PIONEERS Played with Kamailio?

kenn10

A lesser geek
Joined
Dec 16, 2007
Messages
1,009
Reaction score
207
FusionPBX is interesting but I found it nearly impossible to get it to work with a variety of different trunk providers. Flowroute was OK but I had a tough time with Vitelity and even with a trunk from their recommended provider, VoiceTel. I never got Anveo to work. The trunking documentation was cryptic and the built in support for VoiceTel trunks did not work.

Going from FreePBX/Asterisk to FusionPBX/Freeswitch is not an easy transition for us long-term Asterisk folks. The FusionPBX documentation was not current for the current release. Sometimes, its a lot easier to stick with what you know and not change for the sake of change.
 
  • Like
Reactions: wardmundy

krzykat

Guru
Joined
Aug 2, 2008
Messages
1,579
Reaction score
427
Location
South Florida
I cant disagree necessarily , my use case has been to replace lterally dozens of 3 to 20 seat small pbx's running under freepbx on 5 dollar a month machines into two 5 dollar a month fusionpbx machines running mostly redundant. Not perfect yet but certainly better than before (and further with painless faxing) . All use domain names, all use tcp/344553;-) nothing has been compromised or even snooped past one packet in months.
So you've been able to replace those PIAF boxes on Vultr or Digital Ocean or the like - with Fusion? How is the BLF functionality?

I was thinking to keep my vultr boxes and adding a Fusion for failover usage only until I had a good enough handle to do what you are proposing.
 

dicko

Still learning but earning
Joined
Oct 30, 2015
Messages
667
Reaction score
247
So you've been able to replace those PIAF boxes on Vultr or Digital Ocean or the like - with Fusion? How is the BLF functionality?

I was thinking to keep my vultr boxes and adding a Fusion for failover usage only until I had a good enough handle to do what you are proposing.

Not actually PIAF boxes, just generic debian/FreePBX. All works as advertised. Use the private network on eth1 in vultr for security and only accept domains
 

KUMARULLAL

Guru
Joined
Feb 20, 2008
Messages
212
Reaction score
16
Trying to understand use case scenarios of dsiprouter. As far as I understood, dsiprouter is a sip rpoxy with Kamailio with minimal functionalities.
It is geared towards sip trunk providers and hosted pbx providers.
I would appreciate if others join in and add use case scenarios in this post.
OK. Here goes.
You define your carriers groups in dsiprouter. (These are your SIP trunk providers)
You define your domains (each domain can server as a proxy for 1 or more PBXs) So domain is something like customers.
I have only created a domain with "Pas through to PBX".
Can someone explain what is "Realtime DB" and Local Subscribers Table" and what are the advantages using them

You then add DID (Purchased from your SIP trunk providers) to dsiprouter, and inbound DID mapping to PBX.s (each DID is assigned to a unique PBX), By PBX i mean freepbx, not fusionpbx
Then you define global outbound routing and assign carrier ID to each route in dsiprouter.

Use case scenario 1:
The endpoints (Ip phones or spft phones) registration is pointing to dsiprouter with the extension credentials taken from the unique pbx behind dsiprouter., and this gets registered. (Softphone example: Domain/realm is the domain where the PBX is assigned to in dsiproute. user is extension and password is secret of that extension taken from freepbx. Server = IP address of dsiprouter)

Advantage 1: your freepbx if it is behind NAT can have it's own local extensions directly registering to PBX. However, remote extensions canregister to the proxy (dsiprouter) This way, ideally, there is no worry about allowing whitelisted IP on freepbx for remote extensions.

Advantage 2: If your PBX is in the cloud, there is no need to whitelist every extensions WAN IP address (From different locations) in the IPTABLES.

Advantage 2: A single SIP trunk though a carrier group in dsiprouter can be shared among multiple PBXs. The only thing that isolates the PBXs are the DIDs.

The use case, that I am still not able to understand are the following:
Kindly provide your input.


Use case scenario 3: Central Phone provisioning through dsiprouter. Can someone explain how?

Use case scenario 4: Shared line key. If I have 25 extensions, how does it work in this case? :

Use case scenario 5: Reroute traffic due to failure of a PBX. Also provide High Availability for the PBXs How does this work?

.
 

KUMARULLAL

Guru
Joined
Feb 20, 2008
Messages
212
Reaction score
16
I don't know whether Kamailio has this, but OpenSIPS has a feature called mid-registrar. (https://www.opensips.org/Documentation/Tutorials-MidRegistrar) This would eliminate having to set up your endpoints on the Kamailio server. Just pass through registration requests to Asterisk and if Asterisk agrees that the phone authenticated, then OpenSIPS considers it registered and stores the location at the proxy. This would also work well with your back-end redundancy plan.
Please refer to my earlier post. Dsiprouter does this. When you create a domain in "pass through to PBX" mode, you dont have to create the end point on dsiprouter (kamaqilio). It directly registers to freepbx behind kamailio.
 

dicko

Still learning but earning
Joined
Oct 30, 2015
Messages
667
Reaction score
247
FreePBX can't use realtime

Central Provisioning although possible (the server just serves files) is likely best left to the individual PBI (works well on FusionPBX, can't speak for FreePBX)
SLA/SCA on Asterisk is still a pipe-dream but feasible with FusionPBX

https://freeswitch.org/confluence/display/FREESWITCH/Shared+Line+Appearance

There was a lovely HA script for FusionPBX but apparently currently broken by PostGres

https://www.pbxforums.com/threads/tutorial-creating-a-two-node-fusionpbx-cluster-the-easy-way.126/

DigitalDaz won't rewrite it for understandable reasons so you could DIY using his method.

FreePBX could be be HA with glusterfs and corosync but it ain't trivial ;-)

For HA dsiprouter in the cloud , it is "coming soon"
 

KUMARULLAL

Guru
Joined
Feb 20, 2008
Messages
212
Reaction score
16
Thanks dicko for your response.
@dicko "FreePBC can't use realtime"
When you create a domain in dsiprouter the option is "Realtime DB (aka Asterisk Realtime)" I vaguely remember that this option will interact with a asteriskdb in real time. Whereas "Local subscriber table" is probably the Asterisk Auth credentials. However, there is no article on this including the dsiprouter documentation.

My understanding as far as HA and PBX redundancy pertaining to Kamailio should be using a different mechanism vs Corosync, mainly because the idea is to manage 100s even 1000s PBXs on the fly. I think it should be a combination of Kubernetes/Docker with nginx as HA proxy. In fact I pulled a freepbx docker image from dockerhub and created a few containers from it. However, it has many modules missing. I am still playing with that image. I was looking for a docker image for fusionpbx, but it is a stale image and does not work.
If you are in the shell of dsiprouter (Debian 9) docker is already installed and there is latest nginx image downloaded during the install process. It however, is not running. issue this command "docker images" and you will see an nginx image sitting there. Also issue this command "docker ps -a" you will see an nginx instance was created with the command "nginx -g 'daemon ofâ¦" during installation.

dicko, I was very much interested in your post above
"Vultr or vsp offering private network for traffic between instances

Dsiprouter at your donain.name routing and Sipproxying to your 10.n.n.n network

Lots of FusionPbxes (possibly on the same machine) connected to kamailio on 10.n.n.n

Phones registering to

[email protected]:55123
[email protected].domain.name:55123"


Can you please elaborate on it and explain it.
By the way, Vultr allows you to install proxmox on their instances, but cannot run KVM vm because VT is not enabled. However, lxc containers can be created. I have created lxc container and installed fusionpbx on it. It works flawlessly.
Thanks and Regards
 
Last edited:

dicko

Still learning but earning
Joined
Oct 30, 2015
Messages
667
Reaction score
247
Asterisk can do realtime very nicely, FreePBX can't, its bound to its mysql tables

I believe I suggested corosync and glusterfs for Asterisk. There are plenty of recipes for Redundant Kamailios it's all about network protocols

The rest all work for me , but as I said obliquely "I won't be doing that for you". Be a big boy and follow the yellow brick road . . .
 
  • Like
Reactions: krzykat

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,234
Reaction score
2,667
Just a heads up for dSIPRouter fans. We've found an inexpensive VPS provider that supports Debian 9 which provides added flexibility in setting up dSIPRouter. For example, you can proxy audio traffic and proxy audio traffic behind NAT with Debian 9, neither of which you can do with CentOS 7,

SnowVPS is $12/year for OpenVZ or $15/year for KVM. The beauty of KVM is it lets you block whole countries easily with IPtables and IPset.

Country listing with codes is here. IPset country zones available here.

First, modify your IPtables config file by adding the following in /etc/sysconfig/iptables:
Code:
-A INPUT -p tcp -m set --match-set china src -j DROP
-A INPUT -p tcp -m set --match-set russia src -j DROP
-A INPUT -p tcp -m set --match-set palestine src -j DROP
-A INPUT -p tcp -m set --match-set nkorea src -j DROP
-A INPUT -p tcp -m set --match-set ukraine src -j DROP
-A INPUT -p tcp -m set --match-set moldavia src -j DROP
-A INPUT -p tcp -m set --match-set netherlands src -j DROP
Here's the script to get the country-wide IP addresses gobbled up for your server. Run it periodically and when you reboot your server.
Code:
#!/bin/bash

cd /etc
service iptables stop
/usr/sbin/ipset destroy china
/usr/sbin/ipset destroy russia
/usr/sbin/ipset destroy palestine
/usr/sbin/ipset destroy nkorea
/usr/sbin/ipset destroy ukraine
/usr/sbin/ipset destroy modavia
/usr/sbin/ipset destroy netherlands

/usr/sbin/ipset -N china hash:net
rm cn.zone
/usr/bin/wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone
for i in $(cat /etc/cn.zone); do /usr/sbin/ipset -A china $i; done
/usr/sbin/ipset -N russia hash:net
rm ru.zone
/usr/bin/wget -P . http://www.ipdeny.com/ipblocks/data/countries/ru.zone
for i in $(cat /etc/ru.zone); do /usr/sbin/ipset -A russia $i; done
/usr/sbin/ipset -N palestine hash:net
rm ps.zone
/usr/bin/wget -P . http://www.ipdeny.com/ipblocks/data/countries/ps.zone
for i in $(cat /etc/ps.zone); do /usr/sbin/ipset -A palestine $i ; done
/usr/sbin/ipset -N nkorea hash:net
rm kp.zone
/usr/bin/wget -P . http://www.ipdeny.com/ipblocks/data/countries/kp.zone
for i in $(cat /etc/kp.zone); do /usr/sbin/ipset -A nkorea $i; done
/usr/sbin/ipset -N ukraine hash:net
rm ua.zone
/usr/bin/wget -P . http://www.ipdeny.com/ipblocks/data/countries/ua.zone
for i in $(cat /etc/ua.zone); do /usr/sbin/ipset -A ukraine $i; done
/usr/sbin/ipset -N moldavia hash:net
rm md.zone
/usr/bin/wget -P . http://www.ipdeny.com/ipblocks/data/countries/md.zone
for i in $(cat /etc/md.zone); do /usr/sbin/ipset -A moldavia $i; done
/usr/sbin/ipset -N netherlands hash:net
rm nl.zone
/usr/bin/wget -P . http://www.ipdeny.com/ipblocks/data/countries/nl.zone
for i in $(cat /etc/nl.zone); do /usr/sbin/ipset -A netherlands $i; done
iptables-restart

See item #7 of this Nerd Vittles article for more details.
 
Last edited:

dicko

Still learning but earning
Joined
Oct 30, 2015
Messages
667
Reaction score
247
Formatting error?


. . . The beauty of KVM is it lets you block whole countries easily with IPtables and IPset.

Country listing with codes is here. IPset country zones available here.

Here's the script to get the country-wide IP addresses gobbled up for your server. Run periodically and when you reboot your server.
Code:
cd /etc
/usr/sbin/ipset -N china hash:net
rm cn.zone
/usr/bin/wget -P . http://www.ipdeny.com/ipblocks/data/countries/cn.zone
for i in ; do /sbin/ipset -A china ; done
.
.
.
might be better as

for i in $(cat cn.zone) ; do /sbin/ipset -A china ; done

While I am at it due to recent activity over many servers, I would add IS (iceland) to the list.

And add all OVH. AWS. Micro$oft and google address Spaces ( and a number of other 'hosters') that are in the second degree "bad actors" who regularly host rogue machines and never respond to complaints
 
Last edited:
  • Like
Reactions: wardmundy

ou812

Guru
Joined
Oct 18, 2007
Messages
465
Reaction score
70
Has anyone been able to get endpoints registered directly to asterisk to be able to call endpoints registered to asterisk which passed through dsiprouter.
the external endpoints can call anyone internal or pstn but can't be called by anyone even internally.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,234
Reaction score
2,667
We've refined the ipset script above... so that it now works. :wub:

Thanks, @dicko.
 
Last edited:

ou812

Guru
Joined
Oct 18, 2007
Messages
465
Reaction score
70
Has anyone been able to get endpoints registered directly to asterisk to be able to call endpoints registered to asterisk which passed through dsiprouter.
the external endpoints can call anyone internal or pstn but can't be called by anyone even internally.
I rebuilt Dsiprouter today and now I have calling in both directions from internal extensions, this time I used the third install option for Debian "behind nat" not sure if using this option was the answer or if some corrections were maid in dsiprouter but it's working now.
 

Members online

No members online now.

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,449
Messages
138,027
Members
14,613
Latest member
roshan2019