Posts made by AdamF

OK, now it's clear. Thanks.

@fuznutz04 said in MangoCon 2016 - Hotel is NOT Fully Booked Yet:

So is the last day of the conference on Friday? It says a 2 day conference, but there are 4 days in the agenda. Does the conference end on Thursday?

So sessions start on the 14th in the morning and end the 16th in the evening correct? I assume everyone is coming in on the 13th?

So is the last day of the conference on Friday? It says a 2 day conference, but there are 4 days in the agenda. Does the conference end on Thursday?

Clarification: instant, educated, feedback.

This is why this group is great. Instant feedback.

@scottalanmiller said in Home project - Media server & Lab:

What hypervisor do you plan to use?

Well, either Hyper-V OR, more than likely, I'll plan to use Xen so I can get familiar with it. I've been using Hyper-V for years now at various businesses, so I feel like it's time to learn something else like Xen.

@scottalanmiller said in Home project - Media server & Lab:

Synology just uses standard stuff that you could build yourself for streaming. It's handy if you don't have a server, but once you have a server of your own Synology or ReadyNAS don't offer anything special as far as storage or streaming.

This is exactly the feedback I was looking for. The Synology interface looks nice and all, but if it doesn't offer any benefits in regards to media streaming VS Plex or Kodi, then it's probably useless for me and a waste of money.

@dafyre said in Home project - Media server & Lab:

@scottalanmiller said in Home project - Media server & Lab:

Why a separate device for streaming and not leveraging the awesome server for that?

Virtualize, Virtualize, Virtualize!

I've got a Plex server that runs in a VM over the internet, and it generally works really well, even for streaming large movies.

Awesome. I like the interface of Plex also. I used Kodi back in the day when it was XBMC....on my modded original Xbox.

I'm upgrading my home network a bit and ultimately would like 2 things.

1. A server for a home lab/homePBX/security camera storage, etc (thinking an R710 for this. I have some non dell drives laying around that I can stick in the R710, so I can keep the cost pretty low. As far as I know, you are able to use non-dell drives in the R710.)
2. A Device for streaming media content, and storing all of my family's media from various PCs. (thinking a Synology DS216j for this)

The question is, is getting both a waste of money? Couldn't I just install Plex or Kodi on a VM on the R710 to stream content and call it a day, or is there something that the Synology units offer in regards to media streaming that is not present on the roll your own solutions such as Plex or Kodi?

Thought I would circle back on this one and give a review of OrangeComputers.

I purchased an R710 from OrangeComputers a few months ago. They were very willing to work with me on price and upgrade components for a very reasonable price. I believe they even upgraded the controller from a Perc6i to an H710 for little to no cost. The server arrived within about 2-3 days, very well packaged, and all firmware up to date. The condition of the server was great, and it has been running 24/7 ever since I booted it with 4-5 VMs on it.

In summary, after 3 months of usage, I would recommend this company for refurb servers, as long as warranty is not a huge issue for you. Their warranty is 90 days standard, but you can pay a little extra and get a 1 year warranty. If you want a 3 year warranty, then these are not the guys to go with. For home use, or even small business, I'd buy from them again. Their pricing is excellent.

@JaredBusch said in Permissions in Linux - Asterisk:

@scottalanmiller said in Permissions in Linux - Asterisk:

@fuznutz04 said in Permissions in Linux - Asterisk:

@scottalanmiller said in Permissions in Linux - Asterisk:

@fuznutz04 said in Permissions in Linux - Asterisk:

@JaredBusch said in Permissions in Linux - Asterisk:

@fuznutz04 said in Permissions in Linux - Asterisk:

Is one method preferred/better than the other? (script to change permissions vs changing file location of file)

To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.

We're querying a file in this location to get some information from the PBX such as current calls, queue information, etc for an internal piece of software. It doesn't have to be in that directory, so I'll go down t he path of just moving the files and referencing them. Hopefully FreePBX wont overwrite the apache conf file when upgraded/reloaded.

Why not push it directly to where you need it?

You mean push the original files in question to the PBX via script?

I thought that they were already on the PBX. Push them to somewhere else via script is what I was thinking.

They (apparently) have custom scripts that pull data from Asterisk for use elsewhere. These scripts would have to reside on the Asterisk box.

Of course they could rewrite things to remotely connect to asterisk and pull the data also, but I personally have no experience in doing that.

Correct, or another alternative would be to just write a script that copies the updated files from a source server, to the destination PBX(s). That would eliminate the need for the user fred to have to do anything at all.

@scottalanmiller said in Permissions in Linux - Asterisk:

@fuznutz04 said in Permissions in Linux - Asterisk:

@JaredBusch said in Permissions in Linux - Asterisk:

@fuznutz04 said in Permissions in Linux - Asterisk:

Is one method preferred/better than the other? (script to change permissions vs changing file location of file)

To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.

We're querying a file in this location to get some information from the PBX such as current calls, queue information, etc for an internal piece of software. It doesn't have to be in that directory, so I'll go down t he path of just moving the files and referencing them. Hopefully FreePBX wont overwrite the apache conf file when upgraded/reloaded.

Why not push it directly to where you need it?

You mean push the original files in question to the PBX via script?

@JaredBusch said in Permissions in Linux - Asterisk:

@fuznutz04 said in Permissions in Linux - Asterisk:

Is one method preferred/better than the other? (script to change permissions vs changing file location of file)

To me, it would come down to WTF you are using these custom things for. Without that detail, I have no idea what would be better.

We're querying a file in this location to get some information from the PBX such as current calls, queue information, etc for an internal piece of software. It doesn't have to be in that directory, so I'll go down t he path of just moving the files and referencing them. Hopefully FreePBX wont overwrite the apache conf file when upgraded/reloaded.

Is one method preferred/better than the other? (script to change permissions vs changing file location of file)

Everytime permissions are reset by asterisk, the permissions are changed to asterisk:asterisk

@travisdh1 said in Come Hear SAM Speak at SpiceCorps Auburn NY Tonight:

@scottalanmiller A 6:15 drive is just a bit longer than the longest 2 hour each way after work I could do

Now, if I had a flux capacitor to power a DeLorean I might have to reconsider.

Dont forget the Plutonium....or garbage depending on which model you choose.

Linux Gurus:

Upon restarting my PBX (FreePBX) or restarting Asterisk, permissions are reset on any directories/files needed by Asterisk. In FreePBX 13, the “fwconsole chown” command accomplishes the same thing.

I need to have one user “fred” have write permission to the /var/www/html/test directory to occasionally update files within that folder. I can change the folder owner via SSH with a command, but the owner always gets reset when Asterisk restarts, and therefore user “fred” no longer can write to that directory. Fred is a member of the wheel group, who is also allowed to Sudo.

Fred is using WinSCP to try and transfer the files, and does not want to have to SSH into the server to change his permissions before he uploads the file.

What is the best practice for allowing fred permanent write access to that one directory, considering that the permissions are always reset upon restart?

@JaredBusch

In the config files, I set it here:

auto_provision.server.url =
auto_provision.server.username =
auto_provision.server.password =

@JaredBusch said in Yealink W52P config files:

@fuznutz04 said in Yealink W52P config files:

@JaredBusch said in Yealink W52P config files:

@fuznutz04 said in Yealink W52P config files:

This was the most secure way that we could think of to securely provision remote phones. (aside from VPN that is.) I'd be interested to hear how you or others securely provision remote extensions. Is there a better way?

The answer there varies.
For most companies, I would used raw HTTP(S) with IP based whitelist as a first choice. Why? Because they have fixed IP blocks.
If you are dealing with roving users, then yeah, it is harder to decide what to do.

Yep, we use HTTPS with username/password, but not a whitelist currently. Once the phones are provisioned, the chances of them needing re-provisioned is fairly low, unless their is a configuration change that we want to push out. As of now, everyone would automatically get the new info. If I implement a whitelist, then it would become more difficult to push an update to roaming users, but certainly not a deal breaker, seeing as we could just update the whitelist as needed.

How often do you have your phones checking the provisioning server for changes?

My phones check in on whatever default schedule they use. I think weekly.

How are you sending username and password? To my knowledge the phone has no way to set a username and password for that?

On the Autoprovision page (on the W52P model), you set your provision server as well as a username and password.

@travisdh1 said in Yealink W52P config files:

@JaredBusch said in Yealink W52P config files:

@travisdh1 said in Yealink W52P config files:

@fuznutz04 said in Yealink W52P config files:

@JaredBusch said in Yealink W52P config files:

@fuznutz04 said in Yealink W52P config files:

@JaredBusch said in Yealink W52P config files:

@fuznutz04 said in Yealink W52P config files:

Well, after hours of troubleshooting, pizza, and analyzing Wireshark packet captures, I've come to the conclusion that something with our local provisioning server is causing the Yealink phones not to get their entire configuration files, and of course, can not properly apply any parameters to the phone. Our Developer who wrote the website code is reviewing it now. The strange thing is that the provisioning server works perfect with Grandstream phones, and Polycom phones...Yealink seems to dislike it however.

Why would your provisioning server be a webserver? Most of the time this is a TFTP server. I mean HTTP and HTTPS are supported, as well as FTP and TFTP, but TFTP is standard.

The Yealink admin guide shoes the examples in the appendix. Are you sure you put the URL correctly into the phone in the first place?

Since we have cloud VPS servers, I wanted a secure way to send provisioning information to the phones. We achieve this by using HTTPS. We tried to use the build in EndPoint manager for provisiining via HTTPS, but it was lacking some features that we wanted. Plus, with a centralized provisioning server, we have a central point for the files and if we ever choose to move VPS providers, making changes to all config files and pointing to a new server would be quick and almost transparent to the client.

Yes, the URL was correct. We direct every client to the central server, and then based on thier individual login, we direct them to their specific files. The code that does this operation on the web server does not play well with the Yealink phones for some reason. We cleaned it up and think we are almost out of the woods. Probably a good thing...eyes getting heavy.

You left out some serious information in your initial post then. Notably HTTPS != "web server" as well as you are authenticating to the webserver somehow?

That is all horribly complicating things and leads me to question the over all goal that led to this design. But you apparently have the developers working around the issues already.

In the original post, I was convinced it was the configuration files. It's only after I did some packet captures that I realized that the phone wasn't getting the configuration file completely.

This was the most secure way that we could think of to securely provision remote phones. (aside from VPN that is.) I'd be interested to hear how you or others securely provision remote extensions. Is there a better way?

I'd be getting them on a VPN anyway. HTTPS is known to be broken at this point. Symantec just bought BlueCoat, if you're not sure why that's relevant, you should go read some tech news.

HTTPS is not broken. Older ciphers used for HTTPS are broken. Setting your webserver to only accept modern ciphers is just as encrytped and unbroken as always.

Ok, here goes. Symantec already owns VeriSign, and is buying BlueCoat. VeriSign was once the most prolific provider of SSL certificates. It turns out that BlueCoat already had an intermediate certificate from VeriSign. Which means that BlueCoat can produce totally valid certificates from VeriSign on the fly. Thus my assertion that HTTPS is known to be broken. Doesn't matter how good the ciphers are if someone is breaking the encryption mid-stream, which is what BlueCoat does.

VPN is of course an option, but haven't gone down that route yet, as I see HTTPS being the best middle of the road option, and an easy experience for the client. Just look at some of the big players in the VoIP world. They certainly do not require their customer base to setup a VPN to provision their phones. I've typically seen HTTP or less often, HTTPS provisioning with those guys.