FAQ

From MiRTA PBX documentation
Jump to navigation Jump to search

Asterisk

How can I setup Asterisk to use TLS
Asterisk can use TLS as transport for the signalling, increasing the authentication security and providing extra privacy about the number dialed and other info usually transmitted in clear over the SIP channel. TLS will encrypt only the signalling part, without offering any extra security to the RTP (voice) part. In the [general] section of sip.conf, add the following info, replacing the IP address with the IP address of the server. Provide the certificate and key in pem format.
tlsenable=yes 
tlsbindaddr=213.133.102.85 
tlscertfile=/etc/asterisk/certificates/demo.mirtapbx.com.pem 
tlsdontverifyserver=no 
tlscipher=DES-­CBC3-­SHA 
tlsclientmethod=tlsv1 
transport=udp,tls 

Optionally you can add a port number to tlsbindaddr parameter

Don't forget to set asterisk to listen on tcp:

tcpenable=yes

Optionally you can provide a separate certificate and key

tlscertfile=/etc/ssl/demo.mirtapbx.com.crt
tlsprivatekey=/etc/ssl/demo.mirtapbx.com.key
I think my Asterisk is locked... how can I check it?
If you think your asterisk is locked, probably it is. To be 100% sure, just run the following command and check the result:

This is a locked asterisk

# netstat -nap | grep 5060
tcp        0      0 0.0.0.0:5060                0.0.0.0:*                   LISTEN      26090/asterisk      
udp   213504      0 0.0.0.0:5060                0.0.0.0:*                               26090/asterisk

This is a normal asterisk

# netstat -nap | grep 5060
tcp        0      0 0.0.0.0:5060                0.0.0.0:*                   LISTEN      4127/asterisk       
udp        0      0 0.0.0.0:5060                0.0.0.0:*                               4127/asterisk 

When asterisk locks up, it stops processing SIP packets, so the UDP buffer fills up. In this case an asterisk restart is needed.

How can I enable TCP for SIP (port 5060)?

You need to add the following rows to /etc/asterisk/sip.conf and then reload the SIP module (when you have no traffic)

tcpenable=yes
tcpbindaddr=0.0.0.0
How can I configure Asterisk to listen to multiple ports?

You can't, it is not possible to configure Asterisk to listen to multiple ports. However, you can use an iptables REDIRECT to get the same result. To redirect a single port with iptables:

 iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5090 -j REDIRECT --to-ports 5060

This example redirects UPD port 5090 to port 5060, so you can connect to Asterisk on both of them.

Remember to add this command to any init script, like /etc/rc.local

BLF monitoring is not working!

One of the common pitfall about BLF is to monitor just the extension number and not the "username" as required. So if you are in the tenant "DEMO" and you want to monitor extension 100 with username "100-DEMO", you need to monitor 100-DEMO and not just 100.

What is HANGUP_CAUSE XX?

You can check this piece of code:

#define AST_CAUSE_UNALLOCATED 1
#define AST_CAUSE_NO_ROUTE_TRANSIT_NET 2
#define AST_CAUSE_NO_ROUTE_DESTINATION 3
#define AST_CAUSE_MISDIALLED_TRUNK_PREFIX 5
#define AST_CAUSE_CHANNEL_UNACCEPTABLE 6
#define AST_CAUSE_CALL_AWARDED_DELIVERED 7
#define AST_CAUSE_PRE_EMPTED 8
#define AST_CAUSE_NUMBER_PORTED_NOT_HERE 14
#define AST_CAUSE_NORMAL_CLEARING 16
#define AST_CAUSE_USER_BUSY 17
#define AST_CAUSE_NO_USER_RESPONSE 18
#define AST_CAUSE_NO_ANSWER 19
#define AST_CAUSE_SUBSCRIBER_ABSENT 20
#define AST_CAUSE_CALL_REJECTED 21
#define AST_CAUSE_NUMBER_CHANGED 22
#define AST_CAUSE_REDIRECTED_TO_NEW_DESTINATION 23
#define AST_CAUSE_ANSWERED_ELSEWHERE 26
#define AST_CAUSE_DESTINATION_OUT_OF_ORDER 27
#define AST_CAUSE_INVALID_NUMBER_FORMAT 28
#define AST_CAUSE_FACILITY_REJECTED 29
#define AST_CAUSE_RESPONSE_TO_STATUS_ENQUIRY 30
#define AST_CAUSE_NORMAL_UNSPECIFIED 31
#define AST_CAUSE_NORMAL_CIRCUIT_CONGESTION 34
#define AST_CAUSE_NETWORK_OUT_OF_ORDER 38
#define AST_CAUSE_NORMAL_TEMPORARY_FAILURE 41
#define AST_CAUSE_SWITCH_CONGESTION 42
#define AST_CAUSE_ACCESS_INFO_DISCARDED 43
#define AST_CAUSE_REQUESTED_CHAN_UNAVAIL 44
#define AST_CAUSE_FACILITY_NOT_SUBSCRIBED 50
#define AST_CAUSE_OUTGOING_CALL_BARRED 52
#define AST_CAUSE_INCOMING_CALL_BARRED 54
#define AST_CAUSE_BEARERCAPABILITY_NOTAUTH 57
#define AST_CAUSE_BEARERCAPABILITY_NOTAVAIL 58
#define AST_CAUSE_BEARERCAPABILITY_NOTIMPL 65
#define AST_CAUSE_CHAN_NOT_IMPLEMENTED 66
#define AST_CAUSE_FACILITY_NOT_IMPLEMENTED 69
#define AST_CAUSE_INVALID_CALL_REFERENCE 81
#define AST_CAUSE_INCOMPATIBLE_DESTINATION 88
#define AST_CAUSE_INVALID_MSG_UNSPECIFIED 95
#define AST_CAUSE_MANDATORY_IE_MISSING 96
#define AST_CAUSE_MESSAGE_TYPE_NONEXIST 97
#define AST_CAUSE_WRONG_MESSAGE 98
#define AST_CAUSE_IE_NONEXIST 99
#define AST_CAUSE_INVALID_IE_CONTENTS 100
#define AST_CAUSE_WRONG_CALL_STATE 101
#define AST_CAUSE_RECOVERY_ON_TIMER_EXPIRE 102
#define AST_CAUSE_MANDATORY_IE_LENGTH_ERROR 103
#define AST_CAUSE_PROTOCOL_ERROR 111
#define AST_CAUSE_INTERWORKING 127
#define AST_CAUSE_BUSY AST_CAUSE_USER_BUSY
#define AST_CAUSE_FAILURE AST_CAUSE_NETWORK_OUT_OF_ORDER
#define AST_CAUSE_NORMAL AST_CAUSE_NORMAL_CLEARING
#define AST_CAUSE_NOANSWER AST_CAUSE_NO_ANSWER
#define AST_CAUSE_CONGESTION AST_CAUSE_NORMAL_CIRCUIT_CONGESTION
#define AST_CAUSE_UNREGISTERED AST_CAUSE_SUBSCRIBER_ABSENT
#define AST_CAUSE_NOTDEFINED 0
#define AST_CAUSE_NOSUCHDRIVER AST_CAUSE_CHAN_NOT_IMPLEMENTED
When I change the name of an extension or any properties requiring an extension reload, the extension goes offline after few minutes

Asterisk caches the info for the extension, so when updating the extension, it is pruned and reloaded. It is automatically reloaded with an expire time of 120 seconds. If you have an expire time longer, it will go offline. You can avoid this by setting a longer default expiration time using the following parameter in sip.conf

rtautoclear=3600

Calls are dropping after around 30 seconds when using PJSIP

Some softphones sends INFO packets to the pbx and if you have not activated "TrustRPID", the pbx will not answer and the softphone may hangup the call

Asterisk is not using the correct audio file

When using audio translations, even if placed correctly in /var/lib/asterisk/sounds/<your language code> is always possible asterisk will choose to use the english version because in the "best" format. In this case, it can be good to convert all audio files in multiple formats. Let's make the example to have all audio files for da_DK language in "wav" format, while asterisk is picking up the "ulaw" english version. We can easily convert them using:

 cd /var/lib/asterisk/sounds/da_DK
 for i in `ls *.wav`; do asterisk -x "file convert /var/lib/asterisk/sounds/da_DK/$i /var/lib/asterisk/sounds/da_DK/`basename $i .wav`.ulaw"; done
Asterisk is not reporting the PAUSE event when a phone is auto paused

The name of the event changed from asterisk 13.x to asterisk 16.x and your manager.conf may be still using the old event name. Please check and fix:

 eventfilter=Event: QueueMemberPause
My provider uses DNS SRV entry, how should I configure it?

Configure it as a normal entry, but leave the port to zero. That will force a DNS SRV resolution

How to configure TOS and COS for PJSIP?

The configuration of TOS and COS for PJSIP is separated between the realtime extension and the transport. You can check the PJSIP extension security section and insert the following values:

TOS Audio: ef
TOS Video: af41
COS Audio: 5
COS Video: 4


You can also edit pjsip.conf and enter the following values for each type of transport:

tos=ef
cos=5
I am getting an error in WebRTC client about digest

It can be worth trying to enable the dtls in sip.conf, disable the SSL Cert in Admin/Settings and set the Auto DTLS in the ps_endpoint configuration for PJSIP

Asterisk Errors

What is this error? WARNING[23261]: res_musiconhold.c:719 monmp3thread: poll() failed: Interrupted system call
Nothing to worry, when the Musing On Hold process terminates to play the media file, this error is thrown out, just ignore it
What is this error? WARNING[3221]: func_cdr.c:352 cdr_write_callback: CDR requires a value (CDR(variable)=value)
Nothing to worry, it is a small glitch in the dialplan, but avoiding it will require an extra check, slowing down the call processing, so it is avoided, preferring the warning. Just ignore it.
What is this error? ERROR[24984][C-00008457]: res_fax.c:4364 acf_faxopt_read: channel 'SIP/201-#######-0001547a' can't read FAXOPT(gateway) because it has never been written.
Nothing to worry, it is a small glitch in the dialplan, but avoiding it will require an extra check, slowing down the call processing, so it is avoided, preferring the error. Just ignore it.
What is this error? WARNING[3221]: func_cdr.c:364 cdr_write_callback: Using the CDR function to set 'accountcode' is deprecated. Please use the CHANNEL function instead.
I am using an old syntax to preserve compatibility with older asterisk versions. Just ignore it.
What is this error? WARNING[25144][C-0000845c]: dsp.c:1489 ast_dsp_process: Inband DTMF is not supported on codec #####. Use RFC2833
This is important, you are using an incompatible DTMF format for the codec you selected. Inband DTMF is supported in only a limited number of codec. Use RFC2833 as suggested.
What is this error? NOTICE[9505] manager.c: 217.28.216.250 tried to authenticate with nonexistent user 'admin'
What is this error? NOTICE[9505] manager.c: 217.28.216.250 failed to authenticate as 'admin'
Someone really stupid is trying to connect using the manager interface (port 5038). The manager interface is often locked down by IP address so it is really unlikely to be hacked this way, however this can be just annoying. To stop it after a few attempts, you can tweak the fail2ban to capture also these attempts by adding the following row in /etc/fail2ban/filters.d/asterisk.conf: ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s <HOST> failed to authenticate as '[^']*'$ and reload fail2ban
What is this error? WARNING[26421][C-0000b22f]: chan_sip.c:7350 sip_write: Can't send 10 type frames with SIP write
Asterisk doesn't yet support comfort noise generation. Just ignore it.
What is this error? NOTICE[6534] chan_sip.c: Received SIP subscribe for peer without mailbox: 226-SINI
The extension 226-SINI has sent a "SUBSCRIBE" message to asterisk, but the extension has no voicemail mailbox associated. This can be due to a configuration problem, you forget to associate the MWI mailbox in Configuration/Extension, or an asterisk problem... some time asterisk loads the extension without the mailbox associated. In this case you can restart the phone and deregister the extension, in this way when the phone registers again and subscribe to the voicemail mailbox, it should be loaded correctly. Otherwise you can move that extension to "No (Use externnotify)" in "Send MWI only if subscribed:" and set externnotify=/var/lib/asterisk/agi-bin/vmnotify.php in /etc/asterisk/voicemail.conf
What is this error? WARNING[53344][C-000015c8] app_voicemail.c: SQL Get Data error! coltitle=category
This is a long standing asterisk bug fixed only in later releases... it is harmless and can be ignored
Asterisk is logging INVITE attempts from the Internet, but Fail2ban is not blocking it, like "chan_sip.c
Failed to authenticate device "12345"<sip:12345@demo.mirtapbx.com>;tag=4b18a608" How is it possible to block them? : You need to path the logger.conf file and restart asterisk when possible
 messages => security,notice,warning,error
The manager interface is not reporting all the data
It is possible the system is slow so you need to give to the manager connection more time. Try to add 
 writetimeout=1000

in manager.conf and reload

A call is being reported as FAILED or CONGESTION, how can I get more details about it

You can get additional details pressing on the FAILED or CONGESTION link and check the pcap of the call. If instead you think the problem can be on the asterisk side, you can check the logs of the call. Asterisk under normal configuration reports a very well detailed logs of each activity, so you need to proceed in isolating your call first. You can do starting searching with the date and time of your call. Mind the call started at 2022-08-12 16:09:09, as reported in the Status/Call History. You need to locate this entry in the asterisk logs.

The asterisk logs are located in full files in /var/log/asterisk. These files are rotated daily, so only the latest 10 are available. You need to locate the one containing your date and grep for it, like:

 # ls -la /var/log/asterisk/full*
 -rw-r--r-- 1 root root 2,1M 13 ago 11:37 /var/log/asterisk/full
 -rw-r--r-- 1 root root 4,6M 10 ago 00:02 /var/log/asterisk/full.0
 -rw-r--r-- 1 root root 4,2M 11 ago 00:02 /var/log/asterisk/full.1
 -rw-r--r-- 1 root root 4,3M  9 ago 00:02 /var/log/asterisk/full.10
 -rw-r--r-- 1 root root 3,9M 12 ago 00:02 /var/log/asterisk/full.2
 -rw-r--r-- 1 root root 4,5M 13 ago 00:02 /var/log/asterisk/full.3
 -rw-r--r-- 1 root root 3,3M  3 ago 00:02 /var/log/asterisk/full.4
 -rw-r--r-- 1 root root 3,9M  4 ago 00:02 /var/log/asterisk/full.5
 -rw-r--r-- 1 root root 7,5M  5 ago 00:02 /var/log/asterisk/full.6
 -rw-r--r-- 1 root root 4,3M  6 ago 00:02 /var/log/asterisk/full.7
 -rw-r--r-- 1 root root 3,4M  7 ago 00:02 /var/log/asterisk/full.8
 -rw-r--r-- 1 root root 4,1M  8 ago 00:02 /var/log/asterisk/full.9

As you can see, the 2022-08-12 will be in the /var/log/asterisk/full.3 file.

 # grep "2022-08-12 16:09:09" /var/log/asterisk/full.3
 [2022-08-12 16:09:09] VERBOSE[24114] pbx_variables.c: Setting global variable 'SIPDOMAIN' to 'devel.mirtapbx.com'
 [2022-08-12 16:09:09] VERBOSE[24114] netsock2.c: Using SIP RTP Audio TOS bits 184
 [2022-08-12 16:09:09] VERBOSE[24114] netsock2.c: Using SIP RTP Audio TOS bits 184 in TCLASS field.
 [2022-08-12 16:09:09] WARNING[17516][C-00020673] func_channel.c: Unknown or unavailable item requested: 'peername'
 [2022-08-12 16:09:09] WARNING[17516][C-00020673] chan_sip.c: This function can only be used on SIP channels.
 [2022-08-12 16:09:09] VERBOSE[17516][C-00020673] pbx.c: Executing [800@authenticated:1] NoOp("PJSIP/136-DEVEL-00000033", "Received a call from peer  136-DEVEL from  with CID 136 htek 924 to number 800 for 
 accountcode DEVEL with SIP CALL ID  requesting for a max duration of  SETPEERNAME= ORIGINATEID= BLIND...=") in new stack

Multiple calls can be shown for the same date/time, so you need to identify the correct one and get the Asterisk Call identification, C-00020673 and grep again for this value, getting the whole call details

 # grep "C-00020673" /var/log/asterisk/full.3 | more
 [2022-08-12 16:09:09] WARNING[17516][C-00020673] func_channel.c: Unknown or unavailable item requested: 'peername'
 [2022-08-12 16:09:09] WARNING[17516][C-00020673] chan_sip.c: This function can only be used on SIP channels.
 [2022-08-12 16:09:09] VERBOSE[17516][C-00020673] pbx.c: Executing [800@authenticated:1] NoOp("PJSIP/136-DEVEL-00000033", "Received a call from peer  136-DEVEL from  with CID 136 htek 924 to number 800 for 
 accountcode DEVEL with SIP CALL ID  requesting for a max duration of  SETPEERNAME= ORIGINATEID= BLIND...=") in new stack
 [2022-08-12 16:09:09] VERBOSE[17516][C-00020673] pbx.c: Executing [800@authenticated:2] NoOp("PJSIP/136-DEVEL-00000033", "Transfer:  -  -  -  - ") in new stack
 [2022-08-12 16:09:09] VERBOSE[17516][C-00020673] pbx.c: Executing [800@authenticated:3] NoOp("PJSIP/136-DEVEL-00000033", "FROMQUEUEID: ") in new stack
 [2022-08-12 16:09:09] VERBOSE[17516][C-00020673] pbx.c: Executing [800@authenticated:4] GotoIf("PJSIP/136-DEVEL-00000033", "1?5:6") in new stack
 [2022-08-12 16:09:09] VERBOSE[17516][C-00020673] pbx_builtins.c: Goto (authenticated,800,5)
 ...
 [2022-08-12 16:09:11] VERBOSE[17516][C-00020673] pbx.c: Executing [800@dialoutbound:1618] Dial("PJSIP/136-DEVEL-00000033", 
 "PJSIP/800@onlypjsiptest,60,U(destChannelActions^external^wav^^^^^on^)b(pjsip_header,setpjsipheader,1)Tto()") in new stack
 [2022-08-12 16:09:11] WARNING[17516][C-00020673] app_dial.c: Unable to create channel of type 'PJSIP' (cause 3 - No route to destination)
 [2022-08-12 16:09:11] VERBOSE[17516][C-00020673] app_dial.c: No devices or endpoints to dial (technology/resource)
 [2022-08-12 16:09:11] VERBOSE[17516][C-00020673] pbx.c: Executing [800@dialoutbound:1619] Goto("PJSIP/136-DEVEL-00000033", "1739") in new stack
 [2022-08-12 16:09:11] VERBOSE[17516][C-00020673] pbx_builtins.c: Goto (dialoutbound,800,1739)

Linux System

My CentOS 6 is out of support

CentOS 6 support has expired on 1st December, however, you can continue to use it, but it is important to change the repo destination to "Vault". You can do easily using the following command

 cd /etc/yum.repos.d/ ; mv CentOS-Base.repo CentOS-Base.repo.old ; wget http://devel.mirtapbx.com/mirtapbx_support/centos6/CentOS-Base.repo ; yum clean all ; mv epel.repo epel.repo.old ; wget http://devel.mirtapbx.com/mirtapbx_support/centos6/epel.repo ; yum --security upgrade ; \rm /etc/yum.repos.d/CentOS-SCLo-scl-rh.repo /etc/yum.repos.d/CentOS-SCLo-scl.repo
My CentOS 7 is out of support

CentOS 7 support has expired on 30 June 2024, however, you can continue to use it, but it is important to change the repo destination to another mirror. You can do easily using the following command

 cd /etc/yum.repos.d/ ; mv CentOS-Base.repo CentOS-Base.repo.old ; wget http://devel.mirtapbx.com/mirtapbx_support/centos7/CentOS-Base.repo ; mv CentOS-SCLo-scl.repo CentOS-SCLo-scl.repo.old ; wget http://devel.mirtapbx.com/mirtapbx_support/centos7/CentOS-SCLo-scl.repo ; mv CentOS-SCLo-scl-rh.repo CentOS-SCLo-scl-rh.repo.old ; wget http://devel.mirtapbx.com/mirtapbx_support/centos7/CentOS-SCLo-scl-rh.repo ; yum clean all ; yum --security upgrade 
I can't connect from a more recent server based on CentOS 9 to old servers

update-crypto-policies --set LEGACY

then reboot

How can I change the system hostname in CentOS 7
 hostnamectl set-hostname host.example.com --static
When a conference is going to start, I get the message app_meetme.c:1296 build_conf: Unable to open DAHDI pseudo device
It seems the dahdi kernel module is not started or not compiled/available for your running kernel. It is possible you have upgraded your kernel and restarted your system. Try restarting the dahdi by using the command:
/etc/init.d/dahdi restart

If it doesn't fix the issue, try recompiling dahdi module, going in /usr/local/src/dahdi-linux-complete-*

and running:

make
make install
/etc/init.d/dahdi restart
How can I change the kernel to be booted?

Check the current running kernel with

 grubby --default-kernel

Check the index it is running with

 grubby --default-index

Check all the kernel installed with

 grubby --info=ALL

You can change the booting kernel using the name with

 grubby --set-default [kernel-filename]

or the index

 grubby --set-default-index=[kernel-entry-index]  
How can I install a specific kernel version?

You can check all the kernel version available using

 yum --showduplicates list kernel

You can install an older version using:

 yum -y install 5.14.0-391.el9

At boot time, the clock is wrong

It is possible your RTC (Realtime clock) is set on a different time. You can reset the RTC clock to the Local time using

 hwclock --systohc

To check the status

 timedatectl status
The web interface session is expiring too often, I need always to reauthenticate, how can I make it run longer?
You should change the session timeout value in php.ini and then restart the web server process, by default is 2880 seconds, set as long as you like
session.gc_maxlifetime = 2880
How can I upgrade to PHP 5.5 to use AWS S3 Storage?
System is now shipped with PHP 5.5 already installed, but previous installations were using the standard PHP version which is not suitable for AWS S3 because it requires PHP 5.5. On CentOS 6 64bit You can upgrade with the following steps:
rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm
yum -y install yum-plugin-replace
yum replace php-common --replace-with=php55w-common
yum install php55w-opcache
rpm --import https://mirror.webtatic.com/yum/RPM-GPG-KEY-webtatic-andy
service httpd restart
How can I change the server IP?
To change the server IP you need to refer to your OS documentation, but after you have changed your IP, there are a series of changes to be applied to MiRTA PBX:
  • /etc/odbc.ini, /var/www/html/pbx/include/db.inc.php and /var/lib/asterisk/agi-bin/include/db.inc.php – contain the IP for the database server. If you are running a cluster with MySQL multimaster replication, please refer to MySQL documentation on how to change a node IP and realign the replication.
  • /etc/asterisk/sip.conf – contains the server itself definition used to allow the server to call itself. If you are running your server behind a NAT, it can be needed to change also the externip parameter. Once changed, you need to reload SIP (asterisk -rx 'sip reload'). Please note all extensions will be deregistered.
  • /etc/asterisk/manager.conf – allows the web interface to access the manager interface. Once changed, you need to reload the manager interface (asterisk -rx 'manager reload')
  • /etc/hosts – it is important to have the server host to resolv correctly to the new IP. Please don't use 127.0.0.1 as server IP
  • /var/lib/asterisk/agi-bin/devstate.conf.php – lists the servers available in the pool to distribute the extension state. Status exchange is done over port 19771 using UDP protocol. Once the new IP has been inserted, you need to kill devstatesender.php and devstatereceiver.php processes, these will be automatically restarted.

Finally, you need to change the server IP defined in the web interface, using Admin/PBX Nodes. It can be a good idea to update the Always Allowed IP in the Admin/Security/GeoIP Fail2ban. It can be possible you need to request a new license for the server due to the change in IP. Please remember asterisk will still works and call will be processed normally even with an expired or not valid license.

I want to put an additional firewall, which ports need to be open?
You can identify three kinds of connections:
  1. Connections from outside: your clients will need to connect to port tcp/80 and tcp/443 for web interface, udp/5060, tcp/5060, udp/5080, tcp/5061, tcp/5081 for SIP and from udp/10000 to udp/20000 for RTP (audio). If you have enabled multimanager, open port tcp/5039
  2. Connections between multiple servers: your servers need to talk each other in several ports. In addition to the above ports, you'll need to open tcp/5038 for manager, tcp/3306 for MySQL, udp/19771 for devstate alignment
  3. Connections from management servers: please keep open port tcp/22 from my IP and port tcp/5666 from Nagios server, if service subscribed.
I am a bit worried about memory usage, I see the server has only few megabytes free

Just checking the availabile free memory is not enough to understand the health of a system. You should sum up the free and cached memory. On a real busy server with Voipmonitor pumping a lots of megabytes in the database, it is easy to see an high usage of cached memory. If you feel safer to leave some memory free, you can force the system to release all the cached memory with the command:

echo 3 > /proc/sys/vm/drop_caches
I have lots of connections in TIME_WAIT state

You can mitigate this problem by instructing Linux to recycle old connections:

echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
My system is running very slow even if I have lots of RAM and lots of CPU

Your system can be running slow because you have power saving. You can check your CPU power saving mode with:

cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor

You can set all your CPU cores to "performance" by running

for CPUFREQ in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do [ -f $CPUFREQ ] || continue; echo -n performance > $CPUFREQ; done

If you are running CentOS 6, your kernel can have problems in dealing with large memory. It can be good to disable the memory defrag with

echo 0 > /sys/kernel/mm/transparent_hugepage/khugepaged/defrag
echo never > /sys/kernel/mm/transparent_hugepage/defrag
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/redhat_transparent_hugepage/defrag

You may want to try running on a newer kernel (but beware, dahdi may not compile) by installing a new kernel-ml repository using the following link

http://elrepo.org/tiki/tiki-index.php

I can't connect to external services, like IBM Watson, it seems a certificate problem.

Like any other browser, your system needs to have a list of CA authorized to issue certificate. The one used by IBM Watson has been updated and you are not recognizing it. Please download the updated list of CA and then copy where curl is expecting it

curl-config --ca
wget --no-check-certificate https://curl.haxx.se/ca/cacert.pem
cp cacert.pem /etc/pki/tls/certs/ca-bundle.crt
How to configure a SFTP server

You can easily configure an SFTP server adding the user you want to use, adding a group sftpusers, putting the user in the group and then adding the following info in /etc/ssh/sshd_config

Subsystem sftp internal-sftp
# add follows to the end
Match Group sftp_users
  X11Forwarding no
  AllowTcpForwarding no
  ChrootDirectory /home
  ForceCommand internal-sftp
Which ports need to be open?

If you are running a single node, you need to open the following ports:

For SIP:

 5060/udp
 5060/tcp
 5061/tcp
 5080/udp
 5080/tcp
 5081/tcp
 5082/tcp  

For RTP:

 From 10000 to 20000 udp

If you are running multiple nodes in cluster, you need to open also the following ports between the nodes:

For MySQL:

 3306/tcp

For extension state replication:

 19771/udp

For manager:

 5038/tcp
I have restarted my server and now asterisk is crashing under the load

It may happen if you have too many chan_sip phones. Under normal circumstances, the system works great, but once restarted, all the phones are trying to register at the same time and asterisk crashes. In this case can be convenient to use the firewall to schedule the registration.

 iptables -X
 iptables -F
 iptables -I INPUT -s 0.0.0.0/0 -j DROP
 export i=1 ; while [ $i -lt 255 ]; do iptables -I INPUT -s $i.0.0.0/8 -j ACCEPT ; export i=$(($i+1)) ; sleep 3s ; netstat -nap | grep 5060 ; asterisk -rx 'sip show peers' | tail -10 ; done
The pdftk process is running endlessyat 100% CPU

Some older versions have this problem. Please upgrade to a newer one available from https://www.pdflabs.com/docs/install-pdftk-on-redhat-or-centos/

I can't load kernel modules due to "Key was rejected by service"

You have Secure Boot enabled, don't you? In that case it's working as designed. See the Secure Boot status with dmesg | grep -i secure .

If you need to load that module, you will need to disable Secure Boot from your firmware (BIOS). By doing that you will of course lose the protection provided by UEFI Secure Boot.

MySQL

MySQL replication is broken with "Relay log read failure: Could not parse relay log event entry. The possible reasons are: the master's binary log is corrupted (you can check this by running 'mysqlbinlog' on the binary log), the slave's relay log is corrupted (you can check this by running 'mysqlbinlog' on the relay log), a network problem, or a bug in the master's or slave's MySQL code. If you want to check the master's binary log or slave's relay log, you will be able to know their names by issuing 'SHOW SLAVE STATUS' on this slave.", how can I fix it?
MySQL multimaster replication needs some advanced MySQL skills. If you do not have them, it is better if you refer to MiRTA PBX support and subscribe a "Nagios monitoring and OS management" service. If instead you have the needed knowledge, understanding that a wrong action can get things worst and you may lose data, to recover from this problem you need:
  • Get the MySQL slave status with "show slave status"
  • Stop the slave replication with "stop slave"
  • Reset the relay log with "reset slave"
  • Reinitialize the relay log with "change master to master_log_file='<Relay_Master_Log_File>', master_log_pos=<Exec_Master_Log_Pos>"
  • Start the slave replication with "start slave"
I have lost the me_media table
It is easy to panic and to abruptly remove the big voipmonitor.me_media table who is filling your disk, but now you need to recreate it and maybe reduce the retention period for voipmonitor data file. I have created a script as protected/recreatememedia.php doing this job.
MySQL time is wrong
It is possible your mysql has no more valid timezone informations. Please run the following command:
mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql
I need to skip lots of voipmonitor add partition collisions

Why don't use a script like

 while [ 1 ]; do if [ `echo "show slave status for channel 'from_voip3_to_voip1'" | mysql -u root -ppassw0rd | grep voipmonitor | wc -l` -gt 0 ]; then echo "stop slave for channel 'from_voip3_to_voip1'; set global sql_slave_skip_counter=1; start slave for channel 'from_voip3_to_voip1'" | mysql -u root -ppassw0rd; fi; sleep 5s; echo "show slave status for channel 'from_voip3_to_voip1'\G" | mysql -u root -ppassw0rd | grep Seconds_Behind_Master;  done
MySQL max open file limit is 5000

The standard MySQL install has an open file limit of 5000 files. To raise this limit, edit the file /usr/lib/systemd/system/mysqld.service and set like

 LimitNOFILE = 32768

then reload the service with:


 systemctl daemon-reload
 service mysqld restart

If instead you still run CentOS 6, you can add the following to my.cnf and restart mysqld

 open_files_limit = 32768
I need to connect to MySQL using SSL

From version 4.0.13 is possible to connect to MySQL using SSL. A small change is needed on both /var/www/html/pbx/include/db.inc.php and /var/lib/asterisk/agi-bin/include/db.inc.php adding the following rows in the right place:

 $dbconn=NewADOConnection($dbtype);
 $dbconn->ssl_capath="";
 $dbconn->clientFlags=MYSQLI_CLIENT_SSL;
 $GLOBALS['ADODB_SESS_CONN']=$dbconn;
I need to load timezone data in MySQL

You can do from your database server running:

 mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p MySQL
Where do I find MySQL 5.5 ?

Use this command:

 yum install http://repo.mysql.com/yum/mysql-5.5-community/el/7/x86_64/mysql-community-release-el7-5.noarch.rpm
How fast should be MySQL?

It is not easy to measure the performance of MySQL, but there is a script you can try to run in /var/www/html/pbx/protected

These are some performance analysis, just to compare

 # php check_performance.php
 Checking voicemail table
   Collected 1269 queries
   Running 100 cycles
   Time required: 11.420516967773
   Time for 1000 requests: 8.9996193599475
 Checking sipfriends table
   Collected 256 queries
   Running 100 cycles
   Time required: 3.5946228504181
   Time for 1000 requests: 14.041495509446
 Checking st_states table
   Loading 100000 queries
   Time required: 14.124006986618
   Time for 1000 requests: 0.14124006986618
I can't upgrade MySQL, the GPG key is expired or invalid
 rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Extensions

Can I use an extension to connect a remote PBX to the system?
Yes, but you need to enable the “trunk” feature for the extension or otherwise the Caller ID of the call coming from the remote PBX will be overwritten.
When I use server side attended or unattended transfer (#* and ##), there is no enough time to dial the destination extension!
The default timeout is set to 3 seconds, but the “transfer” message is played inside this time, so it may seem shorter. You can increase the timeout of the transfer by editing the /etc/asterisk/features.conf and changing the value for transferdigittimeout to the amount of seconds you like. Once done, reload the module from within asterisk with “module reload features”
When I try to recover the Voicemail, it says the PIN is invalid
Most of the time, there is a problem with DTMF, check the log for the call in /var/log/asterisk/full if you see this message:  dsp.c: Inband DTMF is not supported on codec g729. Use RFC2833 In this case, change the DTMF setting on the PBX from “auto” to RFC2833 and if possible, also on the phone

Queues

How can I get rid of the message "All of our representatives are currently..."
You need to set to 0 (zero) the Announce Frequency

Conference

Sometime the quality is really bad... is there anything I can do?
Try increasing the number of audiobuffers in meetme.conf and reload the module

Voicemails

A caller leaves a voicemail for an extension, but that voicemail is not appearing
The voicemail box can be locked, please check if in there a .lock file in the INBOX

folder, like in this example:

#find /var/spool/asterisk/voicemail/pulmonarycriticl/100/
/var/spool/asterisk/voicemail/pulmonarycriticl/100/
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Cust2
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Urgent
/var/spool/asterisk/voicemail/pulmonarycriticl/100/INBOX
/var/spool/asterisk/voicemail/pulmonarycriticl/100/INBOX/.lock
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Work
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Cust3
/var/spool/asterisk/voicemail/pulmonarycriticl/100/Old
/var/spool/asterisk/voicemail/pulmonarycriticl/100/tmp
/var/spool/asterisk/voicemail/pulmonarycriticl/100/tmp/Av5Vqa.wav
/var/spool/asterisk/voicemail/pulmonarycriticl/100/tmp/Av5Vqa

Just remove it. About the source of the lock… maybe your asterisk server has crashed in the middle of a voicemail message.

MWI has stopped working, it is a periodic issue for my clients

Yes, MWI is often a problem and it is not clear where the problem is, if in the phones or in asterisk. In a normal SIP environment, the phone subscribe to MWI and start getting notify about the status. Subscription needs to be refreshed, like registration and this can be the source of the problem. To get rid of it, use "Externnotify"

Externnotify.png

Before doing it, you should check if the extern notification has been correctly setup in your system. Edit /etc/asterisk/voicemail.conf and check if the externnotify has been set as following.

externnotify=/var/lib/asterisk/agi-bin/vmnotify.php

If not, set it and reload voicemail module

I can't listen to voicemails anymore

It is possible you are running MySQL from MySQL repository and a bugged ODBC version has been installed. Any version above 8.0.11 has a problem affecting asterisk and until Asterisk or MySQL dev teams fix it, we need to run the old version.

 yum -y install yum-plugin-versionlock
 yum -y downgrade mysql-connector-odbc-8.0.11
 yum versionlock mysql-connector-odbc-8.0.11

Unfortunately a module reload doesn't work and you need to restart asterisk

Voipmonitor

Register attempts data

To enable the registration and subsequent consultation of access attempt edit

/etc/voipmonitor.conf

and change to yes the following parameter:

sip-register = no

Then restart Voipmonitor:

service voipmonitor restart

Miscellaneous

My clients are getting ghost calls from weird numbers not logged in MiRTA PBX
Those ghost calls are attempts made by “hackers” to place rogue calls, usually to premium rate numbers. They start by analyzing large part of Internet trying to connect to port 5060, the standard port used by PBX and phones. If they detect an answer, they try placing some calls using different formats. If one of these calls has success, then they start to send hundred of calls to premium rate numbers. They get some money rewards by phone companies. To avoid this issue, you can place the phone behind a firewall or NAT router, allowing only the PBX to connect or you can configure the phone to accept calls only from registered server. This option has several names depending by the phone brand.
When a call has no callerid, is received as “asterisk”. How can I change it?
You can change setting the “callerid” parameter in the sip.conf and then reload sip from asterisk. Remember it will disconnect all clients connected.
My Music on Hold is starting from the middle, but I want it to be started from the start each time
There are two ways to run Music on Hold... you can run a single process for all clients waiting in queue or you can start a new process for each of the clients. Obviously the first way is preferred if you have a big number of clients awaiting, but it has the drawback of having the MOH process to stream the music continuously, so a client joining the queue will start listening it not from the start. The second way can be activated by changing the musiconhold.conf and disabling cachertclasses
[general]
cachertclasses=no   ; use 1 instance of moh class for all users who are using it,                                                                                                                                 
                    ; decrease consumable cpu cycles and memory                                                                                                                                                  
                    ; disabled by default                             

This setting is PBX wide and cannot be turned on/off based on tenant

When I try to login into the web interface, an error message tell me "You are not allowed to connect right now, try later", but my username/password are correct
The problem is due to the fact someone from your IP has tried connecting too many times and the system has been configured to check for past failed attempts. You can disable the "Web fail2ban" by using SSH and editing the table se_settings. MySQL root password is "passw0rd"
echo "update se_settings set se_value='' where se_code='WEBFAIL2BAN'" | mysql -u root -p
When using Mail to Fax, I cannot acces my Gmail account, even if the password is correct
Gmail doesn't like you to access your mailbox over IMAP or POP3 too often. If you want to still access it every minute (the default Mail to Fax rate), you need to enable "Allow less secure apps". https://support.google.com/accounts/answer/6010255?hl=en
Lesssecureapps.png
What should I enter to select "Voicemail Same Number" in an extension field in the New Items Defaults?
Please enter SAMENUMBERVM
I enabled Google ReCaptcha with a wrong configuration and now I can't login anymore
Please connect to your database server and run:
echo "update se_settings set se_value='' where se_code='USERECAPTCHA'" | mysql -u root -ppassw0rd asterisk
What are the devstatesender and devstatereceiver processes for?

The devstatesender.php and devstatereceiver.php are two processes that need to be always running. They are run at startup by /etc/rc.local using two scripts, restartdevstatesender.sh and restartdevstatereceiver.sh. When one of the PHP process dies or it is killed, the sh script will run it again. You should never run them manually, but always let the sh script to run them. If the sh scripts are not running, you may think of restarting the server or run them manually by executing the script as shown in /etc/rc.local.

This PHP scripts read the AMI events from one of the servers and distribute them to all other servers. These pair is scripts is needed to run even if there is a single node in the cluster.

My provider wants to receive the PAI address in clear even for Anonymous calls

In this case you can use the additional header in the provider definition with something like:

using the default outbound callerid of the extension:

P-Asserted-Identity: "${HASH(PEER,ex_cidnum)}${HASH(peerdetails,ex_cidnum)}" <sip:${HASH(PEER,ex_cidnum)}${HASH(peerdetails,ex_cidnum)}@pbx.yourdomain.com>

or using the billingcode defined in the tenant

P-Asserted-Identity: "${BILLINGCODE}" <sip:${BILLINGCODE}@pbx.yourdomain.com>

Phones

How can I avoid to receive a new call while I am already in a conversation?
You can receive another call while on line because the feature “Call Waiting” is active on your phone. Turn it off and the second call will get a BUSY signal. Disabling on the phone depends by the phone model, for example on Yealink it is here:
Yealink callwaiting.png
How can I allow a SNOM phone to auto answer on paging?
SNOM has a security setting to prevent auto answer, so it has to be enabled to make it to work. On version V8 you need to go to Advanced / Behaviour (tab) / Phone Behaviour / Intercom policy
Snom intercom.png

Provisioning

My phone refuse to provision, but when I download the configuration, it seems perfect
If you are trying to provision over https, then check if the SSL certificate is valid. Phones require a valid certificate for provisioning. Verify the date and time on the phone because the certificate has a start and end date of validity. As last chance, try provisioning with http, but just to verify if the problem is in the certificate (some phones are really picky about certificates), then change the key and the extension password.

PHP

I have upgraded PHP to version 5.x/7.x but now my Admin/Settings is no more working
The Admin/Settings page and few others include the Ivona library and you need to upgrade the requirements, based on your php version. Please move in that directory and then update using composer:

cd /var/www/html/pbx/libs/IvonaSpeechCloudSdkPhp

php composer.phar update

Tenants mixup

This should not happen, but I see it is still sometime happening or maybe they are old interface errors coming only now to light. When you are editing a page and in another tab you change the tenant, saving the first page can lead to a mixup because you are saving in a different tenant. Unfortunately the browsers don't allow different security environment for each tab.

To detect if you have any of these mixup, you can run the following query

 select count(distinct de_te_id),de_type_src,de_type_id_src from de_destinations group by de_type_src,de_type_id_src having count(distinct de_te_id)>1;

You can obtain the following output:

 +--------------------------+---------------+----------------+
 | count(distinct de_te_id) | de_type_src   | de_type_id_src |
 +--------------------------+---------------+----------------+
 |                        2 | FLOW          |             88 |
 |                        2 | QUEUE-TIMEOUT |            413 |
 +--------------------------+---------------+----------------+

You can check what happened, by investigating the records for the queue:

 mysql> select qu_te_id from qu_queues where qu_id=413;
 +----------+
 | qu_te_id |
 +----------+
 |      719 |
 +----------+
 1 row in set (0.00 sec)
 mysql> select * from de_destinations where de_type_src='QUEUE-TIMEOUT' and de_type_id_src=413;
 +--------+----------+---------------+----------------+-------------+----------------+--------+
 | de_id  | de_te_id | de_type_src   | de_type_id_src | de_type_dst | de_type_id_dst | de_ord |
 +--------+----------+---------------+----------------+-------------+----------------+--------+
 | 185731 |        6 | QUEUE-TIMEOUT |            413 | VOICEMAIL   |             81 |      1 |
 | 192043 |      719 | QUEUE-TIMEOUT |            413 | VOICEMAIL   |           4285 |      1 |
 +--------+----------+---------------+----------------+-------------+----------------+--------+
 2 rows in set (0.00 sec)


Here you can see the destination for QUEUE-TIMEOUT with id 413 is both VOICEMAIL in both tenant 6 and tenant 719, but the queue is in tenant 719, so the entry with de_id 185731 needs to be removed.

Email

I cannot receive email for recordings, maybe the recording size is too big

Try to increase the max size limit for the message in /etc/postfix/main.cf

 message_size_limit=102400000