FreePBX cannot connect to asterisk

Meniz · November 7, 2017, 1:47pm

Hello everyone.

I’ve been trying to set up a connection to Asterisk Manager Interface and accidentally destroyed everything.
I’m running FreePBX 13.0.192 with Asterisk 13.16.0.

So, trying to set up a connection to AMI, I changed the file /etc/asterisk/manager.conf to permit access from my LAN.
I understand now that this wasn’t the proper way to go but I’ve been trying to restore things the way they were and cant seem to figure out how.

The errors I’m getting inside asterisk -r :
[2017-11-07 14:41:01] NOTICE[9750]: acl.c:715 ast_apply_acl: Manager User ACL: Rejecting ‘127.0.0.1’ due to a failure to pass ACL ‘(BASELINE)’
[2017-11-07 14:41:01] NOTICE[9750]: manager.c:3365 authenticate: 127.0.0.1 failed to pass IP ACL as ‘admin’
[2017-11-07 14:41:01] NOTICE[9750]: manager.c:3399 authenticate: 127.0.0.1 failed to authenticate as ‘admin’

In FreePBX, red flag “Cannot connect to Asterisk”.

manager.conf and amportal.conf have the same user/password, same ones as in GUI > Settings > Advanced Settings. Permissions and ownerships of files are given to asterisk user. I tried restarting every service and even rebooting but nothing seems to restore the connection between freePBX and asterisk.

I would appreciate any help anyone can give me.

Thanks in advance.

lgaetz · November 7, 2017, 1:53pm

Looks like you’ve messed up the ACL settings for the admin user. In manager.conf, the admin user should have lines that look like this:

deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0

Once you get things back to normal, don’t touch any conf files. You can create AMI users directly from the GUI:
https://wiki.freepbx.org/display/FPG/Asterisk+Managers+User+Guide

Meniz · November 7, 2017, 1:59pm

This is my manager.conf, with password hidden but I can assure you it’s the same than in the other files.

[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0
displayconnects=no ;only effects 1.6+

[admin]
secret = xxxxxxxxxxxxxxxxxxx
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
writetimeout = 5000

#include manager_additional.conf
#include manager_custom.conf

Do you see something wrong I didn’t see?

I have indeed found the proper way to add users, but too late.
Thanks for the hint anyway.

EDIT : If this is related, I also ran fwconsole chown multiple times (after every modification of files).

lgaetz · November 7, 2017, 2:06pm

After fixing it, did you do a core reload?

asterisk -x "core reload"

Meniz · November 7, 2017, 2:17pm

I found a fix by adding the rule :
permit=192.168.1.0/255.255.255.0

Freepbx seems to be bound to the LAN IP instead of localhost.
I must have done another change in some of the files that I can’t remember.

Any idea what it can be ?

Anyway, it is running for now. Will my manager.conf be overridden by restarting or by any other instruction ?
Can I leave it like this in the worse case ?

Thanks for your help!