FAQ: Difference between revisions
Line 186: | Line 186: | ||
; When using Mail to Fax, I cannot acces my Gmail account, even if the password is correct : Gmail doesn't like you to access your mailbox over IMAP or POP3 too often. If you want to still access it every minute (the default Mail to Fax rate), you need to enable "Allow less secure apps". https://support.google.com/accounts/answer/6010255?hl=en | ; When using Mail to Fax, I cannot acces my Gmail account, even if the password is correct : Gmail doesn't like you to access your mailbox over IMAP or POP3 too often. If you want to still access it every minute (the default Mail to Fax rate), you need to enable "Allow less secure apps". https://support.google.com/accounts/answer/6010255?hl=en | ||
[[file:lesssecureapps.png|400px]] | [[file:lesssecureapps.png|400px|thumb]] | ||
== Phones == | == Phones == |
Revision as of 18:21, 29 December 2016
Asterisk
- How can I setup Asterisk to use TLS
- Asterisk can use TLS as transport for the signalling, increasing the authentication security and providing extra privacy about the number dialed and other info usually transmitted in clear over the SIP channel. TLS will encrypt only the signalling part, without offering any extra security to the RTP (voice) part. In the [general] section of sip.conf, add the following info, replacing the IP address with the IP address of the server. Provide the certificate and key in pem format.
tlsenable=yes tlsbindaddr=213.133.102.85 tlscertfile=/etc/asterisk/certificates/demo.mirtapbx.com.pem tlsdontverifyserver=no tlscipher=DES-CBC3-SHA tlsclientmethod=tlsv1 transport=udp,tls
Optionally you can add a port number to tlsbindaddr parameter
Don't forget to set asterisk to listen on tcp:
tcpenable=yes
- I think my Asterisk is locked... how can I check it?
- If you think your asterisk is locked, probably it is. To be 100% sure, just run the following command and check the result:
This is a locked asterisk
# netstat -nap | grep 5060 tcp 0 0 0.0.0.0:5060 0.0.0.0:* LISTEN 26090/asterisk udp 213504 0 0.0.0.0:5060 0.0.0.0:* 26090/asterisk
This is a normal asterisk
# netstat -nap | grep 5060 tcp 0 0 0.0.0.0:5060 0.0.0.0:* LISTEN 4127/asterisk udp 0 0 0.0.0.0:5060 0.0.0.0:* 4127/asterisk
When asterisk locks up, it stops processing SIP packets, so the UDP buffer fills up. In this case an asterisk restart is needed.
- How can I enable TCP for SIP (port 5060)?
You need to add the following rows to /etc/asterisk/sip.conf and then reload the SIP module (when you have no traffic)
tcpenable=yes tcpbindaddr=0.0.0.0
Asterisk Errors
- What is this error? WARNING[23261]: res_musiconhold.c:719 monmp3thread: poll() failed: Interrupted system call
- Nothing to worry, when the Musing On Hold process terminates to play the media file, this error is thrown out, just ignore it
- What is this error? WARNING[3221]: func_cdr.c:352 cdr_write_callback: CDR requires a value (CDR(variable)=value)
- Nothing to worry, it is a small glitch in the dialplan, but avoiding it will require an extra check, slowing down the call processing, so it is avoided, preferring the warning. Just ignore it.
- What is this error? ERROR[24984][C-00008457]: res_fax.c:4364 acf_faxopt_read: channel 'SIP/201-#######-0001547a' can't read FAXOPT(gateway) because it has never been written.
- Nothing to worry, it is a small glitch in the dialplan, but avoiding it will require an extra check, slowing down the call processing, so it is avoided, preferring the error. Just ignore it.
- What is this error? WARNING[3221]: func_cdr.c:364 cdr_write_callback: Using the CDR function to set 'accountcode' is deprecated. Please use the CHANNEL function instead.
- I am using an old syntax to preserve compatibility with older asterisk versions. Just ignore it.
- What is this error? WARNING[25144][C-0000845c]: dsp.c:1489 ast_dsp_process: Inband DTMF is not supported on codec #####. Use RFC2833
- This is important, you are using an incompatible DTMF format for the codec you selected. Inband DTMF is supported in only a limited number of codec. Use RFC2833 as suggested.
- What is this error? NOTICE[9505] manager.c: 217.28.216.250 tried to authenticate with nonexistent user 'admin'
- What is this error? NOTICE[9505] manager.c: 217.28.216.250 failed to authenticate as 'admin'
- Someone really stupid is trying to connect using the manager interface (port 5038). The manager interface is often locked down by IP address so it is really unlikely to be hacked this way, however this can be just annoying. To stop it after a few attempts, you can tweak the fail2ban to capture also these attempts by adding the following row in /etc/fail2ban/filters.d/asterisk.conf: ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s <HOST> failed to authenticate as '[^']*'$ and reload fail2ban
- What is this error? WARNING[26421][C-0000b22f]: chan_sip.c:7350 sip_write: Can't send 10 type frames with SIP write
- Asterisk doesn't yet support comfort noise generation. Just ignore it.
- What is this error? NOTICE[6534] chan_sip.c: Received SIP subscribe for peer without mailbox: 226-SINI
- The extension 226-SINI has sent a "SUBSCRIBE" message to asterisk, but the extension has no voicemail mailbox associated. This can be due to a configuration problem, you forget to associate the MWI mailbox in Configuration/Extension, or an asterisk problem... some time asterisk loads the extension without the mailbox associated. In this case you can restart the phone and deregister the extension, in this way when the phone registers again and subscribe to the voicemail mailbox, it should be loaded correctly. Otherwise you can move that extension to "No (Use externnotify)" in "Send MWI only if subscribed:" and set externnotify=/var/lib/asterisk/agi-bin/vmnotify.php in /etc/asterisk/voicemail.conf
- What is this error? WARNING[53344][C-000015c8] app_voicemail.c: SQL Get Data error! coltitle=category
- This is a long standing asterisk bug fixed only in later releases... it is harmless and can be ignored
Linux System
- When a conference is going to start, I get the message app_meetme.c:1296 build_conf: Unable to open DAHDI pseudo device
- It seems the dahdi kernel module is not started or not compiled/available for your running kernel. It is possible you have upgraded your kernel and restarted your system. Try restarting the dahdi by using the command:
/etc/init.d/dahdi restart
If it doesn't fix the issue, try recompiling dahdi module, going in /usr/local/src/dahdilinux-complete-* and running:
make make install /etc/init.d/dahdi restart
- The web interface session is expiring too often, I need always to reauthenticate, how can I make it run longer?
- You should change the session timeout value in php.ini and then restart the web server process, by default is 2880 seconds, set as long as you like
session.gc_maxlifetime = 2880
- How can I upgrade to PHP 5.5 to use AWS S3 Storage?
- System is now shipped with PHP 5.5 already installed, but previous installations were using the standard PHP version which is not suitable for AWS S3 because it requires PHP 5.5. On CentOS 6 64bit You can upgrade with the following steps:
rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm yum -y install yum-plugin-replace yum replace php-common --replace-with=php55w-common yum install php55w-opcache rpm --import https://mirror.webtatic.com/yum/RPM-GPG-KEY-webtatic-andy service httpd restart
- How can I change the server IP?
- To change the server IP you need to refer to your OS documentation, but after you have changed your IP, there are a series of changes to be applied to MiRTA PBX:
- /etc/odbc.ini, /var/www/html/pbx/include/db.inc.php and /var/lib/asterisk/agi-bin/include/db.inc.php – contain the IP for the database server
- /etc/asterisk/sip.conf – contains the server itself definition used to allow the server to call itself. If you are running your server behind a NAT, it can be needed to change also the externip parameter. Once changed, you need to reload SIP (asterisk -rx 'sip reload'). Please note all extensions will be deregistered.
- /etc/asterisk/manager.conf – allows the web interface to access the manager interface. Once changed, you need to reload the manager interface (asterisk -rx 'manager reload')
- /etc/hosts – it is important to have the server host to resolv correctly to the new IP. Please don't use 127.0.0.1 as server IP
- /var/lib/asterisk/agi-bin/devstate.conf.php – lists the servers available in the pool to distribute the extension state. Status exchange is done over port 19771 using UDP protocol. Once the new IP has been inserted, you need to kill devstatesender.php and devstatereceiver.php processes, these will be automatically restarted.
Finally, you need to change the server IP defined in the web interface, using Admin/PBX Nodes. It can be a good idea to update the Always Allowed IP in the Admin/Security/GeoIP Fail2ban. It can be possible you need to request a new license for the server due to the change in IP. Please remember asterisk will still works and call will be processed normally even with an expired or not valid license.
MySQL
- MySQL replication is broken with "Relay log read failure: Could not parse relay log event entry. The possible reasons are: the master's binary log is corrupted (you can check this by running 'mysqlbinlog' on the binary log), the slave's relay log is corrupted (you can check this by running 'mysqlbinlog' on the relay log), a network problem, or a bug in the master's or slave's MySQL code. If you want to check the master's binary log or slave's relay log, you will be able to know their names by issuing 'SHOW SLAVE STATUS' on this slave.", how can I fix it?
- MySQL multimaster replication needs some advanced MySQL skills. If you do not have them, it is better if you refer to MiRTA PBX support and subscribe a "Nagios monitoring and OS management" service. If instead you have the needed knowledge, understanding that a wrong action can get things worst and you may lose data, to recover from this problem you need:
- Get the MySQL slave status with "show slave status"
- Stop the slave replication with "stop slave"
- Reset the relay log with "reset slave"
- Reinitialize the relay log with "change master to master_log_file='<Relay_Master_Log_File>', master_log_pos=<Exec_Master_Log_Pos>"
- Start the slave replication with "start slave"
- I have lost the me_media table
- It is easy to panic and to abruptly remove the big voipmonitor.me_media table who is filling your disk, but now you need to recreate it and maybe reduce the retention period for voipmonitor data file. I have created a script as protected/recreatememedia.php doing this job.
Extensions
- Can I use an extension to connect a remote PBX to the system?
- Yes, but you need to enable the “trunk” feature for the extension or otherwise the Caller ID of the call coming from the remote PBX will be overwritten.
- When I use server side attended or unattended transfer (#* and ##), there is no enough time to dial the destination extension!
- The default timeout is set to 3 seconds, but the “transfer” message is played inside this time, so it may seem shorter. You can increase the timeout of the transfer by editing the /etc/asterisk/features.conf and changing the value for transferdigittimeout to the amount of seconds you like. Once done, reload the module from within asterisk with “module reload features”
- When I try to recover the Voicemail, it says the PIN is invalid
- Most of the time, there is a problem with DTMF, check the log for the call in /var/log/asterisk/full if you see this message:
dsp.c: Inband DTMF is not supported on codec g729. Use RFC2833
In this case, change the DTMF setting on the PBX from “auto” to RFC2833 and if possible, also on the phone
Queues
- How can I get rid of the message "All of our representatives are currently..."
- You need to set to 0 (zero) the Announce Frequency
Voicemails
- A caller leaves a voicemail for an extension, but that voicemail is not appearing
- The voicemail box can be locked, please check if in there a .lock file in the INBOX
folder, like in this example:
#find /var/spool/asterisk/voicemail/pulmonarycriticl/100/ /var/spool/asterisk/voicemail/pulmonarycriticl/100/ /var/spool/asterisk/voicemail/pulmonarycriticl/100/Cust2 /var/spool/asterisk/voicemail/pulmonarycriticl/100/Urgent /var/spool/asterisk/voicemail/pulmonarycriticl/100/INBOX /var/spool/asterisk/voicemail/pulmonarycriticl/100/INBOX/.lock /var/spool/asterisk/voicemail/pulmonarycriticl/100/Work /var/spool/asterisk/voicemail/pulmonarycriticl/100/Cust3 /var/spool/asterisk/voicemail/pulmonarycriticl/100/Old /var/spool/asterisk/voicemail/pulmonarycriticl/100/tmp /var/spool/asterisk/voicemail/pulmonarycriticl/100/tmp/Av5Vqa.wav /var/spool/asterisk/voicemail/pulmonarycriticl/100/tmp/Av5Vqa
Just remove it. About the source of the lock… maybe your asterisk server has crashed in the middle of a voicemail message.
- MWI has stopped working, it is a periodic issue for my clients
Yes, MWI is often a problem and it is not clear where the problem is, if in the phones or in asterisk. In a normal SIP environment, the phone subscribe to MWI and start getting notify about the status. Subscription needs to be refreshed, like registration and this can be the source of the problem. To get rid of it, use "Externnotify"
Before doing it, you should check if the extern notification has been correctly setup in your system. Edit /etc/asterisk/voicemail.conf and check if the externnotify has been set as following.
externnotify=/var/lib/asterisk/agi-bin/vmnotify.php
If not, set it and reload voicemail module
Miscellaneous
- My clients are getting ghost calls from weird numbers not logged in MiRTA PBX
- Those ghost calls are attempts made by “hackers” to place rogue calls, usually to premium rate numbers. They start by analyzing large part of Internet trying to connect to port 5060, the standard port used by PBX and phones. If they detect an answer, they try placing some calls using different formats. If one of these calls has success, then they start to send hundred of calls to premium rate numbers. They get some money rewards by phone companies. To avoid this issue, you can place the phone behind a firewall or NAT router, allowing only the PBX to connect or you can configure the phone to accept calls only from registered server. This option has several names depending by the phone brand.
- When a call has no callerid, is received as “asterisk”. How can I change it?
- You can change setting the “callerid” parameter in the sip.conf and then reload sip from asterisk. Remember it will disconnect all clients connected.
- My Music on Hold is starting from the middle, but I want it to be started from the start each time
- There are two ways to run Music on Hold... you can run a single process for all clients waiting in queue or you can start a new process for each of the clients. Obviously the first way is preferred if you have a big number of clients awaiting, but it has the drawback of having the MOH process to stream the music continuously, so a client joining the queue will start listening it not from the start. The second way can be activated by changing the musiconhold.conf and disabling cachertclasses
[general] cachertclasses=no ; use 1 instance of moh class for all users who are using it, ; decrease consumable cpu cycles and memory ; disabled by default
This setting is PBX wide and cannot be turned on/off based on tenant
- When I try to login into the web interface, an error message tell me "You are not allowed to connect right now, try later", but my username/password are correct
- The problem is due to the fact someone from your IP has tried connecting too many times and the system has been configured to check for past failed attempts. You can disable the "Web fail2ban" by using SSH and editing the table se_settings. MySQL root password is "passw0rd"
echo "update se_settings set se_value='' where se_code='WEBFAIL2BAN'" | mysql -u root -p
- When using Mail to Fax, I cannot acces my Gmail account, even if the password is correct
- Gmail doesn't like you to access your mailbox over IMAP or POP3 too often. If you want to still access it every minute (the default Mail to Fax rate), you need to enable "Allow less secure apps". https://support.google.com/accounts/answer/6010255?hl=en
Phones
- How can I avoid to receive a new call while I am already in a conversation?
- You can receive another call while on line because the feature “Call Waiting” is active on your phone. Turn it off and the second call will get a BUSY signal. Disabling on the phone depends by the phone model, for example on Yealink it is here:
- How can I allow a SNOM phone to auto answer on paging?
- SNOM has a security setting to prevent auto answer, so it has to be enabled to make it to work. On version V8 you need to go to Advanced / Behaviour (tab) / Phone Behaviour / Intercom policy
Provisioning
- My phone refuse to provision, but when I download the configuration, it seems perfect
- If you are trying to provision over https, then check if the SSL certificate is valid. Phones require a valid certificate for provisioning. Verify the date and time on the phone because the certificate has a start and end date of validity. As last chance, try provisioning with http, but just to verify if the problem is in the certificate (some phones are really picky about certificates), then change the key and the extension password.