PIONEERS Ready: Incredible PBX 13-13 LEAN

Joined
Oct 26, 2013
Messages
60
Reaction score
22
I notice the IncrediblePBX install script actually clones from the github repository the latest version of libsrtp, and then compiles and installs. The version of libsrtp that gets installed using this method is 2.2.0-pre. According to this link, they recommend staying with 1.5.4 in production systems:

https://wiki.asterisk.org/wiki/display/AST/libsrtp

I can confirm there are issues with libsrtp 2.2.0-pre. When I enable SRTP in Asterisk and on my phone, and place a call, Asterisk shuts down:

== Setting global variable 'SIPDOMAIN' to '10.0.44.1'
asterisk*CLI>
Disconnected from Asterisk server
Asterisk cleanly ending (0).
Executing last minute cleanups

I made some changes to the IncrediblePBX script to install libsrtp from the RPM on the EPEL repo, which is v1.5.4, by changing this line:

yum -y install --enablerepo="epel" php-mcrypt

to:

yum -y install --enablerepo="epel" php-mcrypt libsrtp libsrtp-devel

And commenting out the lines that install libsrtp from the Github repo:

# Commenting out for now to try older version 1.5.4
# cd /usr/src
# git clone https://github.com/cisco/libsrtp.git
# cd libsrtp
# ./configure CFLAGS=-fPIC
# make && make install
# echo "/usr/local/lib" > /etc/ld.so.conf.d/libsrtp.conf
# ldconfig


Now SRTP calls no longer cause Asterisk to shutdown...
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,071
Reaction score
2,597
Here are a couple of patches for Telephone Reminders in Incredible PBX 13-13 Enchilada:
Code:
rm -f /etc/pbx/httpdconf/reminders.conf.1
sed -i 's|$ttspick = 1|$ttspick = 0|' /var/www/html/reminders/index.php
service httpd restart
The first one fixes a problem with not being able to login with your Apache admin credentials. The second one was causing the Reminder messages not to be recorded with FLITE from the web interface. Installers have also been updated.
 
  • Like
Reactions: Jose Pinto

Jose Pinto

Member
Joined
Oct 26, 2017
Messages
148
Reaction score
20
Location
Ribeirao Preto - State of Sao Paulo - Brazil
Hi all
To @wardmundy
I need your help, please
I made a new server with 13-13 and then I upgrade it to Enchilda - is working fine, but I made a misktake when It ask me to change the passwords, I also write all the password that it ask me to, but at the end it ask to press any key to continue or ctrl c to exit, what I did is that I just copy all the text with the passwords and I press ctrl, so no password was assign, I already setup the http password because this I know but what I need it help to setup all others, can you help me?
Thank you very much for your time and attention
Regards
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,071
Reaction score
2,597
Hi all
To @wardmundy
I need your help, please
I made a new server with 13-13 and then I upgrade it to Enchilda - is working fine, but I made a misktake when It ask me to change the passwords, I also write all the password that it ask me to, but at the end it ask to press any key to continue or ctrl c to exit, what I did is that I just copy all the text with the passwords and I press ctrl, so no password was assign, I already setup the http password because this I know but what I need it help to setup all others, can you help me?
Thank you very much for your time and attention
Regards
Run: /root/update-passwords. If you don't have it...
Code:
cd /root
wget http://incrediblepbx.com/update-passwords.tar.gz
tar zxvf update-passwords.tar.gz
rm update-passwords.tar.gz
./update-passwords
 
  • Like
Reactions: Jose Pinto

Jose Pinto

Member
Joined
Oct 26, 2017
Messages
148
Reaction score
20
Location
Ribeirao Preto - State of Sao Paulo - Brazil
To @wardmundy
Problem instaling Let's Encrypt Certificate - Incredible PBX 13-13 with Enchilada using Centos 6.9
I just talk to Seth Schoen and Brad Warren both are Certbot EFF Engineer about the problems that I had to Install the Let's Encrypt Certicate using the post http://nerdvittles.com/?p=23520.
I will try to explaing what happens in other place not here.
Thanks
 
Last edited:

Enrico123

New Member
Joined
Apr 8, 2018
Messages
3
Reaction score
0
Hello to all :)
It's driving me crazy: I have Incredible PBX 13-13 with Enchilada on Centos 6.9 whit all the updates and upgrades, but I'm unable to run mt TDM800 Digitum card.
I tryed to install and reinstall everything from scratch, but when I try to install the DAHDI conf module I always got the same error and I don't know how to fix this and I've got to go on production within the next week. Any help will be very appreciated:

syntax error, unexpected $end in Unknown on line 20

Module Administration
Please confirm the following actions:
Upgrades, installs, enables and disables:
  • DAHDi Config will be upgraded to online version 13.0.33.12
Incredible PBX® and FreePBX® code is licensed pursuant to GPL
Click here to review license terms and usage conditions/restrictions
Incredible PBX is a registered trademark of Ward Mundy & Associates, LLC
FreePBX and Sangoma® are registered trademarks of Sangoma Technologies
Copyright © 2007-2018, Sangoma Technologies and Ward Mundy & Associates, LLC
Status
Please wait while module actions are performed
Downloading and Installing dahdiconfig
Downloading dahdiconfig 323221 of 323221 (100%)
Installing dahdiconfig
Untarring..Done
Checking tables...Done
11. Whoops\Exception\ErrorException
/var/www/html/admin/modules/dahdiconfig/functions.inc.php161
10. Whoops\Run handleError
<#unknown>0
9. parse_ini_string
/var/www/html/admin/modules/dahdiconfig/functions.inc.php161
8. dahdi_config2array
/var/www/html/admin/modules/dahdiconfig/includes/dahdi_cards.class.php1005
7. dahdi_cards read_dahdi_scan
/var/www/html/admin/modules/dahdiconfig/includes/dahdi_cards.class.php589
6. dahdi_cards load
/var/www/html/admin/modules/dahdiconfig/includes/dahdi_cards.class.php173
5. dahdi_cards __construct
/var/www/html/admin/modules/dahdiconfig/install.php650
4. include_once
/var/www/html/admin/libraries/modulefunctions.class.php2482
3. module_functions _doinclude
/var/www/html/admin/libraries/modulefunctions.class.php2434
2. module_functions _runscripts
/var/www/html/admin/libraries/modulefunctions.class.php1984
1. module_functions install
/var/www/html/admin/page.modules.php283
0. include
/var/www/html/admin/config.php385
 

Enrico123

New Member
Joined
Apr 8, 2018
Messages
3
Reaction score
0
Sadly always the same damn error

Whoops \ Exception \ ErrorException (E_WARNING)


syntax error, unexpected $end in Unknown on line 20

Upgrades, installs, enables and disables:
  • DAHDi Config 13.0.33.13 will be installed and enabled
Incredible PBX® and FreePBX® code is licensed pursuant to GPL
Click here to review license terms and usage conditions/restrictions
Incredible PBX is a registered trademark of Ward Mundy & Associates, LLC
FreePBX and Sangoma® are registered trademarks of Sangoma Technologies
Copyright © 2007-2018, Sangoma Technologies and Ward Mundy & Associates, LLC
Status
Please wait while module actions are performed
Installing dahdiconfig
Checking tables...Done
11. Whoops\Exception\ErrorException
/var/www/html/admin/modules/dahdiconfig/functions.inc.php161
10. Whoops\Run handleError
<#unknown>0
9. parse_ini_string
/var/www/html/admin/modules/dahdiconfig/functions.inc.php161
8. dahdi_config2array
/var/www/html/admin/modules/dahdiconfig/includes/dahdi_cards.class.php1005
7. dahdi_cards read_dahdi_scan
/var/www/html/admin/modules/dahdiconfig/includes/dahdi_cards.class.php589
6. dahdi_cards load
/var/www/html/admin/modules/dahdiconfig/includes/dahdi_cards.class.php173
5. dahdi_cards __construct
/var/www/html/admin/modules/dahdiconfig/install.php650
4. include_once
/var/www/html/admin/libraries/modulefunctions.class.php2482
3. module_functions _doinclude
/var/www/html/admin/libraries/modulefunctions.class.php2434
2. module_functions _runscripts
/var/www/html/admin/libraries/modulefunctions.class.php1984
1. module_functions install
/var/www/html/admin/page.modules.php297
0. include
/var/www/html/admin/config.php385
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
15,071
Reaction score
2,597
@Enrico123: I don't use DAHDI so I'm not going to be of much help. All I can tell you is that on a fresh 13-13 Enchilada install with NO DAHDI hardware installed, I have no errors installing this updated module. You might try removing the TDM800 and building a fresh install. Then install this updated module and see if that eliminates the errors. If so, then shut down the machine and install the DAHDI card and reboot. Other than that, I'd recommend you switch to the VitalPBX build since the original developers are also the ones that wrote and maintain the DAHDI stuff for Digium.
 

Enrico123

New Member
Joined
Apr 8, 2018
Messages
3
Reaction score
0
@Enrico123: I don't use DAHDI so I'm not going to be of much help. All I can tell you is that on a fresh 13-13 Enchilada install with NO DAHDI hardware installed, I have no errors installing this updated module. You might try removing the TDM800 and building a fresh install. Then install this updated module and see if that eliminates the errors. If so, then shut down the machine and install the DAHDI card and reboot. Other than that, I'd recommend you switch to the VitalPBX build since the original developers are also the ones that wrote and maintain the DAHDI stuff for Digium.
Hi,
I've tryed it, without the card the module installs but is not loaded. Trying to load it give no result and in the main page shows these errors:

Unable to write to /etc/dahdi/system.conf

Unable to write to /etc/modprobe.d/dahdi.conf

File /etc/modprobe.d/dahdi.conf does not exist.

File /etc/dahdi/modules does not exist.

File /etc/dahdi/system.conf does not exist.

it seems that we're almost there, but still missing something.
I gave a quick look at VitalPBX, but, as fa as I can see they have the Voicemail to email module as a paid one, and it's one of those that I nedd ( I basically simply only need IVR and voice to email)
 

chris_c_

Active Member
Joined
Aug 19, 2010
Messages
509
Reaction score
67
Ditto! But slightly different...
Code:
-I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "sundayddr" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "sipsak" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "sipvicious" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "iWar" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "sip-scan" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "sipcli" --algo bm
-I INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --set
-I INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --rcheck --seconds 3600 --hitcount 100 -j DROP
-I INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --rcheck --seconds 600 --hitcount 20 -j DROP
-I INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --rcheck --seconds 300 --hitcount 10 -j DROP
-I INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --rcheck --seconds 180 --hitcount 5 -j DROP
-I INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 3 -j DROP
And of course I opened 5060UDP.

I tried, at one time, dropping the register if the string did not contain my FQDN but couldn't make that work. The above rules work for me and logs/F2B have been quiet ever since.
@krzykat @tbrummell
That FreePBX Responsive Firewall is absolutely essential for mid-call mobility to work, because users neither know nor care what their randomly assigned 4G LTE IP address, or WiFi IP address, is going to be. Yet, the handover must happen as fast as possible, in less than one second. Only the responsive firewall can let in a new IP address, for a few packets until it logs in to the PBX and reconnects to the call.

Where did you get the above firewall rules, from the freepbx firewall module responsive section?
 

jerrm

Guru
Joined
Sep 23, 2015
Messages
505
Reaction score
209
Where did you get the above firewall rules, from the freepbx firewall module responsive section?
Those basic rules in one flavor or another have been around 5-10 years or so.

I flip the logic, instead of blocking bad user agents, for "roaming users" packets must match specified good user agents and specified extension numbers. Both can easily be spoofed, but a scanner is not likely to hit a valid combination. Security through obscurity isn't true security, but it cuts down on what the real tools have to deal with by orders of magnitude.

Using iptables string matching on clear text udp is easy, tcp takes a couple more steps, but string matching becomes mostly useless in a TLS environment.

Looks like the FPBX stuff probably monitors AMI or Rest events, maybe with some dialplan hooks to add dynamic rules to iptables. Having that level of info can be a big help, but Fail2Ban with good iptables limiting probably could be acceptable.
 
  • Like
Reactions: chris_c_

chris_c_

Active Member
Joined
Aug 19, 2010
Messages
509
Reaction score
67
Those basic rules in one flavor or another have been around 5-10 years or so.

I flip the logic, instead of blocking bad user agents, for "roaming users" packets must match specified good user agents and specified extension numbers. Both can easily be spoofed, but a scanner is not likely to hit a valid combination. Security through obscurity isn't true security, but it cuts down on what the real tools have to deal with by orders of magnitude.

Using iptables string matching on clear text udp is easy, tcp takes a couple more steps, but string matching becomes mostly useless in a TLS environment.

Looks like the FPBX stuff probably monitors AMI or Rest events, maybe with some dialplan hooks to add dynamic rules to iptables. Having that level of info can be a big help, but Fail2Ban with good iptables limiting probably could be acceptable.
Someone should try and install and run the freepbx firewall github module in responsive mode.
The source code for voipfirewalld is GPL.
The dev work is already done, it works, no need to reinvent the wheel.
 
Last edited:

jolebole

Member
Joined
Feb 7, 2016
Messages
37
Reaction score
5
Question for @wardmundy . Looks like CentOS 6 have still some underlying issues with IncrediblePBX 13 on top. This happens on local and cloud deployments. For ex booting hangs on CentOS 6.10 while saying "stopping fail2ban" and it hangs for like 10+ min (check screenshot). This is a clean install, 5 extensions lean version. Other issues I have is when I need to change DNS settings from Webmin or "system-config-network" I get an error that I dont have the rights to edit resolv.conf. This was not happening when I was using CentOS 6.7 and Incredible PBX 11-12. Those were actually my most stable installs. Zero issues till this day, 3+ years and counting. Newer CentOS versions..lots of things broken..instead of fixed. CentOS 7 has its own problems. On Vultr it wont let you login as root after the first install script reboot :O

Should I give Scientific Linux a try since you prefer it in the IncredblePBX ISO? Thanks for all the effort you put into this amazing project!

 
Last edited:

kyle95wm

Phone Genius Owner
Joined
Apr 16, 2016
Messages
521
Reaction score
89
Location
Midhurst, ON, Canada
hangs on CentOS 6.10 while saying "stopping fail2ban"
You too eh? God that's annoying!

Other issues I have is when I need to change DNS settings from Webmin
Please don't use Webmin to change stuff. As Ward puts it, you could easily destroy your PBX if something is not done correctly.

I get an error that I dont have the rights to edit resolv.conf
The solution to this is simple and works everytime:

Code:
chattr -i /etc/resolv.conf && nano /etc/resolv.conf && chattr +i /etc/resolv.conf
 

Members online

PIAF 5 - Powered by 3CX

Forum statistics

Threads
22,317
Messages
136,958
Members
14,541
Latest member
matpots64