Saturday, March 16, 2013

Connecting Two Astreisk Boxes Using SIP Trunk Peering

You can peer two asterisk boxes together using SIP or IAX2.This means that we can call from extension connected the asterisk 1 to extension connected to asterisk two.Diagrammatically this can be like as follow.

           
I think now the picture is more clear to you.that what am going to tell you.

Session Initiation Protocol (SIP)) is a signalling protocol used for setting up and tearing down Voice over Internet Protocol (VOIP) calls. Voice over Internet Protocol makes the transition from traditional conference calls to conference calling via the world wide web. A SIP call uses two protocols: SIP and RTP. Real Time Protocol (RTP) is used for the transfer of the actual voice data. If you want to find out more about SIP visit Wikipedia's SIP page.

The first step in setting up an SIP trunk is to draw a picture of what you need to do. Here's an example of a simple PBX to PBX connection that will be using a User/Peer pairing to form a SIP trunk. The two PBXs are name 106 and 111 after their IP host address. They could very well be named Montreal and New York. PBX 106 has all their extensions starting with 3xxx while PBX 111 has all of their extensions starting with 2xxx. This will be handy when making outbound routes.


The SIP trunks are drawn as arrows pointing to their PBX peer and named based on their destination which seems like a good practise. 111-Peer is going from PBX 106 to PBX 111 and 106-Peer is going from PBX 111 to PBX 106. I've left an area on both sides for configuration information.
Note: It is good practise to indicate the protocol used in the naming of trunks, users and peers (ex. 106-SIPpeer). This is very important if you are using multiple protocols for trunking (IAX, SIP and T1). Adding the protocol to the trunk names will create a unique entry and prevent unintentional confusion in the dialplans between trunking protocols!
On the PBX 106 side, I will need to configure an outbound trunk called 111-peer which will connect to the opposite PBX using the account 106-user. PBX 111 will need to create a user account called 106-user on the inbound trunk. It makes sense to call the user account 106-user because that's who is going to register to PBX 111.
Additionally, on PBX 106, we will need an user account called 111-user so that PBX 111's outbound trunk 106-peer can register to. On PBX 111's outbound trunk 106-peer, we tell it to use user 111-user.
The trunk names and usernames can be called anything you like. I tried to use names that would help explain what is happening.
I've made up a SIP trunk using Peer/User pairing configuration tool in an Excel spreadsheet that creates both PBX 106 and PBX 111's trunk configuration. It is easy and fast to do and takes all the guess work out of it. You enter in the IP address (or domain name) of each PBX, the names for the two trunks, the names for the two users and the user passwords. It spits out the configurations for both PBXs in the same format that you see in the FreePBX Add Trunk menu.
The following pages go through the steps to configure the PBXs using the FreePBX interface. We will configure the trunks one side at a time starting with PBX 106. Once both PBXs have their SIP trunks up, we will configure the outbound routes.
  1. Configuring the SIP Trunks
    1. Configuring PBX 106 SIP Trunk
    2. Configuring PBX 111 SIP Trunk
    3. Testing the SIP trunks
  2. Configuring the Outbound Routes We will be configuring the outbound route for dialing directly to the extension of the peer PBX.

    • Creating PBX 106's Outbound Route
    • Creating PBX 111's Outbound Route
  3. Now you should be able to dial through each PBX to its peer from any SIP, IAX2 or POTS extension. You can check the status of the phones online and trunks online through FreePBX Statistics window
    In creating the trunks, there was no limit put on the maximum number of channels that can use the trunk. For the above FreePBX Statistics window, I had 4 phones (channels) connected in 2 connections (external calls) across the SIP trunk. There are two IP trunks shown here as one is an IAX2 trunk and the other the newly created SIP trunk.
    Two channels were IP phones, one was an IAX2 S100i POTS to IAX2 adapter and one FXS pots phone. All worked beautifully! You don't have to configure any protocol translations - the PBX does it all for you.


    Configuring PBX 106 SIP trunk

    We are going to create a SIP trunk called 111-peer that will connect to PBX 111. At PBX 111 we will be connecting to PBX 111's sip trunk called 106-peer. Confusing? Yes sir!
  4. Select Add Trunk from the FreePBX main setup menu
  5. Select Add SIP Trunk
  6. Nothing to do here, so go to the Outgoing Settings section
  7. Above are the default values which we will change to
  8. Here's the explanation of the changes:
    • Trunk Name: 111-peer - you can name this anything you like, we're going to PBX 111 so 111-peer sounds like a good name
    • host=192.168.1.111 - IP address or domain name of the peer PBX you want to connect to
    • username=106-user - this is the name of PBX 111's user account to authenticate to.
    • fromuser=106-user - this is used during authentication during the SIP invite
    • secret=106-password - this is the password that is used to authenticate the 111-peer SIP trunk to PBX 111.
    • type=peer - this indicates that this trunk is the peer.
    • qualify=yes - this line is optional. It periodically pings its peer to keep the connection alive.
  9. Here's the default settings for the Incoming Settings.
  10. Configure the user account for PBX 111 in this section:
    • 111-user - This creates the account that PBX 111 will use on PBX 106
    • secret=111-password - This is the password for 111-user account
    • type=user - This is a user account in the user/peer pairing
    • context=from-trunk - This account is accessed by a trunk
  11. Press submit, update and reload.
  12. Now go to Configuring PBX 111 SIP trunk

Configuring PBX 111 SIP trunk

We are going to create a SIP trunk called 106-peer that will connect to PBX 106. At PBX 106 we will be connecting to PBX 106's sip trunk called 111-peer.
  1. Select Add Trunk from the FreePBX main setup menu
  2. Select Add SIP Trunk
  3. Nothing to do here, so go to the Outgoing Settings section
  4. These the default values which we will change to
  5. Here's the explanation of the changes:
    • Trunk Name: 106-peer - you can name this anything you like, we're going to PBX 106 so 106-peer sounds like a good name
    • host=192.168.1.106 - IP address or domain name of the peer PBX you want to connect to
    • username=111-user - this is the name of the SIP trunk coming from PBX 106
    • fromuser=111-user - this is required by the SIP invite authentication process
    • secret=111-password - this is the password that is used to authenticate the 111-user account
    • type=peer - sets the trunk as a peer in the user/peer pairing
    • qualify=yes - this line is optional. Periodically pings to keep the connection alive.
  6. Here's the default settings for the Incoming Settings.
  7. Configure the user account in this section:
    • 106-user - This creates the account that PBX 106 will use on PBX 111
    • secret=106-password - This is the password for 106-user account
    • type=user - This is a user account in the user/peer pairing
    • context=from-trunk - This account is accessed by a trunk
  8. Press submit, update and reload.

Testing a SIP trunk


  1. Testing PBX 106 At this point, we are ready to verify that the SIP trunk is alive. The "qualify=yes" line sends an option packet every 60 seconds to see if the destination is alive. If the destination does not respond within 2 seconds for 7 tries in a row, it will be marked as unreachable.
    At the asterisk CLI for PBX 106, I've typed the command 'sip show peers":


    • 111-peer/106-peer means:
      • 111-peer - this is the trunk name
      • 106-peer - this is the username
    • 192.168.1.111 - This is the address of the PBX that we are trunking to
    • Dyn - Is it dynamic port addressing or not. I believe that dynamic is for SIP phone extensions and blank is for SIP trunks. I've also read that is could be for dynamic IP addressing. I'll verify this in the lab.
    • Nat - N - We haven't enabled Network Address Translation (NAT) for this trunk
    • ACL -Not sure what this means at this time
    • Port - This is the port that SIP is operating on. It should be 5060 for a SIP trunk. The other ports are dynamically assigned for SIP extensions.
    • Status - If you have the line "qualify=yes", the status will be "OK" with a time in brackets. If you don't add the line, then it will be indicated as "unmonitored" which makes me uncomfortable. Regardless the trunk will still work
    The result is that we are connecting on trunk 111-peer using user 106-peer to the PBX at 192.168.1.111 using port 5060, not NAT and things are OK with a 1 mS ping time. Even if it displays "OK", you may still have SIP authentication issues and the dreaded "All circuits are busy now. Please try your call later." If you are receiving this error message, consult the Troubleshooting SIP webpages.
  2. Testing PBX 111
    At the asterisk CLI for PBX 111, I've typed the same command 'sip show peers":



    This verifies that we are connecting on trunk 106-peer using user 111-peer to the PBX at 192.168.1.106 using port 5060, not NAT and things are OK with a 1 mS ping time. Even if it displays "OK", you may still have SIP authentication issues and the dreaded "All circuits are busy now. Please try your call later.". If you are receiving this error message,

    Configuring PBX 106's Outbound SIP Trunk

    This example will configure an Outbound Route so that PBX 106 extensions can dial PBX 111 extensions directly. You start by selecting Outbound Routes

  3. Direct Dial PBX 111's Extensions This outbound rule allows PBX 106 extensions (3xxx) to directly dial PBX 111's extensions (2xxx). For example, to dial PBX 111's extension 2001. You dial 2001.

    Three things to configure:

    • Route Name: 111-dial-2xxx - Can be anything, be descriptive so you remember what it is 6 months from now when it stops working!
    • Dial Patterns: 2xxx - This says any 4 digit extension starting with 2 will be forwarded to the designated trunk.
    • Trunk Sequence: SIP/111-peer - This is the trunk that we configured that goes to PBX 111 


Configuring PBX 111's Outbound SIP Trunk

This example will configure an Outbound Route so that PBX 111 extensions can dial PBX 106 extensions directly. You start by selecting Outbound Routes


  • Direct Dial PBX 106's Extensions This outbound rule allows PBX 111 extensions (2xxx) to directly dial PBX 106's extensions (3xxx). For example, to dial PBX 106's extension 3001. You dial 3001.

    Three things to configure:

    • Route Name: 106-dial-3xxx - Can be anything, be descriptive so you remember what it is 6 months from now when it stops working!
    • Dial Patterns: 3xxx - This says any 4 digit extension starting with 3 will be forwarded to the designated trunk.
    • Trunk Sequence: SIP/106-peer - This is the trunk that we configured that goes to PBX 106
 Then configure the one sip phone on one PBX and other on the other PBX and and you are ready to go.

Saturday, March 9, 2013

Installing NGINX engine X with LAMP

Debian OS - upgrade to latest packages

    # apt-get update 
    # apt-get upgrade 

Packages installation

Apache
    # apt-get install apache2
    # a2enmod rewrite
    # /etc/init.d/apache2 restart

configuration:
    # nano /etc/apache2/sites-enabled/000-default
      (default webroot directory: /var/www/)  

check configuration:
    # apachectl -t  

After enabling, disabling, or modifying any part of your Apache configuration, you will need to reload or restart the Apache configuration again with command:
    # /etc/init.d/apache2 reload or 
    # /etc/init.d/apache2 restart



PHP
    # apt-get install php5 php-pear php5-suhosin php5-mysql

configuration: edit /etc/php5/apache2/php.ini Make sure that the following values are set, and relevant lines are uncommented (comments are lines beginning with a semi-colon (;)):
max_execution_time = 60
memory_limit = 128M
error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR
display_errors = Off
log_errors = On
error_log = /var/log/php5.log
register_globals = Off

To apply PHP configuration changes Apache need to be restarted:
    # /etc/init.d/apache2 restart


Advanced server setup - NGINX

Installation

Using repo for Nginx 1.0.11 last stable. For the main Dotdeb repository add these two lines to: /etc/apt/sources.list file
    # deb http://packages.dotdeb.org stable all
    # deb-src http://packages.dotdeb.org stable all

Then fetch the appropriate GnuPG key
    # wget http://www.dotdeb.org/dotdeb.gpg
    # cat dotdeb.gpg | sudo apt-key add -

    # apt-get update    
    # apt-get install nginx

Configuration

Stop the Nginx server if it was started automatically by the package manager and create a new nginx.conf configuration file – installed in /etc/nginx/ by default – by pasting the following and adjusting the paths to those of your installation:
user www-data; #change to the same user apache runs as
worker_processes 8; #change to the number of your CPUs/Cores
worker_rlimit_nofile 8192;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
  worker_connections 1024;
  use epoll;
  accept_mutex off;
}

http {
  server_names_hash_bucket_size 64;
  include /etc/nginx/mime.types;
  default_type application/octet-stream;
  access_log /var/log/nginx/access.log;
  sendfile on;
  tcp_nopush on;
  keepalive_timeout 65;

  # reverse proxy options
  proxy_redirect off;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  # gzip compression options
  gzip on;
  gzip_http_version 1.0;
  gzip_comp_level 6;
  gzip_min_length 0;
  gzip_buffers 16 8k;
  gzip_proxied any;
  gzip_types text/plain text/css text/xml text/javascript application/xml application/xml+rss application/javascript application/json;
  gzip_disable "MSIE [1-6]\.";
  gzip_vary on;

  # include virtual hosts configuration
  include /etc/nginx/virtual.d/*.conf;
}

Nginx should run as the same user Apache runs, to avoid file permission problems.
Besides the proxy setup this configuration file includes some generic performance tuning, such as use epoll as the event model method, which works effectively on Linux 2.6+ kernels. This works in tandem with the next line, accept_mutex off, to improve performance a bit more. Enabling sendfile allows nginx to use the kernel’s sendfile support to send files to the client regardless of their contents. This can help with large static files, such as images, that have no need for a multiple request/confirmation system to be served. Enabling gzip compression for static files can make a big performance difference. The lines starting with gzip enable compression for common web files, such as .css and .js files, on supported browsers.

Apache reverse proxy forward module(mod_rpaf)

If you check the Apache access log files you should see that all incoming requests are coming from 127.0.0.1. To fix this you need to install mod_rpaf, the reverse proxy add forward module for Apache.
    # apt-get install libapache2-mod-rpaf

check content of /etc/apache2/mods-enabled/rpaf.conf :
<IfModule mod_rpaf.c>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
</IfModule>

restart apache:
    # /etc/init.d/apache2 restart

Apache configuration (behind Nginx)

Nginx now acts as the front-end web server – waiting for requests on port 80 – you need to configure Apache to listen on a different port (8080 in this case) and preferably only on localhost, open the file /etc/apache2/ports.conf and change the line Listen 80 to Listen 127.0.0.1:8080, if you use name-based virtual hosts you should have a lineNameVirtualHost *:80 in the same file. Change that to NameVirtualHost *:8080.
If you have configured Keep-Alive support in Apache you should disable it since it is already enabled in Nginx. Change KeepAlive On to KeepAlive Off in/etc/apache2/apache2.conf . You can also disable the mod_deflate module since Nginx already provides gzip compression.

nginx referer denial

In /etc/nginx/nginx.conf there is a list of words to deny in URLs. If URL contains these words, all referred links will not load. This causes missing images and stylesheets, and every link from that page to another on the same site will come up blank.
  ## Deny certain Referers (case insensitive)
  ## The ~* makes it case insensitive as opposed to just a ~
  if ($http_referer ~* (babes|...|zippo) ) {
        return 444;
     }
Just remove a word if you notice a problem and restart nginx with /etc/init.d/nginx restart

Wednesday, March 6, 2013

Installing FREEPBX on UBUNTU 10.04(installation Script)


Free Pbx Installation Script

#!/bin/bash
#
#Install mysql
#run the script script by sudo su or with root privilege
sudo apt-get update
sudo apt-get install -y mysql-server
#
#installing the pre-dependencies
#
sudo apt-get install -y build-essential linux-headers-`uname -r` openssh-server bison flex apache2 php5 php5-curl php5-cli php5-mysql php-pear php-db php5-gd curl sox libncurses5-dev libssl-dev libmysqlclient15-dev mpg123 libxml2-dev
#
#Compile and install dahdi;
#
tar xvf dahdi-linux-complete-2.2.1+2.2.1.tar.gz
cd dahdi-linux-complete-2.2.1+2.2.1
make all && make install && make config
#
#libpri compilation and install:
#
cd ..
tar xvf libpri-1.4.10.2.tar.gz
cd libpri-1.4.10.2
make && make install
#
#installing the free pbx
#
cd ..
tar xvf asterisk-1.6.2.6.tar.gz
cd asterisk-1.6.2.6
./configure
make && make install

#
#As before lets install the sample files
#
make samples

#
#install sound in free pbx
#
cd /var/lib/astersik/sounds
wget -O - http://downloads.asterisk.org/pub/telephony/sounds/asterisk-extra-sounds-en-gsm-current.tar.gz | tar xvfz -

#
# We create the user "asterisk" and
#add the apache user to the "asterisk" group

cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf_orig
sed -i 's/^\(User\|Group\).*/\1 asterisk/' /etc/apache2/apache2.conf
#
#
#The start up script
cd /etc/init.d/
wget http://randystech.com/downloads/asterisk
chmod +x asterisk
update-rc.d asterisk defaults

#We are almost done. Now we are going to install FreePBX, the graphical interface that we will install
#to manage Asterisk

cd /usr/src/
wget -O - http://mirror.freepbx.org/freepbx-2.7.0.tar.gz | tar xvfz -
cd freepbx-2.7.0/

#
#Copy amportal.conf configuration file to /etc/:
#
cp amportal.conf /etc/

#set the database password here
#when you are running the shell script
# creating user astrick in mysql with password 4321
export ASTERISK_DB_PW=4321             
export MYSQL_ROOT_PW=1234                
mysqladmin -u root -p${MYSQL_ROOT_PW} create asterisk
mysqladmin -u root -p${MYSQL_ROOT_PW} create asteriskcdrdb
mysql -u root -p${MYSQL_ROOT_PW} asterisk < SQL/newinstall.sql
mysql -u root -p${MYSQL_ROOT_PW} asteriskcdrdb < SQL/cdr_mysql_table.sql
mysql -u root -p${MYSQL_ROOT_PW} <<-END_PRIVS
GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY "${ASTERISK_DB_PW}";
GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY "${ASTERISK_DB_PW}";
flush privileges;
END_PRIVS


#
#And slightly modify the settings in /etc/amportal.conf
#
sed -i "s/# \(AMPDBUSER=.*\)/\1/" /etc/amportal.conf
sed -i "s/# \(AMPDBPASS=\).*/\1${ASTERISK_DB_PW}/" /etc/amportal.conf
sed -i "s@\(AMPWEBROOT=\).*@\1/var/www/@"  /etc/amportal.conf
sed -i "s@\(FOPWEBROOT=\).*@\1/var/www/panel@" /etc/amportal.conf
sed -i "s@\(FOPWEBADDRESS=\).*@PUTIPADDRESS@" /etc/amportal.conf

#
#Adjust some PHP.ini settings related to the use of memory
#
sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php5/apache2/php.ini

#
#Change the permissions of a series of directories:
#
chown asterisk. /var/run/asterisk
chown -R asterisk. /etc/asterisk
chown -R asterisk. /var/{lib,log,spool}/asterisk
chown -R www-data.asterick /var/www/

#
#We enable the asterisk configuration as it is indicated in /etc/asterisk/asterisk.conf by removing the
#trailing characters in the first line:
#
sed -i '1 s/\(\[directories\]\).*/\1/' /etc/asterisk/asterisk.conf

#
# now install the free pbx
#

./start_asterisk start
./install_amp
#restart the apache and dahdi
#
/etc/init.d/apache2 restart
/etc/init.d/dahdi restart

#
#create a link
ln -s /var/lib/asterisk/moh /var/lib/asterisk/mohmp3
amportal start