FAQ: Difference between revisions

Asterisk

How can I setup Asterisk to use TLS

Asterisk can use TLS as transport for the signalling, increasing the authentication security and providing extra privacy about the number dialed and other info usually transmitted in clear over the SIP channel. TLS will encrypt only the signalling part, without offering any extra security to the RTP (voice) part. In the [general] section of sip.conf, add the following info, replacing the IP address with the IP address of the server. Provide the certificate and key in pem format.

tlsenable=yes 
tlsbindaddr=213.133.102.85 
tlscertfile=/etc/asterisk/certificates/demo.mirtapbx.com.pem 
tlsdontverifyserver=no 
tlscipher=DES­CBC3­SHA 
tlsclientmethod=tlsv1 
transport=udp,tls 

Asterisk Errors

What is this error? WARNING[23261]: res_musiconhold.c:719 monmp3thread: poll() failed: Interrupted system call

Nothing to worry, when the Musing On Hold process terminates to play the media file, this error is thrown out, just ignore it

What is this error? WARNING[3221]: func_cdr.c:352 cdr_write_callback: CDR requires a value (CDR(variable)=value)

Nothing to worry, it is a small glitch in the dialplan, but avoiding it will require an extra check, slowing down the call processing, so it is avoided, preferring the warning. Just ignore it.

What is this error? ERROR[24984][C-00008457]: res_fax.c:4364 acf_faxopt_read: channel 'SIP/201-#######-0001547a' can't read FAXOPT(gateway) because it has never been written.

Nothing to worry, it is a small glitch in the dialplan, but avoiding it will require an extra check, slowing down the call processing, so it is avoided, preferring the error. Just ignore it.

What is this error? WARNING[3221]: func_cdr.c:364 cdr_write_callback: Using the CDR function to set 'accountcode' is deprecated. Please use the CHANNEL function instead.

I am using an old syntax to preserve compatibility with older asterisk versions. Just ignore it.

What is this error? WARNING[25144][C-0000845c]: dsp.c:1489 ast_dsp_process: Inband DTMF is not supported on codec #####. Use RFC2833

This is important, you are using an incompatible DTMF format for the codec you selected. Inband DTMF is supported in only a limited number of codec. Use RFC2833 as suggested.

What is this error? NOTICE[9505] manager.c: 217.28.216.250 tried to authenticate with nonexistent user 'admin'

What is this error? NOTICE[9505] manager.c: 217.28.216.250 failed to authenticate as 'admin'

Someone really stupid is trying to connect using the manager interface (port 5038). The manager interface is often locked down by IP address so it is really unlikely to be hacked this way, however this can be just annoying. To stop it after a few attempts, you can tweak the fail2ban to capture also these attempts by adding the following row in /etc/fail2ban/filters.d/asterisk.conf: ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s <HOST> failed to authenticate as '[^']*'$ and reload fail2ban

What is this error? WARNING[26421][C-0000b22f]: chan_sip.c:7350 sip_write: Can't send 10 type frames with SIP write

Asterisk doesn't yet support comfort noise generation. Just ignore it.

What is this error? NOTICE[6534] chan_sip.c: Received SIP subscribe for peer without mailbox: 226-SINI

The extension 226-SINI has sent a "SUBSCRIBE" message to asterisk, but the extension has no voicemail mailbox associated. This can be due to a configuration problem, you forget to associate the MWI mailbox in Configuration/Extension, or an asterisk problem... some time asterisk loads the extension without the mailbox associated. In this case you can restart the phone and deregister the extension, in this way when the phone registers again and subscribe to the voicemail mailbox, it should be loaded correctly. Otherwise you can move that extension to "No (Use externnotify)" in "Send MWI only if subscribed:" and set externnotify=/var/lib/asterisk/agi-bin/vmnotify.php in /etc/asterisk/voicemail.conf

What is this error? WARNING[53344][C-000015c8] app_voicemail.c: SQL Get Data error! coltitle=category

This is a long standing asterisk bug fixed only in later releases... it is harmless and can be ignored

Linux System

When a conference is going to start, I get the message app_meetme.c:1296 build_conf: Unable to open DAHDI pseudo device

It seems the dahdi kernel module is not started or not compiled/available for your running kernel. It is possible you have upgraded your kernel and restarted your system. Try restarting the dahdi by using the command:

/etc/init.d/dahdi restart

If it doesn't fix the issue, try recompiling dahdi module, going in /usr/local/src/dahdilinux-complete-* and running:

make
make install
/etc/init.d/dahdi restart

The web interface session is expiring too often, I need always to reauthenticate, how can I make it run longer?

You should change the session timeout value in php.ini and then restart the web server process, by default is 2880 seconds, set as long as you like

session.gc_maxlifetime = 2880

How can I upgrade to PHP 5.5 to use AWS S3 Storage?

System is now shipped with PHP 5.5 already installed, but previous installations were using the standard PHP version which is not suitable for AWS S3 because it requires PHP 5.5. On CentOS 6 64bit You can upgrade with the following steps:

rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
yum -y install yum-plugin-replace
yum replace php-common --replace-with=php55w-common
yum install php55w-opcache
rpm --import https://mirror.webtatic.com/yum/RPM-GPG-KEY-webtatic-andy
service httpd restart

How can I change the server IP?

To change the server IP you need to refer to your OS documentation, but after you have changed your IP, there are a series of changes to be applied to MiRTA PBX:

• /etc/odbc.ini, /var/www/html/pbx/include/db.inc.php and /var/lib/asterisk/agi-bin/include/db.inc.php – contain the IP for the database server
• /etc/asterisk/sip.conf – contains the server itself definition used to allow the server to call itself. If you are running your server behind a NAT, it can be needed to change also the externip parameter. Once changed, you need to reload SIP (asterisk -rx 'sip reload'). Please note all extensions will be deregistered.
• /etc/asterisk/manager.conf – allows the web interface to access the manager interface. Once changed, you need to reload the manager interface (asterisk -rx 'manager reload')
• /etc/hosts – it is important to have the server host to resolv correctly to the new IP. Please don't use 127.0.0.1 as server IP
• /var/lib/asterisk/agi-bin/devstate.conf.php – lists the servers available in the pool to distribute the extension state. Status exchange is done over port 19771 using UDP protocol. Once the new IP has been inserted, you need to kill devstatesender.php and devstatereceiver.php processes, these will be automatically restarted.

Finally, you need to change the server IP defined in the web interface, using Admin/PBX Nodes. It can be a good idea to update the Always Allowed IP in the Admin/Security/GeoIP Fail2ban. It can be possible you need to request a new license for the server due to the change in IP. Please remember asterisk will still works and call will be processed normally even with an expired or not valid license.

Extensions

Can I use an extension to connect a remote PBX to the system?

Yes, but you need to enable the “trunk” feature for the extension or otherwise the Caller ID of the call coming from the remote PBX will be overwritten.

When I use server side attended or unattended transfer (#* and ##), there is no enough time to dial the destination extension!

The default timeout is set to 3 seconds, but the “transfer” message is played inside this time, so it may seem shorter. You can increase the timeout of the transfer by editing the /etc/asterisk/features.conf and changing the value for transferdigittimeout to the amount of seconds you like. Once done, reload the module from within asterisk with “module reload features”

When I try to recover the Voicemail, it says the PIN is invalid

Most of the time, there is a problem with DTMF, check the log for the call in /var/log/asterisk/full if you see this message:  dsp.c: Inband DTMF is not supported on codec g729. Use RFC2833 In this case, change the DTMF setting on the PBX from “auto” to RFC2833 and if possible, also on the phone

Voicemails

A caller leaves a voicemail for an extension, but that voicemail is not appearing

The voicemail box can be locked, please check if in there a .lock file in the INBOX

folder, like in this example:

#find /var/spool/asterisk/voicemail/pulmonarycriticl/100/
/var/spool/asterisk/voicemail/pulmonarycriticl/100/
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Cust2
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Urgent
/var/spool/asterisk/voicemail/pulmonarycriticl/100/INBOX
/var/spool/asterisk/voicemail/pulmonarycriticl/100/INBOX/.lock
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Work
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Cust3
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Old
/var/spool/asterisk/voicemail/pulmonarycriticl/100/tmp
/var/spool/asterisk/voicemail/pulmonarycriticl/100/tmp/Av5Vqa.wav
/var/spool/asterisk/voicemail/pulmonarycriticl/100/tmp/Av5Vqa

Just remove it. About the source of the lock… maybe your asterisk server has crashed in the middle of a voicemail message.

Miscellaneous

My clients are getting ghost calls from weird numbers not logged in MiRTA PBX

Those ghost calls are attempts made by “hackers” to place rogue calls, usually to premium rate numbers. They start by analyzing large part of Internet trying to connect to port 5060, the standard port used by PBX and phones. If they detect an answer, they try placing some calls using different formats. If one of these calls has success, then they start to send hundred of calls to premium rate numbers. They get some money rewards by phone companies. To avoid this issue, you can place the phone behind a firewall or NAT router, allowing only the PBX to connect or you can configure the phone to accept calls only from registered server. This option has several names depending by the phone brand.

When a call has no callerid, is received as “asterisk”. How can I change it?

You can change setting the “callerid” parameter in the sip.conf and then reload sip from asterisk. Remember it will disconnect all clients connected.

My Music on Hold is starting from the middle, but I want it to be started from the start each time

There are two ways to run Music on Hold... you can run a single process for all clients waiting in queue or you can start a new process for each of the clients. Obviously the first way is preferred if you have a big number of clients awaiting, but it has the drawback of having the MOH process to stream the music continuously, so a client joining the queue will start listening it not from the start. The second way can be activated by changing the musiconhold.conf and disabling cachertclasses

[general]
cachertclasses=no   ; use 1 instance of moh class for all users who are using it,                                                                                                                                 
                    ; decrease consumable cpu cycles and memory                                                                                                                                                  
                    ; disabled by default                             

This setting is PBX wide and cannot be turned on/off based on tenant

Phones

How can I avoid to receive a new call while I am already in a conversation?

You can receive another call while on line because the feature “Call Waiting” is active on your phone. Turn it off and the second call will get a BUSY signal. Disabling on the phone depends by the phone model, for example on Yealink it is here:

How can I allow a SNOM phone to auto answer on paging?

SNOM has a security setting to prevent auto answer, so it has to be enabled to make it to work. On version V8 you need to go to Advanced / Behaviour (tab) / Phone Behaviour / Intercom policy

Provisioning

My phone refuse to provision, but when I download the configuration, it seems perfect

If you are trying to provision over https, then check if the SSL certificate is valid. Phones require a valid certificate for provisioning. Verify the date and time on the phone because the certificate has a start and end date of validity. As last chance, try provisioning with http, but just to verify if the problem is in the certificate (some phones are really picky about certificates), then change the key and the extension password.