Aastra XML - HOT DESKING in VPN

Discussion in 'IP Phones' started by MST, Mar 22, 2010.

  1. MST

    MST

    Joined:
    Sep 25, 2009
    Messages:
    317
    Likes Received:
    0
    There are 3 different locations and all are in VPN. Pinging is disable; however, I can open Aastra GUI in one net from other. I would like to use hot desking feature (log in/log out) in all 3 locations. Elastix 1.6-14 is only one and located in one of the location.

    I was able to hot desking working only at the location where Elastix PBX sits. The problem is Aastra 53i in the other 2 locations have 2.1 firmware. I have tried simply upgrade firmware all of these phones but was not able. I know with that firmware, XML was not tested so could be number one why HOT desking do not work with remote locations.

    My question is does SIP_NAT has to be configured in order to XML work with remote location in VPN? I am asking because Elastix has 2 NICs, 1 for internal network, 2nd for T1 and SIP Trunk provider.

    I will let you know either problem was old firmware when I upgrade all remote phones manually.

    Thank You
     
  2. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    To get the firmware set on the phone, you need to set the dhcp server used for that phone to present the tftp server that has the provisioning (the firmware) on option 66 (tftpserver) (and allow udp 69 through any firewall). Under those conditions I think you will find it will just work.
     
  3. MST

    MST

    Joined:
    Sep 25, 2009
    Messages:
    317
    Likes Received:
    0
    Thank you, how about sip_nat.conf ? In this scenario probably I dont' need it to be configured becasue one of the NICs is directly connected to ISP provider and SIP Trunk. From what I know sip_nat helps in natting and it helps in case of VPN (see other networks).

    MST
     
  4. MST

    MST

    Joined:
    Sep 25, 2009
    Messages:
    317
    Likes Received:
    0
    I have just forwarded 69 UDP on both Linksys VPN routers to Elastix server; however, I don't see any options 66 in DHCP on both Liksys routers. Still no luck.

    I think I can update firmware manually, but can't use XML in remote locations via VPN trunk. Should I open 5353 mDNS on both routers and points to Elastix IP?


    MST
     
  5. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    If the VPN is functional and handled by the routers then everything should just work within the VPN address space. It just works that way. (Virtual Private Network)
     
  6. MST

    MST

    Joined:
    Sep 25, 2009
    Messages:
    317
    Likes Received:
    0
    That's what I thought .... :) I will make some tests. Elastix has two NICs:
    1. Internal
    2 External

    But I am able to open Elastix from other remote site insight VPN so XML should work. From what I see they block only pinging .... meybe here is the problem. I will shut down external and try only using one (internal) DNS ??? hmmmm I know only that if I shut down external NIC (T1 provider) I still should ping www.yahoo.com since it is internal and they have ANOTHER T1 for desktops only so meybe here is the problem (DNS) ??????????

    This is really strange case. I will post my findings later.

    Thank You,

    MST
     
  7. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    ping (ICMP) is a separate protocol from either tcp (used for for your FreePBX gui and shit) and UDP (used for you phonecalls) please don't confuse them, it is a red-herring.

    Nmae service is layered and well documented, add 127.0.0.1 www.google.com to /etc/hosts and see what happens when you ping it and your network is down . . . .:)

    When you understand networking a little better you will find that a VPN will not preclude ICMP, (or anything else ) unless you work really hard to do so, please investigate basic networking and "name resolution services" further before you go any deeper, it is imperative for you to understand this, for a correct implementation of what you attempt. If you don't, you will be posting here for a long time, and nobody will be really able to help you, it's your network, you designed it you will have to learn how it works.

    in other words, sorry dude back to your books and RTFM

    regards

    dicko
     
  8. MST

    MST

    Joined:
    Sep 25, 2009
    Messages:
    317
    Likes Received:
    0
    "ping (ICMP) is a separate protocol from either tcp (used for for your FreePBX gui and shit) and UDP (used for you phonecalls) please don't confuse them, it is a red-herring." - I know that :)

    "little better you will find that a VPN will not preclude ICMP" I know that too, In most VPN devices you can unchceck or check that options, at least most decent devices have

    "it's your network, you designed it you will have to learn how it works." - sorry dicko - this is not my network and honestly I don't even have access to it (routers, DHCP, etc.) to check what is going on ..... YEAP My is only ELASTIX and when you don't have access to it you start thinking a lot of shitty stuff

    DNS is DNS nothing else right. Aastra XML documentation only explains what it explains. It is only 113 pages. A lot of questions is unanswered and lack of official documentation makes us to find answer everywhere. I will be fighting to figure it out what is wrong and post my dicovery. I don't believe anyone else in this forum did not have problems to make XML works in VPN - just don't believe.

    Thank You for your help.

    Regards, M
     
  9. MST

    MST

    Joined:
    Sep 25, 2009
    Messages:
    317
    Likes Received:
    0
    After they forward port 69 to Elastix something different shows up.

    IN configuration server donwload protocol when I choose TFTP and XML Push Server and point them to Elastix IP, after I reboot it, donwload protocol changed itself to HTTP

    This is weird.
     
  10. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    It is not "weird", you just remain confused,

    Unless you messed with /tftpboot/aastra.cfg the "download protocol" will remain tftp, if you read the documentation you will find that *aastra* will be rewritten to http in DocumentRoot, this is not the same as the download protocol, it refers to the XML provisioning alone. You can change that back to https by installing a "real" ssl certificate. but to understand any of the above I suggest you download, read and absorb the Aastra documentation, seriously dude it works just as advertised.

    dicko
     
  11. MST

    MST

    Joined:
    Sep 25, 2009
    Messages:
    317
    Likes Received:
    0
    I have to start from somewhere to troubleshoot ..... I will install free TFTP client on remote desktop and see if able to download any file from /tftp in Elastix.

    So far I know that tftp is running as proces:

    [root@elastix /]# netstat -putan | grep ":69"
    udp 0 0 0.0.0.0:69 0.0.0.0:* 2405/xinetd

    here is log error from http

    [/code]
    [Sun Mar 21 04:02:39 2010] [notice] Digest: generating secret for digest authentication ...
    [Sun Mar 21 04:02:39 2010] [notice] Digest: done
    [Sun Mar 21 04:02:39 2010] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
    [Tue Mar 23 17:48:12 2010] [notice] caught SIGTERM, shutting down
    [Tue Mar 23 17:50:25 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Tue Mar 23 17:50:31 2010] [notice] Digest: generating secret for digest authentication ...
    [Tue Mar 23 17:50:31 2010] [notice] Digest: done
    [Tue Mar 23 17:50:31 2010] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations


    [Tue Mar 23 19:15:08 2010] [error] [client 192.168.1.50] File does not exist: /var/www/html/management
    [Tue Mar 23 19:15:08 2010] [error] [client 192.168.1.50] File does not exist: /var/www/html/management
    [Tue Mar 23 19:15:11 2010] [error] [client 192.168.1.50] File does not exist: /var/www/html/management
    [Tue Mar 23 19:15:11 2010] [error] [client 192.168.1.50] File does not exist: /var/www/html/management

    [Tue Mar 23 19:16:08 2010] [error] [client 192.168.1.50] File does not exist: /var/www/html/management
    [Tue Mar 23 19:16:10 2010] [error] [client 192.168.1.50] File does not exist: /var/www/html/management
    [Tue Mar 23 19:16:10 2010] [error] [client 192.168.1.50] File does not exist: /var/www/html/management
    [Tue Mar 23 19:16:13 2010] [error] [client 192.168.1.50] File does not exist: /var/www/html/management
    [Tue Mar 23 19:16:13 2010] [error] [client 192.168.1.50] File does not exist: /var/www/html/management
    [Tue Mar 23 19:18:52 2010] [notice] caught SIGTERM, shutting down
    [Tue Mar 23 19:20:55 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Tue Mar 23 19:21:00 2010] [notice] Digest: generating secret for digest authentication ...
    [Tue Mar 23 19:21:00 2010] [notice] Digest: done
    [Tue Mar 23 19:21:01 2010] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations

    [Tue Mar 23 19:28:36 2010] [error] [client 192.168.1.50] File does not exist: /var/www/html/management
    [Tue Mar 23 19:28:36 2010] [error] [client 192.168.1.50] File does not exist: /var/www/html/management
    /bin/ln: creating symbolic link `/var/spool/asterisk//voicemail/device/105' to `/var/spool/asterisk//voicemail/default/102/': No such file or directory
    /bin/ln: creating symbolic link `/var/spool/asterisk//voicemail/device/105' to `/var/spool/asterisk//voicemail/default/105/': No such file or directory
    /bin/ln: creating symbolic link `/var/spool/asterisk//voicemail/device/105' to `/var/spool/asterisk//voicemail/default/102/': No such file or directory
    [Tue Mar 23 19:57:39 2010] [notice] caught SIGTERM, shutting down
    [Tue Mar 23 20:31:46 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Tue Mar 23 20:33:07 2010] [notice] Digest: generating secret for digest authentication ...
    [Tue Mar 23 20:33:07 2010] [notice] Digest: done
    [Tue Mar 23 20:33:47 2010] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
    /bin/ln: creating symbolic link `/var/spool/asterisk//voicemail/device/105' to `/var/spool/asterisk//voicemail/default/101/': No such file or directory
    [Tue Mar 23 21:00:43 2010] [notice] caught SIGTERM, shutting down
    [Tue Mar 23 21:02:34 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Tue Mar 23 21:02:34 2010] [notice] Digest: generating secret for digest authentication ...
    [Tue Mar 23 21:02:34 2010] [notice] Digest: done
    [Tue Mar 23 21:02:35 2010] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
    /bin/ln: creating symbolic link `/var/spool/asterisk//voicemail/device/105' to `/var/spool/asterisk//voicemail/default/102/': No such file or directory
    [Tue Mar 23 22:12:38 2010] [notice] caught SIGTERM, shutting down
    [Tue Mar 23 22:14:27 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
    [Tue Mar 23 22:14:28 2010] [notice] Digest: generating secret for digest authentication ...
    [Tue Mar 23 22:14:28 2010] [notice] Digest: done
    [Tue Mar 23 22:14:28 2010] [notice] Apache/2.2.3 (CentOS) configured -- resuming normal operations
    [/code]
     
  12. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Turn on verbose logging in /etc/xinet.d/tftp (serverargs = -c -vv -s /tftpboot )

    and watch /var/log/messages.

    (/tftp doen't normally exist)

    .
    .
    [Tue Mar 23 19:15:08 2010] [error] [client 192.168.1.50] File does not exist: /var/www/html/management
    .
    .
    .

    what is 192.168.1.50 and why is trying to go to /var/www/html/management ?
     
  13. MST

    MST

    Joined:
    Sep 25, 2009
    Messages:
    317
    Likes Received:
    0
    192.168.1.50 is remote Aastra 57i in remote location, Elastix is in 192.168.0.x network .... both networks are thight up throught VPN tunnel using Linsys VPN router

    so it looks like:

    Aastra57i--LAN(192.168.1.0)---LINKSYSVPNrouter-WAN------VPN TUNNEL------WAN-Linksys VPN router----LAN(192.168.0.0)-----Elastix
     
  14. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    The second bit was:

    .
    .
    why is trying to go to /var/www/html/management ?

    check your

    /tftpboot/aastra.cfg file

    make sure the phone is not over-riding the provisioning provided in the above file.
     
  15. MST

    MST

    Joined:
    Sep 25, 2009
    Messages:
    317
    Likes Received:
    0
    I have checked 5 times /tftpboot/aastra.cfg file


    Also I have this every time I set it as TFTP it comes back to HTTP


    I am checking using TFTP client on WINXP and see if I can download any file from Elastix from TFTPboot folder.
     
  16. MST

    MST

    Joined:
    Sep 25, 2009
    Messages:
    317
    Likes Received:
    0
    OK finally I get something ..........

    I have change DNS of remote Aastra 53i and pointed into DNS that is used in network where Elastix sits and magically
    everything works !!!!!!!!!!!!!! so what that's mean? It looks like I cannot use local DNS in remote networks. DNS must be the same as where Elastix SITS ........????????????


    finally something


    looks mlike something in Elastix uses DNS instead of IP .... what it could be? I can feel it I am very close....
    it has to be some setting or something in some script....
     
  17. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    DNS means Dynamic Name Server if the different DNS server are not returning the same ip's for the same names you have configured them wrong, but I suspect you are little confused between DNS and DHCP the DHCP server will return the tftp server from which your phone will provision itself from. aastra.cfg and <mac>.cfg I suggest you use an ipaddress and not a name for this server, as apparently your DNS might not be properly configured and might be returning the wrong tftp server which may then load a wrong aastra.cfg file which is why it's changing its provisioning system and why it tries to go to /var/www/html/management (which should only exist if you created it) I suggest you default the phones to "factory" and then check the tftp provisioning in /var/log/messages if you changed the xinet.d bit as suggested, then grab the FM's and start over.

    dicko
     
  18. MST

    MST

    Joined:
    Sep 25, 2009
    Messages:
    317
    Likes Received:
    0
    Thank You dicko,

    for Ealstix I use ONLY IP address not DNS name..... so I guess I leave them to use DNS IP of network where Elastix
    is located ......
     
  19. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    If it works for you then that's fine but I think you haven't quite got the handle on things yet when it comes to routing and the various protocols you use, if you only use IP's then you just DON'T need DNS to resolve them.
     
  20. MST

    MST

    Joined:
    Sep 25, 2009
    Messages:
    317
    Likes Received:
    0
    I would design and implement whole network from the scratch if I only could. The problem is they don't want me to do that. Life is not easy :( What I like in this particular example is accelerated time of learning .... and this forum has a lot valuables info, in addition, people like dicko all the time gives usefull advices and I personally really appreciate this.



    anyway I have one more problem with Aastra and I have tried a couple of ways but none of them works. Here is my config:

    Code:
    # Aastra default config file for use with XML scripts
    # Generated using setup-aastra-xml
    #
    # Copyright (C) 2009 Aastra Telecom
    #
    
    # Setup DHCP mode
    dhcp: 1
    
    # Setup TFTP server address
    tftp server: 192.168.0.1
    
    # SIP Proxy/Registrar
    dynamic sip: 1
    sip line1 user name: $$SIPUSERNAME$$
    sip line1 proxy ip: 192.168.0.1
    sip line1 registrar ip: 0.0.0.0
    
    # Time server
    time server disabled: 0
    time server1: pool.ntp.org
    time server2: 192.168.0.1
    
    # Time Zone
    time zone name: US-Central
    time zone code: CST
    
    # Date and time format
    time format: 0
    date format: 6
    
    # Localization
    tone set: US
    language 1: 
    language 2: 
    language 3: 
    language 4: 
    language: 
    input language: 
    web language: 
    
    # Localization XML Scripts
    ask_language: 
    ask_tz: 0
    
    # Digit timeout
    sip digit timeout: 6
    
    # Allow XML push
    xml application post list: 192.168.0.1
    xml get timeout: 30
    
    # Startup URI
    action uri startup: http://192.168.0.1/aastra/startup/init.php
    
    # BLF customization
    sip accept out of order requests: 1
    sip blf subscription period: 600
    
    # Unlock keys on 6730i, 6731i anf 6753i
    prgkey1 locked: 0
    prgkey2 locked: 0
    prgkey3 locked: 1
    prgkey4 locked: 1
    prgkey5 locked: 1
    prgkey6 locked: 0
    
    # Force one key
    #softkey1 type: xml
    #softkey1 label: Startup
    #softkey1 value: http://192.168.0.1/aastra/startup/init.php
    prgkey1 type: xml
    prgkey1 value: http://192.168.0.1:80/aastra/asterisk/login.php?device=$$SIPUSERNAME$$
    
    and mac.cfg

    Code:
    sip line1 auth name: 1000
    sip line1 password: passw0rd
    sip line1 user name: 1000
    sip line1 proxy ip: 192.168.0.1
    sip line1 proxy port: 5060
    sip line1 registrar ip: 192.168.0.1
    sip line1 registrar port: 5060
    sip line1 mode: 0
    sip line1 vmail: *97
    
    # Action URI
    action uri startup: 
    action uri registered: http://192.168.0.1:80/aastra/asterisk/sync.php?action=register&user=$$SIPUSERNAME$$
    action uri poll: http://192.168.0.1:80/aastra/asterisk/sync.php?action=check&user=$$SIPUSERNAME$$
    action uri poll interval: 1800
    sip xml notify event: 1
    action uri xml sip notify: http://192.168.0.1:80/aastra/asterisk/sync.php?action=notify&user=$$SIPUSERNAME$$
    
    # SIP Display
    sip line1 display name: Aastra 53i
    sip line1 screen name: Aastra 53i
    
    # XML applications
    xml application URI: http://192.168.0.1:80/aastra/menu/mymenu.php?menu_source=menu1&menu_user=$$AA_SIPUSERNAME_AA$$&user=$$AA_SIPUSERNAME_AA$$
    xml application title: Applications
    xml get timeout: 30
    
    This is typical config - nothing speciall. Here is what is not the way it should be: After user login to the phone,
    extension register sucesfully. Everything is like it should be - no errors, no messages. In Aastra GUI under SYSTEM INFORMATION all 3 lines are registered under logged extension. When I go to GLOBAL SIP - it is empty. Only line 1 shows extension that is registered. In line 2 and 3 empty fields. So I can make calls but when I call the extension that is already used by that phone and registered I can hear the message "The user is on the phone, please leave the message." Normally when you call your extension 2nd line should ring and it was on the begining
    when I installed XML. I did not make any changes to aastra.cfg neither mac.cfg

    I have tried to add under mac.cfg sip line2 and sip line3 info but it did not change anything. Yes, and I read the FM's many times and know by hart now. This is the last problem that I deal with this long epic.



    Good Day,
     

Share This Page