ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    FreePBX autoprovisioning

    Scheduled Pinned Locked Moved IT Discussion
    16 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender
      last edited by Dashrender

      Have you done this?

      I've found several wiki pages on building the configuration files, but nothing about setting up DHCP to option 66 or how to make sure tftp is running on the FreePBX server, etc.

      I've purchased the Endpoint manager module and created a template and a config for a few phones, but when I ftp IP:69 from my windows workstation to my FreePBX box I get Connection Refused. I get the same when I ftp from the FreePBX box itself.

      netstat -a | grep tftp provides

      udp        0      0 *:tftp                      *:*     
      

      So I think it's enabled.

      netstat -unlp | grep xinetd

      udp        0      0 0.0.0.0:69                  0.0.0.0:*                               1119/xinetd
      

      This tells me it's on port 69, OK.

      iptables-save

      # Generated by iptables-save v1.4.7 on Wed Jul  1 15:59:46 2015
      *filter
      :INPUT ACCEPT [1077942:539260982]
      :FORWARD ACCEPT [0:0]
      :OUTPUT ACCEPT [931595:198694389]
      :fail2ban-BadBots - [0:0]
      :fail2ban-FTP - [0:0]
      :fail2ban-PBX-GUI - [0:0]
      :fail2ban-SIP - [0:0]
      :fail2ban-SSH - [0:0]
      :fail2ban-apache-auth - [0:0]
      :fail2ban-recidive - [0:0]
      -A INPUT -p tcp -j fail2ban-FTP
      -A INPUT -p tcp -j fail2ban-apache-auth
      -A INPUT -p tcp -j fail2ban-BadBots
      -A INPUT -j fail2ban-SIP
      -A INPUT -j fail2ban-PBX-GUI
      -A INPUT -p tcp -j fail2ban-SSH
      -A INPUT -j fail2ban-recidive
      -A fail2ban-BadBots -j RETURN
      -A fail2ban-FTP -j RETURN
      -A fail2ban-PBX-GUI -j RETURN
      -A fail2ban-SIP -j RETURN
      -A fail2ban-SSH -j RETURN
      -A fail2ban-apache-auth -j RETURN
      -A fail2ban-recidive -s 142.54.168.154/32 -j DROP
      -A fail2ban-recidive -j RETURN
      COMMIT
      

      Now it looks like tftp is not setup for access through iptables. Am I right? If so, how should I solve this?

      #iptables -L -n

      Chain INPUT (policy ACCEPT)
      target     prot opt source               destination
      fail2ban-FTP  tcp  --  0.0.0.0/0            0.0.0.0/0
      fail2ban-apache-auth  tcp  --  0.0.0.0/0            0.0.0.0/0
      fail2ban-BadBots  tcp  --  0.0.0.0/0            0.0.0.0/0
      fail2ban-SIP  all  --  0.0.0.0/0            0.0.0.0/0
      fail2ban-PBX-GUI  all  --  0.0.0.0/0            0.0.0.0/0
      fail2ban-SSH  tcp  --  0.0.0.0/0            0.0.0.0/0
      fail2ban-recidive  all  --  0.0.0.0/0            0.0.0.0/0
      
      Chain FORWARD (policy ACCEPT)
      target     prot opt source               destination
      
      Chain OUTPUT (policy ACCEPT)
      target     prot opt source               destination
      
      Chain fail2ban-BadBots (1 references)
      target     prot opt source               destination
      RETURN     all  --  0.0.0.0/0            0.0.0.0/0
      
      Chain fail2ban-FTP (1 references)
      target     prot opt source               destination
      RETURN     all  --  0.0.0.0/0            0.0.0.0/0
      
      Chain fail2ban-PBX-GUI (1 references)
      target     prot opt source               destination
      RETURN     all  --  0.0.0.0/0            0.0.0.0/0
      
      Chain fail2ban-SIP (1 references)
      target     prot opt source               destination
      RETURN     all  --  0.0.0.0/0            0.0.0.0/0
      
      Chain fail2ban-SSH (1 references)
      target     prot opt source               destination
      RETURN     all  --  0.0.0.0/0            0.0.0.0/0
      

      Google provided
      iptables -A INPUT -m state --state NEW -i eth0 -p udp --dport 69 -j ACCEPT

      But then states something to the effect that like FTP it needs help setting up a second connection on a higher port for actual transport of files.

      selinux is disabled.

      1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch
        last edited by

        Did you try and connect with a TFTP client from your desktop?

        If that failed, then simply turn off the firewall on the PBX and try again. That will tell you if that is the problem.

        1 Reply Last reply Reply Quote 1
        • DashrenderD
          Dashrender
          last edited by

          This looks promising.

          I'll try it in the morning.

          http://community.freepbx.org/t/tftp/16037/5

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @Dashrender
            last edited by JaredBusch

            @Dashrender said:

            This looks promising.

            Why are you still chasing server side information?
            Start at the beginning.
            You installed the module and setup a phone
            You setup your DHCP option
            You rebooted a phone and it did not pull a config.

            Now, to troubleshoot. The first thing you should do is attempt to connect manually from a windows or linux box where you can see what is happening.
            You never confirmed if you could connect to the tftp server manually.

            Once you confirm that, then you can go into more testing.

            1. Turn off the firewall on the FreePBX machine
            2. Check if the tftp service is running
            3. Check if there is something wrong with the tftp server config
            4. More advanced troubleshooting
            1 Reply Last reply Reply Quote 1
            • DashrenderD
              Dashrender
              last edited by Dashrender

              I can't connect from Windows - I get "timedout occured."

              1. there is no file /etc/sysconfig/iptables, according to http://community.freepbx.org/t/iptables-and-freepbx-distro/18352/2 , iptables is not enabled by default on FreePBX distros - and since it's missing the config file, I'm guessing that iptables is not doing anything. That said, I did type
                service iptables stop

              iptables: Setting chains to policy ACCEPT: filter [ OK ]
              iptables: Flushing firewall rules: [ OK ]
              iptables: Unloading modules: [ OK ]

              then tried again, and same thing, "timeout occurred."

              1. I thought the following was the evidence that that tftp is running - am I wrong?

                netstat -a | grep tftp provides

                udp 0 0 *:tftp :

              But now that I'm typing this, I found the chkconfig command and it's output for xinetd is:

              xinetd based services:
                  chargen-dgram:  off
                  chargen-stream: off
                  daytime-dgram:  off
                  daytime-stream: off
                  discard-dgram:  off
                  discard-stream: off
                  echo-dgram:     off
                  echo-stream:    off
                  rsync:          off
                  tcpmux-server:  off
                  tftp:           on
                  time-dgram:     off
                  time-stream:    off
              

              This shows that tftp is on.
              3) the contents of my /etc/xinetd.d/tftp is:

              # default: off
              # description: The tftp server serves files using the trivial file transfer \
              #       protocol.  The tftp protocol is often used to boot diskless \
              #       workstations, download configuration files to network-aware printers, \
              #       and to start the installation process for some operating systems.
              service tftp
              {
                  disable = no
                  socket_type             = dgram
                  protocol                = udp
                  wait                    = yes
                  user                    = root
                  server                  = /usr/sbin/in.tftpd
                  server_args             = -s /tftpboot
                  per_source              = 11
                  cps                     = 100 2
                  flags                   = IPv4
              }
              

              (ML is changing the spacing, I don't recall how to show code to keep formatting)

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender
                last edited by

                I found a post where someone said they were having problems, so they deleted their tftp file and recreated it, I did that, rebooted - still not working.

                1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender
                  last edited by

                  OK shoot myself in the face - my windows firewall was preventing tftp from working, UG!

                  Seems to be OK.

                  1 Reply Last reply Reply Quote 1
                  • DashrenderD
                    Dashrender
                    last edited by

                    And Auto Provisioning is working - though the time wrong... yet it tells me the correct timezone. weird.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller
                      last edited by

                      Well, if the timezone is definitely correct and the time is wrong.... maybe you have not set the time correctly? No matter how well a clock keeps time if it is set incorrectly it will just keep the time off by a steady amount.

                      DashrenderD 1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @scottalanmiller
                        last edited by

                        @scottalanmiller said:

                        Well, if the timezone is definitely correct and the time is wrong.... maybe you have not set the time correctly? No matter how well a clock keeps time if it is set incorrectly it will just keep the time off by a steady amount.

                        HUH? It's suppose to pull time from 0.us.pool.ntp.org

                        I would hope it pulls UTC time from them, then sets the offset based on my timezone.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Dashrender
                          last edited by

                          @Dashrender said:

                          HUH? It's suppose to pull time from 0.us.pool.ntp.org

                          I would hope it pulls UTC time from them, then sets the offset based on my timezone.

                          I did not see you listing that as being set. Have you manually brought them into sync so that they can set the time? If they start too far off NTP can't correct it.

                          Try restarting the NTP service manually and see if it syncs up.

                          How much is it off by? Is it skewed or is it off by exactly X number of hours? The use of UTC to your OS time is determined by the UTC setting, not NTP.

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @scottalanmiller
                            last edited by Dashrender

                            @scottalanmiller said:

                            @Dashrender said:

                            HUH? It's suppose to pull time from 0.us.pool.ntp.org

                            I would hope it pulls UTC time from them, then sets the offset based on my timezone.

                            I did not see you listing that as being set. Have you manually brought them into sync so that they can set the time? If they start too far off NTP can't correct it.

                            Try restarting the NTP service manually and see if it syncs up.

                            How much is it off by? Is it skewed or is it off by exactly X number of hours? The use of UTC to your OS time is determined by the UTC setting, not NTP.

                            How would you manually reset the NTP on a phone?

                            It's off by 10 hours 5 mins.

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              OH, it's the phone. I see. Well in theory, same way as on a computer as most phones are Linux. But you may not be able to. Try restarting the phones. Or see if there is a way to manually set it to close enough so that NTP can correct it.

                              1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender
                                last edited by

                                yeah, my phone. FreePBX is fine!

                                I'll try just unplugging and replugging the phone.

                                1 Reply Last reply Reply Quote 1
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  "Have you tried turning it off and back on again?" 😉 Tee hee.

                                  DashrenderD 1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @scottalanmiller
                                    last edited by

                                    @scottalanmiller said:

                                    "Have you tried turning it off and back on again?" 😉 Tee hee.

                                    Ha, beat you to that one 😛

                                    1 Reply Last reply Reply Quote 0
                                    • 1 / 1
                                    • First post
                                      Last post