1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. If you had a PIAF Forum account in the vBulletin days, log in with your old credentials. Otherwise, sign up again and we'll get you back in business as soon as we can.
  3. A serious FreePBX vulnerability has been reported. Update your Framework Module immediately. Click here for details.
  4. Critical FreePBX vulnerability! Update your server immediately. Details here.

TUTORIAL U Need Travelin' Man

Discussion in 'Add-On Install Instructions' started by wardmundy, Jun 28, 2010.

  1. wardmundy Nerd Uno

    If you travel for a living and use PBX in a Flash with the Incredible PBX back home, then you need our new (free) Travelin' Man app.



    [IMG]
  2. wardmundy Nerd Uno

  3. The Deacon Guru

    This ROCKS!!!

    I have one quick question Ward...

    When I run the script, I see this:

    On your hardware-based firewall, map TCP 83 and UDP 5060
    to the private IP address of your Incredible PBX. Then...
    Travelin' Man is accessible using public or private IPaddress
    or using your Fully-Qualified Domain Name (FQDN):
    Public: http://FQDN:83/12345/
    Public: http://123.456.789.000:83/12345/
    Private: http://192.168.1.2:83/12345/

    But in the NV article, it mentions opening ports 10000-20000 as well. I didn't see that mentioned above. I still need to forward those ports as well, right?

    -Rick
  4. wardmundy Nerd Uno

    UDP ports 10000-20000 are for RTP. One of those ports actually carries the voice for each call. They're already open in IPtables. Some firewalls can live without the mapping. Others can't. To be safe, just map them to your Asterisk server from your hardware-based firewall, too. Then you're all set.
  5. rossiv Guru

    Question:
    Should I be concerned if I am getting:
    Code:
    permit=192.168.4.2/255.255.255.255 enabled for #2003.
    
    instead of
    Code:
    permit=192.168.4.2/255.255.255.0 enabled for #2003.
    
    ?
    My subnet is 255.255.255.0, not .255.
    Is that just a typo?
    Thanks
  6. tomsyr Guru

    When you specify the last octet, you limit the range of IP's available. In the case you point out, (255) only one IP address is available, which you defined as being .2
  7. lopaka New Member

    I'm totally stoked on Traveling Man, but I have a couple issues I need help with now. I had to upgrade my PIAF system first as per directions. After doing so I lost zaptel so no biggie and I got that running by doing it manually. The system seems to be working but I lot all my webpage displays on the server. I get the main login page, punch in logon/pass and then get a blank screen in both IE8 and FF.

    Also travelin man works fine when I'm at home, but can't complete login when remote.

    I'm using sipdroid on nexus one. Any help greatly appreciated.

    Bob
  8. amygrant Guru

    If you can't login from remote via travelinman, that sounds like you have a firewall that is not forwarding port 83 or you don't have port 83 open on your piaf box

    When you try loading the travelin man webpage from remote, does it just hang on the loading screen and then timeout?
  9. lopaka New Member

    When I click the travelin man shortcut from remotely, I get the webpage and verification that my phone is approved. What I never get though is a successful sip registration through sipdroid.

    I have sipdroid configured like this

    username - phone extension
    password - xxxxxxx
    server = primary IP address of my home network
    domain - empty
    username/caller id - empty
    port 5060
    protocol - UDP

    Do I need to change any of the specific sipdroid settings?

    Thanks for the input!
  10. lopaka New Member

    Uncle Ward,
    I solved the missing gui by running the update-fixes a second time. Not sure why that worked but am happy I don't have to start over, hehe ;)

    Still need help on remote connection though.

    I'm running a WHR-HP-54G with tomato firmware and have port 83, 5060 & 10000-20000 forwarded to the PBX

    lopaka
  11. amygrant Guru

    What is the error sipdroid is giving you? Are you getting a timeout or authentication error?
  12. lopaka New Member

    Timeout. No authentication error. Thanks.

    lopaka
  13. amygrant Guru

    Ok, then I can pretty much guarantee you that it is a firewall issue.

    To make sure, jump into your piaf box and tail the asterisk log with the following command:
    tail -f /var/log/asterisk/full

    Then, try to logon using sipdroid. If asterisk is rejecting it because of an ACL issue regarding the IP address, then you will see something in your log. If you timeout and nothing appeared in the log, then you have a firewall blocking sipdroid from asterisk.

    Since you mentioned you put in port forwarding on your gateway/firewall I am guessing it is an issue with iptables on your piaf box but first lets see what happens in your log file...
  14. lopaka New Member

    Yep, looks like your right. What do I do to fix it?

    On the webpage I get: (edited so IP addy not visible) permit=63.193.xxx.xxx/255.255.255.255 enabled for #501

    but it appears the connection is denied at bottom....

    root@pbx:~ $ tail -f /var/log/asterisk/full
    [2010-06-29 20:18:49] VERBOSE[3821] logger.c: == Parsing '/etc/asterisk/713.in c': [2010-06-29 20:18:49] VERBOSE[3821] logger.c: Found
    [2010-06-29 20:18:49] VERBOSE[3821] logger.c: == Parsing '/etc/asterisk/714.in c': [2010-06-29 20:18:49] VERBOSE[3821] logger.c: Found
    [2010-06-29 20:18:49] VERBOSE[3821] logger.c: == Parsing '/etc/asterisk/715.in c': [2010-06-29 20:18:49] VERBOSE[3821] logger.c: Found
    [2010-06-29 20:18:49] VERBOSE[4154] logger.c: -- Remote UNIX connection disc onnected
    [2010-06-29 20:18:52] NOTICE[3821] chan_sip.c: Registration from '<sip:501@63.19 3.xxx.xxx/>' failed for '63.193.xxx.xxx/' - Device does not match ACL
    [2010-06-29 20:18:53] WARNING[3821] chan_sip.c: Got 404 Not found on SIP registe r to service yourname@inbound1.vitelity.net, giving up
    [2010-06-29 20:18:55] NOTICE[3821] chan_sip.c: Registration from '<sip:501@63.19 3.xxx.xxx/>' failed for '63.193.xxx.xxx/' - Device does not match ACL
    [2010-06-29 20:18:58] NOTICE[3821] chan_sip.c: Peer '501' is now UNREACHABLE! L ast qualify: 150
    [2010-06-29 20:18:59] NOTICE[3821] chan_sip.c: Registration from '<sip:501@63.19 3.xxx.xxx/>' failed for '63.193.xxx.xxx/' - Device does not match ACL
    [2010-06-29 20:19:03] NOTICE[3821] chan_sip.c: Registration from '<sip:501@63.19 3.xxx.xxx/>' failed for '63.193.xxx.xxx/' - Device does not match ACL
  15. amygrant Guru

    Ok, well the good news is there is no problem with your firewall. Your sipdroid is connecting to asterisk but asterisk believes your sipdroid should not be allowed to connect.

    The log is telling you the problem, ACLs. Go into your web interface for freepbx and look at the details for your extension 501. In the "Device Options" sections, what are the values you have for "deny" and "permit" ?
  16. wardmundy Nerd Uno

    Check for incompatible codecs.
  17. lopaka New Member

    deny 0.0.0.0/0.0.0.0
    permit 192.168.1.0/255.255.255.0

    As for codecs, I'm not sure where to check that. I can tell you that I've been using sipdroid at home and at work without problems (about 3 months), but just changed the server address from internal to external IP in the settings after setting up travelin man. I didn't change anything else.
  18. amygrant Guru

    Well, there seems to be the issue.

    With permit set to "permit 192.168.1.0/255.255.255.0" you are telling asterisk to only allow IPs from your internal network. Hence, when you try to use sipdroid to connect from the outside, asterisk looks at your permit/deny setting and refuses it and tosses the ACL error into your log.

    I haven't had time to play with TravelinMan yet. My understanding is that somehow it modifies your extension ACL to read these permit/deny settings from an external file. The external file gets written by php when you visit the special webpage on port 83.

    So, unfortunately this is now beyond my knowledge and experience. Sorry.

    Someone else needs to pick up the torch from here and run with it. I actually am interested in seeing the syntax that needs to be in place to correct this.
  19. lopaka New Member

    From different location I get this below. It looks like the PBX always sees the primary router address, rather than the external one that is being approved. In earlier post the results were from my home network, this one is from work. Do I need to change a setting in the router?

    failed for '70.91.205.xxx' - Device does not match ACL
    [2010-06-30 08:08:26] NOTICE[18579] chan_sip.c: Registration from '<sip:501@63.193.xxx.xxx1>' failed for '70.91.205.xxx' - Device does not match ACL
    [2010-06-30 08:08:30] NOTICE[18579] chan_sip.c: Registration from '<sip:501@63.193.xxx.xxx>' failed for '70.91.205.xxx' - Device does not match ACL

    lopaka
  20. amygrant Guru

    Well that shouldn't be happening.

    Regardless, your permit/deny setting would still cause asterisk to toss an ACL error and refuse the connection to extension 501 since your router is not within the 192.168.1.X IP range

Share This Page