Dirk-Jan's blog

Last week I’ve spend some time doing an Asterisk PBX setup at home. Because I like the technique and my girlfriend likes to use the phone I decided to build my own PBX (Private Branch Exchange). In other words a telephone exchange. So doing some research I figured out what the requirements where and came up with the following components:
- a SIP provider
- a SIP compliant phone
- Asterisk PBX software
- an Internet connected Linux server running 24/7

As for the SIP provider I chose the Budgetphone company because they support Asterisk and you get a local area number on which you can be called.

On my search for a suitable phone selected the Siemens Gigaset A580 IP. The main reasons I chose this phone where:
- it’s a hybrid phone so you can use POTS and or VOIP
- it’s energy efficient by using multiple energy-saving technologies
- it’s in a affordable price range

The installation of Asterisk was a piece of cake. Being a very happy user of Debian Linux, I installed the pre-compiled package from the Debian repository by executing the following command:

# apt-get install asterisk asterisk-sounds-main

In my case the Asterisk server has a public ip-address, and the phone base station is located in private ip space behind a NAT router.

Below you’ll find the Asterisk configuration. This configuration is known to work on Asterisk version 1.4.21.2~dfsg-3. In my case all configuration files reside in ‘/etc/asterisk/’.

sip.conf:

[general]
context=default
subscribemwi=yes
allowoverlap=no
bindport=5060
bindaddr=0.0.0.0
srvlookup=yes
disallow=all
allow=alaw
allow=ulaw
allow=g726
allow=ilbc
allow=gsm
language=us
dtmfmode = auto

register => 31123456789@sip1.budgetphone.nl:***:31123456789@sip1.budgetphone.nl/101

[31123456789]
type=friend
context=from-budgetphone
host=sip1.budgetphone.nl
fromuser=31123456789
fromdomain=sip1.budgetphone.nl
username=31123456789
insecure=very
secret=***
qualify=yes
port=5060

[phone]
type=friend
context=internal
host=dynamic
nat=yes
callerid="Home phone"
canreinvite=no
qualify=yes
secret=password
mailbox=1001

extensions.conf:

[general]
static=yes
writeprotect=no
clearglobalvars=no

[globals]
INT1=SIP/phone
OUTBOUNDTRUNK=SIP/31123456789

[from-budgetphone]
exten => 101,1,Dial(${INT1},28)
exten => 101,n,GotoIf($["${DIALSTATUS}" = "BUSY"]?busy:unavail)
exten => 101,n(unavail),VoiceMail(1001@default,u)
exten => 101,n,Hangup()
exten => 101,n(busy),VoiceMail(1001@default,b)
exten => 101,n,Hangup()

[internal]
; internal number
exten => 1001,1,Dail(${INT1})
; voicemail number
exten => 700,1,VoiceMailMain()
; external numbers
exten => _XXXX.,1,Set(CALLERID(all)=31123456789)
exten => _XXXX.,2,Dial(${OUTBOUNDTRUNK}/${EXTEN})
exten => _XXXX.,3,Hangup()

voicemail.conf

[general]
format=wav49|gsm|wav
serveremail=asterisk
attach=yes
skipms=3000
maxsilence=10
silencethreshold=128
maxlogins=3
emaildateformat=%A, %B %d, %Y at %r
sendvoicemail=yes

[zonemessages]
eastern=America/New_York|'vm-received' Q 'digits/at' IMp
central=America/Chicago|'vm-received' Q 'digits/at' IMp
central24=America/Chicago|'vm-received' q 'digits/at' H N 'hours'
military=Zulu|'vm-received' q 'digits/at' H N 'hours' 'phonetic/z_p'
european=Europe/Copenhagen|'vm-received' a d b 'digits/at' HM

[default]
1001 => 1234,Your name,user@domain.net,,tz=european

When done editing those files, you need to connect to the Asterisk CLI (Command Line Interface) by using the following command:

# asterisk -r

Set the verbosity level to 10:

*CLI> core set verbose 10

To reload the new configuration issue:

*CLI> reload

To see if the SIP services have registered succesfully issue:

*CLI> sip show peers

I needed to configure the next fields in the base station configuration to get the phone registered with Asterisk. Go to ‘settings’ -> ‘telephony’ -> ‘connections’ -> ‘edit’ -> ‘show advanced settings’.
- Authentication Name: phone
- Authentication password: *******
- Username: phone

- Domain: local
- Proxy server address: Asterisk server ip
- Registrar server: Asterisk server ip

To make the MWI (Message Wait Indicator) work on the handset you need to follow the next steps:
Web browse to the Siemens phone web interface, go to ‘settings’ -> ‘telephony’ -> ‘Network Mailbox’. For the connection you want MWI with, enter the voicemail access number into the ‘Call Number’ box, in my case 1001 and tick the ‘Active’ box. This will make the Siemens phone subscribe to the mailbox status.

Have fun!

UPDATE: Since the upgrade of my server system Debian Lenny (asterisk 1.4) to Debian Squeeze (asterisk 1.6) incoming calls were not coming through. After some searches I found out one parameter needed to change at the sip.conf file.

insecure=port,invite

To make the eToken PKI 5.0 client work on my 64bit Fedora 11 workstation with the 32bit version of the Aladdin eToken middle ware I had to install the following packages: hal-libs.i586, libusb.i586, openct.i586, pcsc-lite-openct.i586, pcsc-lite-libs.i586, pcsc-lite.i586 and dependencies.

# rpm -ivh pkiclient-5.00.28-0.i386.rpm
Preparing...                ########################################### [100%]
   1:pkiclient              ########################################### [100%]
Adding eToken security provider....done.
Starting PC/SC smart card daemon (pcscd): [  OK  ]
PKI Client installation completed.
#

If you don’t install the 32bit version of the packages, the installation of the pkiclient software will result in a error. The pkiclient software does need one of the following bundle dirs ‘/usr/lib/readers’ or ‘/usr/lib/pcsc/drivers’, or else it will exit with the error message below.

# rpm -ivh pkiclient-5.00.28-0.i386.rpm
Preparing...                ########################################### [100%]
Error: cannot find pcsc-lite bundles directory.
error: %pre(pkiclient-5.00.28-0.i386) scriptlet failed, exit status 11
error:   install: %pre scriptlet failed (2), skipping pkiclient-5.00.28-0
#

Do not try to add the eToken as a security device in Firefox or Thunderbird as you’re probably running the 64bit version of the applications. The 64bit applications refuse to load the 32bit ‘libeTPkcs11.so’, you’ll be prompted with a message “Unable to add module”.
I have requested the 64bit version of the middle ware, which should make things easier.

Recently I had to use a laptop for a course I was doing. This Fujisu Siemens Amilo Li 2727 laptop came with Windows Vista pre-installed. Since the installed OS didn’t matter for the course I installed the latest Ubuntu which is 9.04 (Jaunty). All worked well except for the wireless card (Atheros Communications Inc. AR242x 802.11abg Wireless PCI Express Adapter (rev 04)). The network applet says “Wireless is disabled”. The ath5k driver for the wireless card is being correctly initialised, as you can see:

[   12.170260] ath5k_pci 0000:08:00.0: PCI INT A -> GSI 18 (level, low) -> IRQ 18
[   12.170274] ath5k_pci 0000:08:00.0: setting latency timer to 64
[   12.170439] ath5k_pci 0000:08:00.0: registered as 'phy0'
[   12.355693] ath5k phy0: Atheros AR2425 chip found (MAC: 0xe2, PHY: 0x70)
[  264.864848] ath5k phy0: noise floor calibration timeout (2442MHz)

You can also use the following command to see if the device is blocked (not tuned on!):

$ sudo rfkill list
0: acer-wireless: Wireless LAN
	Soft blocked: no
	Hard blocked: no
1: phy0: Wireless LAN
	Soft blocked: no
	Hard blocked: yes

It appears that the wireless card is enabled but not activated, so you’ll need to turn it on. Using Windows you use the Fn-F1 key combination to activate the wireless card, but this doesn’t work with Linux. The easiest way to get wireless going is by activating a kernel module called acer_wmi. As soon as you execute the following line you’ll notice the wireless led will light up. There are other ways, but this is by far the most easy and elegant way to do it.

$ sudo modprobe acer_wmi

The wireless card is now active! Wait a moment and you’ll see wireless networks appear in the NetworkManager if you’re in range. Just for the record I am using Ubuntu kernel 2.6.28-11-generic at the moment of writing.

To make this solution last on a reboot, you’ll have to add the module name ‘acer_wmi’ to ‘/etc/modules’.

$ echo "acer_wmi" | sudo tee /etc/modules

30 Apr 2010: I can confirm this work-around also works for Ubuntu 10.04 LTS (Lucid).

In order to test a HTTP connection and response you are probably already familiar with telnet to do a HTTP GET request against port 80. However it’s not possible to use the same technique for testing a webserver response on port 443 (SSL), as you can see below.

$ telnet webserver.local 443
Trying 192.168.1.2...
Connected to webserver.local.
Escape character is '^]'.
GET / HTTP/1.1<enter>
host: webserver.local<enter>
<enter>
<h1>Bad Request</h1>
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

To do a HTTP get against a SSL secured website you need openssl to do the magic. See the following example.

$ openssl s_client -connect webserver.local:443 -state -debug
GET / HTTP/1.0<enter>
host: webserver.local<enter>
<enter>

There are several ways to find out which release of Ubuntu you’re using. But the most easy way is to make use of the lsb_release (LSB stands for Linux Standard Base) command which pulls it’s info from ‘/etc/lsb-release’. This is a command line utility, so you’ll need to open a Terminal in which you can enter the commands. You can use the -a switch to see all information, as the example below shows. The -h switch will display a list of all possible options.

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 9.04
Release:	9.04
Codename:	jaunty
$

The lsb_release command does not show what architecture version you’re using. To find this out, you can use the uname command. The next example will show a 64-bit architecture.

$ uname -m
x86_64
$

The find you wich kernel release you’re currently using you can issue a uname -r. Use the -a switch if you want all information from the uname command displayed at once.

$ uname -r
2.6.28-11-generic
$

See ‘man uname’ for more details on using the uname.

During the upgrade from Etch to Lenny I was surprised that the Gallery2 package was not available for the current stable release of Debian. At first it was no problem, but the Gallery2 package of old stable Etch is to old for the most recent WPG2 plug-in for WordPress, so I had to upgrade Gallery2 using a upstream version as one of the package maintainers made clear:

“Gallery2 is not available in Lenny due to the large amount of differences between the previous version and 2.3-1 from unstable. The release team decided not to include Gallery2 in stable due to this disruptive change late in the release process. The gallery2 package from sid can be installed via pinning.”

I’ve documented the steps I took for upgrading Gallery2.

1. Create to following file if it not exists:

vi /etc/apt/preferences

2. Add the following lines:

Package: *
Pin: release a=stable
Pin-Priority: 600

Package: gallery2
Pin: release a=testing
Pin-Priority: 800

* If you are using testing Debian make sure testing is the bigger number.
* This file will install only from the highest pin but it will show you if the packages is available in testing or unstable.

3. Edit /etc/apt/sources.list and add the following lines:

# Testing (squeeze) for gallery2
deb http://ftp.us.debian.org/debian/ squeeze main contrib non-free
deb-src http://ftp.us.debian.org/debian/ squeeze main contrib non-free

4. Update the apt database and upgrade the gallery2 package:

# apt-get update
# apt-get upgrade -s

You’ll notice that the package will be kept back. Issue a dist-upgrade to install the upstream package.

# apt-get dist-upgrade

Restart apache and as soon as you visit the gallery2 site you’ll be asked to start the upgrade process, which went very smoothly.

Today I had to add a static-route on a Fedora 10 workstation to gain access to a web application. Because it needs to be persistent, survive reboots, I wanted to configure the static-route the way Fedora (Red Hat) likes it.

The script ‘/etc/sysconfig/network-scripts/ifup-routes’ is responsible for setting the route. You have to create a ‘route-eth1′ file depending on the interface the static route has to be configured on.

# touch /etc/sysconfig/network-scripts/route-eth1
# echo "to 130.37.136.220 via 192.168.129.15" > /etc/sysconfig/network-scripts/route-eth1

You can check if it works by calling the script followed by the interface name.

# /etc/sysconfig/network-scripts/ifup-routes eth1

Use the route command to see if the new route has been added to the route table.

I’ve just updated my sendmail.mc with some RBL’s checks (dnsrbl feature) which is working out quite well. By using Sendmail with dnsrbl checks instead of a anti-spam program such as Mailscanner which also uses the same RBL mechanism you take the advantage of Sendmail dropping the connection before receiving the email. In this case you are not only reducing the amount of spam, but also the system resources and bandwidth.
Hopefully we’ll notice a slight drop in the spam stats I am collecting recently.

If this sounds interesting to you, have a look at the  cf/cf/knecht.mc file which comes with your distribution for more information.

Currently I am using the following dnsrbl checks:

FEATURE(`dnsbl', `dnsbl.sorbs.net', `"550 Mail from " $`'&{client_addr} " refused - see http://www.dnsbl.sorbs.net/"')
FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"550 Mail from " $`'&{client_addr} " refused - see http://www.spamhaus.org/sbl/"')
FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')
FEATURE(`dnsbl', `dnsbl.njabl.org', `"550 Mail from " $`'&{client_addr} " rejected - see http://njabl.org/"')