ВидеоКонф(ВКС)  ::   FAQ  ::   Поиск  ::   Регистрация  ::   Вход

Настройка связки FreePBX и GoIP4 VoIP GSM

Новичком считается только что прочитавший «Астериск - будущее телефонии»
http://asterisk.ru/knowledgebase/books
и пытающийся сделать большее

Модераторы: april22, Zavr2008

Re: Настройка связки FreePBX и GoIP4 VoIP GSM

Сообщение sattva » 02 фев 2018, 17:59

Всем Приветствую вас, коллеги!

Использую FrePBX 14 + GoIP-4.
ПРОБЛЕМА: fail2ban - банит GoIP-4!

Сервер FreePBX14 - IP:192.168.15.12
GoIP-4 IP:192.168.77.77
соединение между FreePBX14 и GoIP-4 идет через программный роутер (ubuntu server 16) через подключенные к роутеру VLAN-интерфейсы (т.е. без NAT)

GoIP-4 настроен в режиме "Config by line"
[Показать] Спойлер: скиншоты:
Изображение
Изображение
Изображение
и соответственно по аналогии остальные порты (2-4) настроены также.
Изображение
Изображение
Изображение
и соответственно по аналогии остальные порты (2-4) настроены также.
Изображение
Изображение
Изображение


Настройки FreePBX14:
Создал 4-е транка. Общие настройки SIP:
Название транка : GSM_G01

ИСХОДЯЩИЙ:
опции для PEER:
Код: выделить все
host=dynamic
port=5060
type=friend
username=GSM_G01
fromuser=GSM_G01
fromdomain=192.168.15.12
secret=Zxy12345678
context=from-trunk
qualify=yes
insecure=very
nat=no
disallow=all
allow=alaw&ulaw
dtmfmode=auto
deny=0.0.0.0/0.0.0.0
permit=192.168.77.77/255.255.255.255


ВХОДЯЩИЙ:
Контекст USER: USER_097ХХХХХХХ

опции USER:
Код: выделить все
secret=Password
dtmfmode=auto
context=from-trunk
host=dynamic
type=friend
qualify=yes

Строка регистрации:
Код: выделить все
0978735492:Password@192.168.77.77/0978735492


в результате имеем бан fail2ban

[Показать] Спойлер: скриншот
Изображение


Логи Asterisk:
[Показать] Спойлер: asterisk-logs
Код: выделить все
[2018-02-02 12:55:09] VERBOSE[5097] chan_sip.c: Registered SIP 'GSM_G04' at 192.168.77.77:5060
[2018-02-02 12:55:09] VERBOSE[5097] chan_sip.c: Registered SIP 'GSM_G03' at 192.168.77.77:5060
[2018-02-02 12:55:09] NOTICE[5097] chan_sip.c: Peer 'GSM_G04' is now Reachable. (315ms / 2000ms)
[2018-02-02 12:55:10] NOTICE[5097] chan_sip.c: Peer 'GSM_G03' is now Reachable. (410ms / 2000ms)
[2018-02-02 12:55:15] VERBOSE[5097] chan_sip.c: Registered SIP 'GSM_G01' at 192.168.77.77:5060
[2018-02-02 12:55:16] NOTICE[5097] chan_sip.c: Peer 'GSM_G01' is now Reachable. (326ms / 2000ms)
[2018-02-02 12:55:28] NOTICE[5097] chan_sip.c:    -- Registration for '0674415348@192.168.77.77' timed out, trying again (Attempt #73)
[2018-02-02 12:55:28] NOTICE[5097] chan_sip.c:    -- Registration for '0978735492@192.168.77.77' timed out, trying again (Attempt #73)
[2018-02-02 12:55:28] NOTICE[5097] chan_sip.c:    -- Registration for '0930463303@192.168.77.77' timed out, trying again (Attempt #73)
[2018-02-02 12:55:28] NOTICE[5097] chan_sip.c:    -- Registration for '0674415241@192.168.77.77' timed out, trying again (Attempt #73)
[2018-02-02 12:55:36] NOTICE[5097] chan_sip.c: Peer 'GSM_G01' is now UNREACHABLE!  Last qualify: 326
[2018-02-02 12:55:48] NOTICE[5097] chan_sip.c:    -- Registration for '0674415348@192.168.77.77' timed out, trying again (Attempt #74)
[2018-02-02 12:55:48] NOTICE[5097] chan_sip.c:    -- Registration for '0978735492@192.168.77.77' timed out, trying again (Attempt #74)
[2018-02-02 12:55:48] NOTICE[5097] chan_sip.c:    -- Registration for '0930463303@192.168.77.77' timed out, trying again (Attempt #74)
[2018-02-02 12:55:48] NOTICE[5097] chan_sip.c:    -- Registration for '0674415241@192.168.77.77' timed out, trying again (Attempt #74)
[2018-02-02 12:56:08] NOTICE[5097] chan_sip.c:    -- Registration for '0674415348@192.168.77.77' timed out, trying again (Attempt #75)
[2018-02-02 12:56:08] NOTICE[5097] chan_sip.c:    -- Registration for '0978735492@192.168.77.77' timed out, trying again (Attempt #75)
[2018-02-02 12:56:08] NOTICE[5097] chan_sip.c:    -- Registration for '0930463303@192.168.77.77' timed out, trying again (Attempt #75)
[2018-02-02 12:56:08] NOTICE[5097] chan_sip.c:    -- Registration for '0674415241@192.168.77.77' timed out, trying again (Attempt #75)
[2018-02-02 12:56:10] NOTICE[5097] chan_sip.c: Peer 'GSM_G02' is now UNREACHABLE!  Last qualify: 185
[2018-02-02 12:56:14] NOTICE[5097] chan_sip.c: Peer 'GSM_G03' is now UNREACHABLE!  Last qualify: 410


[Показать] Спойлер: fail2ban
Код: выделить все
[2018-02-02 15:45:06] NOTICE[5045] chan_sip.c:    -- Registration for '0674415348@192.168.77.77' timed out, trying again (Attempt #8)
[2018-02-02 15:45:06] NOTICE[5045] chan_sip.c:    -- Registration for '0978735492@192.168.77.77' timed out, trying again (Attempt #8)
[2018-02-02 15:45:06] NOTICE[5045] chan_sip.c:    -- Registration for '0930463303@192.168.77.77' timed out, trying again (Attempt #8)
[2018-02-02 15:45:06] NOTICE[5045] chan_sip.c:    -- Registration for '0674415241@192.168.77.77' timed out, trying again (Attempt #8)
[2018-02-02 15:45:15] SECURITY[5062] res_security_log.c: SecurityEvent="SuccessfulAuth",EventTV="2018-02-02T15:45:15.651+0200",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x7f35e40011b8",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/33938",UsingPassword="0",SessionTV="2018-02-02T15:45:15.651+0200"
[2018-02-02 15:45:19] SECURITY[5062] res_security_log.c: SecurityEvent="SuccessfulAuth",EventTV="2018-02-02T15:45:19.931+0200",Severity="Informational",Service="AMI",EventVersion="1",AccountID="cxpanel",SessionID="0x7f35f000bb98",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/33940",UsingPassword="0",SessionTV="2018-02-02T15:45:19.931+0200"
[2018-02-02 15:45:26] NOTICE[5045] chan_sip.c:    -- Registration for '0674415348@192.168.77.77' timed out, trying again (Attempt #9)
[2018-02-02 15:45:26] NOTICE[5045] chan_sip.c:    -- Registration for '0978735492@192.168.77.77' timed out, trying again (Attempt #9)
[2018-02-02 15:45:26] NOTICE[5045] chan_sip.c:    -- Registration for '0930463303@192.168.77.77' timed out, trying again (Attempt #9)
[2018-02-02 15:45:26] NOTICE[5045] chan_sip.c:    -- Registration for '0674415241@192.168.77.77' timed out, trying again (Attempt #9)
[2018-02-02 15:45:36] SECURITY[5062] res_security_log.c: SecurityEvent="SuccessfulAuth",EventTV="2018-02-02T15:45:36.021+0200",Severity="Informational",Service="AMI",EventVersion="1",AccountID="cxpanel",SessionID="0x7f35ec002918",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/33942",UsingPassword="0",SessionTV="2018-02-02T15:45:36.021+0200"
[2018-02-02 15:45:41] SECURITY[5062] res_security_log.c: SecurityEvent="SuccessfulAuth",EventTV="2018-02-02T15:45:41.826+0200",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x7f35f8000a18",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/33946",UsingPassword="0",SessionTV="2018-02-02T15:45:41.826+0200"
[2018-02-02 15:45:46] NOTICE[5045] chan_sip.c:    -- Registration for '0674415348@192.168.77.77' timed out, trying again (Attempt #10)
[2018-02-02 15:45:46] NOTICE[5045] chan_sip.c:    -- Registration for '0978735492@192.168.77.77' timed out, trying again (Attempt #10)
[2018-02-02 15:45:46] NOTICE[5045] chan_sip.c:    -- Registration for '0930463303@192.168.77.77' timed out, trying again (Attempt #10)
[2018-02-02 15:45:46] NOTICE[5045] chan_sip.c:    -- Registration for '0674415241@192.168.77.77' timed out, trying again (Attempt #10)
[2018-02-02 15:45:52] SECURITY[5062] res_security_log.c: SecurityEvent="SuccessfulAuth",EventTV="2018-02-02T15:45:52.091+0200",Severity="Informational",Service="AMI",EventVersion="1",AccountID="cxpanel",SessionID="0x7f35f4000948",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/33948",UsingPassword="0",SessionTV="2018-02-02T15:45:52.091+0200"
[2018-02-02 15:45:56] SECURITY[5062] res_security_log.c: SecurityEvent="SuccessfulAuth",EventTV="2018-02-02T15:45:56.458+0200",Severity="Informational",Service="AMI",EventVersion="1",AccountID="admin",SessionID="0x7f3600000978",LocalAddress="IPV4/TCP/0.0.0.0/5038",RemoteAddress="IPV4/TCP/127.0.0.1/33952",UsingPassword="0",SessionTV="2018-02-02T15:45:56.458+0200"

sattva
 
Сообщений: 4
Зарегистрирован: 13 июл 2015, 17:56

Re: Настройка связки FreePBX и GoIP4 VoIP GSM

Сообщение ded » 06 фев 2018, 16:25

Во-первых, настройте исключения в fail2banдля сети 192.168.0.0/16
Во-вторых...
ded
 
Сообщений: 15805
Зарегистрирован: 26 авг 2010, 19:00

Пред.

Вернуться в Вопросы новичков

Кто сейчас на форуме

Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 41

© 2008 — 2024 Asterisk.ru
Digium, Asterisk and AsteriskNOW are registered trademarks of Digium, Inc.
Design and development by PostMet-Netzwerk GmbH