is the > type of storage and usually in the form of IOP’s. > For example I can purchase storage ranging from 100 IOP’s to 25,000 IOP’s. > Now although the difference in price is not huge, it does add up and I want > to try to minimise costs where possible. > I have been using 250 IOP’s and I have not seen any problems but just > wondering if this is too low? Even though am writing logs to KD, I assumed > that the Astlinux architecture was still pretty light on in regards to disk > writes. > > Thanks > Mike > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Config NAT Loopback
Hi David, Interesting ... yes, as you suggested, setting the NAT EXT->LAN "Source" rule to only the local LAN(s) (ex. 192.168.1.0/24) should be what you need to limit "loopback" to only local IPs for a particular NATed port. Can't say I ever needed that, but should work. Best to test hitting you external interface from the outside with the associated "loopback" port and make sure it is not allowed in. Lonnie > On Jul 20, 2022, at 8:31 AM, David Kerr wrote: > > Is it possible to configure NAT Loopback on its own... ie, without opening > NAT->LAN for all sources? > > I have a problem where my employer's VPN is hijacking DNS so name resolution > for my internal hosts is always getting routed to the VPN's supplied DNS > which will not resolve to my internal IP address, so traffic is getting sent > to my external IP address. > > Loopback works, I can set a port number to forward but I don't want to open > the firewall port to any external client, only to a client on my internal > network. > > It looks like I can set Source IP to e.g. 192.168.1.0/24 and that will setup > the firewall rules. But is that the best and/or safe way to do it? > > Thanks > David > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Doing an OS upgrade without network connectivity
Hi Michael, Do you have physical access? If "yes" a local attached USB drive can be used as a "local repo". Below is an example, using an PC Engines APU2 "genx86_64-serial" image. == Insert FAT formatted USB drive. pbx4 ~ # fdisk -l -- ... Device Boot StartEnd Sectors Size Id Type /dev/sdb1 * 63 524159 524097 255.9M 6 FAT16 -- pbx4 ~ # mkdir /tmp/disk pbx4 ~ # mount -t vfat /dev/sdb1 /tmp/disk ## Only needed to create a local repo on the USB drive, could be performed outside of AstLinux if desired. ## Requires public network access. pbx4 ~ # mkdir -p /tmp/disk/ast13se-firmware-1.x/genx86_64-serial pbx4 ~ # cd /tmp/disk/ast13se-firmware-1.x/genx86_64-serial/ pbx4 genx86_64-serial # curl -LO https://astlinux-project.org/mirror/ast13se-firmware-1.x/genx86_64-serial/ver pbx4 genx86_64-serial # curl -LO https://astlinux-project.org/mirror/ast13se-firmware-1.x/genx86_64-serial/astlinux-1.4.6.tar.gz pbx4 genx86_64-serial # curl -LO https://astlinux-project.org/mirror/ast13se-firmware-1.x/genx86_64-serial/astlinux-1.4.6.tar.gz.sha1 ## End of create a local repo on the USB drive ## Now assume the USB drive was pre-configured and skip the above "create a local repo" commands. ## Check the local repo files: pbx4 ~ # cd pbx4 ~ # find /tmp/disk/ast13se-firmware-1.x/ /tmp/disk/ast13se-firmware-1.x/ /tmp/disk/ast13se-firmware-1.x/genx86_64-serial /tmp/disk/ast13se-firmware-1.x/genx86_64-serial/ver /tmp/disk/ast13se-firmware-1.x/genx86_64-serial/astlinux-1.4.6.tar.gz /tmp/disk/ast13se-firmware-1.x/genx86_64-serial/astlinux-1.4.6.tar.gz.sha1 ## Upgrade using the local (pre-configured) USB drive: pbx4 ~ # upgrade-run-image check file:///tmp/disk/ast13se-firmware-1.x Current version is: astlinux-1.4-5507-f21c6b, Newest available version is: astlinux-1.4.6 pbx4 ~ # upgrade-run-image upgrade file:///tmp/disk/ast13se-firmware-1.x Successful upgrade to: astlinux-1.4.6 [after reboot] pbx4 ~ # cd pbx4 ~ # umount /tmp/disk pbx4 ~ # reboot ; exit == And yes, this local repo method can be used for Runnix as well. Lonnie Tip -> For AstLinux 1.4.2 or later: If you have a exFAT formatted drive use "mount -t exfat ..." instead of "mount -t vfat ..." above. > On Jun 24, 2022, at 8:52 PM, Michael Knill > wrote: > > Is this easy to do? > I have a site where they are tough with security and I cant reach the > download server currently. > > Along with my previous question, a Runnix upgrade without network > connectivity may be handy too. > > Regards > > Michael Knill > Managing Director ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Runnix version and upgrade
Hi Michael, (comments inline) > On Jun 24, 2022, at 8:07 PM, Michael Knill > wrote: > > A couple of questions regarding Runnix: > • I did a Runnix upgrade and it went to 0.6.11. Is this ok on Astlinux > 1.3.10? Should be fine. Test by upgrading to Runnix 0.6.11 and "reboot" from the CLI ... it should boot AstLinux. AstLinux 1.3.10 uses x86_64 Linux 3.16.85, Runnix 0.6.11 is based on x86_64 Linux 4.19.242. Over the years we have changed Runnix from 32-bit (0.4.x) to 32-bit PAE (0.5.x) to 64-bit (0.6.x) The "upgrade-RUNNIX-image" automatically uses the proper Runnix series. You can force the Runnix repo URL, the AstLinux 1.3.10 and later default is: -- upgrade-RUNNIX-image check https://astlinux-project.org/mirror/runnix6 -- > • Can I upgrade to a specific Runnix version or is there no point? You could with a private Runnix repo, but there is no reason to do so that I am aware of. Note that any Runnix upgrades would need to be done via the CLI, the Web Interface uses the default Runnix repo URL. > • Can I manage my own repository of Runnix? Yes, (see above) ... just as with the AstLinux repo file format, for example: -- On an external reachable HTTPS server "HOST/PATH" -- mkdir runnix6 cd runnix6 curl -LO https://astlinux-project.org/mirror/runnix6/runnix-0.6.11.tar.gz curl -LO https://astlinux-project.org/mirror/runnix6/runnix-0.6.11.tar.gz.sha1 curl -LO https://astlinux-project.org/mirror/runnix6/ver -- Then in AstLinux: -- upgrade-RUNNIX-image check https://HOST/PATH/runnix6 -- Adjust as desired. Lonnie ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] Announcing AstLinux Release: 1.4.6
Announcing AstLinux Release: 1.4.6 More Info: AstLinux Project https://www.astlinux-project.org/ AstLinux 1.4.6 Highlights: * Asterisk Versions: 13.38.3, 16.25.3, 18.11.3 * Add support for UEFI boot in addition to the current Legacy BIOS boot * Linux Kernel 4.19.242, security and bug fixes * igc, backport from linux-5.4.191, Intel i225 2.5-Gigabit Ethernet Network Driver * r8125, version 9.009.00, Realtek RTL8125 2.5-Gigabit Ethernet Network Driver * RUNNIX, version bump to runnix-0.6.11 * OpenSSL, version bump to 1.1.1o, security fixes: CVE-2022-0778, CVE-2022-1292 * OpenVPN, version bump to 2.4.12, security fix: CVE-2022-0547 * libcurl (curl) version bump to 7.83.1, security fixes: many * LibreTLS, version bump to 3.5.2 * Monit, version bump to 5.32.0 * msmtp, version bump to 1.8.20 * php, version 7.2.34, add security fix: CVE-2021-21707 * smartctl (smartmontools), version bump to 7.3, drivedb.h snapshot 2022-05-10 * sqlite, version bump to 3.38.5, JSON support is now enabled * zabbix, version bump to 4.0.40 * Asterisk '13se' (stable edition) version 13.38.3 is the last Asterisk 13.x "Legacy" version, built --without-pjproject * Package upgrades providing important security and bug fixes Full ChangeLog: https://raw.githubusercontent.com/astlinux-project/astlinux/1.4.6/docs/ChangeLog.txt All users are encouraged to upgrade, read the ChangeLog for the details. AstLinux Team ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Can't access astlinux GUI
Hi Hamid, I know of a person who ran AstLinux VM ISO on bare-metal using QEMU/KVM ... it worked OK for him but took a lot of testing and internet searches to get it working. And keeping QEMU and all related packages up to date is very important. You will have to do your own testing and internet searches. If your OVH VPS already runs on a hypervisor, running KVM on top of that is not ideal, and provided the VT-x/EPT CPU flags get passed through. Did we mention Vultr starts at $5/month USD and you can deploy the latest AstLinux VM ISO in about 60 seconds. :-) If you have a bare-metal server ESXi or Proxmox are good choices where the AstLinux VM ISO can be installed. Lonnie > On May 16, 2022, at 1:08 PM, Hamid Awad wrote: > > Hello, > I can give you access to my virtualization enviroment so you can do anything > you need and There’s vnc as well > > Regards, > > > Original message > From: Michael Keuter > Date: Mon, 16 May 2022, 19:00 > To: AstLinux Users Mailing List > Subject: Re: [Astlinux-users] Can't access astlinux GUI > We (AstLinux Team) documented only three Cloud scenarios, that we have tested > ourselves. > I cannot speak for installations on OVH. On Vultr it is quite easy to install. > > > Am 16.05.2022 um 18:37 schrieb Hamid Awad : > > > > > > There’re talked about 3 cloud company. > > Any way I read all the the docs in the link > > (https://doc.astlinux-project.org/userdoc:documentation#cloud_hosted_guest_vm_s > > ) to understand the idea and applied it in my environment > > I installed astlinux the remove the ISO CD and let astlinux boot from hd > > No thing happens > > Same issue > > NOTE : I used Kimchi (Virtualization Management) > > https://github.com/kimchi-project/wok @ ubuntu 16.04 server > > > > Regards, > > > > From: Michael Keuter > > Sent: Monday, May 16, 2022 12:59 PM > > To: Hamid Awad > > Subject: Re: [Astlinux-users] Can't access astlinux GUI > > > > https://doc.astlinux-project.org/userdoc:documentation#cloud_hosted_guest_vm_s > > > > > Am 16.05.2022 um 12:52 schrieb Hamid Awad : > > > > > > Hi again, > > > > > > In fact I managd dedicated server from ovh with virtualization (kvm) > > > > > > Can you tell me what can I do > > > > > > Regards > > > > > > > > > Original message > > > From: Michael Keuter > > > Date: Mon, 16 May 2022, 11:29 > > > To: AstLinux Users Mailing List > > > Subject: Re: [Astlinux-users] Can't access astlinux GUI > > > Hi Hamid, > > > > > > normally you should get a DHCP address from your provider. > > > I had a same issue with another provider in Germany (static IP didn't > > > help either), I filed a support request, > > > and within a few hours they re-provisioned the server and I got an IP > > > address via DHCP. > > > > > > Otherwise in "rc.conf": > > > > > > > > > ## External Interface > > > EXTIF="eth0" > > > > > > ## If EXTIP is set, a 'static' config is used instead of the default, > > > ## which is DHCP client on $EXTIF. If you are using a T1/E1 > > > ## EXTGW is also the PtP address. You can enter as many DNS servers as > > > ## you wish. They will be added in order. > > > #EXTIP="192.168.25.2" > > > #EXTNM="255.255.255.0" > > > #EXTGW="192.168.25.1" > > > #DNS="192.168.1.1 192.168.1.2 192.168.1.3" > > > > > > > > > > Am 16.05.2022 um 08:48 schrieb Hamid Awad : > > > > > > > > VPS from ovh > > > > > > > > How can I turne dhcp off > > > > > > > > > > > > Original message > > > > From: Lonnie Abelbeck > > > > Date: Mon, 16 May 2022, 04:03 > > > > To: AstLinux Users Mailing List > > > > Subject: Re: [Astlinux-users] Can't access astlinux GUI > > > > > > > > > > > > > On May 15, 2022, at 3:44 PM, Hamid Awad wrote: > > > > > > > > > > Hi every body, > > > > > I install astlinux in my vps and all is fine, I could not assign IP > > > > > address (my ip address) > > > > > I tried ifconfig 54.x.x.x to setup ip and netmask and I successful on > > > > > that. > > > > > I can't ping the gateway so I can't add it to the route. > > > > > > > >
Re: [Astlinux-users] Can't access astlinux GUI
> On May 15, 2022, at 3:44 PM, Hamid Awad wrote: > > Hi every body, > I install astlinux in my vps and all is fine, I could not assign IP address > (my ip address) > I tried ifconfig 54.x.x.x to setup ip and netmask and I successful on that. > I can't ping the gateway so I can't add it to the route. What VPS are you trying to use? Doesn't DHCP (the default) work on the external interface? I know Vultr [1] can easily deploy an AstLinux VM ISO [2]. Lonnie [1] https://www.vultr.com/ [2] https://doc.astlinux-project.org/userdoc:hosted_guest_vm_vultr ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] AstLinux Pre-Release: astlinux-1.4-5492-970ef8
Announcing AstLinux Pre-Release: astlinux-1.4-5492-970ef8
Key new features:
-- Add support for UEFI boot in addition to the current Legacy BIOS boot.
More info: https://doc.astlinux-project.org/userdoc:boot-bios-uefi
** The AstLinux Team is regularly upgrading packages containing security and
bug fixes as well as adding new features of our own.
-- Linux Kernel 4.19.242 (version bump), security and bug fixes
-- RUNNIX, version bump to runnix-0.6.11, with Linux Kernel 4.19.242, add UEFI
boot support as well as Legacy BIOS boot.
== syslinux, version 6.03, enable EFI (64-bit) support
== gnu-efi, new package, version 3.0.10
-- igc, backport from linux-5.4.191, Intel i225 2.5-Gigabit Ethernet Network
Driver
-- r8125, version 9.009.00, Realtek RTL8125 2.5-Gigabit Ethernet Network Driver
-- igb, version bump to 5.10.2, Intel 1.0-Gigabit Ethernet Network Driver
-- OpenSSL, version bump to 1.1.1o, security fixes: CVE-2022-0778, CVE-2022-1292
-- OpenVPN, version bump to 2.4.12, security fix: CVE-2022-0547
-- WireGuard VPN, module 1.0.20211208 (no change), tools 1.0.20210914 (no
change)
-- libcurl (curl) version bump to 7.83.1, many security fixes
-- Monit, version bump to 5.32.0
-- php, version 7.2.34, add security fix: CVE-2021-21707
-- smartctl (smartmontools), version bump to 7.3, drivedb.h snapshot 2022-05-10
-- sqlite, version bump to 3.38.5, JSON support is now enabled
-- zabbix, version bump to 4.0.40
-- lighttpd/php, anonymize header version information
-- Asterisk 13.38.3 ('13se' no change)
Last Asterisk 13.x "Legacy" version, built --without-pjproject
-- Asterisk 16.25.3 (version bump) and 18.11.3 (version bump)
Security fixes: (res_stir_shaken) CVE-2022-26498, CVE-2022-26499
-- pjsip 2.10, security fixes: CVE-2022-21723, CVE-2022-23608, CVE-2021-37706
-- Complete Pre-Release ChangeLog:
https://astlinux-project.org/beta/astlinux-changelog/ChangeLog.txt
The "AstLinux Pre-Release ChangeLog" and "Pre-Release Repository URL" entries
can be found under the "Development" tab of the AstLinux Project web site ...
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
AstLinux Team
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] Adding a Wireguard null route with higher metric
I don't think adding a dummy endpoint would be a good idea. If seeing logs is the problem, removing "warning" from asterisk/logger.conf on that box might work, not sure what important things you might miss. If you built your own AstLinux images, you could patch out that line in Asterisk. Lonnie > On May 15, 2022, at 4:45 PM, Michael Knill > wrote: > > Ah thanks Lonnie. Yes this is when I'm using one-way peers. Problem is that > yes Asterisk does bail quickly but then complains about it in the logs. > Two-way endpoints are out of the question unfortunately. Do you think there > is any way to fool it e.g. add a dummy endpoint or would this break stuff or > be very inefficient? > I'm thinking to reduce the problem I will only use VPN when I need to e.g. > when behind NAT, failover, dynamic address etc. and use direct trunk all > other times. > > Regards > Michael Knill > > On 15/5/22, 11:34 pm, "Lonnie Abelbeck" wrote: > >Hi Michael, > >That is what WireGuard does if there is no "Endpoint" and the peer route > is down. > >Simple examples ... > >Example #1 >-- wg.conf snip (no Endpoint) -- >[Peer] >## hpe-ms|pbx-pve >PublicKey = ... >AllowedIPs = 10.4.0.15/32 >-- > ># fping 10.4.0.15 >10.4.0.15: error while sending ping: Destination address required >10.4.0.15 is unreachable > >Note: fping returns immediately > >Example #2 >-- wg.conf snip (with Endpoint) -- >[Peer] >## hpe-ms|pbx-pve >PublicKey = ... >Endpoint = 10.10.10.15:51820 >AllowedIPs = 10.4.0.15/32 >-- > ># fping 10.4.0.15 >10.4.0.15 is unreachable > >Note: fping returns after a few seconds of trying > >So, if you have one-way established WireGuard peers, this is working as > efficiently as possible. This allows Asterisk to bail quickly. > >Alternatively if you have two-way established WireGuard peers, each end's > peer can contain a "Endpoint" which will try to establish the tunnel and only > return "unreachable" if it can't. > >Lonnie > > >> On May 14, 2022, at 10:07 PM, Michael Knill >> wrote: >> >> I use Wireguard VPN’s extensively and our softswitch has many peers >> connected to it. >> One issue that is very annoying is that if a VPN route drops out of the >> routing table, rather than just Unreachable, Asterisk complains as below: >> [May 14 07:20:37] WARNING[2082]: chan_sip.c:3781 __sip_xmit: sip_xmit of >> 0x2b61f424e7a0 (len 509) to 172.29.1.252:5060 returned -1: Destination >> address required >> [May 14 07:20:38] WARNING[2082]: chan_sip.c:3781 __sip_xmit: sip_xmit of >> 0x2b61f458c940 (len 507) to 172.29.1.13:5060 returned -1: Destination >> address required >> You also get the same when you try to ping it. >> >> Can you think of any way to resolve this. I tried a null route and that >> didn't work. >> >> Regards >> >> Michael Knill >> Managing Director >> >> D: +61 2 6189 1360 >> P: +61 2 6140 4656 >> E: michael.kn...@ipcsolutions.com.au >> W: ipcsolutions.com.au >> >> >> Smarter Business Communications >> >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > >___ >Astlinux-users mailing list >Astlinux-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/astlinux-users > >Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Adding a Wireguard null route with higher metric
Hi Michael, That is what WireGuard does if there is no "Endpoint" and the peer route is down. Simple examples ... Example #1 -- wg.conf snip (no Endpoint) -- [Peer] ## hpe-ms|pbx-pve PublicKey = ... AllowedIPs = 10.4.0.15/32 -- # fping 10.4.0.15 10.4.0.15: error while sending ping: Destination address required 10.4.0.15 is unreachable Note: fping returns immediately Example #2 -- wg.conf snip (with Endpoint) -- [Peer] ## hpe-ms|pbx-pve PublicKey = ... Endpoint = 10.10.10.15:51820 AllowedIPs = 10.4.0.15/32 -- # fping 10.4.0.15 10.4.0.15 is unreachable Note: fping returns after a few seconds of trying So, if you have one-way established WireGuard peers, this is working as efficiently as possible. This allows Asterisk to bail quickly. Alternatively if you have two-way established WireGuard peers, each end's peer can contain a "Endpoint" which will try to establish the tunnel and only return "unreachable" if it can't. Lonnie > On May 14, 2022, at 10:07 PM, Michael Knill > wrote: > > I use Wireguard VPN’s extensively and our softswitch has many peers connected > to it. > One issue that is very annoying is that if a VPN route drops out of the > routing table, rather than just Unreachable, Asterisk complains as below: > [May 14 07:20:37] WARNING[2082]: chan_sip.c:3781 __sip_xmit: sip_xmit of > 0x2b61f424e7a0 (len 509) to 172.29.1.252:5060 returned -1: Destination > address required > [May 14 07:20:38] WARNING[2082]: chan_sip.c:3781 __sip_xmit: sip_xmit of > 0x2b61f458c940 (len 507) to 172.29.1.13:5060 returned -1: Destination address > required > You also get the same when you try to ping it. > > Can you think of any way to resolve this. I tried a null route and that > didn't work. > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] Qotom Q750G5 Celeron J4125 Fanless Appliance
A newly released hardware description and configuration has been added to the AstLinux documentation: Qotom Q750G5 Celeron J4125 Fanless Appliance https://doc.astlinux-project.org/userdoc:board_qotom_q750g5 Michael Keuter personally purchased a Qotom Q750G5 J4125 No-WiFi via AliExpress. https://www.aliexpress.com/item/1005003792068209.html The Qotom Q750G5 J4125 offers: -- Small fanless case -- Intel Celeron CPU J4125 (4x) @ 2.00GHz (burst to 2.70 GHz enabled) -- Legacy BIOS or UEFI boot support (AMI) -- 5x Intel i225-V NICs (2.5Gbps) -- Supports mSATA SSD -- Supports Video (HDMI) Console (Serial header on board) -- Piezo speaker -- Power button Note: The J4125 version is currently sold out, a J4105 version is available for about $10 USD less. Intel Celeron CPU J4105 (4x) @ 1.50GHz (burst to 2.50 GHz enabled) Thanks to Michael for being an early adopter and purchasing this box. I'm sure Michael will answer any questions. Lonnie ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] AstLinux Pre-Release: astlinux-1.4-5459-c657da
Announcing AstLinux Pre-Release: astlinux-1.4-5459-c657da
Key new features:
-- Add support for UEFI boot in addition to the current Legacy BIOS boot.
More info: https://doc.astlinux-project.org/userdoc:boot-bios-uefi
** The AstLinux Team is regularly upgrading packages containing security and
bug fixes as well as adding new features of our own.
-- Linux Kernel 4.19.236 (version bump), security and bug fixes
-- RUNNIX, version bump to runnix-0.6.10, with Linux Kernel 4.19.236, add UEFI
boot support as well as Legacy BIOS boot.
== syslinux, version 6.03, enable EFI (64-bit) support
== gnu-efi, new package, version 3.0.10
-- igc, backport from linux-5.4.191, Intel i225 2.5-Gigabit Ethernet Network
Driver
-- r8125, version 9.008.00, Realtek RTL8125 2.5-Gigabit Ethernet Network Driver
-- OpenSSL, version bump to 1.1.1n, security fix: CVE-2022-0778
-- OpenVPN, version bump to 2.4.12, security fix: CVE-2022-0547
-- WireGuard VPN, module 1.0.20211208 (no change), tools 1.0.20210914 (no
change)
-- libcurl (curl) version bump to 7.82.0
-- Monit, version bump to 5.32.0
-- php, version 7.2.34, add security fix: CVE-2021-21707
-- sqlite, version bump to 3.38.2, JSON support is now enabled
-- lighttpd/php, anonymize header version information
-- Asterisk 13.38.3 ('13se' no change)
Last Asterisk 13.x "Legacy" version, built --without-pjproject
-- Asterisk 16.25.3 (version bump) and 18.11.3 (version bump)
Security fixes: (res_stir_shaken) CVE-2022-26498, CVE-2022-26499
-- pjsip 2.10, security fixes: CVE-2022-21723, CVE-2022-23608, CVE-2021-37706
-- Complete Pre-Release ChangeLog:
https://astlinux-project.org/beta/astlinux-changelog/ChangeLog.txt
The "AstLinux Pre-Release ChangeLog" and "Pre-Release Repository URL" entries
can be found under the "Development" tab of the AstLinux Project web site ...
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
AstLinux Team
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] Announcing AstLinux Release: 1.4.5
If you are at 1.4.5 with ast13se-firmware-1.x, change the Asterisk version via the Prefs tab (ast16-firmware-1.x or ast18-firmware-1.x), then go the System tab and first perform "Revert to Previous" then "Upgrade with New" as usual. Ref: https://doc.astlinux-project.org/userdoc:tt_asterisk_upgrade_version Lonnie > On Mar 13, 2022, at 2:41 PM, Ionel Chila via Astlinux-users > wrote: > > Thanks Michael. So I managed to update to 1.4.5 but on Asterisk 13. > > How do I switch to Asterisk 16 now? Or 18? > > > >> On Mar 13, 2022, at 1:19 PM, Michael Keuter wrote: >> >> Hi, >> >> as stated in the release info, the Asterisk 13 version is no more updated, >> but ast13se, ast16 + ast18. >> >>> Am 13.03.2022 um 19:15 schrieb Ionel Chila via Astlinux-users >>> : >>> >>> Is strange, when I do an update from the GUI it tells me 1.4.4 is the >>> latest version. It used to work upgrading from there just fine. Anything >>> changed? >>> >>> >>> >>> >>> >>>> On Mar 2, 2022, at 7:49 AM, Lonnie Abelbeck >>>> wrote: >>>> >>>> Announcing AstLinux Release: 1.4.5 >>>> >>>> More Info: AstLinux Project >>>> https://www.astlinux-project.org/ >>>> >>>> AstLinux 1.4.5 Highlights: >>>> * Asterisk Versions: 13.38.3, 16.21.1, 18.10.0 >>>> * Asterisk 18.x is now supported, along with Asterisk 16.x and Asterisk >>>> 13.x built --without-pjproject >>>> * Previous ast13-firmware-1.x is no longer being updated, >>>> ast13-firmware-1.x users should either switch to ast16-firmware-1.x >>>> (recommended) or use ast13se-firmware-1.x if chan_pjsip is not used in >>>> your dialplan. >>>> >>>> * Linux Kernel 4.19.230, security and bug fixes >>>> * RUNNIX, version bump to runnix-0.6.6 >>>> * OpenSSL, version bump to 1.1.1m, security fixes: none >>>> * WireGuard VPN, module 1.0.20211208 (version bump), tools 1.0.20210914 >>>> (no change) >>>> * strongSwan, version 5.5.3, security fix: CVE-2021-45079 >>>> * libcurl (curl) version bump to 7.81.0 >>>> * chrony, version bump to 4.2 >>>> * darkstat, version bump to 3.0.721 >>>> * expat, version bump to 2.4.6, security fixes: many >>>> * Monit, version bump to 5.31.0 >>>> * msmtp, version bump to 1.8.19, 'msmtpd' security fix >>>> * mtr, version bump to 0.95 >>>> * prosody, version bump to 0.11.13 >>>> * tarsnap, version bump to 1.0.40, "Trust No One" encrypted backups using >>>> the Tarsnap Backup service. >>>> * vnStat, version bump to 2.9 >>>> * zabbix, version bump to 4.0.38 >>>> * Asterisk '13se' (stable edition) version 13.38.3 is the last Asterisk >>>> 13.x "Legacy" version, built --without-pjproject >>>> * Package upgrades providing important security and bug fixes >>>> >>>> Full ChangeLog: >>>> https://raw.githubusercontent.com/astlinux-project/astlinux/1.4.5/docs/ChangeLog.txt >>>> >>>> All users are encouraged to upgrade, read the ChangeLog for the details. >>>> >>>> AstLinux Team >>>> >>>> >>>> >>>> ___ >>>> Astlinux-users mailing list >>>> Astlinux-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>>> >>>> Donations to support AstLinux are graciously accepted via PayPal to >>>> pay...@krisk.org. >>> >>> ___ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >> >> >> Michael >> >> http://www.mksolutions.info >> >> >> >> >> >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Announcing AstLinux Release: 1.4.5
Hi Ionel, Yes that is expected when using the ast13-firmware-1.x firmware. As stated below in the "AstLinux 1.4.5 Highlights:" -- * Asterisk 18.x is now supported, along with Asterisk 16.x and Asterisk 13.x built --without-pjproject * Previous ast13-firmware-1.x is no longer being updated, ast13-firmware-1.x users should either switch to ast16-firmware-1.x (recommended) or use ast13se-firmware-1.x if chan_pjsip is not used in your dialplan. -- So, if you are not using chan_pjsip you could change to ast13se-firmware-1.x (via Prefs Tab) or alternatively start using ast16-firmware-1.x ... either of those will get you to version 1.4.5 . Lonnie > On Mar 13, 2022, at 1:15 PM, Ionel Chila via Astlinux-users > wrote: > > Is strange, when I do an update from the GUI it tells me 1.4.4 is the latest > version. It used to work upgrading from there just fine. Anything changed? > > > > > >> On Mar 2, 2022, at 7:49 AM, Lonnie Abelbeck >> wrote: >> >> Announcing AstLinux Release: 1.4.5 >> >> More Info: AstLinux Project >> https://www.astlinux-project.org/ >> >> AstLinux 1.4.5 Highlights: >> * Asterisk Versions: 13.38.3, 16.21.1, 18.10.0 >> * Asterisk 18.x is now supported, along with Asterisk 16.x and Asterisk 13.x >> built --without-pjproject >> * Previous ast13-firmware-1.x is no longer being updated, ast13-firmware-1.x >> users should either switch to ast16-firmware-1.x (recommended) or use >> ast13se-firmware-1.x if chan_pjsip is not used in your dialplan. >> >> * Linux Kernel 4.19.230, security and bug fixes >> * RUNNIX, version bump to runnix-0.6.6 >> * OpenSSL, version bump to 1.1.1m, security fixes: none >> * WireGuard VPN, module 1.0.20211208 (version bump), tools 1.0.20210914 (no >> change) >> * strongSwan, version 5.5.3, security fix: CVE-2021-45079 >> * libcurl (curl) version bump to 7.81.0 >> * chrony, version bump to 4.2 >> * darkstat, version bump to 3.0.721 >> * expat, version bump to 2.4.6, security fixes: many >> * Monit, version bump to 5.31.0 >> * msmtp, version bump to 1.8.19, 'msmtpd' security fix >> * mtr, version bump to 0.95 >> * prosody, version bump to 0.11.13 >> * tarsnap, version bump to 1.0.40, "Trust No One" encrypted backups using >> the Tarsnap Backup service. >> * vnStat, version bump to 2.9 >> * zabbix, version bump to 4.0.38 >> * Asterisk '13se' (stable edition) version 13.38.3 is the last Asterisk 13.x >> "Legacy" version, built --without-pjproject >> * Package upgrades providing important security and bug fixes >> >> Full ChangeLog: >> https://raw.githubusercontent.com/astlinux-project/astlinux/1.4.5/docs/ChangeLog.txt >> >> All users are encouraged to upgrade, read the ChangeLog for the details. >> >> AstLinux Team >> >> >> >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] Announcing AstLinux Release: 1.4.5
Announcing AstLinux Release: 1.4.5 More Info: AstLinux Project https://www.astlinux-project.org/ AstLinux 1.4.5 Highlights: * Asterisk Versions: 13.38.3, 16.21.1, 18.10.0 * Asterisk 18.x is now supported, along with Asterisk 16.x and Asterisk 13.x built --without-pjproject * Previous ast13-firmware-1.x is no longer being updated, ast13-firmware-1.x users should either switch to ast16-firmware-1.x (recommended) or use ast13se-firmware-1.x if chan_pjsip is not used in your dialplan. * Linux Kernel 4.19.230, security and bug fixes * RUNNIX, version bump to runnix-0.6.6 * OpenSSL, version bump to 1.1.1m, security fixes: none * WireGuard VPN, module 1.0.20211208 (version bump), tools 1.0.20210914 (no change) * strongSwan, version 5.5.3, security fix: CVE-2021-45079 * libcurl (curl) version bump to 7.81.0 * chrony, version bump to 4.2 * darkstat, version bump to 3.0.721 * expat, version bump to 2.4.6, security fixes: many * Monit, version bump to 5.31.0 * msmtp, version bump to 1.8.19, 'msmtpd' security fix * mtr, version bump to 0.95 * prosody, version bump to 0.11.13 * tarsnap, version bump to 1.0.40, "Trust No One" encrypted backups using the Tarsnap Backup service. * vnStat, version bump to 2.9 * zabbix, version bump to 4.0.38 * Asterisk '13se' (stable edition) version 13.38.3 is the last Asterisk 13.x "Legacy" version, built --without-pjproject * Package upgrades providing important security and bug fixes Full ChangeLog: https://raw.githubusercontent.com/astlinux-project/astlinux/1.4.5/docs/ChangeLog.txt All users are encouraged to upgrade, read the ChangeLog for the details. AstLinux Team ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] AstLinux Pre-Release: astlinux-1.4-5380-6e3fb2
Announcing AstLinux Pre-Release: astlinux-1.4-5380-6e3fb2
Key new features:
-- Asterisk 18.x is now supported, along with Asterisk 16.x and Asterisk 13.x
built --without-pjproject
-- Previous ast13-firmware-1.x is no longer being updated, ast13-firmware-1.x
users should either switch to ast16-firmware-1.x (recommended)
or use ast13se-firmware-1.x if chan_pjsip is not used in your dialplan.
** The AstLinux Team is regularly upgrading packages containing security and
bug fixes as well as adding new features of our own.
-- Linux Kernel 4.19.230 (version bump), security and bug fixes
-- OpenSSL, version bump to 1.1.1m, security fixes: none
-- WireGuard VPN, module 1.0.20211208 (version bump), tools 1.0.20210914 (no
change)
-- strongSwan, version 5.5.3, security fix: CVE-2021-45079
-- expat, version bump to 2.4.4, security fixes: many, many
-- libcurl (curl) version bump to 7.81.0
-- LibreTLS, version bump to 3.4.2
-- Monit, version bump to 5.31.0
-- msmtp, version bump to 1.8.19, 'msmtpd' security fix
-- nano, version 2.7.5, fix issue where not saving a file could still copy the
file to /mnt/asturw/
-- tarsnap, version bump to 1.0.40, "Trust No One" encrypted backups using the
Tarsnap Backup service.
-- zabbix, version bump to 4.0.38
-- Network tab, Non-ACME Self-Signed HTTPS Certificate, use 2048 key length.
-- Asterisk 13.38.3 ('13se' no change)
Last Asterisk 13.x "Legacy" version, built --without-pjproject
-- Asterisk 16.21.1 (no change) and 18.10.0 (new version)
Note: Asterisk 16.23.0 has issues with high call usage, reverting to
16.21.1
-- Complete Pre-Release ChangeLog:
https://astlinux-project.org/beta/astlinux-changelog/ChangeLog.txt
The "AstLinux Pre-Release ChangeLog" and "Pre-Release Repository URL" entries
can be found under the "Development" tab of the AstLinux Project web site ...
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
AstLinux Team
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] PPPoE Keepalive
Hi Michael, Nicely described issue. 1) Adjust lcp-echo-* settings (requiring AstLinux 1.4.1 or later) By default the pppoe ppp peer options include: -- lcp-echo-interval 20 lcp-echo-failure 3 -- Try adding a PPPOE_PPP_OPTIONS variable in your /mnt/kd/rc.conf.d/user.conf file: -- PPPOE_PPP_OPTIONS="lcp-echo-interval 5 lcp-echo-failure 10" -- or also add lcp-echo-adaptive -- PPPOE_PPP_OPTIONS="lcp-echo-interval 5 lcp-echo-failure 10 lcp-echo-adaptive" -- Test and adjust values accordingly. 2) Adjust QoS Possibly (AstLinux 1.4.4 or later) CAKE support in the traffic shaper would help, but no evidence it would. 3) Changing the service to IPoE I have always thought to avoid PPPoE if possible, so if IPoE is an available choice, that may be a good idea. Lonnie > On Feb 8, 2022, at 10:49 PM, Michael Knill > wrote: > > Hi Group > > I have a site that for years intermittently has periods where it loses PPPoE > connectivity on a regular basis. After further investigation by one of my > techs, it appears that when this is happening there is significant upstream > congestion on the service due to a Veeam backup in progress. > Note that I have set traffic shaping and the voice is not affected however it > is when the PPPoE drops the connection e.g. > Feb 9 12:40:33 3060-ETS_Ref-CM1 daemon.info pppd[362]: No response to 3 > echo-requests > > We have always blamed the access provider but have not been able to pinpoint > the issue. I'm now thinking that possibly during this high congestion, LCP > Echo Request/Reply are being delayed and/or dropped meaning that Astlinux > thinks connectivity is lost and it resets the connection. > > So my questions are: > • Is this possible? > • If so, how can I fix it? Something in QoS? Can I change the PPPoE > parameters for LCP echos maybe? > • Would changing the service to IPoE fix the problem e.g. only DHCP > then? > > Thanks all. > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Astlinux on VmWare with Digium Wildcard TDM410
> On Feb 5, 2022, at 11:50 AM, Lonnie Abelbeck > wrote: > >> >> On Feb 5, 2022, at 11:09 AM, Ionel Chila via Astlinux-users >> wrote: >> >> I had this dedicated box with a Digium Wildcard TDM410 running forever, >> thanks for all the hard work that is put into this great project. I run few >> SIP trunks on this home PBX with VOIP providers from Europe, Asia and US as >> I have family all over the world. I also use this for some automation >> tasks, so the need for the FXO and FXS modules besides my home line. >> >> I am in process of consolidating some of my small servers into a beefy >> VmWare Esxi 7.0 server and I was wondering if migrating from this current >> physical PBX to VmWare will work. The only part I am not sure in VmWare is >> about TDM410. Will this TDM410 card still work properly even in the virtual >> environment, of course after putting the card in passthrough mode. Does >> anyone have a similar working setup? >> >> https://doc.astlinux-project.org/userdoc:guest_vm_vmware_vsphere >> >> Thanks >> Ionel Chila > > The TDM410 is PCI not PCIe, so you have a "beefy VmWare Esxi 7.0 server" with > PCI? > > While possible, (I have never done it) I would consider reserving one of your > old boxes with PCI as a home-built SIP/ATA using AstLinux. > > Lonnie Update Ionel, No, using a DAHDI card will not work in a VM, as least with the standard builds as the Digium hardware firmware is not installed for genx86_64-vm builds. Building you own SIP/ATA gateway is the best option ... or leave a working solution alone :-) Lonnie ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Astlinux on VmWare with Digium Wildcard TDM410
> On Feb 5, 2022, at 11:09 AM, Ionel Chila via Astlinux-users > wrote: > > I had this dedicated box with a Digium Wildcard TDM410 running forever, > thanks for all the hard work that is put into this great project. I run few > SIP trunks on this home PBX with VOIP providers from Europe, Asia and US as I > have family all over the world. I also use this for some automation tasks, > so the need for the FXO and FXS modules besides my home line. > > I am in process of consolidating some of my small servers into a beefy VmWare > Esxi 7.0 server and I was wondering if migrating from this current physical > PBX to VmWare will work. The only part I am not sure in VmWare is about > TDM410. Will this TDM410 card still work properly even in the virtual > environment, of course after putting the card in passthrough mode. Does > anyone have a similar working setup? > > https://doc.astlinux-project.org/userdoc:guest_vm_vmware_vsphere > > Thanks > Ionel Chila The TDM410 is PCI not PCIe, so you have a "beefy VmWare Esxi 7.0 server" with PCI? While possible, (I have never done it) I would consider reserving one of your old boxes with PCI as a home-built SIP/ATA using AstLinux. Lonnie ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] WAN Bridge interface
Interesting, but I don't quite understand how the upstream multihomed link works. If the AstLinux WAN bridge interface has a static IP and gateway, how is this a failover situation ... unless like you mentioned a VRRP (keepalived) setup. Is the AstLinux static gateway IP ARP'ing to different MACs depending on some magic upstream? All in the same subnet? If "yes" above, then this would indeed be a special case where you would want the WAN to be a bridge interface. Lonnie > On Feb 2, 2022, at 4:04 PM, Michael Knill > wrote: > > It's a static address with the gateway address shared on the firewalls as > active and standby. Not sure if they have a virtual address like VRRP but > doesn't make any difference from Astlinux's perspective. > I did some testing and all seemed to work. Its on a Qotom box so I assume > performance should not be an issue. > > Regards > Michael Knill > > On 3/2/22, 9:00 am, "Lonnie Abelbeck" wrote: > >Hi Michael, > >It would be a special case where you would want the WAN to be a bridge > interface. > >How is the WAN interface's IP address defined? > >I'm not sure how your two WAN trunks are routed to your bridge interface. > >But, if a 2-port ethernet switch would work, so should a 2-interface linux > bridge. > >Lonnie > > > > >> On Feb 2, 2022, at 3:33 PM, Michael Knill >> wrote: >> >> Hi Group >> >> I have set up two ports on my Astlinux box into a bridge and allocated to >> the WAN interface. These ports are connected behind a primary and failover >> Watchguard firewall as a DMZ interface. The LAN interface connects to the >> Voice VLAN making this system a VPN router only for about 70 phones. >> >> Just wanting to know if anyone can see any issues with this architecture as >> I haven’t used bridge interfaces before. >> It just seems better than sticking a switch in between creating another >> single point of failure. >> >> Regards >> >> Michael Knill >> Managing Director >> >> D: +61 2 6189 1360 >> P: +61 2 6140 4656 >> E: michael.kn...@ipcsolutions.com.au >> W: ipcsolutions.com.au >> >> >> Smarter Business Communications >> >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > >___ >Astlinux-users mailing list >Astlinux-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/astlinux-users > >Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] WAN Bridge interface
Hi Michael, It would be a special case where you would want the WAN to be a bridge interface. How is the WAN interface's IP address defined? I'm not sure how your two WAN trunks are routed to your bridge interface. But, if a 2-port ethernet switch would work, so should a 2-interface linux bridge. Lonnie > On Feb 2, 2022, at 3:33 PM, Michael Knill > wrote: > > Hi Group > > I have set up two ports on my Astlinux box into a bridge and allocated to the > WAN interface. These ports are connected behind a primary and failover > Watchguard firewall as a DMZ interface. The LAN interface connects to the > Voice VLAN making this system a VPN router only for about 70 phones. > > Just wanting to know if anyone can see any issues with this architecture as I > haven’t used bridge interfaces before. > It just seems better than sticking a switch in between creating another > single point of failure. > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] New AstLinux Project cloud infrastructure
Greetings, A simple note to let our users know about a new back-end cloud infrastructure for the AstLinux Project. This change should be seamless, and unnoticed for the majority of you. The AstLinux Project cloud infrastructure, including the documentation wiki, release images, release ISOs, domain DNS, as well as development files are all now hosted via Linode [1]. As such, some of you may download official release images to your own private repository. Previously a person could use HTTPS with "s3.amazonaws.com/mirror.astlinux-project/..." to access release images and ISOs, for the future use HTTPS with "astlinux-project.org/mirror/...". Note, if you use 'curl' include the '-L' option to follow the redirect. Lastly, as special thanks goes out to Darrick Hartman for hosting the documentation wiki in his Colo and paying for AWS S3 costs for many years. Darrick has long been involved with AstLinux (since 2006) and assisted with this transition ... Thanks! AstLinux Team [1] https://www.linode.com/ ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] PJSIP Best Practice?
Hi Dan,
Sorry for the lack of replies, but many of us are still using chan_sip.
There may be a command more useful than "pjsip show channels"
--
pbx*CLI> pjsip show
aoraors auth auths
channel
channels channelstats contactcontacts
endpoint
endpoints historyidentifiersidentifies
identify
qualifyregistration registrations
scheduled_taskssettings
subscription subscriptions transport transports
unidentified_requests
--
Lonnie
> On Jan 18, 2022, at 8:19 AM, Dan Ryson wrote:
>
> AstLinux Team,
>
> I'm delighted to see the ongoing progress of AstLinux. Thank you!
>
> Although Asterisk 13SE is still working fine for me, the Pre-Release
> recommendation (highlighted below) prompted me to start experimenting with
> Asterisk 16 and pjsip/pjproject on a new droplet PBX, which is now 48 hours
> old. It's working well for the most part and I'm making slow and steady
> progress.
>
> To force myself to learn pjsip, I defeated the chan_sip module. Accordingly,
> the AstLinux Status page now shows "No such command 'sip show registry'" and
> "No such command 'sip show peers'. As a possible work around, I updated the
> Active Channels Command to "pjsip show channels" and repurposed the Show
> DAHDI Command to "pjsip show endpoints" - since DAHDI isn't being used. This
> provides useful data and works fine. However, the raw CLI output isn't
> particularly pretty.
>
> Since I'm surely not the first person to head down this path, I have a
> feeling that I'm missing something obvious and should ask the pros. I'm
> hoping to hear your thoughts and advice for showing pjsip status. Is there a
> better recommended practice?
>
> Thanks,
>
> Dan
>
> On Thu, Jan 13, 2022 at 02:20 PM, Lonnie Abelbeck
> wrote:
> Announcing AstLinux Pre-Release: astlinux-1.4-5333-94c1eb
>
> Key new features:
>
> -- Asterisk 18.x is now supported, along with Asterisk 16.x and Asterisk 13.x
> built --without-pjproject
>
> -- Previous ast13-firmware-1.x is no longer being updated, ast13-firmware-1.x
> users should either switch to ast16-firmware-1.x (recommended)
>or use ast13se-firmware-1.x if chan_pjsip is not used in your dialplan.
>
> ** The AstLinux Team is regularly upgrading packages containing security and
> bug fixes as well as adding new features of our own.
>
> -- Linux Kernel 4.19.224 (version bump), security and bug fixes
>
> -- OpenSSL, version bump to 1.1.1m, security fixes: none
>
> -- WireGuard VPN, module 1.0.20211208 (version bump), tools 1.0.20210914 (no
> change)
>
> -- libcurl (curl) version bump to 7.81.0
>
> -- LibreTLS, version bump to 3.4.2
>
> -- msmtp, version bump to 1.8.19, 'msmtpd' security fix
>
> -- nano, version 2.7.5, fix issue where not saving a file could still copy
> the file to /mnt/asturw/
>
> -- Network tab, Non-ACME Self-Signed HTTPS Certificate, use 2048 key length.
>
> -- Asterisk 13.38.3 ('13se' no change)
>Last Asterisk 13.x "Legacy" version, built --without-pjproject
>
> -- Asterisk 16.23.0 (version bump) and 18.9.0 (new version)
>
> -- Complete Pre-Release ChangeLog:
> https://s3.amazonaws.com/beta.astlinux-project/astlinux-changelog/ChangeLog.txt
>
> The "AstLinux Pre-Release ChangeLog" and "Pre-Release Repository URL" entries
> can be found under the "Development" tab of the AstLinux Project web site ...
>
> AstLinux Project -> Development
> https://www.astlinux-project.org/dev.html
>
> AstLinux Team
>
> ___
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] Hello to the mailing group, asking a question.
Hi Adrian, In 2020-07-25, AstLinux 1.3.10 (and onward) no longer supports 32-bit CPU's. I did a little DDG'ing and the HP t5730 [1] uses an "AMD Sempron 2100+" CPU [2] "AMD64 / AMD 64-bit technology". As such I would try installing AstLinux 1.4.4 from https://www.astlinux-project.org/ It is possible "x86-64bit" will not work due to the HP board design, but that would give you ongoing AstLinux support. Lonnie [1] https://support.hp.com/id-en/document/c01342752 [2] https://www.cpu-world.com/CPUs/K8/AMD-Mobile%20Sempron%202100%2B%20-%20SMF2100HAX3DQ%20-%20SMF2100HAX3DQE.html > On Jan 20, 2022, at 3:41 AM, Adrian Hodgson via Astlinux-users > wrote: > > OK I have had success with getting the sounds packages installed, doing > computer stuff in the early hours does not always go well when tired. So > with some sleep.. > > The installer was 32 bit, what I had not taken into account was my own > network. I have a typical UK home internet connection, ISP provided router > that then provides a internal 192.168.1.X network, this is used by the family > and typical devices in the house. I then have a UbuntuMate thin client, that > does nothing but act as a simple gateway for my network 10.42.0.X, the > astlinux box being 10.42.0.5 and the gateway address 10.42.0.1. > > So basically the box could not see the outside world until I entered 'Network > settings' and allowed for Static IP, set the gateway IP as about and the DNS > server as the address of my ISP provided router of 192.168.1.254. > > I do struggle with networking in general and only get by with my inefficient > trial and error. > > Adrian > > On 20/01/2022 02:43, John Novack wrote: >> I believe you want the 13SE version >> AFAIK the 5730 is a 32 bit processor, though the install should complain if >> you try to install a 64 bit in a 32 bit machine >> >> JN >> >> > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Fossil file size
David, Yes, Tarsnap is a versioned backup by snapshot, like macOS's Time Machine, so typically just let Tarsnap do its thing and no need to also keep multiple file backups. The only drawback is if you wanted to revert to version z.y.x it may take a little trial and error to find it by date. Also recall that Tarsnap does data de-duplication to minimize the size of data it needs to store. Uncompressed files work better with this. Lonnie > On Jan 18, 2022, at 4:20 PM, David Kerr wrote: > > Thanks Lonnie. I will investigate. While fossil is the single largest file > in my tarsnap backup, there is only one of them. The next largest is my > unifi controller backup at 25MB... for which the last 10 backups are > maintained, so 250MB. As tarsnap maintains its own history, am I right that > this is wasteful and I only need to include the most recent file in tarsnap? > > Thanks > David > > On Tue, Jan 18, 2022 at 10:07 AM Lonnie Abelbeck > wrote: > Hi David, > > I would find why it is growing and ignore them for the future. > > By design, Fossil keeps everything forever, though there is a method to > "shun" artifacts but still takes some effort to get a reduction of the fossil > database: > > https://fossil-scm.org/home/doc/trunk/www/shunning.wiki > > I have never tried this on a local repo (like AstLinux has), and if you play > with this be sure to use a copy. > > Personally I would find the culprit why the Fossil DB was growing so much and > leave it at that. > > Lonnie > > > > > > On Jan 18, 2022, at 8:54 AM, David Kerr wrote: > > > > Michael, > > Thanks, there could well be some file(s) in there that I don't need. > > That is something I am trying to track down. Even if I find that, I'll > > need to figure out how to delete from the history in the db. > > > > Oh... and I misread the file size, I was off by a digit, so 100's MB not > > over GB. But still significant. > > > > David > > > > On Tue, Jan 18, 2022 at 9:37 AM Michael Keuter > > wrote: > > > > > >> Am 18.01.2022 um 15:00 schrieb David Kerr : > >> > >> Is there a way I can manage my fossil db size? I think it is much larger > >> than it could be, probably because it has years of changes... the db is > >> 1.8GB which expands to 3.4GB when dumped for tarsnap backup... which is > >> 75% of my total tarsnap backup, driving up my tarsnap costs. > >> > >> Is there a way I can, for example, prune the fossil db so that it contains > >> only e.g. last 3 months of file history. > >> > >> And is there a way for me to get a listing of everything in the fossil db > >> and what size it is... maybe there is just one or two files in particular > >> causing the problem. > >> > >> Thanks > >> David > > > > Hi David, > > > > hmm mine is 2.5 MB of size after many years. Do you include binary files in > > Fossil? > > There is an option to ignore certain file types in Fossil => Admin => > > Settings: "ignore-glob" > > > > > > > > Maybe that helps. > > > > Michael > > > > http://www.mksolutions.info > > > > > > > > ___ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > > pay...@krisk.org. > > ___ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > > pay...@krisk.org. > > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Fossil file size
Hi David, I would find why it is growing and ignore them for the future. By design, Fossil keeps everything forever, though there is a method to "shun" artifacts but still takes some effort to get a reduction of the fossil database: https://fossil-scm.org/home/doc/trunk/www/shunning.wiki I have never tried this on a local repo (like AstLinux has), and if you play with this be sure to use a copy. Personally I would find the culprit why the Fossil DB was growing so much and leave it at that. Lonnie > On Jan 18, 2022, at 8:54 AM, David Kerr wrote: > > Michael, > Thanks, there could well be some file(s) in there that I don't need. That > is something I am trying to track down. Even if I find that, I'll need to > figure out how to delete from the history in the db. > > Oh... and I misread the file size, I was off by a digit, so 100's MB not over > GB. But still significant. > > David > > On Tue, Jan 18, 2022 at 9:37 AM Michael Keuter wrote: > > >> Am 18.01.2022 um 15:00 schrieb David Kerr : >> >> Is there a way I can manage my fossil db size? I think it is much larger >> than it could be, probably because it has years of changes... the db is >> 1.8GB which expands to 3.4GB when dumped for tarsnap backup... which is 75% >> of my total tarsnap backup, driving up my tarsnap costs. >> >> Is there a way I can, for example, prune the fossil db so that it contains >> only e.g. last 3 months of file history. >> >> And is there a way for me to get a listing of everything in the fossil db >> and what size it is... maybe there is just one or two files in particular >> causing the problem. >> >> Thanks >> David > > Hi David, > > hmm mine is 2.5 MB of size after many years. Do you include binary files in > Fossil? > There is an option to ignore certain file types in Fossil => Admin => > Settings: "ignore-glob" > > > > Maybe that helps. > > Michael > > http://www.mksolutions.info > > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] AstLinux Pre-Release: astlinux-1.4-5333-94c1eb
Announcing AstLinux Pre-Release: astlinux-1.4-5333-94c1eb
Key new features:
-- Asterisk 18.x is now supported, along with Asterisk 16.x and Asterisk 13.x
built --without-pjproject
-- Previous ast13-firmware-1.x is no longer being updated, ast13-firmware-1.x
users should either switch to ast16-firmware-1.x (recommended)
or use ast13se-firmware-1.x if chan_pjsip is not used in your dialplan.
** The AstLinux Team is regularly upgrading packages containing security and
bug fixes as well as adding new features of our own.
-- Linux Kernel 4.19.224 (version bump), security and bug fixes
-- OpenSSL, version bump to 1.1.1m, security fixes: none
-- WireGuard VPN, module 1.0.20211208 (version bump), tools 1.0.20210914 (no
change)
-- libcurl (curl) version bump to 7.81.0
-- LibreTLS, version bump to 3.4.2
-- msmtp, version bump to 1.8.19, 'msmtpd' security fix
-- nano, version 2.7.5, fix issue where not saving a file could still copy the
file to /mnt/asturw/
-- Network tab, Non-ACME Self-Signed HTTPS Certificate, use 2048 key length.
-- Asterisk 13.38.3 ('13se' no change)
Last Asterisk 13.x "Legacy" version, built --without-pjproject
-- Asterisk 16.23.0 (version bump) and 18.9.0 (new version)
-- Complete Pre-Release ChangeLog:
https://s3.amazonaws.com/beta.astlinux-project/astlinux-changelog/ChangeLog.txt
The "AstLinux Pre-Release ChangeLog" and "Pre-Release Repository URL" entries
can be found under the "Development" tab of the AstLinux Project web site ...
AstLinux Project -> Development
https://www.astlinux-project.org/dev.html
AstLinux Team
___
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
Re: [Astlinux-users] Updated Vultr - Cloud Hosted Guest VM Documentation
Sad to hear about Vultr's Sydney network issues ... I suspect Vultr's network is better in the US and Europe. The guy who runs https://www.hostifi.com/ said his service is all done on Vultr. I wish Linode had quick and easy ISO installer support, as Vultr does. I fail to understand why Linode doesn't. Lonnie > On Dec 28, 2021, at 4:16 PM, Michael Knill > wrote: > > Thanks Lonnie for updating this. Yes I love Vultr and always use the > firewall. PS Linode has a firewall now too. > I don't use Vultr for any customer or high available systems though as they > have had some network issues in the past here. But its great for Lab systems, > jump servers, Unifi Controller etc. > > Regards > Michael Knill > > On 28/12/21, 9:39 pm, "Michael Keuter" wrote: > > > >> Am 27.12.2021 um 22:07 schrieb Lonnie Abelbeck : >> >> Hi, >> >> Updated Vultr - Cloud Hosted Guest VM Documentation >> >> There have been some cosmetic changes in the Vultr setup process, so the >> documentation now reflects those changes. >> >> More significantly, a Vultr "Firewall Group" is described to disallow >> network traffic during VM Setup, and then disable the Vultr Firewall after >> the AstLinux Firewall is enabled. A couple extra steps, but adds peace of >> mind, and the "Firewall Group" can be reused for new instances. >> >> Vultr KVM >> https://doc.astlinux-project.org/userdoc:hosted_guest_vm_vultr >> >> Please report any typos or confusing text. >> >> Lonnie > >Hi Lonnie, > >nice update! >The added Firewall is a useful feature during the installation. > >Michael > >http://www.mksolutions.info > > > > > >___ >Astlinux-users mailing list >Astlinux-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/astlinux-users > >Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
[Astlinux-users] Updated Vultr - Cloud Hosted Guest VM Documentation
Hi, Updated Vultr - Cloud Hosted Guest VM Documentation There have been some cosmetic changes in the Vultr setup process, so the documentation now reflects those changes. More significantly, a Vultr "Firewall Group" is described to disallow network traffic during VM Setup, and then disable the Vultr Firewall after the AstLinux Firewall is enabled. A couple extra steps, but adds peace of mind, and the "Firewall Group" can be reused for new instances. Vultr KVM https://doc.astlinux-project.org/userdoc:hosted_guest_vm_vultr Please report any typos or confusing text. Lonnie ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Moving to Asterisk 16
> On Dec 19, 2021, at 4:50 AM, The Cadillac Kid via Astlinux-users > wrote: > > What is SE? I’m not familiar with your term. I only knew of regular and LTS The 'SE' (Stable Edition) nomenclature is "AstLinux" specific for an older, more tested version of asterisk built with --without-pjproject, and has less churn in the asterisk code from AstLinux release to AstLinux release. Additionally, AstLinux offers only LTS asterisk versions. Lonnie > > On Saturday, December 18, 2021, 09:36:27 PM EST, Michael Knill > wrote: > > > Ok thanks Lonnie. Already disabled pre SE __ > > Regards > Michael Knill > > On 19/12/21, 12:41 pm, "Lonnie Abelbeck" wrote: > > Hi Michael, > > > Are we looking at an Asterisk 16SE version at some stage? > > Not in 2022, we plan to be supporting ast13se, ast16 and ast18 > > You will need to manage your modules.conf to disable pjsip in ast16 ... > or build a custom image with ast16 and --without-pjproject. > > Lonnie > > > > > On Dec 18, 2021, at 6:59 PM, Michael Knill > wrote: > > > > Thanks all. Looks like I'm going to 1.4.4 with Asterisk 16 then.. > > Are we looking at an Asterisk 16SE version at some stage? > > > > Regards > > Michael Knill > > > > On 19/12/21, 11:57 am, "Michael Knill" > wrote: > > > >Thanks Michael. I'm already using res_parking.conf so that's all > good. > > > >Regards > >Michael Knill > > > >On 18/12/21, 9:33 pm, "Michael Keuter" > wrote: > > > > > > > >> Am 18.12.2021 um 02:04 schrieb Michael Knill > : > >> > >> Hi Group > >> > >> Wanting to get some dev work done over the Christmas break and am > considering my options. > >> Certainly moving from Astlinux 1.3.10 to 1.4.4 but trying to decide > whether I move to Asterisk 16 or not. > >> Has anyone had any issues? Are there any gotchas with the move? I can > only see AMI changes for the Command action! > >> > >> Regards > >> > >> Michael Knill > >> Managing Director > > > >Hi Michael, > > > >I successfully migrated all my AstLinux installations to > Asterisk 16 in 2021 and had no issues so far. > >I just tweaked the "modules.conf" to not load the new stuff that > I don't needed. > > > >And the parking stuff is now in a new "res_parking.conf" file in > Asterisk and has to stripped from "features.conf". > > > >There are simple advices in the Asterisk error messages after > the upgrade (e.g which new files could not be loaded => > "/stat/etc/asterisk/"). > > > >Michael > > > >http://www.mksolutions.info > > > > > > > > > > > >___ > >Astlinux-users mailing list > >Astlinux-users@lists.sourceforge.net > >https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > >Donations to support AstLinux are graciously accepted via PayPal > to pay...@krisk.org. > > > > > > >___ > >Astlinux-users mailing list > >Astlinux-users@lists.sourceforge.net > >https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > >Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > > > > ___ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Moving to Asterisk 16
Hi Michael, > Are we looking at an Asterisk 16SE version at some stage? Not in 2022, we plan to be supporting ast13se, ast16 and ast18 You will need to manage your modules.conf to disable pjsip in ast16 ... or build a custom image with ast16 and --without-pjproject. Lonnie > On Dec 18, 2021, at 6:59 PM, Michael Knill > wrote: > > Thanks all. Looks like I'm going to 1.4.4 with Asterisk 16 then. > Are we looking at an Asterisk 16SE version at some stage? > > Regards > Michael Knill > > On 19/12/21, 11:57 am, "Michael Knill" > wrote: > >Thanks Michael. I'm already using res_parking.conf so that's all good. > >Regards >Michael Knill > >On 18/12/21, 9:33 pm, "Michael Keuter" wrote: > > > >> Am 18.12.2021 um 02:04 schrieb Michael Knill >> : >> >> Hi Group >> >> Wanting to get some dev work done over the Christmas break and am >> considering my options. >> Certainly moving from Astlinux 1.3.10 to 1.4.4 but trying to decide whether >> I move to Asterisk 16 or not. >> Has anyone had any issues? Are there any gotchas with the move? I can only >> see AMI changes for the Command action! >> >> Regards >> >> Michael Knill >> Managing Director > >Hi Michael, > >I successfully migrated all my AstLinux installations to Asterisk 16 > in 2021 and had no issues so far. >I just tweaked the "modules.conf" to not load the new stuff that I > don't needed. > >And the parking stuff is now in a new "res_parking.conf" file in > Asterisk and has to stripped from "features.conf". > >There are simple advices in the Asterisk error messages after the > upgrade (e.g which new files could not be loaded => "/stat/etc/asterisk/"). > >Michael > >http://www.mksolutions.info > > > > > >___ >Astlinux-users mailing list >Astlinux-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/astlinux-users > >Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > >___ >Astlinux-users mailing list >Astlinux-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/astlinux-users > >Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Moving to Asterisk 16
Hi Christopher, > you do have to compile PJ in even if you dont use it... asterisk fails to > compile without it (in my experience). FYI, this was fixed in Asterisk 16.12 [1] [2] Though I have not personally tested the fix. Lonnie [1] https://github.com/asterisk/asterisk/commit/a82965876285f32ea4e1e96fd875539ae50e77ad [2] https://issues.asterisk.org/jira/browse/ASTERISK-28929 > On Dec 18, 2021, at 9:55 AM, The Cadillac Kid via Astlinux-users > wrote: > > ive been running asterisk 16 in the lab and in small installations for awhile > now without any major issues.. there was some AMI changes I had to make t oa > couple of my applications that use CLI Command functions.. its running well > on my raspberry pi 4's and on one APU2. granted this is not astlinux.. its > in a Centos environment and the machines are dedicated asterisk boxes and not > also router / firewall. like all asterisks ive worked with, i slim down the > modules i compile and load to the minimum that I need.. ive got both PJ and > chan_sip (on different machines).. both seem to work well.. you do have to > compile PJ in even if you dont use it... asterisk fails to compile without > it (in my experience). > > > On Saturday, December 18, 2021, 08:33:48 AM EST, Michael Keuter > wrote: > > > > > > Am 18.12.2021 um 14:28 schrieb Lonnie Abelbeck : > > > > > > > >> On Dec 18, 2021, at 4:32 AM, Michael Keuter wrote: > >> > >> > >> > >>> Am 18.12.2021 um 02:04 schrieb Michael Knill > >>> : > >>> > >>> Hi Group > >>> > >>> Wanting to get some dev work done over the Christmas break and am > >>> considering my options. > >>> Certainly moving from Astlinux 1.3.10 to 1.4.4 but trying to decide > >>> whether I move to Asterisk 16 or not. > >>> Has anyone had any issues? Are there any gotchas with the move? I can > >>> only see AMI changes for the Command action! > >>> > >>> Regards > >>> > >>> Michael Knill > >>> Managing Director > >> > >> Hi Michael, > >> > >> I successfully migrated all my AstLinux installations to Asterisk 16 in > >> 2021 and had no issues so far. > >> I just tweaked the "modules.conf" to not load the new stuff that I don't > >> needed. > >> > >> And the parking stuff is now in a new "res_parking.conf" file in Asterisk > >> and has to stripped from "features.conf". > >> > >> There are simple advices in the Asterisk error messages after the upgrade > >> (e.g which new files could not be loaded => "/stat/etc/asterisk/"). > >> > >> Michael > > > > IIRC Asterisk 13 already contained the res_parking.conf > > "; Note: From Asterisk 12 - All parking lot configuration is now done in > > res_parking.conf" > > > > Lonnie > > Yup, you're right. > I just tracked a customer upgrade in Fossil - But now as you say it - it was > from Asterisk 11 to 16 :-).. > > Michael > > http://www.mksolutions.info > > > > > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Moving to Asterisk 16
> On Dec 18, 2021, at 4:32 AM, Michael Keuter wrote: > > > >> Am 18.12.2021 um 02:04 schrieb Michael Knill >> : >> >> Hi Group >> >> Wanting to get some dev work done over the Christmas break and am >> considering my options. >> Certainly moving from Astlinux 1.3.10 to 1.4.4 but trying to decide whether >> I move to Asterisk 16 or not. >> Has anyone had any issues? Are there any gotchas with the move? I can only >> see AMI changes for the Command action! >> >> Regards >> >> Michael Knill >> Managing Director > > Hi Michael, > > I successfully migrated all my AstLinux installations to Asterisk 16 in 2021 > and had no issues so far. > I just tweaked the "modules.conf" to not load the new stuff that I don't > needed. > > And the parking stuff is now in a new "res_parking.conf" file in Asterisk and > has to stripped from "features.conf". > > There are simple advices in the Asterisk error messages after the upgrade > (e.g which new files could not be loaded => "/stat/etc/asterisk/"). > > Michael IIRC Asterisk 13 already contained the res_parking.conf "; Note: From Asterisk 12 - All parking lot configuration is now done in res_parking.conf" Lonnie ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
