FAQ: Difference between revisions

From MiRTA PBX documentation
Jump to navigation Jump to search
Line 496: Line 496:

<pre>echo "update se_settings set se_value='' where se_code='USERECAPTCHA'" | mysql -u root -ppassw0rd asterisk</pre>
<pre>echo "update se_settings set se_value='' where se_code='USERECAPTCHA'" | mysql -u root -ppassw0rd asterisk</pre>
; What are the devstatesender and devstatereceiver processes for?
The devstatesender.php and devstatereceiver.php are two processes that need to be always running. They are run at startup by /etc/rc.local using two scripts, restartdevstatesender.sh and restartdevstatereceiver.sh. When one of the PHP process dies or it is killed, the sh script will run it again. You should never run them manually, but always let the sh script to run them. If the sh scripts are not running, you may think of restarting the server or run them manually by executing the script as shown in /etc/rc.local.
This PHP scripts read the AMI events from one of the servers and distribute them to all other servers. These pair is scripts is needed to run even if there is a single node in the cluster.

== Phones ==
== Phones ==

Revision as of 06:14, 12 August 2021


How can I setup Asterisk to use TLS
Asterisk can use TLS as transport for the signalling, increasing the authentication security and providing extra privacy about the number dialed and other info usually transmitted in clear over the SIP channel. TLS will encrypt only the signalling part, without offering any extra security to the RTP (voice) part. In the [general] section of sip.conf, add the following info, replacing the IP address with the IP address of the server. Provide the certificate and key in pem format.

Optionally you can add a port number to tlsbindaddr parameter

Don't forget to set asterisk to listen on tcp:


Optionally you can provide a separate certificate and key

I think my Asterisk is locked... how can I check it?
If you think your asterisk is locked, probably it is. To be 100% sure, just run the following command and check the result:

This is a locked asterisk

# netstat -nap | grep 5060
tcp        0      0      *                   LISTEN      26090/asterisk      
udp   213504      0      *                               26090/asterisk

This is a normal asterisk

# netstat -nap | grep 5060
tcp        0      0      *                   LISTEN      4127/asterisk       
udp        0      0      *                               4127/asterisk 

When asterisk locks up, it stops processing SIP packets, so the UDP buffer fills up. In this case an asterisk restart is needed.

How can I enable TCP for SIP (port 5060)?

You need to add the following rows to /etc/asterisk/sip.conf and then reload the SIP module (when you have no traffic)

How can I configure Asterisk to listen to multiple ports?

You can't, it is not possible to configure Asterisk to listen to multiple ports. However, you can use an iptables REDIRECT to get the same result. To redirect a single port with iptables:

 iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5090 -j REDIRECT --to-ports 5060

This example redirects UPD port 5090 to port 5060, so you can connect to Asterisk on both of them.

Remember to add this command to any init script, like /etc/rc.local

BLF monitoring is not working!

One of the common pitfall about BLF is to monitor just the extension number and not the "username" as required. So if you are in the tenant "DEMO" and you want to monitor extension 100 with username "100-DEMO", you need to monitor 100-DEMO and not just 100.


You can check this piece of code:

When I change the name of an extension or any properties requiring an extension reload, the extension goes offline after few minutes

Asterisk caches the info for the extension, so when updating the extension, it is pruned and reloaded. It is automatically reloaded with an expire time of 120 seconds. If you have an expire time longer, it will go offline. You can avoid this by setting a longer default expiration time using the following parameter in sip.conf


Calls are dropping after around 30 seconds when using PJSIP

Some softphones sends INFO packets to the pbx and if you have not activated "TrustRPID", the pbx will not answer and the softphone may hangup the call

Asterisk is not using the correct audio file

When using audio translations, even if placed correctly in /var/lib/asterisk/sounds/<your language code> is always possible asterisk will choose to use the english version because in the "best" format. In this case, it can be good to convert all audio files in multiple formats. Let's make the example to have all audio files for da_DK language in "wav" format, while asterisk is picking up the "ulaw" english version. We can easily convert them using:

 cd /var/lib/asterisk/sounds/da_DK
 for i in `ls *.wav`; do asterisk -x "file convert /var/lib/asterisk/sounds/da_DK/$i /var/lib/asterisk/sounds/da_DK/`basename $i .wav`.ulaw"; done
Asterisk is not reporting the PAUSE event when a phone is auto paused

The name of the event changed from asterisk 13.x to asterisk 16.x and your manager.conf may be still using the old event name. Please check and fix:

 eventfilter=Event: QueueMemberPause
My provider uses DNS SRV entry, how should I configure it?

Configure it as a normal entry, but leave the port to zero. That will force a DNS SRV resolution

How to configure TOS and COS for PJSIP?

The configuration of TOS and COS for PJSIP is separated between the realtime extension and the transport. You can check the PJSIP extension security section and insert the following values:

TOS Audio: ef
TOS Video: af41
COS Audio: 5
COS Video: 4

You can also edit pjsip.conf and enter the following values for each type of transport:


Asterisk Errors

What is this error? WARNING[23261]: res_musiconhold.c:719 monmp3thread: poll() failed: Interrupted system call
Nothing to worry, when the Musing On Hold process terminates to play the media file, this error is thrown out, just ignore it
What is this error? WARNING[3221]: func_cdr.c:352 cdr_write_callback: CDR requires a value (CDR(variable)=value)
Nothing to worry, it is a small glitch in the dialplan, but avoiding it will require an extra check, slowing down the call processing, so it is avoided, preferring the warning. Just ignore it.
What is this error? ERROR[24984][C-00008457]: res_fax.c:4364 acf_faxopt_read: channel 'SIP/201-#######-0001547a' can't read FAXOPT(gateway) because it has never been written.
Nothing to worry, it is a small glitch in the dialplan, but avoiding it will require an extra check, slowing down the call processing, so it is avoided, preferring the error. Just ignore it.
What is this error? WARNING[3221]: func_cdr.c:364 cdr_write_callback: Using the CDR function to set 'accountcode' is deprecated. Please use the CHANNEL function instead.
I am using an old syntax to preserve compatibility with older asterisk versions. Just ignore it.
What is this error? WARNING[25144][C-0000845c]: dsp.c:1489 ast_dsp_process: Inband DTMF is not supported on codec #####. Use RFC2833
This is important, you are using an incompatible DTMF format for the codec you selected. Inband DTMF is supported in only a limited number of codec. Use RFC2833 as suggested.
What is this error? NOTICE[9505] manager.c: tried to authenticate with nonexistent user 'admin'
What is this error? NOTICE[9505] manager.c: failed to authenticate as 'admin'
Someone really stupid is trying to connect using the manager interface (port 5038). The manager interface is often locked down by IP address so it is really unlikely to be hacked this way, however this can be just annoying. To stop it after a few attempts, you can tweak the fail2ban to capture also these attempts by adding the following row in /etc/fail2ban/filters.d/asterisk.conf: ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s <HOST> failed to authenticate as '[^']*'$ and reload fail2ban
What is this error? WARNING[26421][C-0000b22f]: chan_sip.c:7350 sip_write: Can't send 10 type frames with SIP write
Asterisk doesn't yet support comfort noise generation. Just ignore it.
What is this error? NOTICE[6534] chan_sip.c: Received SIP subscribe for peer without mailbox: 226-SINI
The extension 226-SINI has sent a "SUBSCRIBE" message to asterisk, but the extension has no voicemail mailbox associated. This can be due to a configuration problem, you forget to associate the MWI mailbox in Configuration/Extension, or an asterisk problem... some time asterisk loads the extension without the mailbox associated. In this case you can restart the phone and deregister the extension, in this way when the phone registers again and subscribe to the voicemail mailbox, it should be loaded correctly. Otherwise you can move that extension to "No (Use externnotify)" in "Send MWI only if subscribed:" and set externnotify=/var/lib/asterisk/agi-bin/vmnotify.php in /etc/asterisk/voicemail.conf
What is this error? WARNING[53344][C-000015c8] app_voicemail.c: SQL Get Data error! coltitle=category
This is a long standing asterisk bug fixed only in later releases... it is harmless and can be ignored
Asterisk is logging INVITE attempts from the Internet, but Fail2ban is not blocking it, like "chan_sip.c
Failed to authenticate device "12345"<sip:12345@demo.mirtapbx.com>;tag=4b18a608" How is it possible to block them? : You need to path the logger.conf file and restart asterisk when possible
 messages => security,notice,warning,error

Linux System

My CentOS 6 is out of support

CentOS 6 support has expired on 1st December, however, you can continue to use it, but it is important to change the repo destination to "Vault". You can do easily using the following command

 cd /etc/yum.repos.d/ ; mv CentOS-Base.repo CentOS-Base.repo.old ; wget http://devel.mirtapbx.com/mirtapbx_support/CentOS-Base.repo ; yum clean all ; mv epel.repo epel.repo.old ; wget http://devel.mirtapbx.com/mirtapbx_support/epel.repo ; yum --security upgrade ; \rm /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo /etc/yum.repos.d/CentOS-SCLo-scl.repo
How can I change the system hostname in CentOS 7
 hostnamectl set-hostname host.example.com --static
When a conference is going to start, I get the message app_meetme.c:1296 build_conf: Unable to open DAHDI pseudo device
It seems the dahdi kernel module is not started or not compiled/available for your running kernel. It is possible you have upgraded your kernel and restarted your system. Try restarting the dahdi by using the command:
/etc/init.d/dahdi restart

If it doesn't fix the issue, try recompiling dahdi module, going in /usr/local/src/dahdilinux-complete-* and running:

make install
/etc/init.d/dahdi restart
The web interface session is expiring too often, I need always to reauthenticate, how can I make it run longer?
You should change the session timeout value in php.ini and then restart the web server process, by default is 2880 seconds, set as long as you like
session.gc_maxlifetime = 2880
How can I upgrade to PHP 5.5 to use AWS S3 Storage?
System is now shipped with PHP 5.5 already installed, but previous installations were using the standard PHP version which is not suitable for AWS S3 because it requires PHP 5.5. On CentOS 6 64bit You can upgrade with the following steps:
rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
yum -y install yum-plugin-replace
yum replace php-common --replace-with=php55w-common
yum install php55w-opcache
rpm --import https://mirror.webtatic.com/yum/RPM-GPG-KEY-webtatic-andy
service httpd restart
How can I change the server IP?
To change the server IP you need to refer to your OS documentation, but after you have changed your IP, there are a series of changes to be applied to MiRTA PBX:
  • /etc/odbc.ini, /var/www/html/pbx/include/db.inc.php and /var/lib/asterisk/agi-bin/include/db.inc.php – contain the IP for the database server. If you are running a cluster with MySQL multimaster replication, please refer to MySQL documentation on how to change a node IP and realign the replication.
  • /etc/asterisk/sip.conf – contains the server itself definition used to allow the server to call itself. If you are running your server behind a NAT, it can be needed to change also the externip parameter. Once changed, you need to reload SIP (asterisk -rx 'sip reload'). Please note all extensions will be deregistered.
  • /etc/asterisk/manager.conf – allows the web interface to access the manager interface. Once changed, you need to reload the manager interface (asterisk -rx 'manager reload')
  • /etc/hosts – it is important to have the server host to resolv correctly to the new IP. Please don't use as server IP
  • /var/lib/asterisk/agi-bin/devstate.conf.php – lists the servers available in the pool to distribute the extension state. Status exchange is done over port 19771 using UDP protocol. Once the new IP has been inserted, you need to kill devstatesender.php and devstatereceiver.php processes, these will be automatically restarted.

Finally, you need to change the server IP defined in the web interface, using Admin/PBX Nodes. It can be a good idea to update the Always Allowed IP in the Admin/Security/GeoIP Fail2ban. It can be possible you need to request a new license for the server due to the change in IP. Please remember asterisk will still works and call will be processed normally even with an expired or not valid license.

I want to put an additional firewall, which ports need to be open?
You can identify three kinds of connections:
  1. Connections from outside: your clients will need to connect to port tcp/80 and tcp/443 for web interface, udp/5060, tcp/5060, udp/5080, tcp/5061, tcp/5081 for SIP and from udp/10000 to udp/20000 for RTP (audio). If you have enabled multimanager, open port tcp/5039
  2. Connections between multiple servers: your servers need to talk each other in several ports. In addition to the above ports, you'll need to open tcp/5038 for manager, tcp/3306 for MySQL, udp/19771 for devstate alignment
  3. Connections from management servers: please keep open port tcp/22 from my IP and port tcp/5666 from Nagios server, if service subscribed.
I am a bit worried about memory usage, I see the server has only few megabytes free

Just checking the availabile free memory is not enough to understand the health of a system. You should sum up the free and cached memory. On a real busy server with Voipmonitor pumping a lots of megabytes in the database, it is easy to see an high usage of cached memory. If you feel safer to leave some memory free, you can force the system to release all the cached memory with the command:

echo 3 > /proc/sys/vm/drop_caches
I have lots of connections in TIME_WAIT state

You can mitigate this problem by instructing Linux to recycle old connections:

echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
My system is running very slow even if I have lots of RAM and lots of CPU

Your system can be running slow because you have power saving. You can check your CPU power saving mode with:

cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor

You can set all your CPU cores to "performance" by running

for CPUFREQ in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do [ -f $CPUFREQ ] || continue; echo -n performance > $CPUFREQ; done

If you are running CentOS 6, your kernel can have problems in dealing with large memory. It can be good to disable the memory defrag with

echo 0 > /sys/kernel/mm/transparent_hugepage/khugepaged/defrag
echo never > /sys/kernel/mm/transparent_hugepage/defrag
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/redhat_transparent_hugepage/defrag

You may want to try running on a newer kernel (but beware, dahdi may not compile) by installing a new kernel-ml repository using the following link


I can't connect to external services, like IBM Watson, it seems a certificate problem.

Like any other browser, your system needs to have a list of CA authorized to issue certificate. The one used by IBM Watson has been updated and you are not recognizing it. Please download the updated list of CA and then copy where curl is expecting it

curl-config --ca
wget --no-check-certificate https://curl.haxx.se/ca/cacert.pem
cp cacert.pem /etc/pki/tls/certs/ca-bundle.crt
How to configure a SFTP server

You can easily configure an SFTP server adding the user you want to use, adding a group sftpusers, putting the user in the group and then adding the following info in /etc/ssh/sshd_config

Subsystem sftp internal-sftp
# add follows to the end
Match Group sftp_users
  X11Forwarding no
  AllowTcpForwarding no
  ChrootDirectory /home
  ForceCommand internal-sftp
Which ports need to be open?

If you are running a single node, you need to open the following ports:

For SIP:


For RTP:

 From 10000 to 20000 udp

If you are running multiple nodes in cluster, you need to open also the following ports between the nodes:

For MySQL:


For extension state replication:


For manager:



MySQL replication is broken with "Relay log read failure: Could not parse relay log event entry. The possible reasons are: the master's binary log is corrupted (you can check this by running 'mysqlbinlog' on the binary log), the slave's relay log is corrupted (you can check this by running 'mysqlbinlog' on the relay log), a network problem, or a bug in the master's or slave's MySQL code. If you want to check the master's binary log or slave's relay log, you will be able to know their names by issuing 'SHOW SLAVE STATUS' on this slave.", how can I fix it?
MySQL multimaster replication needs some advanced MySQL skills. If you do not have them, it is better if you refer to MiRTA PBX support and subscribe a "Nagios monitoring and OS management" service. If instead you have the needed knowledge, understanding that a wrong action can get things worst and you may lose data, to recover from this problem you need:
  • Get the MySQL slave status with "show slave status"
  • Stop the slave replication with "stop slave"
  • Reset the relay log with "reset slave"
  • Reinitialize the relay log with "change master to master_log_file='<Relay_Master_Log_File>', master_log_pos=<Exec_Master_Log_Pos>"
  • Start the slave replication with "start slave"
I have lost the me_media table
It is easy to panic and to abruptly remove the big voipmonitor.me_media table who is filling your disk, but now you need to recreate it and maybe reduce the retention period for voipmonitor data file. I have created a script as protected/recreatememedia.php doing this job.
MySQL time is wrong
It is possible your mysql has no more valid timezone informations. Please run the following command:
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
I need to skip lots of voipmonitor add partition collisions

Why don't use a script like

 while [ 1 ]; do if [ `echo "show slave status for channel 'from_voip3_to_voip1'" | mysql -u root -ppassw0rd | grep voipmonitor | wc -l` -gt 0 ]; then echo "stop slave for channel 'from_voip3_to_voip1'; set global sql_slave_skip_counter=1; start slave for channel 'from_voip3_to_voip1'" | mysql -u root -ppassw0rd; fi; sleep 5s; echo "show slave status for channel 'from_voip3_to_voip1'\G" | mysql -u root -ppassw0rd | grep Seconds_Behind_Master;  done
MySQL max open file limit is 5000

The standard MySQL install has an open file limit of 5000 files. To raise this limit, edit the file /usr/lib/systemd/system/mysqld.service and set like

 LimitNOFILE = 32768

then reload the service with:

 systemctl daemon-reload
 service mysqld restart

If instead you still run CentOS 6, you can add the following to my.cnf and restart mysqld

 open_files_limit = 32768
I need to connect to MySQL using SSL

From version 4.0.13 is possible to connect to MySQL using SSL. A small change is needed on both /var/www/html/pbx/include/db.inc.php and /var/lib/asterisk/agi-bin/include/db.inc.php adding the following rows in the right place:



Can I use an extension to connect a remote PBX to the system?
Yes, but you need to enable the “trunk” feature for the extension or otherwise the Caller ID of the call coming from the remote PBX will be overwritten.
When I use server side attended or unattended transfer (#* and ##), there is no enough time to dial the destination extension!
The default timeout is set to 3 seconds, but the “transfer” message is played inside this time, so it may seem shorter. You can increase the timeout of the transfer by editing the /etc/asterisk/features.conf and changing the value for transferdigittimeout to the amount of seconds you like. Once done, reload the module from within asterisk with “module reload features”
When I try to recover the Voicemail, it says the PIN is invalid
Most of the time, there is a problem with DTMF, check the log for the call in /var/log/asterisk/full if you see this message:  dsp.c: Inband DTMF is not supported on codec g729. Use RFC2833 In this case, change the DTMF setting on the PBX from “auto” to RFC2833 and if possible, also on the phone


How can I get rid of the message "All of our representatives are currently..."
You need to set to 0 (zero) the Announce Frequency


Sometime the quality is really bad... is there anything I can do?
Try increasing the number of audiobuffers in meetme.conf and reload the module


A caller leaves a voicemail for an extension, but that voicemail is not appearing
The voicemail box can be locked, please check if in there a .lock file in the INBOX

folder, like in this example:

#find /var/spool/asterisk/voicemail/pulmonarycriticl/100/

Just remove it. About the source of the lock… maybe your asterisk server has crashed in the middle of a voicemail message.

MWI has stopped working, it is a periodic issue for my clients

Yes, MWI is often a problem and it is not clear where the problem is, if in the phones or in asterisk. In a normal SIP environment, the phone subscribe to MWI and start getting notify about the status. Subscription needs to be refreshed, like registration and this can be the source of the problem. To get rid of it, use "Externnotify"


Before doing it, you should check if the extern notification has been correctly setup in your system. Edit /etc/asterisk/voicemail.conf and check if the externnotify has been set as following.


If not, set it and reload voicemail module

I can't listen to voicemails anymore

It is possible you are running MySQL from MySQL repository and a bugged ODBC version has been installed. Any version above 8.0.11 has a problem affecting asterisk and until Asterisk or MySQL dev teams fix it, we need to run the old version.

 yum -y install yum-plugin-versionlock
 yum -y downgrade mysql-connector-odbc-8.0.11
 yum versionlock mysql-connector-odbc-8.0.11

Unfortunately a module reload doesn't work and you need to restart asterisk


Register attempts data

To enable the registration and subsequent consultation of access attempt edit


and change to yes the following parameter:

sip-register = no

Then restart Voipmonitor:

service voipmonitor restart


My clients are getting ghost calls from weird numbers not logged in MiRTA PBX
Those ghost calls are attempts made by “hackers” to place rogue calls, usually to premium rate numbers. They start by analyzing large part of Internet trying to connect to port 5060, the standard port used by PBX and phones. If they detect an answer, they try placing some calls using different formats. If one of these calls has success, then they start to send hundred of calls to premium rate numbers. They get some money rewards by phone companies. To avoid this issue, you can place the phone behind a firewall or NAT router, allowing only the PBX to connect or you can configure the phone to accept calls only from registered server. This option has several names depending by the phone brand.
When a call has no callerid, is received as “asterisk”. How can I change it?
You can change setting the “callerid” parameter in the sip.conf and then reload sip from asterisk. Remember it will disconnect all clients connected.
My Music on Hold is starting from the middle, but I want it to be started from the start each time
There are two ways to run Music on Hold... you can run a single process for all clients waiting in queue or you can start a new process for each of the clients. Obviously the first way is preferred if you have a big number of clients awaiting, but it has the drawback of having the MOH process to stream the music continuously, so a client joining the queue will start listening it not from the start. The second way can be activated by changing the musiconhold.conf and disabling cachertclasses
cachertclasses=no   ; use 1 instance of moh class for all users who are using it,                                                                                                                                 
                    ; decrease consumable cpu cycles and memory                                                                                                                                                  
                    ; disabled by default                             

This setting is PBX wide and cannot be turned on/off based on tenant

When I try to login into the web interface, an error message tell me "You are not allowed to connect right now, try later", but my username/password are correct
The problem is due to the fact someone from your IP has tried connecting too many times and the system has been configured to check for past failed attempts. You can disable the "Web fail2ban" by using SSH and editing the table se_settings. MySQL root password is "passw0rd"
echo "update se_settings set se_value='' where se_code='WEBFAIL2BAN'" | mysql -u root -p
When using Mail to Fax, I cannot acces my Gmail account, even if the password is correct
Gmail doesn't like you to access your mailbox over IMAP or POP3 too often. If you want to still access it every minute (the default Mail to Fax rate), you need to enable "Allow less secure apps". https://support.google.com/accounts/answer/6010255?hl=en
What should I enter to select "Voicemail Same Number" in an extension field in the New Items Defaults?
I enabled Google ReCaptcha with a wrong configuration and now I can't login anymore
Please connect to your database server and run:
echo "update se_settings set se_value='' where se_code='USERECAPTCHA'" | mysql -u root -ppassw0rd asterisk
What are the devstatesender and devstatereceiver processes for?

The devstatesender.php and devstatereceiver.php are two processes that need to be always running. They are run at startup by /etc/rc.local using two scripts, restartdevstatesender.sh and restartdevstatereceiver.sh. When one of the PHP process dies or it is killed, the sh script will run it again. You should never run them manually, but always let the sh script to run them. If the sh scripts are not running, you may think of restarting the server or run them manually by executing the script as shown in /etc/rc.local.

This PHP scripts read the AMI events from one of the servers and distribute them to all other servers. These pair is scripts is needed to run even if there is a single node in the cluster.


How can I avoid to receive a new call while I am already in a conversation?
You can receive another call while on line because the feature “Call Waiting” is active on your phone. Turn it off and the second call will get a BUSY signal. Disabling on the phone depends by the phone model, for example on Yealink it is here:
Yealink callwaiting.png
How can I allow a SNOM phone to auto answer on paging?
SNOM has a security setting to prevent auto answer, so it has to be enabled to make it to work. On version V8 you need to go to Advanced / Behaviour (tab) / Phone Behaviour / Intercom policy
Snom intercom.png


My phone refuse to provision, but when I download the configuration, it seems perfect
If you are trying to provision over https, then check if the SSL certificate is valid. Phones require a valid certificate for provisioning. Verify the date and time on the phone because the certificate has a start and end date of validity. As last chance, try provisioning with http, but just to verify if the problem is in the certificate (some phones are really picky about certificates), then change the key and the extension password.


I have upgraded PHP to version 5.x/7.x but now my Admin/Settings is no more working
The Admin/Settings page and few others include the Ivona library and you need to upgrade the requirements, based on your php version. Please move in that directory and then update using composer:

cd /var/www/html/pbx/libs/IvonaSpeechCloudSdkPhp

php composer.phar update