Hi everyone,
I am a totally new user, looking for a guidance. Installed FreePBX 13 with the main goal to create telephony station for my small dental office.
I’m at the stage of testing the environment, able to login to the admin console, get through the menus, read warnings, update modules, unban the IP through the console (happened during testing the virtual extension).
I have to say it is not a user-friendly setup, or at least it does not seem to be one to me at the moment.
I have no idea what to do as the next step after the installation and all the help and tutorials got me nowhere.
so, if anyone fancy to become my mentor here, I’d really appreciate it.
So far I followed the official tutorial that I found by googling |FreePBX+Distro+First+Steps+After+Installation" (as a new forum use i’m not allowed to insert links) and stopped at “creating extensions”.
What I have done so far:
Installed the FreePBX appliance, logged into GUI.
Created a user named 1111 and linked the extension 1111 with a custom password.
No ports opened yet, want to test virtual extensions inside the local network before complicating things more.
Downloaded linphone and installed it.
Set up the option “use SIP account” as follows:
“username” = “1111”
“SIP domain” = “192.168.XX.YY” (the ip of the FreePBX appliance)
“password” = XXXXXXXXX
“transport” = “UDP”
Getting the message “unable to authenticate” and eventually the IP of the desktop running linphone app gets banned, so I had to use the console to unban and subsequently whitelist the ip.
What do I do wrong?
I don’t mind if you guys point me to some meaningful rookie tutorial that covers this step.
Thank you James.
This is exactly the how-to that I was following.
I have gotten at the end of this part and followed it to the letter - /display/FPG/Configuring+Your+PBX#ConfiguringYourPBX-CreatingExtensions
and I believe I should be all set. However, I get “unable to authenticate” error when using linphone app. It’s within the local network, so firewall issues should be ruled out.
I guess there’s an error I’m making somewhere, maybe misunderstanding what those credentials in linphone app mean. Could you take a look at what I was doing when configuring out the linphone extension and see if that matches how FreePBX is expected to be configured in the tutorial? Because to me, everything is in match, but I still cannot authenticate…
This is my setup for ChanSIP port 5060 on extension 1111 I cannot remember where it asked me for my password but that is the secret you setup under the extension.
Thank you juesor,
I went to linphone settings and changed the settings as you suggested:
SIP address* sip:{EXTENSION}@{IPADDRESS OF PBX}
SIP Server address* sip:{IPADDRESS OF PBX}:{SIP PORT}
in my case the pbx server has an ip 192.168.41.8 and the machine I’m using to connect is 192.168.41.61
I whitelisted the whole subnet altogether because I was constantly being banned on the first opening of the linphone app.
fail2ban-client set addignoreip 192.168.41.0/24
What I noticed, I can only change a username in default identity, not the “sip:” link, and that link has the ip of my local machine.
So, the default identity looks like this:
Display Name:
Name:1111
SIP Address:sip: 1111 @ 192.168.41.61:5060 (without spaces of course)
Then, there’s a proxy accounts section that has one account (and this is where my changed settings went into):
SIP Address* sip:1111 @ 192.168.41.8 (without spaces of course)
SIP Server address* sip: 192.168.41.8:5060 (without spaces of course)
Registration Duration 600 sec
Transport UDP
Route
Contact params
AVPF regular RTCP interval (sec) 5
Register on
Publish presence information off
Enable AVPF off
That’s all there is in there to edit. When I confirm and save everything, no errors. When I try to authenticate with this account, I still get the message "unable to authenticate"
The window also lists the information, some of which is slightly different:
Identity: 1111
Realm: asterisk <-not sure what this is and where it came from.
UserID (optional) <- I tried to leave it blank and to fill with 1111, no difference in the result.
Password ******* <- password.
On the FreePBX side, after the base install and registering the installation, I went into admin module and set the IP address by clicking autodetect network, and the DNS, which was prepended by 127.0.0.1
Went to extensions and added a virtual extension 1111, auto created the user, set the password. OK’ed and hit apply config.
Verified, that I have a user 1111 and the extension 1111 in “User management” and “Extensions” sections respectively.
Should that be enough for the linphone app to be able to connect to the freepbx server? Is there any module there that has to be enabled that is not enabled out-of-the-box?
Is there any command-line tool that I can verify that the server is accepting connections? From the command line, I can see that there is nothing wrong. Except for Zulu and QueueCallback servers are not running.
Try with an easier soft phone to start. X-Lite works great. I noticed with LinPhone it had a default of localhost trying to use myself as a sip server. you may need to switch to the other extensions. I forgot about fail2ban good catch. Out of the box you should be able to get an extension to register.
This looked like a progress for a bit! After I disabled the “Register” option, the accounts went “online”.
I went ahead, registered another test extension, this time “chan_SIP” and registered another X-Lite app on another machine within the same network. The account went “green”, “enabled and ready to use”.
But when I was trying to place a call from one to another - no luck.
It did not really look like the accounts are connected to the server.
Then I played with the passwords, put a deliberately wrong password and X-Lite still reports the account as “enabled”. I guess this has nothing to do with being connected.
On the server dashboard, tab named “Asterisk” I see number of users offline = 1. No more, no less, and the number is not affected by how many X-Lite accounts I am using trying to connect to the server. There has been no users online ever registered on the graph.
Another thing I noticed on the server is the “Uptime” graph. Which has a green line for the “Asterisk uptime”. If I choose units “hours” or “days” I see that line all the way at the bottom of the graph, maybe meaning “offline”? I guess? If I switch the units to “weeks” - I see a point in the past where the green line was at the top and then dropped to the bottom. There are no units attached and I don’t really know what those graphs mean. There’s also a red line legended to “system uptime”. Right now both red and green are at the bottom of the plot, there’s also a blue line going from the bottom up and it’s legended to “since last reload”. Despite the “system uptime” being at the bottom, I am able to login to the webmanagement and console, so the system is definitely running.
Can you suggest any utilities that can test the connection and would have a meaningful output?
$sip show peers
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
102 (Unspecified) D No No A 0 UNKNOWN
1 sip peers [Monitored: 0 online, 1 offline Unmonitored: 0 online, 0 offline]
101 is a virtual extension
102 is a CHAN_SIP
so it seems like I’m using the 101 in a wrong way and 102 is registered. That must be the reason for “offline users =1” in the Asterisk graph. Great.
pjsip list endpoints
Endpoint: <Endpoint/CID.....................................> <State.....> <Channels.>
==========================================================================================
Endpoint: dpma_endpoint Unavailable 0 of inf
Objects found: 1
I want to hold on with the testing from outside the network, it will be adding the extra variables.
So far, I can see that chan_sip account “102” is listed on server, great! I am using that account and it registered on a client machine - it registers with any credentials, with incorrect ip, incorrect password, so, it’s not trustworthy info.
I tried to create 2 more dummy extensions on the server and see if I can see them with the command line tools. Added a pjsip account - still shows 1 account, offline.
Added another chan_sip account - show 2 offline registered accounts.
I run Suricata to monitor the external traffic. The internal traffic should be unblocked. The firewall on FreePBX is totally disabled.
Anything that I have to do with routes on FreePBX?
I will investigate the suricata behavior a bit later and come back with the results.
Thank you for your help and patience.
You should be seeing those extensions Status show as OK (14 ms)
It looks like your not seeing the extensions register properly.
You should jump into the server’s CLI and launch the asterisk console via : asterisk -vvvvr then watch what is happening. When an extensions registers with asterisk you should see something like this on the screen.
[2018-01-04 13:26:46] NOTICE[17369]: chan_sip.c:24591 handle_response_peerpoke: Peer ‘1122’ is now Reachable. (9ms / 2000ms)
Thank you. Still no luck… I think I am either having a problem where I am not supposed to have it per manual (for example, the manual would not take into account Suricata on my pfSense router and NAT), issues arising from virtual appliance co-existence (this is a virtual appliance) or I failed to do something really basic during the initial setup.
Setting extra variables out of the way. Yesterday I noticed that one of my other servers misbehaved (froze up). That server was sharing the datastore with the freepbx appliance and that server’s virtual file was created using a thin provisioning. So, I decided to remove the freepbx altogether and reinstall it in another datastore where the other machines are created w/o using thin provisioning.
It’s installed now under the new virtual appliance, fixed file size assigned to the virtual appliance file, had some issues during OS installation (graphic setup refused to start), but it’s up and running now.
Surricata interferance addressed by testing the environment from the local network, where suricata does not monitor the traffic.
I then setup a static ip, assign the network, able to ping internet and resolve the names there through a DNS on my pfsense router. After initial setup, I added 1 extension chan_sip, 101 extension, co-created the user with the same name, assigned password for the extension, went to the user management and changed the password to the same value that I assigned during extension creation (just in case). I am able to confirm the appearance of 1 offline user in graphical plot on a dashboard. Which btw shows that the Asterisk server is up. But cannot connect using a sip program like X-Lite.
I am testing it from inside the network to eliminate possibility of Suricata getting in my way. For the same reason I have not setup any port forwarding on the router yet.
When I am looking at the ports that freepbx is listening to, I do not see 5060. C:\PortQryV2>PortQry.exe -n 192.168.41.8 Querying target system called: 192.168.41.8 Attempting to resolve IP address to a name... Failed to resolve IP address to name querying... TCP port 80 (http service): LISTENING
So, I don’t see any listening to 5060, 5160 etc.
however, if I list this port specifically, I can see: C:\PortQryV2>PortQry.exe -n 192.168.41.8 -e 5160 -p both TCP port 5060 (unknown service): NOT LISTENING UDP port 5060 (unknown service): LISTENING or FILTERED
same with 5160 UDP port 5160 (unknown service): LISTENING or FILTERED
I’m afraid that is not very informative, since all the UDP ports would give me this message. UDP port 80 (unknown service): LISTENING or FILTERED for example.
I guess the problem is there, the server is not listening to the traffic as far as I can interpret it. Did I miss to do something very basic in the initial setup?
Ok so lets check what port your server is listing on. First off go into FreePBX WebUI Settings > Advanced Settings.
Search for SIP Channel Driver. What option is set your choices are
both (default)
chan_sip
chan_pjsip
This matters because it determines what type of extensions you can create under Applications > Extensions.
Now that we know what SIP driver you are using. Go into Settings > Asterisk SIP Settings
In this window you will get three tabs General SIP Settings, Chan SIP Settings, Chan PJSIP Settings. You may not see either of the last two tabs depending on what option you have set in SIP Channel Driver.
Here is where you note the Bind Port and if it is TCP or UDP.
SIP channel driver - Both
chan_sip allow TCP=no, port 5060
chan_pjsip UDP port 5160
Should we check how I connect with the client?
X-Lite. I go to Softphone->Account Settings.
Account name=101
Protocol=SIP (grated out)
Allow this account for
[x] Calls
[x] IM/Presence
User details
*User ID: 101
*Domain: 192.168.41.8
Password: 101 (hidden on the screen)
Display name:(empty)
Authorization name:(empty) (tried ‘101’ as well with the same result)
Domain Proxy
[x] Register with domain and receive calls (if left unchecked - the account shows going online, if left checked - “failed to enable the account. Unknown error”)
I also tried to append the port number to the server IP, use the full address of the extension (like [email protected] instead of 101) - no difference so far.
I figured what was wrong. The secret to the extension gets assigned independently by the system and it is not the same as the user password. I did not understand this. I just kept typing the password that I just assigned to the user into the password field on the client.
I was able to create two extensions, connect them and make a test call. What a journey! )))
Thank you for your help! I learned a lot from the conversation!