Who's Online
We have 22 guests and no members online
Products and Services
Home
VoIP Tutorials
- Details
- Parent Category: Tutorials
- Hits: 562
|
|
|
In the [general] section of sip.conf, set “alwaysauthreject=yes”. This makes it much harder for a hacker to scan your server and identify what extension numbers are being used because it tells Asterisk that when the supplied credentials are wrong on an INVITE or REGISTER request, it should always return the same error no matter whether it was the user id or the password that didn’t match.
Prohibit unauthenticated calls entirely (if you don’t want them) by setting “allowguest=no” in the [general] part of sip.conf.
allowguest=yes means that calls will be accepted even though there is no match in sip.conf.
A benefit of SIP domains
Activating support for SIP Domains in Asterisk can give you one more layer of security, but it will only be effective if you can:
Avoid having your PBX’s Internet IP address as one of the domains, and
Set the parameter allowexternaldomains = no
Doing both of the above will cause Asterisk to reject all SIP requests where the R-URI is using the external IP address of the PBX rather than a legitimate SIP domain – one that you have configured and approved. Since most hacking attempts are based on IP address only, this could be a useful extra layer of protection for your server.
|
|
|
|
Note:
We use Hosting and VPS Hosting, from:
www.star-host.org
We like and trust them.
Good prices, high security.
|
- Details
- Parent Category: Tutorials
- Hits: 10737
|
|
|
In this tutorial i'll show you how setup Linux QoS in order to improve quality Asterisk VoIP calls.
First let's see how the default Linux prioritization looks:
root@Hercule:~# tc qdisc show dev eth0
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
root@Hercule:~#
As you can see the current policy is FIFO and it contains 3 bands named from 1 to 3.
Let's look at the priomap argument. It contains 16 numbers from 0 to 2.
The link between band and priomap numbers is like this:
band 1 takes the priomap 0
band 2 takes the priomap 1
band 3 takes the priomap 2
Those 16 numbers from 0 to 2 meaning bits.
Below you have a Table with Linux TOS values :
| TOS | Bits | Means | Linux Priority | Band |
| 0x0 | 0 | Normal | 0 Best Effort | 1 |
| 0x2 | 1 | Minimize Monetary Cost | 1 Filler | 2 |
| 0x4 | 2 | Maximize Reliability | 0 Best Effort | 2 |
| 0x6 | 3 | mmc+mr | 0 Best Effort | 2 |
| 0x8 | 4 | Maximize Throughput | 2 Bulk | 1 |
| 0xa | 5 | mmc+mt | 2 Bulk | 2 |
| 0xc | 6 | mr+mt | 2 Bulk | 0 |
| 0xe | 7 | mmc+mr+mt | 2 Bulk | 0 |
| 0x10 | 8 | Minimize Delay | 6 Interactive | 1 |
| 0x12 | 9 | mmc+md | 6 Interactive | 1 |
| 0x14 | 10 | mr+md | 6 Interactive | 1 |
| 0x16 | 11 | mmc+mr+md | 6 Interactive | 1 |
| 0x18 | 12 | mt+md | 4 Int. Bulk | 1 |
| 0x1a | 13 | mmc+mt+md | 4 Int. Bulk | 1 |
| 0x1c | 14 | mr+mt+md | 4 Int. Bulk | 1 |
| 0x1e | 15 | mmc+mr+mt+md | 4 Int. Bulk | 1 |
Here you have the linux TOS:
# cat /etc/iproute2/rt_dsfield
0x00 default
0x10 lowdelay
0x08 throughput
0x04 reliability
# This value overlap with ECT, do not use it!
0x02 mincost
# These values seems do not want to die, Cisco likes them by a strange reason.
0x20 priority
0x40 immediate
0x60 flash
0x80 flash-override
0xa0 critical
0xc0 internet
0xe0 network
# Newer RFC2597 values
0x28 AF11
0x30 AF12
0x38 AF13
0x48 AF21
0x50 AF22
0x58 AF23
0x68 AF31
0x70 AF32
0x78 AF33
0x88 AF41
0x90 AF42
0x98 AF43
The "prio" qdisc now will dequeue packets from class 0 with the
highest priority. The higher the class numbers the lower the de-
queue priority.
If you would like to send packets with a TOS value of 0x0, 0x2, 0x4,
0x6, 0x8 to class 1 and packets with all other TOS values to class 0
you could change your priomap such (you have to state it when setting
up the "prio" qdisc if you want to have something different from the
default priomap):
1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0
Here is an example script that i use with Asterisk:
#!/bin/bash
# Flush any existing queues
for dev in $devices ; do
tc qdisc del dev $dev root 2> /dev/null > /dev/null
# Band 3 has priomap 2, band 2 has priomap 1 and band 1 has priomap 0
#tc qdisc add dev $dev root handle 1: prio priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
tc qdisc add dev $dev root handle 1: prio priomap 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 0
# Put all in band 3:
#tc qdisc add dev $dev root handle 1: prio priomap 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2
tc qdisc add dev $dev parent 1:1 handle 10: sfq limit 3000
tc qdisc add dev $dev parent 1:2 handle 20: sfq
tc qdisc add dev $dev parent 1:3 handle 30: sfq
#Adding traffic in band 1
#Currently VoIP TOS defined in /etc/asterisk/sip.conf:
#tos_sip=cs3 ; Sets TOS for SIP packets. cs3=0x60
#tos_audio=ef ; Sets TOS for RTP audio packets. ef=0xb8
#;tos_video=af41 ; Sets TOS for RTP video packets.
#VoIP audio packets with defined TOS mark:
tc filter add dev $dev protocol ip parent 1: prio 1 u32 match ip tos 0xb8 0xff flowid 1:1
#tc filter add dev $dev protocol ip parent 1: prio 1 u32 match ip dport 4569 0xffff flowid 1:1
#tc filter add dev $dev protocol ip parent 1: prio 1 u32 match ip sport 4569 0xffff flowid 1:1
tc filter add dev $dev protocol ip parent 1: prio 1 u32 match ip dport 16384 0xffff flowid 1:1
tc filter add dev $dev protocol ip parent 1: prio 1 u32 match ip sport 16384 0xffff flowid 1:1
#Adding traffic in band 2
#SIP packets with definied TOS mark :
tc filter add dev $dev protocol ip parent 1: prio 1 u32 match ip tos 0x60 0xff flowid 1:2
#tc filter add dev $dev protocol ip parent 1: prio 1 u32 match ip dport 5060 0xffff flowid 1:2
#tc filter add dev $dev protocol ip parent 1: prio 1 u32 match ip sport 5060 0xffff flowid 1:2
#Adding tos 0x10 (Minimize Delay) in band 2:
tc filter add dev $dev protocol ip parent 1: prio 1 u32 match ip tos 0x10 0xff flowid 1:2
|
|
|
|
Note:
We use Hosting and VPS Hosting, from:
www.star-host.org
We like and trust them.
Good prices, high security.
|
- Details
- Parent Category: Tutorials
- Hits: 18533
|
|
|
You can use this script to install Elastix on VPS servers:
#!/bin/sh
# Create an server virtual machine. This one for
# checking Centos 5.3 operation running Elastix (asterisk plus extra)
VID=101
vzctl create $VID --ostemplate centos-5-x86 --config vps.basic
vzctl set $VID --onboot yes --save
vzctl set $VID --hostname elastix.linuxexpert.ro --save
vzctl set $VID --ipadd 192.168.0.$VID --save
vzctl set $VID --nameserver 192.168.0.253 --save
vzctl set $VID --userpasswd root:elastix
vzctl start $VID
echo " RUN : vzctl exec $VID passwd "
echo " Boost up the quota for disk and memory space "
vzctl set $VID --diskspace 10485760 --save
vzctl set $VID --kmemsize 15242880 --save
vzctl set $VID --othersockbuf 636896 --save
vzctl set $VID --numothersock 480 --save
vzctl set $VID --privvmpages 1000000 --save
vzctl set $VID --numproc 100 --save
# Restart the Virtual machine so that it gets the IP addresses, etc.
vzctl restart $VID
# Where do we start here install using yum
sleep 20
REPO=/var/lib/vz/private/$VID/etc/yum.repos.d/elastix.repo
echo "[elastix]" >> $REPO
echo "name=Elastix RPM Repository for CentOS" >> $REPO
echo "baseurl=http://repo.elastix.org/centos/$releasever/updates/RPMS/" >> $REPO
echo "gpgcheck=0" >> $REPO
echo "enabled=1" >> $REPO
echo "" >> $REPO
vzctl exec $VID "yum -y install asterisk*"
vzctl exec $VID "yum -y install elastix-*"
vzctl exec $VID "yum -y install freeze"
vzctl exec $VID "yum -y install fxload"
vzctl exec $VID "yum -y install kernel-module-rhino*"
vzctl exec $VID "yum -y install libmfcr2"
vzctl exec $VID "yum -y install lzop"
vzctl exec $VID "yum -y install perl-HTML-TokeParser-Simple"
vzctl exec $VID "yum -y install perl-WWW-Mechanize"
vzctl exec $VID "yum -y install mod_ssl"
You can also install from rpm. If you have dependences try to install with --nodeps
Here are standard password for elastix:
Interface Login Password
Elastix admin palosanto
freePBX admin admin
FOP admin eLaStIx.2oo7
A2Billing admin mypassword
MySQL root eLaStIx.2oo7
SugarCRM admin password
vTiger admin admin
Openfire admin Whatever set at install
Note:
We use Hosting and VPS Hosting, from: www.star-host.org
We like and trust them.
Good prices, high security.
- Details
- Parent Category: Tutorials
- Hits: 5615
Most of those tutorials are based on Asterisk, a great free software OpenPBX.