Trying to add seperate Freeswitch server
351 views
Skip to first unread message
Mookz
Aug 31, 2018, 6:42:29 AM8/31/18
to as...@googlegroups.com
Hi Guys
First I do simple install script as per manual "Quick Installation".
Install a standalone ASTPP Server as per usual, set up configure and test and working.
Then a standalone Freeswitch server as below:
During install Say Yes to installing ASTPP
Say Yes to installing Freeswitch
Say no to ASTPP Web UI install
After install on FS server:
nano -w /etc/fail2ban/jail.local
ignoreip = ASTPP_Server_IP_here
service fail2ban restart
Allow ASTPP server IP to this FS server for FS port:
iptables -I INPUT -p tcp -s ASTPP_Server_IP_here --dport 8021 -j ACCEPT
iptables -I INPUT -p udp -s ASTPP_Server_IP_here --dport 8021 -j ACCEPT
Copy /var/lib/astpp/ astpp-config.conf and astpp.lua from working ASTPP server to this new FS server.
Log into original / main ASTPP server Web UI and add this new ASTPP servers details to Switch/Freeswitch Servers.
Now SSH into the ASTPP server allow iptables connection from this new FS server for MySQL and ODBC connections:
iptables -I INPUT -p tcp -s FS_Server_IP_here --dport 3306 -j ACCEPT
iptables -I INPUT -p udp -s FS_Server_IP_here --dport 3306 -j ACCEPT
iptables -I INPUT -p tcp -s FS_Server_IP_here --dport 1433 -j ACCEPT
iptables -I INPUT -p udp -s FS_Server_IP_here --dport 1433 -j ACCEPT
Add this new FS server to Fail2ban whitelist on ASTPP server:
nano -w /etc/fail2ban/jail.local
ignoreip = FS_Server_IP_here
service fail2ban restart
On ASTPP serer Create a new DB user with GRANT access (in via SSH / Terminal):
CREATE USER 'astppfsusr'@'%' IDENTIFIED BY 'SOMESECUREPASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'astppfsusr'@'%';
GRANT GRANT OPTION ON *.* TO 'astppfsusr'@'%';
FLUSH PRIVILEGES;
Test it by connecting to the ASTPP server from the FS server (in via SSH / Terminal)i.e.:
mysql -uastppfsusr -SOMESECUREPASSWORD -hFS_Server_IP_here
update settings in ASTPP configs on FS Server:
nano -w /var/lib/astpp/astpp-config.conf
nano -w /var/lib/astpp/astpp.lua
and:
nano -w /etc/odbc.ini
on FS server add the ASTPP server IP to FS servers freeswitch ACL's:
nano -w /usr/local/freeswitch/conf/autoload_configs/acl.conf.xml
added:
<list name="lan" default="allow">
<node type="allow" cidr="ASTPP_Server_IP_here/32"/>
</list>
nano -w /usr/local/freeswitch/conf/autoload_configs/event_socket.conf.xml
added:
<param name="apply-inbound-acl" value="lan"/>
<!--<param name="apply-inbound-acl" value="loopback.auto"/>-->
<!--<param name="stop-on-bind-error" value="true"/>-->
When done I run is fs_cli:
reloadacl
Sofia / Freeswitch stuff run on both servers via terminal:
First access CLI:
fs_cli
Trying to setup a separate Freeswitch instance but am not able to get it to work.
Scope:
Setting up ASTPP with a separate Freeswitch instances.
I have 2 "clients" one internal and one external, I want to separate the Freeswitch servers so that each department can put as much load on the systems as they want without affecting the other.
What I have done so far.
Using release 3.6
OS: CentOS 7 64bit net-install
FS = Freeswitch (for reference)
First I do simple install script as per manual "Quick Installation".
Install a standalone ASTPP Server as per usual, set up configure and test and working.
Then a standalone Freeswitch server as below:
During install Say Yes to installing ASTPP
Say Yes to installing Freeswitch
Say no to ASTPP Web UI install
After install on FS server:
nano -w /etc/fail2ban/jail.local
ignoreip = ASTPP_Server_IP_here
service fail2ban restart
Allow ASTPP server IP to this FS server for FS port:
iptables -I INPUT -p tcp -s ASTPP_Server_IP_here --dport 8021 -j ACCEPT
iptables -I INPUT -p udp -s ASTPP_Server_IP_here --dport 8021 -j ACCEPT
Copy /var/lib/astpp/ astpp-config.conf and astpp.lua from working ASTPP server to this new FS server.
Log into original / main ASTPP server Web UI and add this new ASTPP servers details to Switch/Freeswitch Servers.
Now SSH into the ASTPP server allow iptables connection from this new FS server for MySQL and ODBC connections:
iptables -I INPUT -p tcp -s FS_Server_IP_here --dport 3306 -j ACCEPT
iptables -I INPUT -p udp -s FS_Server_IP_here --dport 3306 -j ACCEPT
iptables -I INPUT -p tcp -s FS_Server_IP_here --dport 1433 -j ACCEPT
iptables -I INPUT -p udp -s FS_Server_IP_here --dport 1433 -j ACCEPT
Add this new FS server to Fail2ban whitelist on ASTPP server:
nano -w /etc/fail2ban/jail.local
ignoreip = FS_Server_IP_here
service fail2ban restart
On ASTPP serer Create a new DB user with GRANT access (in via SSH / Terminal):
CREATE USER 'astppfsusr'@'%' IDENTIFIED BY 'SOMESECUREPASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'astppfsusr'@'%';
GRANT GRANT OPTION ON *.* TO 'astppfsusr'@'%';
FLUSH PRIVILEGES;
Test it by connecting to the ASTPP server from the FS server (in via SSH / Terminal)i.e.:
mysql -uastppfsusr -SOMESECUREPASSWORD -hFS_Server_IP_here
update settings in ASTPP configs on FS Server:
nano -w /var/lib/astpp/astpp-config.conf
nano -w /var/lib/astpp/astpp.lua
and:
nano -w /etc/odbc.ini
on FS server add the ASTPP server IP to FS servers freeswitch ACL's:
nano -w /usr/local/freeswitch/conf/autoload_configs/acl.conf.xml
added:
<list name="lan" default="allow">
<node type="allow" cidr="ASTPP_Server_IP_here/32"/>
</list>
nano -w /usr/local/freeswitch/conf/autoload_configs/event_socket.conf.xml
added:
<param name="apply-inbound-acl" value="lan"/>
<!--<param name="apply-inbound-acl" value="loopback.auto"/>-->
<!--<param name="stop-on-bind-error" value="true"/>-->
When done I run is fs_cli:
reloadacl
Sofia / Freeswitch stuff run on both servers via terminal:
First access CLI:
fs_cli
With ngrep I can also see that when I try to connect to the FS as omne of the SIP accounts on the ASTPP server it does not work.
Or on FS server install ngrep:
yum install ngrep
Then run: ( your welcome ;) ngrep is magic for troubleshooting)
examples:ngrep port 5060
ngrep -W byline -d eth0 port 5060
ngrep -W byline -q -d eth0 INVITE
ngrep -W byline -q -d eth0 BYE
ngrep -W byline -q -d eth0 REGISTER
Below example replace SIP_USERNAME with the SIP Device, username and Domain with the SIP servers IP:
ngrep "sip:SIP_USERNAME@DOMAIN" port 5060 and proto \\udp
Log into ASTPP Web GUI, go to Switch/SIP Profile, then I run reload I can see in fs_cli that the servers are talking, but its not working correctly.
Could anyone please assist with what I have missed?
Or have I over complicated the setup?
Mookz
Aug 31, 2018, 6:44:41 AM8/31/18
to ASTPP
This is all very basic for now, I will refine the firewall rules and setup etc later, but need to first know if I am on the right track or if I am wasting my time lol.
Any feedback is greatly appreciated!
Mookz
Sep 4, 2018, 10:05:34 AM9/4/18
to ASTPP
I think my last issues is:
nano -w /usr/local/freeswitch/conf/autoload_configs/xml_curl.conf.xml
and changing the IP from localhost to the ASTPP servers.
Then adding firewall rules for the port on the ASTPP server:
iptables -I INPUT -p tcp -s FS_Server_IP_here --dport 8735 -j ACCEPT
iptables -I INPUT -p udp -s FS_Server_IP_here --dport 8735 -j ACCEPT
iptables -I INPUT -p udp -s FS_Server_IP_here --dport 8735 -j ACCEPT
But I am still missing something :(
RDSA
Oct 17, 2018, 5:50:25 PM10/17/18
to ASTPP
Samir Doshi
Oct 23, 2018, 3:46:15 AM10/23/18
to as...@googlegroups.com
I just replied in your another post for same concern. Thanks,
Samir Doshi
iNextrix Technologies Pvt. Ltd.
Meet Us at GITEX Technology Week | 14-18 October 2018 Read more HERE
Disclaimer:
The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking action in reliance on the contents of this information is strictly prohibited and may be unlawful. Please notify the sender immediately and destroy all copies of this message and any attachments contained in it.
|
Sender notified by Mailtrack 10/23/18, 1:15:22 PM |
--
=====================================================================
Documentation : https://astpp.readthedocs.io/
Please contact at sa...@inextrix.com for commercial support.
---
You received this message because you are subscribed to the Google Groups "ASTPP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to astpp+un...@googlegroups.com.
To post to this group, send email to as...@googlegroups.com.
Visit this group at https://groups.google.com/group/astpp.
To view this discussion on the web visit https://groups.google.com/d/msgid/astpp/b9f60eab-28fa-40c9-b13b-c7adeaa826e0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Mookz
Dec 14, 2018, 9:01:31 AM12/14/18
to ASTPP
I have unfortunately not been able to make it work.
Reply all
Reply to author
Forward
0 new messages