Mount USB Key for sipXecs Backups

Ok, so you don't want to bother setting up an FTP server to store backups of your sipXecs system. Here's how to mount a USB Key to your backup folder.

Most USB keys will setup SCSI drive device (in my case it was /dev/sda1). Plug in a USB key and check out the /var/log/messages file to see what device was created.

You'll want to get a little program installed on your system called 'scsiadd'. This allows you to remove USB scsi devices from the system without causing them damage. It's available here: http://llg.cubic.org/tools/

The following assumes you are logged into the system as root...

Add required packages:
yum install lsscsi

If you don't have development tools on your sipXecs system yet, add them:
yum install gcc gcc-c++ kernel-devel

Download, build and install scsiadd:
cd $HOME
mkdir scsiadd
cd scsiadd
wget http://llg.cubic.org/tools/scsiadd-1.97.tar.gz
tar -xf scsiadd-1.97.tar.gz
cd scsiadd-1.97
./configure
make install


Command line options:
scsiadd 1.97 - add and remove devices from the scsi subsystem
---------------------------------------------------------------
syntax: scsiadd {-a|-r}
scsiadd {-a|-r}
scsiadd {-a|-r}
scsiadd {-a|-r}
scsiadd [-i maxid] -s
scsiadd [-i maxid] -s
scsiadd -p
parameters not given are assumed 0
-a: add a device (default if no command given)
-r: remove device
-s: scan for devices
-p: print scsi status
-h: print this help message
-i: maximum SCSI ID which is scanned

Here's a good blog article on using scsiadd: http://blog.shadypixel.com/safely-removing-external-drives-in-linux/

Essentially, to remove a scsi device while the system is running, first find the device with lsscsi and then use scsiadd -r to remove it...

[root@sipx scsiadd-1.97]# lsscsi
[3:0:0:0] disk CBM USB 2.0 5.00 /dev/sdb
[root@sipx scsiadd-1.97]# scsiadd -r 3
could not remove device 0 0 3 0 : No such device or address
[root@sipx scsiadd-1.97]# scsiadd -r 3 0 0 0
[root@sipx scsiadd-1.97]#

Ok, now let's get to making the USB work:

Convert your USB drive from FAT16 or whatever it is to ext3:

mkfs.ext3 /dev/sda1

Modify /etc/fstab:

nano -w /etc/fstab

Add the following line at the bottom:

/dev/sda1 /var/sipxdata/backup vfat auto,user,rw,sync 0 0

Test your fstab file now:

mount -a

And check to see that it is mounted:

mount

Change ownership on backup folder:

chown -R sipxchange:sipxchange /var/sipxdata/backup

Perform a test backup from the GUI.

How to fix the yum repos file for sipXecs 4.0.4

Edit the /etc/yum.repos.d/sipxecs.repo

nano -w /etc/yum.repos.d/sipxecs.repo

on all the lines that begin with mirrorlist and baseurl change the 5.2 to be just 5.

Here's the resulting sipxecs.repo file.

[centos-5.2-base]
name=CentOS-5.2 - Base
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/5/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

#released updates
[centos-5.2-updates]
name=CentOS-5.2 - Updates
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/5/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

#packages used/produced in the build but not released
[centos-5.2-addons]
name=CentOS-5.2 - Addons
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=addons
#baseurl=http://mirror.centos.org/centos/5/addons/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

#additional packages that may be useful
[centos-5.2-extras]
name=CentOS-5.2 - Extras
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/5/extras/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

#additional packages that extend functionality of existing packages
[centos-5.2-centosplus]
name=CentOS-5.2 - Plus
mirrorlist=http://mirrorlist.centos.org/?release=5&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/5/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-5

[sipxecs-stable]
name=SIPfoundry sipXecs pbx - latest stable version
baseurl=http://sipxecs.sipfoundry.org/pub/sipXecs/LatestStable/CentOS/5/$basearch/RPM
gpgcheck=0

DNS concepts for sipXecs

Published a new whitepaper on dealing with DNS and sipXecs.

http://sipx-wiki.calivia.com/images/0/0b/SipXecsDNSConcepts.pdf

Let me know if there are any glaring problems. I'll likely add other scenarios as time goes along. If you have a specific need please let me know.

More Document Updates

I updated the "Installing OpenSBC on Vyatta 5" document again. Added a firewall rule change and also tweaked the formatting and text a little bit to clarify a few of the finer points.

While I was at it I also freshened up the "DNS Setup Concepts for Session Border Controllers" document also published at www.OpenSourceSIP.org.

Updated document on Installing OpenSBC on Vyatta 5

Sorry for the delay all but a project finally forced my hand on this. Here's a link to the updated document for installing OpenSBC on Vyatta 5.0.

Install OpenSBC on Vyatta 5.0

The original document was built with Vyatta 5.0 beta and there were some changes with the final release of Vyatta 5.0.

An Interview with... Me!

Packt Publishing just released an interview they did with me.

http://authors.packtpub.com/content/interview-michael-picher

Setting up DNS for Internet Calling

Somebody questioned how I was handling DNS inside and outside my network so I figured I'd document what I'm doing for remote users and Internet dialing.

I have the following setup at home right now. This same configuration would apply for a small business that doesn't have static IP's (I'm sure you could cherry pick info here if you do have static IP's too).

My home sip server is in SIP domain xyzcompany.com (just one i made up while i was writing the book)

I'm on a DSL connection at home with a non-static IP.

My sipxecs.info domain is hosted at GoDaddy.com

DynDNS

My firewall (pfSense) updates sipxecs.dyndns.info with my current IP address

GoDaddy

sipx.sipxecs.info is a CNAME pointing to sipxecs.dyndns.info
_sip._udp.sipxecs.info priority 0, weight 0, port 5060 points to sipx.sipxecs.info

DNS on PBX

Copied existing xyzcompany.com.zone to sipxecs.info.zone in /var/named
Modified sipxecs.info.zone file and replaced all references to 'xyzcompany.com' with 'sipxecs.info'.
Edit /etc/named.conf and duplicated info from xyzcompany.com domain for new sipxecs.info domain.
Restart DNS and make sure you can ping / dig new domain.

sipXecs Configuration Server

Buy my book :-)
Add alias to domain (Domain is under System menu) for sipxecs.info.
Restart all services that request restart.
Add the SIP Trunking services to the SIP Server (Click on server in System->Servers).
Restart all services that request restart.
Enable Internet Dialing and set your internal IP range (under System menu), set the SBC to be sipXbridge-1. Added *.sipxecs.info as an Intranet Domain.
Enable NAT Traversal and let sipXecs know it is behind a NAT (Click on Internet Calling in System then NAT is on LEFT menu).

Internal Workstations / Phones

Determine where you are pointing for DNS.
If you are pointing at the PBX machine then no worries.
If you are pointing at some other DNS server you'll need to figure out how to get that machine to point to the PBX to resolve your domain (in my case all resolves for the sipxecs.info domain can be redirected by pfSense to the PBX and I point to pfSense for my DNS server).

pfSense Firewall Configuration

Turn off automatic NAT so NAT port translation is static (See earlier Blog Entry)
For the following NAT entries, allow pfSense to also create the required firewall rules.
Add NAT entry for External IP port 5060 udp to sipXecs internal IP port 5060 udp.
Add NAT entry for External IP port 5080 udp to sipXecs internal IP port 5080 udp. (only needed if you do SIP Trunks).
Add NAT entry for External IP port range 30000-31000 udp to sipXecs internal IP port range starting at 30000.

So, what does all this do?

Allows my roaming users and other users on the internet to find my sipXecs server via an external IP address that is forwarded in to my PBX.

Allows my internal users to find my sipXecs via an internal IP address.

Allows anybody on the internet to reach me at myextension 'at' sipxecs 'dot' info.

Also, if you add an alias onto your sipXecs user extension that is equal to your e-mail alias, now users can phone you (with url dialing in their softphone) or email you at exactly the same address... voila!

sipXecs 4.0.2 Released

sipXecs version 4.0.2 was officially released yesterday. There were a bunch of bug fixes (23) and some minor improvements (5) and one feature added.

Release Notes

Of note is the new Skype for SIP ITSP Template. The sipXecs development team has tested Skype for SIP but Skype has not made this generally available. When Skype finally gets this rolling it will be an easy add to our systems. I'll try to post it in the blog as soon as I get my account. I'm signed up for the Beta program and just waiting on Skype.

I tested the 4.0.2 upgrade on one of my sandbox systems and all went well. I'll test it on another any only post if I run into problems.

There is one change in the 4.0.2 upgrade procedure that everybody should note (documented on the upgrade page (http://sipx-wiki.calivia.com/index.php/SipXecs_4.0.2_Upgrade):

The local domain bind zone is overwritten; if: You are using the system as a DNS server, and You have made any manual changes to the zone file then before doing the upgrade, you should add the following lines to the beginning of the file /etc/named.conf:

// WARNING: Name server configuration is a sipX automatically generated file.
// Contents may be overwritten unless you change the mode to "Manual".
// Available modes:
// "Master" - Master name server (on primary server).
// "Slave" - Slave named server (on distributed server).
// "Caching" - Caching only name server.
// "Manual" - Blocks future automatic updates.
// DNS_MODE="Manual"

this will protect your changes from any automated updates by sipXconfig.

Backup your /etc/named.conf file as well as any DNS zone files you may have tweaked (if you installed from ISO they are in /var/named/xxxxx.zone).

pfSense with Freeswitch for SIP Trunks to sipXecs

Ok, so here's a bit of a new twist. I was toying with the thought of trying to get OpenSBC running on pfSense firewall. Long story short, I couldn't get the developer version of pfSense running in a virtual on my machine so I decided to give the FreeSwitch pfSense package a go.

What do you know... I actually got it going as a bridge pretty easily. So I figured I'd document it for others who follow...

The purpose of this exercise was to have pfSense with FreeSwitch register to my Gizmo account and forward calls in to sipXecs. This is just a starting point but shows great promise as a way to front-end a sipXecs server.

1. In pfSense install the FreeSwitch package (System -> Packages - FreeSwitch) (I picked the Dev version to run on my pfSense 1.2.3 rc1 install).

2. Once installed, go to Services -> FreeSwitch.

3. Click on the Gateways tab and then the + sign on the right to add a new gateway.

4. At the top of the Gateway Setup form is a handy hyperlink to examples for different SIP Providers. Here is my Gizmo configuration:

• Gateway: gizmo
• Username: 1747xxxxxxx
• Password: xxxxxxxx
• From-user: 1747xxxxxxx
• From-domain: proxy01.sipphone.com
• Proxy: proxy01.sipphone.com
• Expire-seconds: 3600
• Register: true
• Retry-seconds: 3600
• Caller-id-in-from: false
• Enabled: true
• Gateway Description: Gateway to gizmo account

5. Click the Save button at the bottom of the page.

6. Click on the Public tab at the top of the page.

7. Click on the + sign over on the right hand side of the Public table to create a new extension.

8. Create the following extension:

• Extension Name: sipXecs
• Enabled: true
• Order: 000
• Description: Transfer to internal spiXecs Server

9. Add the following conditions and actions at the bottom of this page (hit the + sign to add each one).

• Tag: condition
• Type: destination_number
• Data: 1747xxxxxxx
• Order: 000

• Tag: action
• Type: bridge
• Data: sofia/lan/100@ip.addr.of.sipxecs (what sipXecs extension to route it to)
• Order: 001

10. On the Status tab, click the 'reloadxml' button. You should see your gateway in the 'sofia status' section as 'REGED' if you have done things properly.

11. Create 2 firewall rules in pfSense (Firewall -> Rules):

• Action: Pass
• Interface: WAN
• Protocol: UDP
• Source: any
• Destination: WAN address
• Destination port range: 5080

• Action: Pass
• Interface: WAN
• Protocol: UDP
• Source: any
• Destination: WAN address
• Destination port range: 10000 – 35000 (* - I haven’t tried narrowing this down…)

12. Try dialing your Gizmo number and your sipXecs server should answer the call!

Tip, if you get a Google Voice account you can make it ring inbound to your Gizmo account and have free inbound calling.

Tale of an old sipXecs install...

So, I had a customer with an old sipXecs install... version 3.8 on Fedora 6 to be exact (I've still got one out there with 3.4 but that will be a complete re-do).

My plan was to upgrade in-place to 3.10.2, get a backup, install 3.10.2 on CentOS from ISO, do a restore, upgrade to 3.10.3 in place, upgrade to 4.0.1 in-place and see where I sat.

This would have been much easier if Yum was cooperating. Seems as though Yum from Fedora Core 6 had some issues. It would bomb with a header error on the large sipX files.

So smart me figures I'd just go update Yum... not so easy. All of the Fedora files are now archived and my .repo files were out of date. Thus begins the odyssey... I had to do a little mixing and matching of Fedora 6 and 7 yum repos to resolve all of the dependency issues.

I'm posting my .repo files here in hopes of helping somebody else... Keep in mind that I'm no Linux expert and there might be a much simpler way to make this work!

fedora-core.repo
[core]
name=Fedora Core $releasever - $basearch
baseurl=http://archive.fedoraproject.org/pub/archive/fedora/linux/core/$releasever/$basearch/os/
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$basearch/os/
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=core-$releasever&arch=$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora file:///etc/pki/rpm-gpg/RPM-GPG-KEY

[core-debuginfo]
name=Fedora Core $releasever - $basearch - Debug
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$basearch/debug/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=core-debug-$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora file:///etc/pki/rpm-gpg/RPM-GPG-KEY

[core-source]
name=Fedora Core $releasever - Source
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/source/SRPMS/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=core-source-$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora file:///etc/pki/rpm-gpg/RPM-GPG-KEY


fedora-core6.repo
[core6]
name=Fedora Core $releasever - $basearch
baseurl=http://archive.fedoraproject.org/pub/archive/fedora/linux/core/6/i386/os/
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$basearch/os/
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=core-$releasever&arch=$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora file:///etc/pki/rpm-gpg/RPM-GPG-KEY

[core6-debuginfo]
name=Fedora Core $releasever - $basearch - Debug
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$basearch/debug/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=core-debug-$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora file:///etc/pki/rpm-gpg/RPM-GPG-KEY

[core6-source]
name=Fedora Core $releasever - Source
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/source/SRPMS/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=core-source-$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora file:///etc/pki/rpm-gpg/RPM-GPG-KEY

fedora-everything.repo
[everything]
name=Fedora Everything $releasever - $basearch
baseurl=http://archive.fedoraproject.org/pub/archive/fedora/linux/releases/7/Everything/i386/os/
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/extras/$releasever/$basearch/
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=extras-$releasever&arch=$basearch
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-extras
gpgcheck=0

[everything-debuginfo]
name=Fedora Everything $releasever - $basearch - Debug
baseurl=http://archive.fedoraproject.org/pub/archive/fedora/linux/releases/7/Everything/i386/debug/
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=extras-debug-$releasever&arch=$basearch
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-extras
gpgcheck=0

[everything-source]
name=Fedora Everything $releasever - Source
baseurl=http://archive.fedoraproject.org/pub/archive/fedora/linux/releases/7/Everything/source/SRPMS/
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=extras-source-$releasever&arch=$basearch
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-extras
gpgcheck=0


fedora-extras.repo
[extras]
name=Fedora Extras $releasever - $basearch
baseurl=http://archive.fedoraproject.org/pub/archive/fedora/linux/extras/6/i386/
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/extras/$releasever/$basearch/
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=extras-$releasever&arch=$basearch
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-extras
gpgcheck=1

[extras-debuginfo]
name=Fedora Extras $releasever - $basearch - Debug
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/extras/$releasever/$basearch/debug/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=extras-debug-$releasever&arch=$basearch
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-extras
gpgcheck=1

[extras-source]
name=Fedora Extras $releasever - Source
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/extras/$releasever/SRPMS/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=extras-source-$releasever&arch=$basearch
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-extras
gpgcheck=1


fedora-updates.repo
[updates]
name=Fedora Core $releasever - $basearch - Updates
baseurl=http://archive.fedoraproject.org/pub/archive/fedora/linux/updates/7/i386/
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/updates/$releasever/$basearch/
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-fc$releasever&arch=$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora

[updates-debuginfo]
name=Fedora Core $releasever - $basearch - Updates - Debug
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/updates/$releasever/$basearch/debug/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-debug-fc$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora

[updates-source]
name=Fedora Core $releasever - Updates Source
baseurl=http://archive.fedoraproject.org/pub/archive/fedora/linux/updates/7/SRPMS/
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-source-fc$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora

fedora-updates6.repo
[updates6]
name=Fedora Core 6 $releasever - $basearch - Updates
baseurl=http://archive.fedoraproject.org/pub/archive/fedora/linux/core/updates/6/i386/
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/updates/$releasever/$basearch/
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-fc$releasever&arch=$basearch
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora

[updates-debuginfo]
name=Fedora Core $releasever - $basearch - Updates - Debug
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/updates/$releasever/$basearch/debug/
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-debug-fc$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora

[updates-source]
name=Fedora Core $releasever - Updates Source
baseurl=http://archive.fedoraproject.org/pub/archive/fedora/linux/updates/7/SRPMS/
#mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-source-fc$releasever&arch=$basearch
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora

Once you have all the repos in place in the /etc/yum.repos.d folder you'll still need to remove a couple packages that complain...

rpm -e authconfig firstboot-tui-1.4.23-1.noarch

And then you should be able to do a:

yum update yum

After that completes yum should work properly, remove the repos from the /etc/yum.repos.d folder and create sipxecs-stable-fc.repo (nano /etc/yum.repos.d/sipxecs-stable-fc.repo) with the following information:

[sipxecs-stable]
name=SIPfoundry sipXecs pbx - latest stable version
baseurl=http://sipxecssw.org/pub/sipXecs/3.10.3/FC/6/i386/RPM/
gpgcheck=0
gpgkey=https://secure2.pingtel.com/RPM-GPG-KEY-pingtel
enabled=1