Tuesday, November 30, 2010

FreePBX slow “Apply Configuration”

Some may have problems loading FreePBX that takes a few minutes esp with larger number of extensions.
This is actually addressed in this article in FreePBX.org http://www.freepbx.org/trac/ticket/4435 but if you just want to fix it and don’t read all the stories there, read on.
NOTE: This article is ala-debian, so please do your due diligence for non-debians.
Make sure you do all updates of modules to the latest minor version (upgrade all) before doing this below In future when you upgrade the CORE and FRAMEWORK, this below patch will be overwritten, so you need to do this again.
For clusters setups, please note if you already replicate certain directories of Asterisk/WWW, this may only needed to be done on the Master (or active) node.
Here’s the step by step:
Patch php-asmanager.php
cd /var/www/html/admin/common/
cp php-asmanager.php ./php-asmanager.php-original
patch php-asmanager.php astdb_cache.diff
chown asterisk:asterisk php-asmanager.php
Patch retrieve_conf
cd /var/lib/asterisk/bin
cp retrieve_conf ./retrieve_conf-original
patch retrieve_conf retrieve_conf.diff
chown asterisk:asterisk retrieve_conf
cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini-orig
sed -i "s/upload_max_filesize = 20M/upload_max_filesize = 120M/" /etc/php5/apache2/php.ini
sed -i "s/upload_max_filesize = 2M/upload_max_filesize = 120M/" /etc/php5/apache2/php.ini
sed -i "s/magic_quotes_gpc = On/magic_quotes_gpc = Off/" /etc/php5/apache2/php.ini
sed -i "s/memory_limit = 16M/memory_limit = 100M/" /etc/php5/apache2/php.ini
sed -i "s/memory_limit = 32M/memory_limit = 100M/" /etc/php5/apache2/php.ini
RESTART apache.
/etc/init.d/apache2 restart
Now, try modifying something and do your apply.

Sunday, November 28, 2010

Asterisk 1.8 Google Talk Inbound Caller ID (CallerID)

If you need to send the proper calling party’s caller ID to a phone when using GoogleTalk, follow the below dialplan. Without any setting, the caller number is set to UNKNOWN and only the CALLERID(name) field is sent with something like sanjayws@gmail.com/Talk.v10471914EB6E. So we tweak the dialplan to show the correct caller ID. Put this dialplan anywhere in your Google incoming dialplan and you should see the calling party just nicely.

exten => stunningsimplicity@gmail.com,n,Set(Thiscallchan=${CALLERID(name)})

exten => stunningsimplicity@gmail.com,n,Set(CALLERID(name)=${CUT(Thiscallchan,/,1)})

exten => stunningsimplicity@gmail.com,n,Set(CALLERID(num)=${CUT(CALLERID(name),@,1)})

Here’s what you will see


**Assuming here, that your diaplan starts with the email address like in a post i did previously below, otherwise, change that accordingly, or change stunningsimplicity to any incoming GoogleVoice email that is expected to land on asterisk.

We remove @gmail.com as it will not quite work with your phones as it will try to do a SIP/IAX @ gmail call.

It’s best to prefix some characters for gmail outbound calling, and in my sample configuration below, i do a g* followed by a google name to dial as we add @gmail in our outbound dialplan. So you can add for incoming a g* automatically like below

exten => stunningsimplicity@gmail.com,n,Set(CALLERID(num)=g*${CUT(CALLERID(name),@,1)})

And so because we add a g* the CallerID(num) field will change to g*sanjayws (where sanjayws is the calling party from an original string received like sanjayws@gmail.com/Talk.v10471914EB6E). Now a person receiving the call can simply redial.

Saturday, November 27, 2010

Google Voice Talk on Asterisk 1.8 (with FreePBX) and a flexible dialplan

Google Voice Talk on Asterisk 1.8 (with FreePBX) and a flexible dialplan [Updated 12-04-2012]
Ok so you’ve got a 1.4 or 1.6 Asterisk with FreePBX running somewhere? Now you wish to use GoogleVoice/Talk with Asterisk 1.8. Here’s how.
This guide is more for a Debian system, so if you are running other than, do a little google.
Firstly, get your FreePBX updated to v2.8, other versions apparently won’t support Asterisk 1.8.
After that, start the Asterisk upgrade process. (from Mikael Carlsson, FreePBX Development Team @ this article) and the necessary dependencies for Asterisk’s chan_gtalk and chan_jabber
  • cd /usr/src
  • wget http://iksemel.googlecode.com/files/iksemel-1.4.tar.gz
  • tar -zxvf iksemel-1.4.tar.gz
  • cd iksemel-1.4
  • ./configure
  • make && make all && make install
  • wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.8-current.tar.gz
  • tar xvfz asterisk-1.8-current.tar.gz
  • cd asterisk-1.8.0
  • contrib/scripts/get_mp3_source.sh
  • ./configure
  • make menuconfig
  • Goto Add-ons and select –> app_mysqp, app_saycountpl, cdr_mysql, format_mp3, res_config_mysql
  • Goto Extra-Sound-Packages and Select –> EXTRA-SOUNDS-<Yourlanguage>-GSM
  • Goto Channel Drivers and ensure that > chan_gtalk and chan_jingle are selected
  • Save and exit
  • ./configure
  • make && make install
  • amportal stop
  • amportal start
You’ve done your 1.8 setup which is ready for google voice/talk
Now, here are some configuration files you can simply copy paste in /etc/asterisk/. You can follow exactly the same as i have to make things work first.
Edit /etc/asterisk/gtalk.conf, paste the following, modify accordingly. Note, for newer versions of FreePBX, it supports inbound routes with names (typically it would be numbers). So you can actually send the call to for example from-pstn or from-dahdi or from-trunnk, then you can add this "inbound route to route to a specific extension” as you would do with a normal DID for instance.
context=google-incoming ;;##use from-trunk if using newer FBX 2.8 or higher
context=google-incoming ;;##use from-trunk if using newer FBX 2.8 or higher

Save and exit.
Now, edit, /etc/asterisk/jabber.conf, paste the following, modify accordingly



And finally, edit your custom dialplan e.g. /etc/asterisk/extensions_custom.conf, paste the following, modify accordingly. Yo u only do this below if you are not using FreePBX latest version 2.8 or higher. For FreePBX 2.8 or higher, see below this dialplan.
include => google-outgoing

;this for internal gmail user highsecurity@gmail.com, ring her 1001 extension
exten => highsecurity@gmail.com,1,Macro(user-callerid,)
exten => highsecurity@gmail.com,n,Answer()
exten => highsecurity@gmail.com,n,Wait(2)
exten => highsecurity@gmail.com,n,Set(Thiscallchan=${CALLERID(name)})
exten => highsecurity@gmail.com,n,Set(CALLERID(name)=${CUT(Thiscallchan,/,1)})
exten => highsecurity@gmail.com,n,Set(CALLERID(num)=g*${CUT(CALLERID(name),@,1)})
exten => highsecurity@gmail.com,n,SendDTMF(1)
exten => highsecurity@gmail.com,n,Goto(from-internal,1001,1) or ,n,DIAL(SIP/1001)
; end gmail user highsecurity@gmail.com

;this for internal gmail user stunningsimplicity@gmail.com, ring her 1002 extension
exten => stunningsimplicity@gmail.com,1,Answer()
exten => stunningsimplicity@gmail.com,n,Wait(2)
exten => stunningsimplicity@gmail.com,n,Set(Thiscallchan=${CALLERID(name)})
exten => stunningsimplicity@gmail.com,n,Set(CALLERID(name)=${CUT(Thiscallchan,/,1)})
exten => stunningsimplicity@gmail.com,n,Set(CALLERID(num)=g*${CUT(CALLERID(name),@,1)})
exten => stunningsimplicity@gmail.com,n,SendDTMF(1)
exten => stunningsimplicity@gmail.com,n,Goto(from-internal,1002,1) # or ,n,DIAL(SIP/1002)
; end gmail user stunningsimplicity@gmail.com

; Set the outgoing account per jabber.conf
exten => _g*.,1,Macro(user-callerid,SKIPTTL)
; Add more users here
exten => _g*.,n,ExecIf($["${AMPUSER}" = "1001"]?Set(gmailoutaccount=sanjay-ac1))
exten => _g*.,n,ExecIf($["${AMPUSER}" = "1002"]?Set(gmailoutaccount=sanjay-ac2))
; Normal outbound calling, g is prefixed so it will call google talk,
; and call other places using google voice, like below, a US number
exten => _g*.,n,Dial(gtalk/${gmailoutaccount}/${EXTEN:2}@gmail.com)
exten => _1XXXXXXXXXX,n,Dial(gtalk/${gmailoutaccount}/${EXTEN}@voice.google.com)
; Dialplan for sending messages
exten => _t*.,1,Macro(user-callerid,SKIPTTL)
exten => _t*.,n,ExecIf($["${AMPUSER}" = "1001"]?Set(gmailoutaccount=sanjay-ac1))
exten => _t*.,n,ExecIf($["${AMPUSER}" = "1002"]?Set(gmailoutaccount=sanjay-ac2))
exten => _t*.,n,JABBERSend(${gmailoutaccount},sanjayws@gmail.com,"${EXTEN:2}")
exten => h,1,(Hangup)

At this point be sure to stop and start Asterisk (amportal kill / amportal start). Infact most settings made on gtalk.conf needs to restart Asterisk, not just reload.
With FreePBX 
When using FreePBX 2.8 or higher, you don’t need to write manual dialplans for INBOUND (incoming) calls. You only need to customize the dialplan if you are planning to make outbound calls on Gtalk through Asterisk. Here below is a sample inbound route created in FreePBX.
Remember, this is for INCOMING only that will be handled by FreePBX, here any calls destined to highsecurity@gmail.com I will attempt to send to an extension (or anywhere as you please). As you can see below, if I set the context to from-trunk, I will see it like below in my cli
Notice the DID value there is highsecurity@gmail.com which mean, it is as simple as adding an Inbound Route in FreePBX like below;
Extra information manual dialplan creation
1) You must specify incoming and outgoing google accounts.
2) Incoming connections will dial internal extensions or just about anywhere you have designed in FreePBX, in this case, they are extensions.
3) Outgoing calls are matched based on the extension that is dialling (supports user/device mode as well) so that if extension 1001 is dialing out, the recipient will see highsecurity calling and if extension 1002 dialling, he/she will see stunningsimplicity
4) Anyone without that specific dialplan set for outbound can be limited to a failurecode (not defined in this sample here).
5) If someone wants to dial out, he/she dial g*<user> like for example gs*anjayws will dial the gmail user sanjayws. The g* is used as a prefix for dialling out so it is a clear path to dial google.  To make redials easier, when an incoming call comes through the dialplan, we’ve added the g* at the begining of the callerID(name) field so that when a person redials, it will engage the outbound route. Notice that we do a CUT in there and that is to remove certain characters through a delimiter character.
6) Of course, you can also specify calling to other google voice numbers if you have google voice credits to those outgoing accounts created in jabber.conf. This example above, does US calls as it is free for now. Feel free to add any other calling matches to use google voice.
Do send your feedback to sanjay@astiostech.com
Thank you.

Thursday, November 25, 2010

Fail2ban Manual Unban Single Host (for iptables)

UPDATE: Starting with version 0.8.8, the unban operations are now built-in, it is executed through the fail2ban-client app like this

# fail2ban-client set [ban-name] unbanip [ip]
# e.g. fail2ban-client set asterisk-iptables unbanip 8.8.8.

Check out the changelog here. Get version 0.8.8 here.  You really should be upgrading your fail2ban to that above version and use the built-in tool.




Fail2Ban is a great way to protect your server from malicious attempts of brute force and other events that are deemed a problem. It does by very smartly checking your logs and if a particular event is repeated n number of times, you can set actions such as blocking or unblocking using software such as iptables based or software based firewalls or even write scripts to modify an external firewall.

There’s one drawback about it and that is the ability to unban just one IP (many reasons why that might be needed). Just follow these instructions and get the necessary script and you will have an idea or a fully working unban function (if you use iptables to ban)
Version that you MUST USE: Fail2Ban v0.8.4. Download and install Fail2Ban version 0.8.4, for Asterisk fail2banning for SIP brute force attack. Some help with installation

This guide was designed on a Debian system. Customization may be required. You can check the version after installing via cli like below
# fail2ban-client –V

Create the unban script, you may need to modify certain settings that would then match your jail setting, actions (in this script its for iptables) and logging options.
# cd /usr/src
# wget
# chmod +x unban

Now, we change or manipulate the actions.py file from Fail2ban for proper handling of unban script unbanning. You may need to modify this if it is not IPtables you use for banning action. See the section def __checkBan in actions.py there’s a modification of an external check command there called mycheck. If mycheck condition is true (returned value 0) it will proceed to ban that IP. The issue we had by just unbaning using the unban script was that fail2ban didn’t know we unban manually using cli. This caused fail2ban to never ban again the IP you just banned because it think that IP is still in its ban list. This “fix” ensures that the process/procedure will check against iptables (or any of your ban action) and reissue a ban if it doesn’t have the IP in its entry (like doing a iptables –n –-list)

# cd /usr/share/fail2ban/server/
# mv actions.py actions.py.original
# wget

# /etc/init.d/fail2ban restart

Try it out for yourself to unban some IP
# unban

If you do not specify an IP, it will list all banned IPs inside the Jailed context.