Re: [asterisk-users] Asterisk-cpu utilization > 60 %
2011/5/15 RSCL Mumbai > > On Sat, May 14, 2011 at 11:43 AM, Leandro Dardini wrote: > >> Check if someone is brute forcing your asterisk accounts. It used to >> happen to me before I install fail2ban. You can easily check the "full" log >> of asterisk or with just a "tcpdump -i any -n port 5060 or port 4569". >> >> Thx for the tcpdump command. > Checked, all looks good. > Packets coming from trusted domains only. > > What should be the next step ? > > Thx > Sans > > Have you tried to restart asterisk? As last chance, install strace and check what is asterisk doing. Get the pid (PID) of the running asterisk and run: strace -p PID -f -F &> /tmp/strace.log Leave it running for a while then read the strace.log file Leandro -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Asterisk-cpu utilization > 60 %
On Sat, May 14, 2011 at 11:43 AM, Leandro Dardini wrote: > Check if someone is brute forcing your asterisk accounts. It used to happen > to me before I install fail2ban. You can easily check the "full" log of > asterisk or with just a "tcpdump -i any -n port 5060 or port 4569". > > Thx for the tcpdump command. Checked, all looks good. Packets coming from trusted domains only. What should be the next step ? Thx Sans -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Voicemail Configuration
this will help you.. ; DIY VOICEMAIL *[ck987_vm_record]* ;"start recording after the beep. Press # when done." exten => 1,1,Playback(/home/ck987/asterisk_sounds/vm-record-start) ;build this call's recorded message file name _ ;every call is assigned a unique id. exten => 1,n,Set(record_file=${UNIQUEID}_${CALLERID(num)}) ; records into my vm_msg folder. ;Ends if # is hit, silence for 2 secs, or recording lasts for 60 seconds exten => 1,n,Record(/home/ck987/asterisk_sounds/vm_msg/${record_file}.wav,2,60) ; 2 to review message, 3 to re record, or hang up exten => 1,n,Background(/home/ck987/asterisk_sounds/vm-record-end) exten => 1,n,WaitExten(5) exten => 1,n,Playback(/home/ck987/asterisk_sounds/bye) exten => 1,n,Hangup() exten => 2,1,Playback(/home/ck987/asterisk_sounds/vm_msg/${record_file}) ; press 1 to re-record, or hangup if satisfied exten => 2,n,Background(/home/ck987/asterisk_sounds/vm-record-again) exten => 2,n,WaitExten(5) ;no response, hang up on person. exten => 2,n,Playback(/home/ck987/asterisk_sounds/bye) exten => 2,n,Hangup() ;go back to the record option exten => 3,1,Goto(ck987_vm_record,1,1) ;--DIY VOICEMAIL ADMIN-- *[ck987_vm_admin]* ; pass is 9988, jump to n+101 if authentication fails, expect 4 digits exten => 1,1,Authenticate(9988,j,4) ; get number of voicemail messages ; SHELL function returns the output from a system command ; "ls -1" lists visible files in a list. "wc -l" will count how many lines there are. 1 line per file! exten => 1,n,Set(num_messages=${SHELL(ls -1 /home/ck987/asterisk_sounds/vm_msg/ | wc -l)}) ;you have... exten => 1,n,Playback(/home/ck987/asterisk_sounds/you-have) exten => 1,n,SayDigits(${num_messages}) ;...messages! exten => 1,n,Playback(/home/ck987/asterisk_sounds/messages) ;get file names. "sed" command trims off any .wav exten. "tr" command trims off whitespace and line feeds. exten => 1,n,Set(file_names=${SHELL(ls -m /home/ck987/asterisk_sounds/vm_msg/ | sed 's/.wav//g' | tr -d ' \n')}) ;start message counter exten => 1,n,Set(msg_counter=1) ; 1 to repeat message, 3 to go to the next message, 7 to go to the previous message exten => 1,n,Playback(/home/ck987/asterisk_sounds/msg-options) exten => 1,n,Goto(ck987_vm_play_message,1,1) ; playback loop ;try again if password is wrong exten => 1,102,Goto(ck987_vm_admin,1,1) *[ck987_vm_play_message]* exten => 1,1,Background(beep) exten => 1,n,Set(current_message=${CUT(file_names,\,,${msg_counter})}) exten => 1,n,NoOp(${file_names} ${current_message} ${msg_counter}) exten => 1,n,Background(/home/ck987/asterisk_sounds/vm_msg/${current_message}) exten => 1,n,Goto(3,1) ; next message: add 1 and go back to the top of the loop exten => 3,1,Set(msg_counter=$[${msg_counter} + 1]) exten => 3,n,Set(msg_counter=${IF($[${msg_counter} > ${num_messages}]?${num_messages}:${msg_counter})}) exten => 3,n,Goto(1,1) ; previous message: subtract 1 and go back to the top of the loop exten => 7,1,Set(msg_counter=$[${msg_counter} - 1]) ;make sure number never goes below 1 exten => 7,n,Set(msg_counter=${IF($[${msg_counter} < 1]?1:${msg_counter})}) exten => 7,n,Playback(/home/ck987/asterisk_sounds/previous_message) exten => 7,n,Goto(1,1) ;delete message exten => *,1,System(rm /home/ck987/asterisk_sounds/vm_msg/${current_message}) ;number of files has changed. reload number of files and file names ; "ls -1" lists visible files in a list. "wc -l" will count how many lines there are. 1 line per file! exten => *,n,Set(num_messages=${SHELL(ls -1 /home/ck987/asterisk_sounds/vm_msg/ | wc -l)}) ;get file names. "sed" command trims off any .wav exten. "tr" command trims off whitespace and line feeds. exten => *,n,Set(file_names=${SHELL(ls -m /home/ck987/asterisk_sounds/vm_msg/ | sed 's/.wav//g' | tr -d ' \n')}) exten => *,n,Goto(1,1) it's the actual voicemail example which is use by asterisk it self On Tue, May 10, 2011 at 2:53 AM, John Marvin wrote: > On 5/9/2011 3:08 PM, Roger Burton West wrote: > > You could use Monitor to record the whole call, then use an AGI to do >> something with it on hangup if the other conditions haven't been >> satisfied...? >> >> > I understand how to do the first part, and I at least understand that I > could do something fancy with the AGI capability. But what I don't know is > how I can take the recording and insert it into a voicemail box such that it > can be retrieved through the normal "VoiceMailMain" mechanism. > > Would the asterisk voicemail app dynamically notice something new being > dropped into the voicemail mbox directory? Would it only be noticed once > Asterisk is restarted? Most importantly, would it send out the notifies to > the "phone" associated with that voicemail box? I can probably fake the last > part if necessary, but making the voicemail retrievable through the normal > voicemail mechanism is what I really need to achieve. > > Thanks, > > John > > > > -- >
Re: [asterisk-users] iptables for Asterisk - Any good guides out there?
Thanks Jeremy. But unfortunately no time to go over all this in detail. Maybe in future. Also because as I repeatedly said I have OpenVPN setup so I trust the VPN network there is no need for all this complication. Simply allowing all traffic out and only allowing VPN traffic in from tun0 would do for me. Thanks On Sat, May 14, 2011 at 9:46 PM, Jeremy Kister wrote: > On 5/14/2011 9:45 PM, Jeremy Kister wrote: > >> http://jeremy.kister.net/code/asterisk/iptables.init >> > > oops, that's: > http://jeremy.kister.net/code/iptables/iptables.init > > > -- > > Jeremy Kister > http://jeremy.kister.net./ > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iptables for Asterisk - Any good guides out there?
Shorewall is a useful way of setting up iptables http://www.shorewall.net/ Cheers Duncan On 15/05/2011, at 1:46 PM, Jeremy Kister wrote: > On 5/14/2011 9:45 PM, Jeremy Kister wrote: >> http://jeremy.kister.net/code/asterisk/iptables.init > > oops, that's: > http://jeremy.kister.net/code/iptables/iptables.init > > -- > > Jeremy Kister > http://jeremy.kister.net./ > > -- > _ -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iptables for Asterisk - Any good guides out there?
On 5/14/2011 9:45 PM, Jeremy Kister wrote: http://jeremy.kister.net/code/asterisk/iptables.init oops, that's: http://jeremy.kister.net/code/iptables/iptables.init -- Jeremy Kister http://jeremy.kister.net./ -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iptables for Asterisk - Any good guides out there?
On 5/14/2011 7:51 PM, Bruce B wrote: and then rebuild everything from the beginning with a very limited scope and then without locking myself block all other traffic. Can you suggest what I should put in the shell that would get me this: you may want to start with: http://jeremy.kister.net/code/asterisk/iptables.init modify RTPRANGE and the trusterd array at the top, add in your DID providers to the siprtp array at the top, that should get you near there. -- Jeremy Kister http://jeremy.kister.net./ -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iptables for Asterisk - Any good guides out there?
Thanks Hans. So basically run the following commands: iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT service iptables save iptables -F Is that all right so far? I am not sure on these: iptables -A INPUT -i $EXTERNAL_DEV -j LOG --log-prefix " EXT; INC " iptables -A OUTPUT -o $EXTERNAL_DEV -j LOG --log-prefix " EXT; OUT " iptables -A FORWARD -i $EXTERNAL_DEV -j LOG --log-prefix " EXT; FWD " And yes, of course I will need DHCP and all other necessary services to run the server. I am wondering why iptables is so complex. Is there a standard template that I can use to replace /etc/sysconfig/iptables with it and let it accept all traffic from one subnet on my tun0 which is my VPN and block all other traffic? Thanks again On Sat, May 14, 2011 at 8:14 PM, Hans Witvliet wrote: > On Sat, 2011-05-14 at 19:51 -0400, Bruce B wrote: > > Hi everyone, > > > > > > I want to issue the command: > > > > > > iptables -F > > > > > > and then rebuild everything from the beginning with a very limited > > scope and then without locking myself block all other traffic. Can you > > suggest what I should put in the shell that would get me this: > > > > > > Allow traffic from subnet 172.16.0.0/24 (my VPN tunnels) - All > > traffic including those of Asterisk and HTTP - I trust this network > > Allow traffic from subnet 192.168.1.0/24(other side of VPN > > network) - All traffic including those of Asterisk and HTTP - I trust > > this network > > Allow traffic from single IP of DID provider - 5060 TCP/UDP and > > 1-10200 UDP > > Allow VPN access on port 1194 UDP --- I have that figured out to be > > (iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT) works for > > this. > > > > > > BLOCK all other traffic <- Important most of all > > > > > > Please note that from the subnets I want to allow every single port > > possible and all traffic. I specially have problems with getting a > > whole subnet be able to access everything. > > > > > > Thanks > > It's a bit more complicated > > Firstly you have to set the default rules FIRST > $IPT -P INPUT DROP > $IPT -P OUTPUT ACCEPT > $IPT -P FORWARD ACCEPT > And then do the flusing, not the otherway round > After that you can add rules to accept trafic > > after the last rules, it is handy to put: > $iptables -A INPUT -i $EXTERNAL_DEV -j LOG --log-prefix " EXT; INC " > iptables -A OUTPUT -o $EXTERNAL_DEV -j LOG --log-prefix " EXT; OUT " > iptables -A FORWARD -i $EXTERNAL_DEV -j LOG --log-prefix " EXT; FWD " > So can can see in the syslog what you are missing ;-) > > > > I'll guess, you would also like to accepts ntp,dhcp, domain-dns from > your isp-provider. > > Perhaps also http, https, pop, pops, imap, imaps. > And probably some more, depending on your need > So'll see them soon enough in your logfiles > > hw > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iptables for Asterisk - Any good guides out there?
On Sun, 15 May 2011, Hans Witvliet wrote: It's a bit more complicated after the last rules, it is handy to put: $iptables -A INPUT -i $EXTERNAL_DEV -j LOG --log-prefix " EXT; INC " iptables -A OUTPUT -o $EXTERNAL_DEV -j LOG --log-prefix " EXT; OUT " iptables -A FORWARD -i $EXTERNAL_DEV -j LOG --log-prefix " EXT; FWD " So can can see in the syslog what you are missing ;-) Adding a couple of lines to root's crontab like: # Min hourDOM month DOW command # -- # */5 * * * * /etc/init.d/iptables stop make it easy to enable an 'iptables failsafe' (by un-commenting the last line) while you're fiddling about. -- Thanks in advance, - Steve Edwards sedwa...@sedwards.com Voice: +1-760-468-3867 PST Newline Fax: +1-760-731-3000 -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] iptables for Asterisk - Any good guides out there?
On Sat, 2011-05-14 at 19:51 -0400, Bruce B wrote: > Hi everyone, > > > I want to issue the command: > > > iptables -F > > > and then rebuild everything from the beginning with a very limited > scope and then without locking myself block all other traffic. Can you > suggest what I should put in the shell that would get me this: > > > Allow traffic from subnet 172.16.0.0/24 (my VPN tunnels) - All > traffic including those of Asterisk and HTTP - I trust this network > Allow traffic from subnet 192.168.1.0/24(other side of VPN > network) - All traffic including those of Asterisk and HTTP - I trust > this network > Allow traffic from single IP of DID provider - 5060 TCP/UDP and > 1-10200 UDP > Allow VPN access on port 1194 UDP --- I have that figured out to be > (iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT) works for > this. > > > BLOCK all other traffic <- Important most of all > > > Please note that from the subnets I want to allow every single port > possible and all traffic. I specially have problems with getting a > whole subnet be able to access everything. > > > Thanks It's a bit more complicated Firstly you have to set the default rules FIRST $IPT -P INPUT DROP $IPT -P OUTPUT ACCEPT $IPT -P FORWARD ACCEPT And then do the flusing, not the otherway round After that you can add rules to accept trafic after the last rules, it is handy to put: $iptables -A INPUT -i $EXTERNAL_DEV -j LOG --log-prefix " EXT; INC " iptables -A OUTPUT -o $EXTERNAL_DEV -j LOG --log-prefix " EXT; OUT " iptables -A FORWARD -i $EXTERNAL_DEV -j LOG --log-prefix " EXT; FWD " So can can see in the syslog what you are missing ;-) I'll guess, you would also like to accepts ntp,dhcp, domain-dns from your isp-provider. Perhaps also http, https, pop, pops, imap, imaps. And probably some more, depending on your need So'll see them soon enough in your logfiles hw -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] iptables for Asterisk - Any good guides out there?
Hi everyone, I want to issue the command: iptables -F and then rebuild everything from the beginning with a very limited scope and then without locking myself block all other traffic. Can you suggest what I should put in the shell that would get me this: Allow traffic from subnet 172.16.0.0/24 (my VPN tunnels) - All traffic including those of Asterisk and HTTP - I trust this network Allow traffic from subnet 192.168.1.0/24(other side of VPN network) - All traffic including those of Asterisk and HTTP - I trust this network Allow traffic from single IP of DID provider - 5060 TCP/UDP and 1-10200 UDP Allow VPN access on port 1194 UDP --- I have that figured out to be (*iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT*) works for this. *BLOCK all other traffic <- Important most of all* Please note that from the subnets I want to allow every single port possible and all traffic. I specially have problems with getting a whole subnet be able to access everything. Thanks -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] Asterisk 1.41 - Warning and Notice about contact info and stale nonce
Hi list, We have devices since more then 4 years which where running well with Asterisk. But with latest version (1.38 or more) we face problem with those devices when they try to register. We got [2011-05-14 17:18:06] WARNING[28559]: chan_sip.c:9950 register_verify: Failed to parse contact info <--- Transmitting (NAT) to XXX.XXX.XXX.XXX:5062 ---> SIP/2.0 400 Bad Request Followed by [2011-05-14 17:19:06] NOTICE[28559]: chan_sip.c:9502 check_auth: Correct auth, but based on stale nonce received from ';tag=63d2ba80bffb016f' Checking logs we found Contact: * in headers before the failed parse contact info. We checked in source chan_sip and saw the parse info reject with Error 400 after "the auth is correct" comment. We modified in sip.conf the type=peer in type=friend, same result. Could someone explain us what happends here? Thanks -- Daniel -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] How to install the new cdr-stats?
Hello, I wen't through a lot of pain as well. Please try this script if you can run your Asterisk installation on Ubuntu. The script is based on Areski's own script. Works flawlessly on server 10.10 and desktop 10.10 for me, but would like to fix any possible bugs when used on different platforms. Please comment if useful! *José Pablo Méndez * install-cdr-stats-ubuntu.sh Description: Bourne shell script -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users