Posts

Installing Trixbox(Asterisk) on an ESXi server

Install stage:
1. Download the Trixbox ISO. This will probably take ~1 hour.
2. Create a new virtual machine in ESXi with the following options

  • Typical
  • Linux other 32-bit
  • 1024 for memory
  • 10gb disk
  • 3. Follow this blog to mount the ISO as a virtual Cd-rom. https://itsupportconsulting.com/blog/?p=366
    4. Power on the virtual machine

  • Push at the main screen
  • I’m getting an error saying
  • The Trixbox CD was not found in any of your CDROM drives. Please insert the Trixbox CD and press OK to retry.

  • I’m going to try re-uploading the ISO to my ESXi server.
  • This did not work

  • Going to try and re-download the ISO then re-upload it to ESXi
  • Well I could not get this problem resolved so I’m just going to download the Trixbox Vmware appliance. It is 2.6.1 as opposed to 2.6.2 but you can always upgrade after the install. Here is the link.
    1. Ok the first step here I’m going to use vCenter converter to import this virtual appliance into my ESXi server.
    2. Converting is very simple once the program is installed click on the “Convert Machine” button which will bring up this window.
    1
    3. What you want to do is browse to the file we downloaded in the previous step after it is unzipped. trixbox 2.6.1-vmware.vmx
    4. Once you click next it will ask you to supply your login to your ESXi server.
    5. The next step allows you to rename your VM to whatever you want and select your data store.
    6. The next step allows you to change your hardware settings for the virtual machine. I’m going to change two settings here:
    Change to a 10gb disk

  • Change the memory from 512 to 1024
  • 7. Once you click next you are ready to start your conversion. Now keep one thing in mind. This converter has to upload the large file we downloaded to the server. So if you are on a time crunch and are on wireless make sure you hardwire and disable your wireless. This will ensure you save the most time.
    Configuration phase:
    1. Ok now that we have the virtual machine install make sure it is powered on. It uses DHCP so you need to figure out what IP address it got. This can be accomplished by logging in to the Trixbox console with username root and password trixbox. Once you get the # type in ifconfig. This will display the IP.
    2. This is going to be a server so we will want to configure a static IP or else it will be getting using DHCP which could cause all types of problems down the road.

  • vi /etc/sysconfig/network-scripts/ifcfg-eth0
  • DEVICE=eth0
    ONBOOT=yes
    BOOTPROTO=none
    BROADCAST=192.168.2.255
    IPADDR=192.168.2.3
    NETMASK=255.255.255.0
    NETWORK=192.168.2.0
    now press esc and :wq to save changes and quit

  • vi /etc/resolv.conf
  • nameserver 68.2.16.30
    nameserver 68.2.16.25
    now press and :wq to save changes and quit
    The next step I recommend is opening your Trixbox server from a web browser:
    http://192.168.2.5/maint
    Click on the packages link at the top so we can update our software to the latest version. When I clicked on mine i received the following error:
    Error: The xml response that was returned from the server is invalid. Received:
    alert
    To fix it I was able to type the following from the command line:
    vi /etc/service.php
    From here find the section below and change
    max_execution_time = 300
    memory_limit = 256
    This may not work for you but it did resolve my problem.
    commands
    Once you changed this type the following to restart the http daemon:
    service httpd restart
    Now I am able to successfully open:
    http://192.168.2.5/maint/index.php?packages
    From here I’m going to go down and check every box in the “upgrade” column this way all of my software installed on the server is up to date.
    While trying to install a couple of the updates I’m receiving the following error:
    Error: Missing Dependency: libtds.so.5 is needed by package asterisk
    To fix it:
    yum install libtds.so.5
    Ok now that everything is downloaded and installed I’m going to configure some SIP trunks. I personally use Broadvoice for terminating my voice lines. However, there are tons of service providers out there. Here are my steps.
    Open internet browser to http:///admin
    First thing I’m going to do is edit the trunks
    480+NXXXXXX
    9|1480NXXXXXX
    9|1602NXXXXXX
    9|1623NXXXXXX
    602NXXXXXX
    480NXXXXXX
    623NXXXXXX
    1480NXXXXXX
    1602NXXXXXX
    1623NXXXXXX
    1NXXNXXXXXX
    NXXNXXXXXX
    01130.
    01131.
    01132.
    01133.
    01134.
    011351.
    011352.
    011354.
    011358.
    01139.
    01141.
    011423.
    01143.
    01144.
    01145.
    01146.
    01147.
    01149.
    01152.
    01.
    For trunk name you can put whatever you want
    For peer details I’m using the following:
    username=<em>
    </em>
    user=phone
    type=peer
    secret=<em>
    </em>
    nat=yes
    insecure=very
    host=sip.broadvoice.com
    fromuser=<em>
    </em>
    fromdomain=sip.broadvoice.com
    dtmfmode=inband
    dtmf=inband
    context=from-pstn
    canreinvite=no
    authname=<em>
    </em>
    For user context I’m using the following sip.broadvoice.com
    For user details I’m using:
    username=<em>
    </em>
    user=<em>
    </em>
    type=user
    secret=<em>
    </em>
    nat=never
    insecure=very
    host=sip.broadvoice.com
    fromdomain=sip.broadvoice.com
    dtmfmode=rfc2833
    dtmf=rfc2833
    context=from-pstn
    Register string:
    <em>
    </em>@sip.broadvoice.com:<em>
    </em>:<em>
    </em>@sip.broadvoice.com/<em>
    </em>
    Click submit changes.

    Changing the default password for Asterisk freePBX

    You need to change the default password for Asterisk freePBX or else the entire world will know it. You can do it by SSH to the server and typing:
    mysqladmin -u asteriskuser -p password newpass
    It will then prompt you for the old password which should be amp109 then it will be changed.
    Once it is changed you must update the following files:
    /etc/amportal.conf
    /etc/asterisk/cdr_mysql.conf
    /etc/asterisk/res_mysql.conf

    7940/7960 SIP settings for Asterisk

    Settings>Sip configuration>Line 1 Settings
    Name = extension
    Shortname = extension
    Authentication Name = extension
    Authentication Password = Password set on server
    Display name = extension
    Proxy Address = IP of voice server(FQDN did not work for me for some reason)
    Proxy Port = default of 5060
    Settings>Sip configuration
    Make sure the register expires setting is set to 600. I’ve had problems where I could not receive incoming calls because this was set at the default of 3600.

    My Linux Asterisk server getting hacked!

    After seeing numerous entries to hack my linux box I decided it is time to learn how to implement iptables for security.
    A copy of the log file an be found here log-file.
    The way I can tell I’m being attacked is if I open my /var/log/messages file, which you can see in its entirety below. I see what appears to be a brute force SSH attack. I can see the attackers IP is 211.151.64.106. If I do a Arin lookup on this IP I see the network is in Asia and the ISP owns 210.0.0.0 – 211.255.255.255. Lucky for me I don’t need anyone in Asia access my box so I’m going to block this entire network.

    First thing I need to do is very iptables is installed by typing:
    iptables

    The return I get is below this is good means iptables is already installed:
    Try `iptables -h’ or ‘iptables –help’ for more information.
    Next thing I need to do is list my current iptables rules:
    iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    You can see from these rules I have absolutely none configured.
    Next I’m going to add my rules to block the IP that is attacking my machine:
    iptables -A INPUT -s 210.1.1.1/8 -j DROP
    iptables -A INPUT -s 211.1.1.1/8 -j DROP
    iptables -A INPUT -s 212.1.1.1/8 -j DROP

    These are actually entire subnets that I’m blocking because they’re registered in Asia and my server doesn’t need to communicate with this ISP anyways.
    The next thing I’m going to do is save my active iptables to my startup iptables so that these rules load when my computer reboots:
    /etc/init.d/iptables save active
    The next thing I’m going to do is reboot my server and verify these rules still exist:
    shutdown -r now
    Once the PC is back online I verify my rules:
    iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    DROP all — 210.0.0.0/8 anywhere
    DROP all — 211.0.0.0/8 anywhere
    DROP all — 212.0.0.0/8 anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    You can see now that I have 3 active rules which will block all incoming communication from these three IP addresses.
    Now don’t get me wrong I’m no Unix expert and I’m sure there is a way to combine all of these into one but I don’t feel like trying to figure out what it is right now. So this should get the job done.
    If you want to delete any of these rules you can type the following respectively:
    iptables -D INPUT 1
    iptables -D INPUT 2
    iptables -D INPUT 3

    These three commands will effectively delete all of the entries I’ve made.
    After going through my log file and blocking out all these IP’s I noticed a trend. They are all registered to foreign countries. Luckily for me my voice server doesn’t need to communicate with these countries. So I’ve decided to block all traffic to the Asian continent. You can do the same by copying and pasting the code here:
    iptable-entry-syntax1 
    A note on this if you decide you want to start over from scratch you can delete all of your chains by typing in
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -F
    iptables -X

    My next step here is monitoring my /var/log/messages for awhile realtime to make sure I’m not getting attacked still. I can do this by typing the following:
    tail -f /var/log/messages

    Wish your voip was throughout your entire house?

    How many people have voip and think they are limited to putting an analog phone next to their internet connection. I have a solution for you where if you want to switch to voip and keep all of your old analog phones. What you can do is purchase an ATA or if you have Vonage, Broadvoice, or another popular voip provider all you need to do is this. Go out to the little box where Qwest dropped your phone line when you used to have the old analog service. Disconnect the wire that comes from the ground. This will completely segregate your house from any type of analog provider. Then you can simply take a normal phone cable from your voip providers box and plug it into any jack in your house. Congratulations now you can plug an analog phone into any jack in your house and be connected to your ATA.

    Hudlite for Asterisk

    Hudlitefor Asterisk is one of the best add-ins for your Trixbox server. It allows you to install a Windows client on your PC. When your phone rings you can transfer it to any other extension or to a custom phone number. It also has the ability to park calls, send to voicemail, integrate to outlook, enterprise instant messaging, on the fly recording, and call monitoring. All of this for free!

    Trixbox PBX

    If you are a small business and you are technical or have an employee that is then Trixbox for Asterisk is for you. PBX systems can cost tens of thousands of dollars. If you setup and configure your own Trixbox PBX you get all the features of these commercial systems and more. All of this can be done for around $500-$1000. If you don’t believe this or think it is too good to be true I run my commercial business phone system on Asterisk. You can call and hear a demo at 602 445 9816.