TFTP not working?

FreePBX Installation / Upgrade
21

Scott, yes, that too. I am afraid to touch anything in my TB right now - it is working and if it aint broke…however in the back of my mind is the fact that it has been abandoned. I looked for alternatives, sipx, freepbx, asteriskNOW, and PBX in a flash all came to mind and it looks like pbx in a flash has good support groups, and a growing install base so I went with that one.

This is not for a mission critical system, we have CUCM 8 for that, but I would like to get this working. I am installing fresh right now and have switched the server over to the same vlan as the phones - again, I see no reason not to do it this way. I will hopefully post successful results soon. I am also going to go through and re-read the .cnf.xml files for each phone and make sure they are up to par.

Fingers crossed…

22

It could be mission critical if done correctly. I support schools, county and city gov’t, call centers, healthcare facilities etc. with Asterisk/FreePBX.

PBXIAF will work for you, Ward’s team does a good job, of course we are partial to our distro !

23

Scott, I can ping the phone from the server successfully with 0% Packet loss, I edited one config file for a phone and dumped it in the tftpboot directory with the rest of the files I had in the old one, still nothing.

root@pbx:/tftpboot $ rpm -qa |grep -i tftp tftp-server-0.49-7.el6.i686 root@pbx:/tftpboot $

In the below, is open|filtered the issue? Should it just say open?

Starting Nmap 5.51 ( http://nmap.org ) at 2012-09-20 01:35 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000047s latency). Other addresses for localhost (not scanned): 127.0.0.1 rDNS record for 127.0.0.1: pbx.local Not shown: 992 closed ports PORT STATE SERVICE 68/udp open|filtered dhcpc 69/udp open|filtered tftp 111/udp open rpcbind 123/udp open ntp 631/udp open|filtered ipp 5000/udp open|filtered upnp 5060/udp open|filtered sip 9001/udp open etlservicemgr

Nmap done: 1 IP address (1 host up) scanned in 1.53 seconds

Here is the contents of /etc/xinetd.d/tftp:

root@pbx:/tftpboot $ cat /etc/xinetd.d/tftp

default: off

description: The tftp server serves files using the trivial file transfer \

protocol. The tftp protocol is often used to boot diskless \

workstations, download configuration files to network-aware printers, \

and to start the installation process for some operating systems.

service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -vv -s /tftpboot
per_source = 11
cps = 100 2
flags = IPv4
}
root@pbx:/tftpboot $

I’m still at a loss…

24

Scott, I can ping the phone from the server successfully with 0% Packet loss, I edited one config file for a phone and dumped it in the tftpboot directory with the rest of the files I had in the old one, still nothing.

root@pbx:/tftpboot $ rpm -qa |grep -i tftp tftp-server-0.49-7.el6.i686 root@pbx:/tftpboot $

In the below, is open|filtered the issue? Should it just say open?

Starting Nmap 5.51 ( http://nmap.org ) at 2012-09-20 01:35 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000047s latency). Other addresses for localhost (not scanned): 127.0.0.1 rDNS record for 127.0.0.1: pbx.local Not shown: 992 closed ports PORT STATE SERVICE 68/udp open|filtered dhcpc 69/udp open|filtered tftp 111/udp open rpcbind 123/udp open ntp 631/udp open|filtered ipp 5000/udp open|filtered upnp 5060/udp open|filtered sip 9001/udp open etlservicemgr

Nmap done: 1 IP address (1 host up) scanned in 1.53 seconds

Here is the contents of /etc/xinetd.d/tftp:

root@pbx:/tftpboot $ cat /etc/xinetd.d/tftp

default: off

description: The tftp server serves files using the trivial file transfer \

protocol. The tftp protocol is often used to boot diskless \

workstations, download configuration files to network-aware printers, \

and to start the installation process for some operating systems.

service tftp
{
disable = no
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -vv -s /tftpboot
per_source = 11
cps = 100 2
flags = IPv4
}
root@pbx:/tftpboot $

I’m still at a loss…

25

this is the CLI output from the phone ssh interface- it seems like it is asking for the file but not seeing it, correct?

ERR [TFTP] tftpSend:492: Error code 1: File not found
ERR [TFTP] tftpGet:1019: File transfer error.
tftp
invalid command tftp
[CP-6941] tftp?
Unknown command tftp?
[CP-6941] provision_http_download_file 1492: ERROR(0x0, 7) in dowloading file from socket 25
ERR [TFTP] tftpSend:492: Error code 1: File not found
ERR [TFTP] tftpGet:1019: File transfer error.
tftpget
Unknown command tftpget
[CP-6941] provision_http_download_file 1492: ERROR(0x0, 7) in dowloading file from socket 25

  rwxrwxrwx 0:0 a: -1 i:0 Sep 20, 2012  2:16:50am      81 dialplan.xml

0x95a19840 (SIPStack task): send error(socket = 25, buf = 0x94dc7710, len = 1697, retry = 0), errno = 57
0x95a19840 (SIPStack task): send error(socket = 25, buf = 0x94dc7710, len = 2139, retry = 0), errno = 57
0001033485 - Checking Protocol: Device=SIP. Config=SIP (OK)
0001033485 - Checking SwPort: 100-full (OK)
0001033485 - Checking Security: NonSecure Mode (LSC: Not Installed, MIC: Installed) (OK)
0001033485 - Checking Account: Line (OK)
0001033486 - Checking CUCM1: IPv4 - 10.10.50.36 (OK)
0001033486 - Checking TFTP0: IPv4 - 10.10.50.36 (OK)
0x95a19840 (SIPStack task): send error(socket = 25, buf = 0x957384c0, len = 2139, retry = 0), errno = 57
0x95a19840 (SIPStack task): send error(socket = 25, buf = 0x957384c0, len = 2139, retry = 0), errno = 57
0x95a19840 (SIPStack task): send error(socket = 25, buf = 0x957384c0, len = 2139, retry = 0), errno = 57
0x95a19840 (SIPStack task): send error(socket = 25, buf = 0x957384c0, len = 2139, retry = 0), errno = 57
0x95a19840 (SIPStack task): send error(socket = 25, buf = 0x957384c0, len = 2139, retry = 0), errno = 57
0x95a19840 (SIPStack task): send error(socket = 25, buf = 0x957384c0, len = 2139, retry = 0), errno = 57
0x95a19840 (SIPStack task): send error(socket = 25, buf = 0x957384c0, len = 2139, retry = 0), errno = 57
0x95a19840 (SIPStack task): recv error (socket = 25, buf = 0x95a195a8, len = 0, retry = 0), errno = 60
0x95a19840 (SIPStack task): close error (socket = -1), errno = 9
0x95a19840 (SIPStack task): close error (socket = -1), errno = 9
26

I Can not Ping the phones or the gateway from the server - but can ping www.google.com … is iptables my culprit? I can ping the phone from the server but not the server from any other device on the network. This seems to be an issue…

I am going to bed now…I will pick back up with this tomorrow

thanks all

Jon

27

No, you don’t have a route to the other vlan would be my guess. What is handling routing between the network segments?

28

all the vlans route to each other - handled by the 3550 switch. I actually stopped iptables and I could ping OK. Leaving it disabled allowed my TCP load phone (6941) to register fine (both the line and the ICOM line), but any other extension was getting a 401 unauthorized. I am going to copy the TCP extension config file, I am just assuming now that there is something in there that it doesnt like; the secrets matched OK for each line so that’s the only other thing I can thnk of.

I’m stuck at work until 12 midnight so I will have to wait to play around with it tomorrow.

Thanks again for the help

Jon

29

all the vlans route to each other - handled by the 3550 switch. I actually stopped iptables and I could ping OK. Leaving it disabled allowed my TCP load phone (6941) to register fine (both the line and the ICOM line), but any other extension was getting a 401 unauthorized. I am going to copy the TCP extension config file, I am just assuming now that there is something in there that it doesnt like; the secrets matched OK for each line so that’s the only other thing I can thnk of.

I’m stuck at work until 12 midnight so I will have to wait to play around with it tomorrow.

Thanks again for the help

Jon

30

Just revisited this one - I disabled iptables and now the phones can register. Any ideas there? If I am not opening my PBX to the internet, do I need to have IPTables enabled? Does anyone know of a way that I can see what, exactly, in iptables is stopping the phone registration?

thanks again

31

tftp uses udp port 69 by default

SIP registrations by default need udp 5060 and tcp 5060 if you have enabled tcp in asterisk and the phones are using that.

If you are not connected to the internet and no-one in your connected networks is either, then you can turn off iptables, If there is any access direct or indirect and if you don’t have a firewall you just have to wait for penetration.

Although for “belt and braces” reasons, I use a restrictive IPTables on my servers, if you are comfortable with your internet border firewall’s setup you can rely on that,

Given your VLAN usage and your multiple networks then I can only suggest that you further wrap your head around networking and iptables to suit your less common infrastructure.

Perhaps your bsic tools are netstat (to see what you are serving) and tcpdump to see what is being sent and received.

32

I wrote new config files based off the 6900 phone that registers properly, and the other phones (7971 with 8.4 SIP load and 7962 with 9.3 SIP TCP load) both appear to partially register but have a x on the extension buttons. I can call FROM those phones but calling INTO them results in a fast busy.

33

SIP over TCP transport needs some specific configuration in Asterisk (and for the endpoints in FreePBX also) , and is not enabled by default in many distributions. Have you so done that?

34

Thanks dicko - I will look into iptables further. Although I am confortable with the setup we have now, I would like to eventually get it working with iptables as well to have that added layer of security. My last layer is I use Vitelity with no auto replenish on the account, and only keep a low balance at any given time. Still, iptables would be much more secure!

I am really stumped as to why I am getting a one way registration now.

35

yes, my 6941 phone is running a TCP load and works perfectly. I also have a Panasonic SIP cordless phone, and that registers OK as well - 6941 is 215 and 915, Panasonic is 211:

pbx*CLI> sip show peers
Name/username Host Dyn Forcerport ACL Port Status
206 (Unspecified) D N A 0 UNKNOWN
207 (Unspecified) D N A 0 UNKNOWN
211/211 10.10.50.10 D A 5060 OK (90 ms)
214 (Unspecified) D A 0 UNKNOWN
215/215 10.10.50.38 D N A 1153 OK (12 ms)
907 (Unspecified) D N A 0 UNKNOWN
915/915 10.10.50.38 D N A 1153 OK (13 ms)
7 sip peers [Monitored: 3 online, 4 offline Unmonitored: 0 online, 0 offline]
36

You have a problem in that both 215 and 915 are using the same IP and port, fix that first.

37

those are the only ones that register properly, both of those work fine…incoming, outgoing, calls to a PSTN number all work fine. 215 is the extension of the phone, and since Cisco doesn’t support ICOM the way most SIP phones do, 915 is an extension set to autoanswer on speakerphone when it is called. Both of those function properly.

38

Not at the same time I will wager.

39

I am also confused by what you mean by “One way” registration, they are either registered or not as far as Asterisk is concerned, If they don’t answer to their qualified registration, they are set up incorrectly and you need to look at why.

sip set debug peer XXX

might help you.

40

i will do some more debugging at the peer level and report back, probably tomorrow - off to work I go. Thanks for your suggestions.

Jon