TUTORIAL U Need Travelin' Man

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Using Travelin' Man with WhiteList App

If you decide to implement the WhiteList App, you'll need to make a few changes to Travelin' Man because you not only need to authorize the remote IP addresses with Asterisk, but now they need to be authorized with IPtables as well.

By default, iptables cannot be run except by root. To fix this, edit /etc/sudoers. Find the line which reads:

Defaults requiretty

Immediately below that line, add the following entry:

Defaults:asterisk !requiretty

Then move to the bottom of the file and add the following:

asterisk ALL = NOPASSWD: /sbin/iptables

Finally, in every directory under /var/www/travelman, edit index.php. Find the line which reads:

exec('asterisk -rx "sip reload"');

Immediately below that line, add the following entry:

exec('sudo /sbin/iptables -A WHITELIST -s '.$thisip.' -j ACCEPT');
 
Last edited by a moderator:

vanDivX

Guru
Joined
Aug 20, 2009
Messages
110
Reaction score
0
The remote IP addresses activated in IPtables using Travelin' Man are never saved to your IPtables configuration, i.e. they live only in RAM. So either a reboot or service iptables restart will wipe them out and force them to be reactivated. :aureola:


ah, that's an idea good to know, almost essential :idea:
 

vanDivX

Guru
Joined
Aug 20, 2009
Messages
110
Reaction score
0
I have one small question. Does travelin' Man apply also to IAX extensions or just SIP ones?
 

surjones

New Member
Joined
Jan 20, 2011
Messages
10
Reaction score
0
I installed PIAF with all the Nerdvittles utilities on an Intel Celeron 2.8 Ghz Machine with 1024 MB of RAM, following this article: http://nerdvittles.com/?p=712 last Sunday. My Asterisk Version shows 1.8.2 Everything has worked plug and play and Thank you so much for that, I'm a complete Linux and Asterisk Newbie, although I have some experience in setting things up on pbxes.org.

Now, Within my LAN, I can connect any Softphone to the PBX and make outbound calls using the gvoice trunk and its perfect. I needed to enable remote access to my server so I followed the Travelin' Man solution and Travelin' Man Authorizes me from the remote location, My softphone (Tested both X-lite and eyeBeam) easily connects to the 701 extension, but when I make a call, the calls gets established but I have either one way or no audio at all. I have tried it on 2 remote locations.

From the same remote location, I connected to SIP provider SIP2Sip.info and I could get 2 way audio, so I know something's wrong with my Router/Server.

I have been following the Travelin' Man thread, and I will take up the recommendation of a DLink Firewall, but this is my current setup:

I have Dynamic IP (mapped using dyndns.org) assigned to me by my ISP through an ADSL modem+router (Beetel 220BX). This assigns IP 192.168.1.2 to my WRT54GS WIFI router. I have the PIAF box connected to one of the LAN ports of the WRT. I have forwarded all the required ports, 83, SIP, RTP and Gtalk on the Beetel Modem/router (called virtual servers) to the Linksys WRT. On the Linksys WRT I have forwarded the ports to the PIAF box.

I will try to connect the PIAF box direct to the Beetel Modem/Router and see who is the culprit. I will also try to do a DMZ, which I believe is not safe in the end..

If the Beetel is the culprit, Please provide recommendation on an ADSL modem+Router which will handle NAT well.

I am also interested in setting up the sunshine Networks Knock to enable remote access as I have a Linksys SPA2102 which I need to connect remotely, But I believe the IPtables in the PIAF box currently denies all? Will I just have to follow the instructions on the Sunshine networks post?

I also want to try allowing the full IP range of my ISP (Airtel in India) in IPtables. How do I make changes in IPtables to do that. I'll prefer to use the Webmin interface. I believe I'll also have to put in these values in the Asterisk Extension?

I am also posting this in the Travelin' Man thread, hope is OK.

Thank you so very much!
Suraj
 

Ooga

New Member
Joined
Nov 1, 2010
Messages
24
Reaction score
0
i ran though the instructions like it says and now zap/dahdi is broke but more of a concern is all local ip connections are broke as well as the remote 501 address.

i can get the remote phone to register but all it dose is ring then disconnect as well as the soft phone directly configured to use the pbx local ip.

who do i get calls to work again?
 

Ooga

New Member
Joined
Nov 1, 2010
Messages
24
Reaction score
0
i have the same problem and it also broke the softphone that is configured with the local ip. I cant make or receive calls :\
 

Ooga

New Member
Joined
Nov 1, 2010
Messages
24
Reaction score
0
i am thinking maybe the security password patch maybe caused a one way audio problem if you have dynamic external ip.
 

mspieker

New Member
Joined
Jan 6, 2009
Messages
57
Reaction score
0
My experience with the routers

Good: $35 WBR-2310 Better: $89 DIR-825 Best: DGL-4500

I'm not the experienced person, however thought I'd give my 2 cents. I purchased 2 of the DIR-825's and after several hours on each with multiple configurations, I couldn't get audio in either direction. I then bought a cheaper DLink DIR-665 and got it working within 5 minutes. Probably user error, but that was my experience. Oh yea, and the whole reason for the new router was due to one way audio using travelin man, and the new DLink router fixed that problem just like Ward said it would.... Imagine that :biggrin5:
 
Joined
Apr 17, 2009
Messages
829
Reaction score
9
I also am having an issue with the Travelin' Man setup.. I think!

Basically the install went fine. I am able to browse to the URL created by it on my phones web browser and get the confirmation page. however I am not able to connect via my cell's SIP client. times out ever time.

in my permit / deny I have 0.0.0.0/0.0.0.0 for the extension in question

so with these settings I should be able to connect anywhere really. But I'm not. All ports are forwarded to the fixed ip address of the PBX. 83, 5060 range, 10000-20000

not really sure what could be going on here
 

edisoninfo

Guru
Joined
Nov 19, 2007
Messages
505
Reaction score
4
The 0.0.0.0/0.0.0.0 is fine in the deny field but you MUST put the proper subnet in your permit field, ie 192.168.1.0/255.255.255.0 or whatever yours is. This is a must for security. The TM script will add an additional entry in asterisk itself to override that with the IP of where ever you are.

For debugging, start by opening a command line window on the asterisk box and do a iptables -L -n and see if the IP address you just used TM on is listed with an ALLOW on the end. If not, then the script is not functioning quite right. Try looking at the /var/log/httpd/error file for clues.
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Troubleshooting is pretty straight-forward. I would add that once you get this working, you really need to lock down the extension permit to just the LAN subnet, or it's all a waste of time.

If you have the permit wide open, then Travelin' Man really doesn't come into play so you either have a problem with your hardware firewall's settings or with IPtables. So I'd shutdown IPtables momentarily and see if that helps: service iptables stop.

You'll also want to look in /etc/asterisk at the files named XXX.inc where XXX is your extension number. First, is it there? Second, what's in it? After you run Travelin' Man on your phone, it should have the IP address of your phone like this example:

[211](+)
permit=172.151.105.213/255.255.255.255


If not, then your firewall or IPtables is blocking access. If IPtables is turned off and it's not there, then it's your hardware firewall.

If it is an IPtables problem, then look at iptables in /etc/sysconfig after running iptables -nL. Travelin' Man stuffs a temporary ACCEPT entry for the remote IP address near the bottom of the list and just above the Fail2Ban Chains. Is it there?
 
Joined
Apr 17, 2009
Messages
829
Reaction score
9
ok.. so heres what crazy. same ports still forwarded from previous machine (i recently upgraded machines and to 1.8 purple). I disabled iptables and tried to register the handset and still fails.

I did look in the file you suggested ward and it is infact in there as an entry with the correct ip I am getting from the travelin man web page when accessing it. So it lead me to believe that it was something with the carrier side (i.e. Sprint) so I went via wifi and then I accessed the web page again to refresh the ip. verified the IP was there in the inc file. then tried again and nothing, with iptables still disabled. very crazy.....




Also another question could the below be used with a DYNDNS entry. I.E... my home router has a dyndns entry in it for me to easily connect back to it so it seems as though if there was a way to input the dyndns entry instead of an ip it would look up that fqdn and then allow it in the whitelist..


If you decide to implement the WhiteList App, you'll need to make a few changes to Travelin' Man because you not only need to authorize the remote IP addresses with Asterisk, but now they need to be authorized with IPtables as well.

By default, iptables cannot be run except by root. To fix this, edit /etc/sudoers. Find the line which reads:

Defaults requiretty

Immediately below that line, add the following entry:

Defaults:asterisk !requiretty

Then move to the bottom of the file and add the following:

asterisk ALL = NOPASSWD: /sbin/iptables

Finally, in every directory under /var/www/travelman, edit index.php. Find the line which reads:

exec('asterisk -rx "sip reload"');

Immediately below that line, add the following entry:

exec('sudo /sbin/iptables -A WHITELIST -s '.$thisip.' -j ACCEPT');
 
Last edited by a moderator:

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
I'd get Travelin' Man out of the equation for the time being. Sounds like you can't make a connection from this extension period.
 

Tekmon

Member
Joined
Nov 25, 2010
Messages
66
Reaction score
0
Good stuff. Is there a back door or path to look through camera on your desk phone from remote? http://www.voipsupply.com/grandstream-gxv-3000
This phone discontinued but can get one on eBay for 60 bucks. Thinking why not take advantage of low cost video phones?
Going to incredible latest through rent PBx. I'm not a phone man or programer, there's only so much a guy can do when running an unrelated business. I can pretend and learn , but time is valuable and this could someday be good hobby. Your posts and others are very informative.
 

saladman02

New Member
Joined
Jun 6, 2011
Messages
8
Reaction score
0
Is there a way to use travelin man to update multiple extensions at once?

We have a remote beach house, with two phones. I'd like to click on one link, and have both extensions cleared from that IP. Is that possible?
 
Joined
Apr 17, 2009
Messages
829
Reaction score
9
Question... That may turn into multiple questions...


I currently have a PBiAF system at home with currently one Google Voice # for it. What I am thinking of doing is moving that system to my office or get rid of it completely and put that number on the existing system at the office.

However what I was thinking is as I mentioned before. Can you use DynDNS for Travelin Man?

Reason being is that I would like to use my Linksys PAP2 at home for the phones there. I was thinking of say port #1 for the home phone and Port #2 a remote extension for the office..

Is this possible?
 

rossiv

Guru
Joined
Oct 26, 2008
Messages
2,624
Reaction score
139
You could just add the DynDNS name in IPTables.
 

chdyoung

New Member
Joined
Mar 3, 2011
Messages
24
Reaction score
0
You could just add the DynDNS name in IPTables.

I use Travelin Man on my Android phone along with CSipSimple. Everytime I make or receive a cell phone call, the data connection drops, and after the call the phone reconnects it may get a new IP address. If I forget to click Travelin Man after the call, I am no longer registered with my PBX.

I believe Dynamic DNS clients are available for Android which might solve this problem, but I am pretty sure that several updates a day is not allowed. Does anybody have experience with this?
 

Members online

No members online now.

Forum statistics

Threads
25,782
Messages
167,509
Members
19,202
Latest member
pbxnewguy
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top