1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. If you had a PIAF Forum account in the vBulletin days, log in with your old credentials. Otherwise, sign up again and we'll get you back in business as soon as we can.
  3. Guest: We think the problem with locked threads from long message subjects has been resolved. Post a link here if you still see a problem.
Cookies Welcome Back Long Message Subjects SOLVED

PIAF2 and Travelin' Man Incompatible?

Discussion in 'Bug Reporting and Fixes' started by merlyn, Jan 24, 2012.

  1. merlyn New Member

    is traveling man incompatible with incredible pbx3?

    Got a fresh install up and running asterisk 1.8 and incredible pbx 3.0. (free pbx 2.9) All my local phones connected as usual.

    I have 5 remote phones that i added their IP's to iptables and tried to register them. I also have their ip in the permit setting in the extention. They are not even hitting the box so i assumed iptables was blocking them.

    I am copying manually the settings from a previous incredible pbx install that of course was working.

    I noticed that traveling man was not installed so i attempted to install it.

    i used ...

    cd /root
    wget http://incrediblepbx.com/travelinman.tar.gz
    tar zxvf travelinman.tar.gz
    ./travelinman.x

    and here is results ...

    root@pbx:~ $ cd /root
    root@pbx:~ $ wget http://incrediblepbx.com/travelinman.tar.gz
    --2012-01-24 13:19:37-- http://incrediblepbx.com/travelinman.tar.gz
    Resolving incrediblepbx.com... 173.192.28.149
    Connecting to incrediblepbx.com|173.192.28.149|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 10659 (10K) [application/x-gzip]
    Saving to: âtravelinman.tar.gzâ

    100%[======================================>] 10,659 --.-K/s in 0.06s

    2012-01-24 13:19:37 (175 KB/s) - âtravelinman.tar.gzâ

    root@pbx:~ $ tar zxvf travelinman.tar.gz
    travelinman.x
    root@pbx:~ $ ./travelinman.x

    [1]+ Stopped ./travelinman.x

    Doesn't look good.
    anyone know how to register a remote phone other then using travling man?
    anyone else got traveling man working?

    PBX in a Flash PURPLE Status Program
    ──────────────────────────────────────────────────────────────────────────────
    ┌────────────────────────System Information───────────────────────────┐
    │ Asterisk = ONLINE | Dahdi = ONLINE | MySQL = ONLINE │
    │ SSH = ONLINE | Apache = ONLINE | Iptables = ONLINE │
    │ Fail2ban = ONLINE | Internet = ONLINE | Ip6Tables = ONLINE │
    │ Disk Free = ADEQUATE| Mem Free = ADEQUATE| NTPD = ONLINE │
    │ SendMail = ONLINE | Samba = OFFLINE | Webmin = ONLINE │
    │ Ethernet0 = ONLINE | Ethernet1 = N/A | Wlan0 = N/A │
    │ │
    │ PIAF Installed Version = 2.0.6.2 Running on *HARDWARE* │
    │ FreePBX Version = 2.9.0.7 │
    │ Running Asterisk Version = 1.8.8.0 │
    │ Asterisk Source Version = 1.8.8.0 │
    │ Dahdi Source Version = 2.6.0+2.6.0 │
    │ Libpri Source Version = 1.4.12 │
    │ IP Address = 192.168.11.190 on eth0 │
    │ Operating System = CentOS release 6.2 (Final) │
    │ Kernel Version = 2.6.32-220.2.1.el6.i686 - 32 Bit │
    │ Incredible PBX 3 Version = 3.0.3 │
    └─────────────────────────────────────────────────────────────────────┘

    merlyn
    merlyn, Jan 24, 2012
    #1

  2. darmock PIAF Developer

    That is one I have not look at yet sorry I am out of time these days between university and the incredible-backup 2.0 programs. Will try to get to it soon

    Tom
    darmock, Jan 24, 2012
    #2

  3. merlyn New Member

    Looks like I am destined to break stuff setting this up hehe.

    Oh well will do a fresh install again... who knows what attempting to install it did to my iptables.

    Basically i have no idea what magic traveling man does in the iptables file because i have never been able to reproduce what it does manually.

    And of course i hate to just map ports and open things up ... but i might have to until i can find a proper solution.

    Might try a VPN solution again ... didnt work out the first time i tried it. But now i NEED it to work.

    keep me in the loop .

    merlyn
    merlyn, Jan 24, 2012
    #3

  4. darmock PIAF Developer

    I haven't even looked at the code as it is Ward's baby....I will try to get to it on the weekend but who knows.... I may have to go diving on the weekend to keep my sanity.

    If you can survive with a softphone I use hamachi on the pbx and laptop and connect thru the vpn over 5.xxx addresses. It just works! Of course you have to open iptables to the 5. subnet but..... I have on my desk the latest openvpn stuff to test with centos 6..... but am overwhelmed at the moment, I know the softphone <> hamachi approach works.

    Tom
    darmock, Jan 24, 2012
    #4

  5. wardmundy Nerd Uno

    Until we can have a look, download the new TravelinMan2 as shown below or try this.

    Code:
    cd /root
wget http://incrediblepbx.com/travelinman2.tar.gz
tar zxvf travelinman2.tar.gz
chmod +x travelinman2.x
./travelinman2.x
    wardmundy, Jan 24, 2012
    #5

  6. merlyn New Member

    did a fresh install of asterisk 1.8 and incredible pbx 3.0. (free pbx 2.9).

    ran the script that ward linked above for traveling man v2 and it appeared to run without issue. The traveling man directory appeared under var/www/ as expected. Currently only the 32 bit version of PIAF is supported as told to me by both tom and ward

    I will need to set up the traveling man directory and run out to the remote site (10 minutes away) before i know if it really can register the phone or not. Currently all looks good. No reason to think it cannot register ... yet ...

    When the question ... Do your SIP extensions need to be locked down to your LAN? (y/n) came up when installing traveling man.
    I answered N for no since incredible 3.0 has already locked everything down. If for some reason nothing is working i might try Y for yes but i cannot imagine why i would need that.

    Thanks Ward and Tom for the quick help on this.

    will update thread when i try to register at remote sight.

    merlyn
    merlyn, Jan 24, 2012
    #6

  7. merlyn New Member

    Well 6 hours later I still have not been able to make this happen.

    Ran over to the nearest remote site multiple times and cannot get the usual traveling man splash screen up showing ip and ext number.

    Have not given up yet since this is far from my specialty. Tried calling a further remote site and walked then thru receiving email (with traveling man link to click ) and they also could not successfully connect to the traveling mans successfully connected screen. (they have a different router so this was a good test)

    So its either i have something fundamentally wrong (entirely possible ) or it is not making a proper hole in iptables for the initial web connection to go thru.

    I currently have the following ports forwarded to my PBX's private internal ip #

    TCP 83
    UDP 5060
    UDP 10000-20000

    could be my firewall blocking it even before it gets to the PBX still unknown ...

    will keep at it ...

    merlyn
    merlyn, Jan 25, 2012
    #7

  8. wardmundy Nerd Uno

    Try the other option in #5 above. it's probably easier to troubleshoot so see if you have a firewall issue.
    wardmundy, Jan 25, 2012
    #8

  9. ralfonzetti New Member

    I had the issue of not getting to the travelin man web page I realized all I had to do was to go to the Apache Server in Webmin, Go to Global Configuration, and add port 83 to Networking and Addresses.

    Voila the page came up.
    I tested using my cell phone and all works perfect.
    ralfonzetti, Jan 25, 2012
    #9

  10. merlyn New Member

    Yup tried it very late last night. sorry for not updating sooner it was a long night up searching for answers :)

    so the good news is 2 remotes are up and working currently . The others i will probably have to drive out myself and get working. Traveling man does not work for me at all. I had to manually set everything up. feel free to read the next few paragraphs for details if you are so inclinded.
    I do not recommed in any way leaving all the settings the way I am about to mention but it got it working now i can work backward and secure them up.

    As ralfonzetti said above i just CANNOT connect to the traveling man webpage. I noticed if I shut the server off it would time out trying to connect to the traveling man page. once the server was on it instantly would reject it. So i assume it is IPtables blocking it, so i went another way.

    Tried the cron job you mentioned above.

    I created a dynamic dns at no-ip.com for free, and manually updated it to the correct ip for now. Then i created a file (lets call it remote) with no extention name. Cut and paste in the script you posted ward. And threw the file into the etc/cron.hourly.

    After a few hours i checked /etc/sysconfig/iptables and nothing had changed. I had been doing shutdown - now like every half hour trying different things.

    fell asleep hard very early in the morning. Woke up to find iptables still had not changed. The no-ip.com name worked fine for tracert etc. and traveling man webpage still would not come up.

    Well that was about all i was gonna take from this machine. Went on a manual file editing rampage.
    I changed the following

    /etc/fail2ban/jail.conf and changed the ignoreip= line under [default] to list every ip I had ever had in the past decade and then some.

    /etc/sysconfig/iptables added same list of ips again under whitelist then for good measure added same list under -a input -s ip# -j ACCEPT. What does that do damn if i know but its gotta be closer to working then currently.
    also deleted one -drop as one of my local phones could not register for hours. After deleting it of course the local could register

    And finally I went into each remote extension and set every permit field to 0.0.0.0/0.0.0.0

    now dammit you better damn well register i think to myself.

    try rebooting and trying traveling man again no change ...

    drove to the nearest remote that very second determined it was going to work. And of course as soon as i rebooted the phone instantly registered.

    SO all i have to do now is reverse some of what i did that makes it less secure and see what makes a difference or not.

    merlyn
    merlyn, Jan 25, 2012
    #10

  11. Hyksos Guru

    Just trying to help,

    Even if you work it in reverse, I'm not sure you'll make it work. If I understand what you say you essentially opened (whitelisting) the firewall for the remote phones. A perfectly good solution if the remote phones are behind static IPs. When they change IP and get one that you did not white list it will stop working, hence why you were trying to use traveling man in the first place.

    After reading what you did it seem even in the end, you could not get the apache to serve up the page on a browser? The phone would register yes since you allowed it through the firewall but the webpage? It seems it never worked. Kinda proving the webpage problem is not related to the firewall, your hole worked for the phones... the firewall is letting that remote IP in but still no webpage?

    More so you seem to say the page does not even load on your lan and obviously your lan is whitelisted in the firewall... again not the firewall.

    Have you checked ralfonzetti post? It does seem like whatever you do, your apache won't serve the page to a browser, either local or remote. That is your problem and not if the phones register or not, I mean your primary problem.

    As long as you don't make the webpage work, you're essentially NOT using travelling man and are simply whitelisting specific IPs in the firewall which would work even without travelling man.

    Forget the phone, you need to see that webpage load then use it and see if travelling man is modifying the firewall and then check to see if the dynamic whitelisting is indeed allowing the phone in without all of your other modification to the firewall.

    And concerning the assumptions that because when the machine is off the website timeout and when the machine is on the website fails in a second does not prove the firewall is causing it. If my apache is not configured to serve a certain vhost, bind to a certain ip or port correctly or whatever, you will get instant failure on the browser also.

    What about your apache logs? They could be helpful and show if apache is being hit when you try to access that webpage? Does it show something?
    Hyksos, Jan 25, 2012
    #11

  12. merlyn New Member

    I can verify that this fix works fine.

    As ralfonzetti has already correctly diagnosed for whatever reason the travelman install script did not setup apache to listen on port 83.

    After added port 83 using webmin as described above the traveling man webpage comes up as it should.

    Well that's a relief ...

    thanks all.

    merlyn
    merlyn, Jan 25, 2012
    #12

  13. wardmundy Nerd Uno

    Sounds like ralfonzetti has the answer above. I've uploaded a corrected version of travelinman2.tar.gz with the fix. Hopefully, someone will try a new download and let us know.

    There's a new version of Apache in PIAF2, and the sed piece of code wasn't working. Looks like the syntax changed for listen in the new Apache config file...


    Code:
    # Open up port 83 access in IPtables
echo "Opening up port 83 in IPtables..."
service iptables save
sed -i '/\-A INPUT \-p tcp \-m tcp \-\-dport 80 \-j ACCEPT/ {
a\
\-A INPUT \-p tcp \-m tcp \-\-dport 83 \-j ACCEPT
}' /etc/sysconfig/iptables
service iptables restart

#Create travelman.conf in /etc/pbx/httpdconf
echo "Modifying Apache to support the Travelin' Man web site..."
echo "<VirtualHost *:83>" > /etc/pbx/httpdconf/travelman.conf
echo "    DocumentRoot /var/www/travelman" >> /etc/pbx/httpdconf/travelman.conf
echo "    Options -Indexes" >> /etc/pbx/httpdconf/travelman.conf
echo "</VirtualHost>" >> /etc/pbx/httpdconf/travelman.conf

# Add listening on port 83 to Apache configuration
sed -i '
/Listen [COLOR="Red"]\*:80[/COLOR]/ {
a\
Listen [COLOR="red"]\*:83[/COLOR]
}' /etc/httpd/conf/httpd.conf

service httpd restart

    The listen code should be...

    Code:
    # Add listening on port 83 to Apache configuration
sed -i '
/Listen [COLOR="Red"]80[/COLOR]/ {
a\
Listen [COLOR="red"]83[/COLOR]
}' /etc/httpd/conf/httpd.conf

service httpd restart
    wardmundy, Jan 26, 2012
    #13

Share This Page