Welcome to madhatt.com

A Simple website from a computer geek in Colorado with dreams of moving to Alaska

My Travels Photo Gallery

Setting up TCP Transport for Asterisk Endpoints

I wanted to put a useful note here that I need from time to time.

 

I lifted the following from: HERE

 

Since one of my endpoints is an iPhone using Bria, I wished to used the TCP transport with Asterisk 1.8 (Purple build of PIAF 1.7.5.5.3 with Incredible PBX 1.8) in order to save on battery life...

For those who are interested, to do this, simply use the "Asterisk SIP Settings" under the "Other SIP Settings" item to add the following two items:

tcpenable=yes
tcpbindaddr=0.0.0.0

Then in sip_custom_post.conf , for each extension add:

[ext](+)
transport=tcp

where "ext" is the extension number. ie: for extension 710, add:

[710](+)
transport=tcp

You'll need to restart Asterisk in order to have this enabled (reloading the dial plan probably isn't enough, since Asterisk may not listen on the TCP port until you restart).

Works great for me.

BTW - if you have problems, to see if Asterisk REALLY is listening on TCP port 5060, type:

sudo netstat -tlpn | grep 5060


BTW - t'would be VERY nice if FreePBX not only had an option to specify transport on the Extension setup (or any generic option would do as well).

Asterisk call Script File

So recently I had a issue with someone.  They were dicks and stole couple hundred bucks from me by "deactivating" a product I purchased....   This deactivation process entails the software I PURCHASED turning off every 30 minutes. 

 

Yes, Yes, Yes, I know, what a dick move, and probably illegal.  So to begin with I decided to fight it.  Not by suing as they dared me too.  But by calling and asking for them to pay me.  Over, and over, and over, and over again.

Thank goodness for Asterisk!

How to robocall someone with Asterisk

Step 1.

Record a WAV file of yourself saying what you would like to the caller.  Place this file in /var/lib/asterisk/sounds/

Step 2.

Create a file stored somewhere, I'll call it, asshole.call

Inside this file put in something like this.

 

Channel: Local/5551111111@from-internal
Application: Playback
Data: audio-recording
callerid: "You dick" <5552222222> 
The number 5551111111 represents the number you wish to call.
The number 5552222222 represents the number you wish to display in their caller ID.
The section Data: audio-recording represents the name of the file (no spaces) that contains your recorded message (minus the .WAV)
 
Step 3.
Create a quick and dirty script that will do 2 things.  We'll call this script /callasshole
 
1. copy the call file to /var/spool/asterisk/outgoing/ and 2. change the owner to asterisk so that the phone system will process it.
 
#!/bin/bash
 
cp /asshole.call /var/spool/asterisk/outgoing
chown asterisk:asterisk /var/spool/asterisk/outgoing/*
 
Step 4.
Create a cron job that will run this file (place the call) every now and then.
 
enter into the terminal: crontab -e
enter in something like whats below.  This will call the the victim every morning at 7:01 AM.  It will play the recording that you set up to the caller, then hang up.
 
1 7 * * * /callasshole
 
 
Now just sit back and enjoy, this will call the guy every single day... this may be illegal in almost everywhere but who cares...
 
After a few minutes of thought I decided not to go ahead with this plan.  I decided it was much easier to circumnavigate this "activation" process. 
 
The server is still churning away today, or is it?

Steve Jobs, World's Greatest Tech leader

I just wanted to put on my website for posterity my many thanks to Steve Jobs for all his fantastic ideas and products over the last 20 years!

 

Your products allow me to put food on the table without having to work with windows and for that sir I will be eternally grateful.

 

RIP

 

Apples redesigned site giving tribute

 

Google's Tribute

A simple Trixbox "Asterisk" backup script

Below are my instructions for a simple manual failover solution for Trixbox.

We use two servers at our company.  


Overall notes:  for this script to work well you should follow THESE instructions to set up SSH with no password.

You may find that some commands are wrapped on the screen, it should be easy to find these lines, just make sure you coorect them if you copy paste.


 

Primary Server - IP - 10.20.0.5 -  2 NICs one is public facing allowing for remote connections.

Backup Server - IP - 10.20.0.4 - Duplicate of main server, Same model of server

 

First the Primary Server.

Every Hour the server will run the following backup script.  the script will backup the following.

  • ETC and VAR folders - These are straight copied to the backup server with the exception of the /etc/sysconfig folder.  We do not directly back this up because if we did the backup server would assume the same IP addresses, thus breaking the Primary Server
  • MySQL tables - These are backed up to the backup server under the /tmp/mysqlbackups folder,  you will need to create this folder.
  • It will then invoke a script sitting on the backup server which will restore the MySQL databases on the backup server that were just copied over.
  • It will then copy the /etc/sysconfig folder contents to the backup server under the /network-repair-info/ folder



#!/bin/sh

#it is designed to keep two Trixbox servers synced for a soft failover

#Backup /etc folder
rsync -avz --delete --exclude 'sysconfig' /etc/ This email address is being protected from spambots. You need JavaScript enabled to view it..0.4:/etc/
echo etc done
sleep 1

#Backup /var folder
rsync -avz --delete --exclude 'log' /var/ This email address is being protected from spambots. You need JavaScript enabled to view it..0.4:/var/
echo var done
sleep 1

#backup mysql tables
mysqldump -u root -ppassw0rd information_schema > /tmp/mysqlbackups/information_schema.sql
mysqldump -u root -ppassw0rd asterisk > /tmp/mysqlbackups/asterisk.sql
mysqldump -u root -ppassw0rd asteriskcdrdb > /tmp/mysqlbackups/asteriskcdrdb.sql
mysqldump -u root -ppassw0rd asteriskrealtime > /tmp/mysqlbackups/asteriskrealtime.sql
mysqldump -u root -ppassw0rd endpoints > /tmp/mysqlbackups/endpoints.sql
mysqldump -u root -ppassw0rd meetme > /tmp/mysqlbackups/meetme.sql
mysqldump -u root -ppassw0rd mysql > /tmp/mysqlbackups/mysql.sql
echo all databases extracted
sleep 1

#Backup /tmp/mysqlbackups/ folder
rsync -avz --delete /tmp/mysqlbackups/ This email address is being protected from spambots. You need JavaScript enabled to view it..0.4:/tmp/mysqlbackups/

echo databases synced
sleep 1

#delete /tmp/mysqlbackups/ files
rm -rvf /tmp/mysqlbackups/*
echo old databases deleted
sleep 1

#run mysql restore command on slave server
ssh This email address is being protected from spambots. You need JavaScript enabled to view it..0.4 '/restoremysql'
echo restore of mysql is complete.
echo all done

#backup sysconfig folder
ssh This email address is being protected from spambots. You need JavaScript enabled to view it..0.4 'rm -rvf /network-repair-info/*'
rsync -avz --delete /etc/sysconfig/ This email address is being protected from spambots. You need JavaScript enabled to view it..0.4:/network-repair-info/


Now the Backup Server

The backup server has two scripts on it.

  • Restoremysql - this script is run every hour as part of the primary backup script it will restore the MySQL databases that were copied from the primary server.
  • Restore_Server - This script is run only in the event that you need to bring the backup server up as the main.

Restoremysql Script

 




#!/bin/sh

#this script will restore the mysql databases backed up from the main server

mysql -u root -ppassw0rd asterisk < /tmp/mysqlbackups/asterisk.sql
mysql -u root -ppassw0rd information_schema < /tmp/mysqlbackups/information_schema.sql
mysql -u root -ppassw0rd asteriskcdrdb < /tmp/mysqlbackups/asteriskcdrdb.sql
mysql -u root -ppassw0rd asteriskrealtime < /tmp/mysqlbackups/asteriskrealtime.sql
mysql -u root -ppassw0rd endpoints < /tmp/mysqlbackups/endpoints.sql
mysql -u root -ppassw0rd meetme < /tmp/mysqlbackups/meetme.sql
mysql -u root -ppassw0rd mysql < /tmp/mysqlbackups/mysql.sql

Restore_Server

This script is still under construction.  It's goal is to promote the backup server in the case that the primary fails.

 




#!/bin/sh

#This script will bring this server up as the main server
#Amportal is not set to start on boot so replace the rc.local file so that it will start on boot
mv /etc/rc.d/rc.local.backup /etc/rc.d/rc.local

#A iptables line has been added to restrict access to the SIP provider to block registration
#this command blocks all traffic help with registration when /sbin/iptables -A OUTPUT -s 64.197.13.6 -j DROP
#The below command will unblock the SIP Provider IP
/sbin/iptables -D OUTPUT -s 64.197.13.6 -j DROP

#now make a backup of the current sysconfig settings
tar -cvf /sysconfigbeforebackup.tar /etc/sysconfig/*

#now remove all old sysconf info
rm -rvf /etc/sysconfig/*

#copy current sysconfig info
cp -r /network-repair-info/* /etc/sysconfig/
#restart server
reboot

And that is it for now.  if you see any problems or better ways to do it please leave a comment for all to see!

Asterisk Server under Attack (Hacked)

 

I have a client who is using Asterisk.

30 or so extension

Open to the public, yes on port 5060

Passwords for ALL extensions is a minimum of 32 characters, including UPPER lower case, punctuation, and symbols.

From the graph below you can see that the CPU spiked for about 4 hours. this was due to Asterisk processing thousands of registration attempts per minutes from this hacker.

The next graph is the throughput on the public network card.  The first thing you see is normal traffic for thursday, this is how it normally looks.  Next you see an anomaly starting Friday morning.  This lasted about 4-5 hours.

 

While our server was never in danger of being hacked as the passwords for the extensions are so very long it does cause issues with latency, and choppiness in audio. 

As per my usual routine I check on the servers mid day and noticed this traffic.  I then logged into the server and found as expected, thousands upon thousands of registration attempts.  This causes both high CPU and high throughput because Asterisk has to evaluate and reject each registration attempt.

So, I knew what was going on but just in case I thought I would look at the asterisk logs and low and behold this is what I found, just thousands and thousands of lines of it...

 


[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found

[2011-05-06 11:59:38] NOTICE[2536] chan_sip.c: Registration from '"3518" <sip:This email address is being protected from spambots. You need JavaScript enabled to view it.>' failed for '50.23.164.82' - No matching peer found
 
So what did I do to fix it?   Well, I'm kinda of embarrassed because I originally installed fail2ban intrusion detection software on the server but had it pointing to the wrong log file.  Once I edited my jail.conf file and pointed it to the right log file I knew I had fixed the problem.
 

 

 

So I went back to the command prompt and restarted fail2ban...  within 2 seconds I saw the server send an email to me stating that the hackers IP had been blocked...

 

Gotta love Fail2Ban... Just remember to point it to the right log file and test, test, test before deployment!

Going to Texas for Easter

Sam and I will be heading to Texas tonight for Easter. I'm excited to see my family, it always seems like it's been forever.. Hopefully when we get back the weather will be more corporative and we'll get some backpacking in!

loging onto a asterisk queue via feature code

I have had nothing but trouble integrating queue member login and logoff with the Queue module "feature codes" *11 and *12 always rejecting my call with "Phone XXX is currently unavailable. Goodbye." And I'm aware that I can call the queue number followed by * or ** to control things that way, but some of my phones don't like that dialplan change. Therefore, I've written a quickfix change that I am hoping will be integrated into the Queue module on the next update as this, to me and my employees, seems to be the fastest and best method. To login: dial *51+queue number To logoff: dial *50+queue number Now you can setup speed dial keys on the phone sets for these shortcuts. Probably could expand with prompting if only enter *50 or *51 without following digits, but I didn't feel like adding all that. Could we now please agree to fix the Queues module with something this simplistic instead of whatever *11 and *12 are now failing to do?? ; fix for queue login problem, add this to extensions_custom.conf exten => *50,1,Playback(that-is-not-rec-phn-num) exten => *50,n,Playback(please-try-again) exten => *50,n,SayDigits(${EXTEN}) exten => *50,n,Hangup exten => _*50.,1,Wait(1) exten => _*50.,2,RemoveQueueMember(${EXTEN:3}) exten => _*50.,n,SayDigits(${CALLERID(number)}) exten => _*50.,n,Playback(agent-loggedoff) exten => _*50.,n,SayDigits(${EXTEN:3}) exten => _*50.,n,Hangup exten => _*50.,103,Playback(num-not-in-db) exten => _*50.,n,SayDigits(${EXTEN:3}) exten => _*50.,n,Playback(please-try-again) exten => _*50.,n,Hangup exten => *51,1,Playback(that-is-not-rec-phn-num) exten => *51,n,Playback(please-try-again) exten => *51,n,SayDigits(${EXTEN}) exten => *51,n,Hangup exten => _*51.,1,Wait(1) exten => _*51.,2,AddQueueMember(${EXTEN:3}) exten => _*51.,n,SayDigits(${CALLERID(number)}) exten => _*51.,n,Playback(agent-loginok) exten => _*51.,n,SayDigits(${EXTEN:3}) exten => _*51.,n,Hangup exten => _*51.,103,Playback(warning) exten => _*51.,n,SayDigits(${CALLERID(number)}) exten => _*51.,n,Playback(is-currently) exten => _*51.,n,Playback(in-the-queue) exten => _*51.,n,SayDigits(${EXTEN:3}) exten => _*51.,n,Playback(please-try-again) exten => _*51.,n,Hangup