TUTORIAL U Need Travelin' Man

[virshu]

yumbaman
methinks, you are asking two separate questions...

1. you need to have ipchecker in cron in order to keep FQDN checked and iptables updated. It doesn't get installed into crontab automatically; the manual discusses what's the best frequency to have;
2. when ipchecker runs, how does it update "administrator" (or primary) FQDN, since there is no .iptables file for it and it is not in the account[] array. Well, Ward says it does, but I was curious as well... It looks that /etc/sysconfig/iptables has admin FQDN in it; and when ipchecker calls iptables-restore, it resolves FQDN into (potentially, new) IP addresses. So, as long as don't run iptables save (and the manual tells you in bold letters not to do that) - your admin IP will be current. And if that is not enough - trust me, it does get updated! And if you can't trust me - who can you trust in this world!

 

[yumbaman]

I believe I understand now. Would it be correct to say that you also need another account to create an .iptables file and edit ipchecker with that table name? It seems without an account set in the parameters at the beginning of the script it would error out or render the script useless. But again, I am still learning all of this and since dynamic IP's are such a big part of my new install, I need to make sure I have it down pat. Thanks everyone.

 

[virshu]

I think without any FQDN in *.iptables files you may just cron

iptables-restore /etc/sysconfig/iptables

. Which leads me to an observation: if the "secondary" FQDNs are absent or haven't changed, then $restartflag remains 0. And iptables are never reloaded, and changes in "primary" FQDN are never refreshed. I first thought that my primary.iptables is more of a belt and suspenders type of thing; but now it looks like it is necessary (obviously, I can remove restartflag logic as well)

 

[sukasem]

I can confirm that Admin/Primary FQDN will not get checked. Either, this primay/admin FQDN have to translate to static IP or you have to create an account (add-fqdn) for it.

Good thing I didn't read everything when install and didn't pay attention on Admin FQDN thing. I just create account for my dynamic IP right after installation finished.

BTW, if you have one account that IP change quite often like cellphone wifi/3g, everything will get updated anyway when iptable restart.

 

[wardmundy]

We will modify the code to automatically alert users of the need to also make an add-fqdn entry for the primary server if the FQDN points to a dynamic (changing) IP address. For the time being, if you are using an FQDN for your primary server and it points to a dynamic IP address, be sure to manually add the same FQDN using add-fqdn as well. This will assure that dynamic IP address changes force refreshes of IPtables. Thanks.

 

[steveli]

Hi,

First I would like to say thank you for making such an incredible product. I have been using it at home for quite a few years now with no problems at all.

Although just this week I changed out my router and everything seems to of come down with problems.

I had no previous problems before with Travelin' Man 3 but after I changed my router when I install travelin' man 3 I get this error:

What is the IP address or FQDN of your Administrator's PC?
This is the PC that will be used for root access to your server.

10.10.1.9

















Invalid FQDN. Invalid IP address. Please try again.

I've tried with my previous virtual machine and also on a new one and this error keeps happening. Could you instruct me on how fix this?

Thanks in advance!

 

[wardmundy]

Use the public IP address.

 

[wifinetguy]

Troubleshooting is pretty straight-forward. I would add that once you get this working, you really need to lock down the extension permit to just the LAN subnet, or it's all a waste of time.

If you have the permit wide open, then Travelin' Man really doesn't come into play so you either have a problem with your hardware firewall's settings or with IPtables. So I'd shutdown IPtables momentarily and see if that helps: service iptables stop.

You'll also want to look in /etc/asterisk at the files named XXX.inc where XXX is your extension number. First, is it there? Second, what's in it? After you run Travelin' Man on your phone, it should have the IP address of your phone like this example:




If not, then your firewall or IPtables is blocking access. If IPtables is turned off and it's not there, then it's your hardware firewall.

If it is an IPtables problem, then look at iptables in /etc/sysconfig after running iptables -nL. Travelin' Man stuffs a temporary ACCEPT entry for the remote IP address near the bottom of the list and just above the Fail2Ban Chains. Is it there?

Ward, I'm a little lost. First of all, I can connect when on my LAN (via WiFi) on my Bria softphone on my iPhone. When I turn off WiFi, run the Travelinman icon, I get the correct confirmation but Bria just tries to register and times out. If I turn off iptables as you suggested above, it works fine. I've checked to make sure my xxx.inc file is correct. BTW, my extension is 202 so I have a 202.inc with the correct entries in it.

Currently, my permit and deny are 0.0.0.0/0.0.0.0. Not sure where to go from here.

 

[wardmundy]

Please post sanitized results from iptables -nL. The xxx.inc files are for Travelin' Man 2 which does not use IPtables. Whitelists are part of Travelin' Man 3.

 

[wifinetguy]

Please post sanitized results from iptables -nL. The xxx.inc files are for Travelin' Man 2 which does not use IPtables. Whitelists are part of Travelin' Man 3.

Attached.

 

[wardmundy]

Take a look at the tutorial for Travelin' Man 3. You've got to add the IP address of your cellphone. It will change as you move around so you probably need to use a dynamic FQDN to reset it as it changes. There's an Android client to handle the updates. Then there's a script for Travelin' Man 3 to check when the address changes and restart IPtables.

 

[wifinetguy]

So was it unnecessary to install TM2?

 

[wardmundy]

So was it unnecessary to install TM2?

Not required.

 

[wifinetguy]

So, if TM2 isn't required, and I already have TM3 installed, can I uninstall TM2? If so, how?

Thanks, again, for the help.

 

[wardmundy]

1. At the command line, remove the include statements from /etc/asterisk/sip_custom_post.conf.
2. In FreePBX, change any unwanted permit entries to 0.0.0.0/0.0.0.0 for your extensions.

 

[wifinetguy]

Thanks, wardmundy.

 

[nahrwoldinternet]

I'm trying to set this up for my church, and it seems to be working great on my android. I've got Travelin' Man 3 running with FQDN updates from no-ip.org and Dynamic DNS Universal Client android app. Unfortunately my pastor (the one who will eventually approve this setup), as well as about half of the staff use iPhones. I've seen your warning that only jailbroken iPhones can run dynamic DNS updates, and I don't think I'll be jailbreaking all of their phones anytime soon. Is there a way to combine Travelin' Man 2, where the iPhones can log in via the web interface, and Travelin' Man 3, where the androids and laptops can update their IP's automagically?

 

[wardmundy]

You could add an IPtables rule that allowed through connections with a certain User-Agent string, but the problem is that anybody can spoof that string, especially for iPhones. If you go the Travelin' Man 2 route, you probably need to use it for everybody in order to keep your server secured.

 

[jeff.h]

Just installed this on a PIAF-Green box and noticed that it took all the fail2ban chains out of iptables that the PIAF install originally put in. Is that a problem?

 

[wardmundy]

You've run secure-iptables, correct??