FAQ

From MiRTA PBX documentation
Revision as of 21:26, 7 October 2016 by Admin (talk | contribs) (→‎Asterisk)
Jump to navigation Jump to search

Asterisk

How can I setup Asterisk to use TLS
Asterisk can use TLS as transport for the signalling, increasing the authentication security and providing extra privacy about the number dialed and other info usually transmitted in clear over the SIP channel. TLS will encrypt only the signalling part, without offering any extra security to the RTP (voice) part. In the [general] section of sip.conf, add the following info, replacing the IP address with the IP address of the server. Provide the certificate and key in pem format.
tlsenable=yes 
tlsbindaddr=213.133.102.85 
tlscertfile=/etc/asterisk/certificates/demo.mirtapbx.com.pem 
tlsdontverifyserver=no 
tlscipher=DES­CBC3­SHA 
tlsclientmethod=tlsv1 
transport=udp,tls 
I think my Asterisk is locked... how can I check it?
If you think your asterisk is locked, probably it is. To be 100% sure, just run the following command and check the result:

This is a locked asterisk

# netstat -nap | grep 5060
tcp        0      0 0.0.0.0:5060                0.0.0.0:*                   LISTEN      26090/asterisk      
udp   213504      0 0.0.0.0:5060                0.0.0.0:*                               26090/asterisk

This is a normal asterisk

# netstat -nap | grep 5060
tcp        0      0 0.0.0.0:5060                0.0.0.0:*                   LISTEN      4127/asterisk       
udp        0      0 0.0.0.0:5060                0.0.0.0:*                               4127/asterisk 

When asterisk locks up, it stops processing SIP packets, so the UDP buffer fills up. In this case an asterisk restart is needed.

How can I enable TCP for SIP (port 5060)?

You need to add the following rows to /etc/asterisk/sip.conf and then reload the SIP module (when you have no traffic)

tcpenable=yes
tcpbindaddr=0.0.0.0

Asterisk Errors

What is this error? WARNING[23261]: res_musiconhold.c:719 monmp3thread: poll() failed: Interrupted system call
Nothing to worry, when the Musing On Hold process terminates to play the media file, this error is thrown out, just ignore it
What is this error? WARNING[3221]: func_cdr.c:352 cdr_write_callback: CDR requires a value (CDR(variable)=value)
Nothing to worry, it is a small glitch in the dialplan, but avoiding it will require an extra check, slowing down the call processing, so it is avoided, preferring the warning. Just ignore it.
What is this error? ERROR[24984][C-00008457]: res_fax.c:4364 acf_faxopt_read: channel 'SIP/201-#######-0001547a' can't read FAXOPT(gateway) because it has never been written.
Nothing to worry, it is a small glitch in the dialplan, but avoiding it will require an extra check, slowing down the call processing, so it is avoided, preferring the error. Just ignore it.
What is this error? WARNING[3221]: func_cdr.c:364 cdr_write_callback: Using the CDR function to set 'accountcode' is deprecated. Please use the CHANNEL function instead.
I am using an old syntax to preserve compatibility with older asterisk versions. Just ignore it.
What is this error? WARNING[25144][C-0000845c]: dsp.c:1489 ast_dsp_process: Inband DTMF is not supported on codec #####. Use RFC2833
This is important, you are using an incompatible DTMF format for the codec you selected. Inband DTMF is supported in only a limited number of codec. Use RFC2833 as suggested.
What is this error? NOTICE[9505] manager.c: 217.28.216.250 tried to authenticate with nonexistent user 'admin'
What is this error? NOTICE[9505] manager.c: 217.28.216.250 failed to authenticate as 'admin'
Someone really stupid is trying to connect using the manager interface (port 5038). The manager interface is often locked down by IP address so it is really unlikely to be hacked this way, however this can be just annoying. To stop it after a few attempts, you can tweak the fail2ban to capture also these attempts by adding the following row in /etc/fail2ban/filters.d/asterisk.conf: ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s <HOST> failed to authenticate as '[^']*'$ and reload fail2ban
What is this error? WARNING[26421][C-0000b22f]: chan_sip.c:7350 sip_write: Can't send 10 type frames with SIP write
Asterisk doesn't yet support comfort noise generation. Just ignore it.
What is this error? NOTICE[6534] chan_sip.c: Received SIP subscribe for peer without mailbox: 226-SINI
The extension 226-SINI has sent a "SUBSCRIBE" message to asterisk, but the extension has no voicemail mailbox associated. This can be due to a configuration problem, you forget to associate the MWI mailbox in Configuration/Extension, or an asterisk problem... some time asterisk loads the extension without the mailbox associated. In this case you can restart the phone and deregister the extension, in this way when the phone registers again and subscribe to the voicemail mailbox, it should be loaded correctly. Otherwise you can move that extension to "No (Use externnotify)" in "Send MWI only if subscribed:" and set externnotify=/var/lib/asterisk/agi-bin/vmnotify.php in /etc/asterisk/voicemail.conf
What is this error? WARNING[53344][C-000015c8] app_voicemail.c: SQL Get Data error! coltitle=category
This is a long standing asterisk bug fixed only in later releases... it is harmless and can be ignored

Linux System

When a conference is going to start, I get the message app_meetme.c:1296 build_conf: Unable to open DAHDI pseudo device
It seems the dahdi kernel module is not started or not compiled/available for your running kernel. It is possible you have upgraded your kernel and restarted your system. Try restarting the dahdi by using the command:
/etc/init.d/dahdi restart

If it doesn't fix the issue, try recompiling dahdi module, going in /usr/local/src/dahdilinux-complete-* and running:

make
make install
/etc/init.d/dahdi restart
The web interface session is expiring too often, I need always to reauthenticate, how can I make it run longer?
You should change the session timeout value in php.ini and then restart the web server process, by default is 2880 seconds, set as long as you like
session.gc_maxlifetime = 2880
How can I upgrade to PHP 5.5 to use AWS S3 Storage?
System is now shipped with PHP 5.5 already installed, but previous installations were using the standard PHP version which is not suitable for AWS S3 because it requires PHP 5.5. On CentOS 6 64bit You can upgrade with the following steps:
rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
yum -y install yum-plugin-replace
yum replace php-common --replace-with=php55w-common
yum install php55w-opcache
rpm --import https://mirror.webtatic.com/yum/RPM-GPG-KEY-webtatic-andy
service httpd restart
How can I change the server IP?
To change the server IP you need to refer to your OS documentation, but after you have changed your IP, there are a series of changes to be applied to MiRTA PBX:
  • /etc/odbc.ini, /var/www/html/pbx/include/db.inc.php and /var/lib/asterisk/agi-bin/include/db.inc.php – contain the IP for the database server
  • /etc/asterisk/sip.conf – contains the server itself definition used to allow the server to call itself. If you are running your server behind a NAT, it can be needed to change also the externip parameter. Once changed, you need to reload SIP (asterisk -rx 'sip reload'). Please note all extensions will be deregistered.
  • /etc/asterisk/manager.conf – allows the web interface to access the manager interface. Once changed, you need to reload the manager interface (asterisk -rx 'manager reload')
  • /etc/hosts – it is important to have the server host to resolv correctly to the new IP. Please don't use 127.0.0.1 as server IP
  • /var/lib/asterisk/agi-bin/devstate.conf.php – lists the servers available in the pool to distribute the extension state. Status exchange is done over port 19771 using UDP protocol. Once the new IP has been inserted, you need to kill devstatesender.php and devstatereceiver.php processes, these will be automatically restarted.

Finally, you need to change the server IP defined in the web interface, using Admin/PBX Nodes. It can be a good idea to update the Always Allowed IP in the Admin/Security/GeoIP Fail2ban. It can be possible you need to request a new license for the server due to the change in IP. Please remember asterisk will still works and call will be processed normally even with an expired or not valid license.

MySQL

MySQL replication is broken with "Relay log read failure: Could not parse relay log event entry. The possible reasons are: the master's binary log is corrupted (you can check this by running 'mysqlbinlog' on the binary log), the slave's relay log is corrupted (you can check this by running 'mysqlbinlog' on the relay log), a network problem, or a bug in the master's or slave's MySQL code. If you want to check the master's binary log or slave's relay log, you will be able to know their names by issuing 'SHOW SLAVE STATUS' on this slave.", how can I fix it?
MySQL multimaster replication needs some advanced MySQL skills. If you do not have them, it is better if you refer to MiRTA PBX support and subscribe a "Nagios monitoring and OS management" service. If instead you have the needed knowledge, understanding that a wrong action can get things worst and you may lose data, to recover from this problem you need:
  • Get the MySQL slave status with "show slave status"
  • Stop the slave replication with "stop slave"
  • Reset the relay log with "reset slave"
  • Reinitialize the relay log with "change master to master_log_file='<Relay_Master_Log_File>', master_log_pos=<Exec_Master_Log_Pos>"
  • Start the slave replication with "start slave"
I have lost the me_media table
It is easy to panic and to abruptly remove the big voipmonitor.me_media table who is filling your disk, but now you need to recreate it and maybe reduce the retention period for voipmonitor data file. I have created a script as protected/recreatememedia.php doing this job.

Extensions

Can I use an extension to connect a remote PBX to the system?
Yes, but you need to enable the “trunk” feature for the extension or otherwise the Caller ID of the call coming from the remote PBX will be overwritten.
When I use server side attended or unattended transfer (#* and ##), there is no enough time to dial the destination extension!
The default timeout is set to 3 seconds, but the “transfer” message is played inside this time, so it may seem shorter. You can increase the timeout of the transfer by editing the /etc/asterisk/features.conf and changing the value for transferdigittimeout to the amount of seconds you like. Once done, reload the module from within asterisk with “module reload features”
When I try to recover the Voicemail, it says the PIN is invalid
Most of the time, there is a problem with DTMF, check the log for the call in /var/log/asterisk/full if you see this message:  dsp.c: Inband DTMF is not supported on codec g729. Use RFC2833 In this case, change the DTMF setting on the PBX from “auto” to RFC2833 and if possible, also on the phone

Queues

How can I get rid of the message "All of our representatives are currently..."
You need to set to 0 (zero) the Announce Frequency

Voicemails

A caller leaves a voicemail for an extension, but that voicemail is not appearing
The voicemail box can be locked, please check if in there a .lock file in the INBOX

folder, like in this example:

#find /var/spool/asterisk/voicemail/pulmonarycriticl/100/
/var/spool/asterisk/voicemail/pulmonarycriticl/100/
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Cust2
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Urgent
/var/spool/asterisk/voicemail/pulmonarycriticl/100/INBOX
/var/spool/asterisk/voicemail/pulmonarycriticl/100/INBOX/.lock
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Work
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Cust3
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Old
/var/spool/asterisk/voicemail/pulmonarycriticl/100/tmp
/var/spool/asterisk/voicemail/pulmonarycriticl/100/tmp/Av5Vqa.wav
/var/spool/asterisk/voicemail/pulmonarycriticl/100/tmp/Av5Vqa

Just remove it. About the source of the lock… maybe your asterisk server has crashed in the middle of a voicemail message.

Miscellaneous

My clients are getting ghost calls from weird numbers not logged in MiRTA PBX
Those ghost calls are attempts made by “hackers” to place rogue calls, usually to premium rate numbers. They start by analyzing large part of Internet trying to connect to port 5060, the standard port used by PBX and phones. If they detect an answer, they try placing some calls using different formats. If one of these calls has success, then they start to send hundred of calls to premium rate numbers. They get some money rewards by phone companies. To avoid this issue, you can place the phone behind a firewall or NAT router, allowing only the PBX to connect or you can configure the phone to accept calls only from registered server. This option has several names depending by the phone brand.
When a call has no callerid, is received as “asterisk”. How can I change it?
You can change setting the “callerid” parameter in the sip.conf and then reload sip from asterisk. Remember it will disconnect all clients connected.
My Music on Hold is starting from the middle, but I want it to be started from the start each time
There are two ways to run Music on Hold... you can run a single process for all clients waiting in queue or you can start a new process for each of the clients. Obviously the first way is preferred if you have a big number of clients awaiting, but it has the drawback of having the MOH process to stream the music continuously, so a client joining the queue will start listening it not from the start. The second way can be activated by changing the musiconhold.conf and disabling cachertclasses
[general]
cachertclasses=no   ; use 1 instance of moh class for all users who are using it,                                                                                                                                 
                    ; decrease consumable cpu cycles and memory                                                                                                                                                  
                    ; disabled by default                             

This setting is PBX wide and cannot be turned on/off based on tenant

When I try to login into the web interface, an error message tell me "You are not allowed to connect right now, try later", but my username/password are correct
The problem is due to the fact someone from your IP has tried connecting too many times and the system has been configured to check for past failed attempts. You can disable the "Web fail2ban" by using SSH and editing the table se_settings. MySQL root password is "passw0rd"
echo "update se_settings set se_value='' where se_code='WEBFAIL2BAN'" | mysql -u root -p

Phones

How can I avoid to receive a new call while I am already in a conversation?
You can receive another call while on line because the feature “Call Waiting” is active on your phone. Turn it off and the second call will get a BUSY signal. Disabling on the phone depends by the phone model, for example on Yealink it is here:
Yealink callwaiting.png
How can I allow a SNOM phone to auto answer on paging?
SNOM has a security setting to prevent auto answer, so it has to be enabled to make it to work. On version V8 you need to go to Advanced / Behaviour (tab) / Phone Behaviour / Intercom policy
Snom intercom.png

Provisioning

My phone refuse to provision, but when I download the configuration, it seems perfect
If you are trying to provision over https, then check if the SSL certificate is valid. Phones require a valid certificate for provisioning. Verify the date and time on the phone because the certificate has a start and end date of validity. As last chance, try provisioning with http, but just to verify if the problem is in the certificate (some phones are really picky about certificates), then change the key and the extension password.