FreePBX cannot connect to Asterisk

asterisk
Tags: #<Tag:0x00007f7027f1e890>

(Wolf) #1

Hi everyone,

About a year ago I had to take over the responsibility for the FreePBX (v14) in our company. Until today everything worked fine.
Today logged in via SSH and updated the machine with yum update

A few minutes later I noticed a warnung in the GUI “Can not connect to Asterisk”.

I rebooted the whole server but without any effect. Afterwards I noticed that the problem is that Asterisk is not running. Starting with fwconsole start failed.
I made a rollback with yum history undo 11, but the result stayed the same.
Besides that, I also tried fwconsole ma upgrade framework but it is saying “framework is the same as the online version

Later I have noticed that I can start Asterisk via systemctl start asterisk and it keeps running, fwconsole also notices that asterisk is running, if I try fwconsole start then, it is saying “Asterisk is not connected

If I look into asterisk via asterisk -r I get the following four messages:

[2020-12-17 12:03:27] NOTICE[7613]: acl.c:786 ast_apply_acl_internal: Manager User ACL: Rejecting '127.0.0.1' due to a failure to pass ACL '(BASELINE)'

[2020-12-17 12:03:27] NOTICE[7613]: manager.c:3514 authenticate: 127.0.0.1 failed to pass IP ACL as 'admin'

[2020-12-17 12:03:27] NOTICE[7613]: manager.c:3548 authenticate: 127.0.0.1 failed to authenticate as 'admin'

[2020-12-17 12:03:24] WARNING[18000]: res_pjsip_pubsub.c:787 subscription_get_handler_from_rdata: No registered subscribe handler for event x-broadworks-callpark from 11

An ACL issue seems critical to me, but it saying “Notice”, so I dont know if it is related. I have checked /etc/asterisk/manager.conf and the settings seems fine:

;
; AMI - Asterisk Manager interface - Generated at 2019-07-24T11:45:57+00:00
;
; FreePBX needs this to be enabled. Note that if you enable it on a different IP, you need
; to assure that this can't be reached from un-authorized hosts with the ACL settings (permit/deny).
; Also, remember to configure non-default port or IP-addresses in amportal.conf.
;
; The AMI connection is used both by the portal and the operator's panel in FreePBX.
;
; FreePBX assumes an AMI connection to localhost:5038 by default.
;
[general]
enabled = yes
port = 5038
bindaddr = 0.0.0.0
displayconnects=no ;only effects 1.6+

[admin]
secret = ZPqR5OOsSNVh
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate,message
writetimeout = 5000

[admin]
secret = ZPqR5OOsSNVh
deny=0.0.0.0/0.0.0.0
permit=40.74.18.24/255.255.255.0, 192.168.147.0/255.255.255.0, 127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate
write = system,call,log,verbose,command,agent,user,config,command,dtmf,reporting,cdr,dialplan,originate

#include manager_additional.conf
#include manager_custom.conf

Right now, I have no clue how to solve this issue and hoping for help. Is there anything else I could do?


(Wolf) #2

So I have found the issue:

The manager.conf was the problem.

It is not allowed to use whitespaces in the permit option, so instead of:

permit=40.74.18.24/255.255.255.0, 192.168.147.0/255.255.255.0, 127.0.0.1/255.255.255.0

I changed it to

permit=40.74.18.24/255.255.255.0,192.168.147.0/255.255.255.0,127.0.0.1/255.255.255.0

I dont know why this was an issue at all because the last change in this file was made about 6 weeks ago and everything worked fine until now, but I am happy that everything is working again.


#3

You appear to have two admin accounts, start by commenting out one, check the password with the one in the gooey


(Lorne Gaetz) #4

You can fully manager AMI accounts in the GUI without touching conf files. Settings, Asterisk Manager Users. Probably wise not to allow other hosts to connect using the FreePBX admin credentials.


(Dave Burgess) #5

If you need to access your PBX from other machines, you should set up admin accounts for the specific jobs you are doing.