SOLVED iPBX and HiFormance

[geopeterwc]

@wardmundy I'm probably overlooking "the obvious" in building my IncrediblePBX13-13 at HiFormance. Or, maybe it's just being a noob to cloud VPS services? I've built enough iPBX systems on physical hardware, but this is my first foray into the cloud services. In this case, I'm upgrading from an ancient version 3.0.6.6 PIAF that has served me well. (I know ... cut and paste.)

The initial startup configuration went OK, though it took longer for the IncrediblePBX13-13 instance to be ready for configuration. I have successful defining Vitelity DIDs and extensions on the HiFormance installation - and the extensions appea to be functional on my LAN.

My unresolved questions are the following:

1. How to establish a functional 'host name' for the server? I am using the assigned IP address to configure the local extensions.
   
2. How to get the email function (for system messages, minimally - ultimately to deliver voicemail messages to email) to function?
3. The upgrade to latest Asterisk 13 (described in the One Minute Cloud VPS on Nerdvittles.com) is long and involved. Is a script available that can perform the upgrade without manual intervention?
4. How do I access the system GUI or root if I'm away from my local network? Some variation of "Travlin' Man"?

Thanks for all that is Incredible!

/Pete./

 

[wardmundy]

@geopeterwc:
1. First, change it in your VPS Control Panel. Then login as root and put your hostname.somewhere immediately after the IP address on both lines in /etc/hosts.
Then chattr +i /etc/hosts.
Then reboot.
Check to be sure it stuck.
2. Item 1 will fix it. If you still have problems sending email, add the following to /etc/rc.d/rc.local and reboot:
hostname yourFQDN.somewhere.com
3. See today's Nerd Vittles article.
4. TM3 is baked in. Just use add-ip, add-fqdn, or PortKnocker for access.

 

[geopeterwc]

@wardmundy ... regarding your response, #1 above ... does the hostname.somewhere have to be a routeable UNC? ie, can I use an address from NoIP.com, for example? What about MX records, etc. on the UNC?

And #4 ... I wasn't clear. (or maybe I'm just not understanding your answer) I want to be able to admin the iPBX installation on HiFormance from other than my home network. How do I go about using add-ip, add-fqdn or PortKnocker from a computer keyboard?

Thanks for things incredible!

/Pete./

 

[wardmundy]

The hostname has to be valid. You can use noreply.incrediblepbx.com if you need one.

4. As with other Incredible PBX implementations, your server has a preconfigured IPtables whitelist of computers that can connect to it. If your remote PC isn't in the list, you can't connect. So add it in with an SSH connection from a machine that's already in the whitelist. If you haven't got one, you can do it from the HTML5 console in the HiFormance Control Panel, or you can temporarily disable IPtables long enough to get in and add it: service iptables stop.

 

[geopeterwc]

OK ... so my travels have ended ... and I've added the non-home network IP address using add-ip and permit the remote remote IP address to access to my HiFormance iPBX configuration via SSH and WEB.

Now I'm concerned that unless I remove the permitted IP address that it will remain in iptables (and fail2ban?) without specific action to remove the address.

How do I change the configuration so that I can sleep well at night?

 

[mainenotarynet]

Look in /root/ for the name you gave in creating the access.

e.g if you did ./add-ip the_house 1.2.3.4 you should find an entry in /root that say the_house.iptables

now ./del-acct the_house (may be it's del-account but I think it's the shorter one -- the command is also in /root/ just do ls to find the command

 

[geopeterwc]

@mainenotarynet Thanks, Kevin! Worked perfectly.

I discovered that the entire temporary account, i.e., the_house.iptables must be specified with the ./del-acct command. Hopefully my concerns, together with your guidance and the information provided by Ward will also help others who stumble through the iptables and fail2ban jungle!

/Pete./

 

[geopeterwc]

Well, all seemed to go well to delete the temporary entries into iptables using the ./del-acct routine until I tried to use secure FTP (using FileZilla) and SSH (using puTTY) into my VPS server at HiFormance from my home IP address. Both now fail to connect to the server.

I've stopped and restarted iptables and fail2ban, and tried to SSH to the server with both services stopped. No such luck. I'm able to access the command line using the HTML5 Serial Console without difficulty as well as the system GUI using a browser.

I have used ./add-ip to add my home IP address, and rebooted the server multiple times, all without success.

Where have I gone off the tracks? Thanks for any insight.

/Pete./

 

[geopeterwc]

Well ... I have no clue what happened when I reported that SFTP and SSH were blocked from my home IP address - the same address that was used to initially set up the HiFormance Incredible. Incredibly, things are working normally now. Maybe rebooting the server from the HiFormance Control Panel as well as from the HTML5 Serial Console made the change and it took 12+ hours for it to resolve??? Or, maybe I am just lucky? ... or just experiencing some quirky VPS behavior?
/Pete./

 

[dwlima]

How do I point my Panasonic KX-TGP500 to hiformance. On the Panasonic SIP settings, for line ID, Registrar service address, Proxy and Process Server Address, and outbound proxy server, I switched them all from my former local IP address where the pi was to "noreply.incrediblepbx.com" and have the hiformance host name set to "noreply.incrediblepbx.com." I also tried setting the Panasonic settings to"localhost." I am positive the extension and secret are the same between Panasonic and Asterisk Extension.

Also, on the hiformance side, /etc/hosts shows:
xxx.xx.xx.xx noreply.incrediblepbx.com IncrediblePBX.local localhost localhost6.localdomain6 localhost6 noreply localhost.localdomain
127.0.0.1 localhost.localdomain localhost IncrediblePBX.local localhost4.localdomain4 localhost4 pbx.local noreply.incrediblepbx.com hiformance.incrediblepbx.com

 

[mainenotarynet]

OK, I don't think you own incrediblepbx.com and I doubt that the ones who do would point an A record to your PBX, so go to hiformance control panel for your Account and find your PBX instance's IP address and use thAt in the configuartion of your devices.

The lines:

xxx.xx.xx.xx noreply.incrediblepbx.com IncrediblePBX.local localhost localhost6.localdomain6 localhost6 noreply localhost.localdomain
127.0.0.1 localhost.localdomain localhost IncrediblePBX.local localhost4.localdomain4 localhost4 pbx.local noreply.incrediblepbx.com hiformance.incrediblepbx.com

are created when built. Unless you have a FQDN (Fully Qualified Domain Name -- something you purchase and have DNS records control on) these are fine . The xxx.xxx.xxx.xxx that you kept from showing IS the IP you want to use.

 

[kmcdaniel]

@geopeterwc:
1. First, change it in your VPS Control Panel. Then login as root and put your hostname.somewhere immediately after the IP address on both lines in /etc/hosts.
Then chattr +i /etc/hosts.
Then reboot.
Check to be sure it stuck.
2. Item 1 will fix it. If you still have problems sending email, add the following to /etc/rc.d/rc.local and reboot:
hostname yourFQDN.somewhere.com
3. See today's Nerd Vittles article.
4. TM3 is baked in. Just use add-ip, add-fqdn, or PortKnocker for access.

Can someone provide some clarity to get outgoing email working on HiFormance? I have tried the above and still no dice. Mail queue shows: Deferred: Connection timed out with myFQDN.dyndns.org.

 

[Trimline2]

Try the first two sections here - the 2nd paragraph helped me.

https://www.powerpbx.org/content/sendmail-configuration-centos-v5x-asterisk-v16x-freepbx-v24x

Edit: You do need to run paragraph 3 once changes are made and always backup prior to making changes.

 

[kmcdaniel]

Okay, so I got sendmail to send it to my Gmail address, but it will not send it to addresses at other domains? Any suggestions?

 

[omunni]

Ok.......I'm not sure if this should be moved to another post, the status here is solved, but I think my problem is related. I would also like to ask anyone to see if they can reproduce the problem. Yes ! this is IncrediblePBX13-13 from HiFormance.
I also had problems sending voicemail attachments. I followed the guidance given here and it worked. I was able to receive the voicemail notification and recording to my email account. Finally, problem solved or so I thought.

Then I realized my phone had a couple of voicemails that I never received in my email.
So here is the issue:
If I reboot the system Sendmail doesn't send the email. It shows running:
# /etc/rc.d/init.d/sendmail status
sendmail (pid 6051) is running...
sm-client (pid 6053) is running...

I use command:
# service sendmail restart
And it sends the email. Everything works as expected.

Problem : Reboot the server nothing gets send out. Restart sendmail it works again.
SO as long as I don't reboot the system I have no problems with sendmail and nothing to worry about.

Any ideas on how to resolve the above mentioned scenario ? Could it be a HiFormance Bug? Your input is appreciated.

@kmcdaniel see if restarting sendmail will make a difference ?

 

[kmcdaniel]

@omunni Thanks for the response. I tried and that did not solve. It only appears to "block" sending to certain email addresses. The root log shows:

The following addresses had permanent fatal errors -----
<the_email_other_than_gmail@some_domain.org>
(reason: 504 Need Fully Qualified Address)

----- Transcript of session follows -----
... while talking to mail.some_domain.org.:
>>> MAIL From:<root@incrediblepbx> SIZE=685
<<< 504 Need Fully Qualified Address
554 5.0.0 Service unavailable

 

[mjopling]

My guess is that your HiFormance IP address has been blacklisted due to SPAM email abuse by one of their previous clients. This happened to me. I had to make a request to be removed. Gmail may be utilizing a different blacklist service than your other email addressees. Check your email logs for details.

 

[kmcdaniel]

My guess is that your HiFormance IP address has been blacklisted due to SPAM email abuse by one of their previous clients. This happened to me. I had to make a request to be removed. Gmail may be utilizing a different blacklist service than your other email addressees. Check your email logs for details.

Gotcha that makes sense. Do you make the request to HiFormance?

 

[mjopling]

Google 'ip blacklist removal' for directions. I followed directions that were in my emailed to root on my HiFormance server using Read User Mail with the WebMin tool on port 9001 of your server. I could not find a copy of the original email so can not provide the precise directions I followed.

 

[mainenotarynet]

What makes more sense as mine works perfectly fine is read the reply:

----- Transcript of session follows -----
... while talking to mail.some_domain.org.:
>>> MAIL From:<root@incrediblepbx> SIZE=685
<<< 504 Need Fully Qualified Address
554 5.0.0 Service unavailable

504 need fully qualified domain address AND the MAIL FORM is <root@incrediblepbx> there is no TLD (.com/.net/.club/.org you get the idea

so check your hostname and hosts file make sure your REAL FQDN is the first one in the list after the HiFormance IP.

Also Ward had a NV article on using SMS to control Travlin'Man (voip.ms and another offered SMS on the lines) and in there was something to change in the SendMail program (so you could get texts sent to [email protected] (mainly I think it was setting up the receive part but it may have an effect on both.

Also check your Voicemail settings -- there is a place to place who the mail should come from -- mine is set to say Your Friendly PBX Voicemail System and comes from <[email protected]> (replaced for security but you get the idea).

The 554.5.0.0 Service unavailable is the mystery to me -- that was happening because I use an alias file in SSH as the Pager email was sending gobbedygook instead of the text I put in, so since Smartphones have email-like addresses I use pattern [email protected] in Freepbx and in the alias file have ext: email1, email2, email3...

but I do not remember how I got the 554 to go away but it did.

Try what I suggest and let us know (Oh if youwant to use the /etc/aliases file to send to more than one email (found I couldn't do it right in FreePbx -- oh how I tried) you must run command newaliases right after so the new entries take effect.