Server

How to Install a ScopTEL Virtual Machine Into the Mediatrix Sentinel SBC

The Mediatrix Sentinel appliance is a Gateway Appliance with several advanced
features (some of which are activated by licensing).
• Eight Gateway modules are supported per Sentinel and external Gateways are also
supported.
• FXO/FXS modules supported
• ISDN modules supported
• DSP modules are supported for RTP CODEC support.
• Hardware transcoding is not yet supported
• SBC is supported by license. Licensing is per channel based
• Embedded Firewall
• Embedded Router supporting static routes
• Enbedded NAT Router
• Embedded DHCP server
• VLAN Support
• QoS support
• 2 Network interfaces (Uplink, Lan1) with each interface supporting a unique MAC
address for bridging to Virtual Machine network interfaces.
• 1 dedicated network interface for emergency management
• Additional Information is available on the Mediatrix Wiki
http://wiki.media5corp.com/wiki/index.php?title=Category:Mediatrix_Sentinel

ScopTEL - Mediatrix Sentinel ScopTEL VM Installation
Read More

Product Bulletin: ScopServ Vulnerability CVE-2014-1691 January 26, 2015

Scope:
ScopServ, ScopTEL installations could be vulnerable to CVE-2014-1691.

Description:
Unsanitized variables are passed to the unserialize() PHP function. A remote attacker could specially-craft one of those variables allowing to load and execute code.

Required Action:
In order to protect a ScopTEL installation from this vulnerability you must update to scopserv-5.0.0-2 scopserv-core-5.1.0.8.20150126-1 scopserv-framework-5.0.0.7.20150126-1 and meet all other dependencies including php-pecl-json-1.2.1-5

Immediate Recommendations:
It is highly recommended to perform a full update on each ScopServ, ScopTEL installation in order to simplify the upgrade procedure and also ensure all dependencies are met.
It is also highly recommended to reboot your server after the updates in order to ensure all services and scripts and have been updated.
From the Linux shell execute (without quotations) ‘scopserv_yum update’
And after the updates are completed execute (without quotations) ‘reboot’

Read More

VoIPmonitor QoS assessment tool now available for installation on ScopTEL

VoIP is a beautiful thing but not if your network is the source of bad voice quality and you cannot prove the source of the problem.

Most of the time the problem is caused by newtork latency, lack of bandwidth, or packet loss.  The G.107 E Model is a great tool to assess a network and determine the MOS of phone call(s).  ScopServ has published a must read guide on QoS at https://blog.scopserv.com/2012/07/scopserv-advanced-training-on-qos-and-vlans/

VoIPmonitor is a third party tool that is pretty easy to install and can easily generate a QoS report and it has a lot of other cool features.

http://www.voipmonitor.org

Installing VoIPmonitor using the ScopServ package manager will automatically build a working installation fo VoIPmonitor.
To install VoIPmonitor you must obtain a 30 day trial license or purchase a Server license from VoIPmonitor.
http://www.voipmonitor.org/buy

Disclaimer: ScopServ does offer any support of any kind for VoIPmonitor.  Support requests must be made directly to VoIPmonitor and all support documentation is available from their website.  http://www.voipmonitor.org

How to install VoIPmonitor on ScopTEL (assuming your software maintenance is active):

From Linux console type:

scopserv_yum update

Login to the ScopTEL GUI and edit MySQL Server and check Enable TCP/IP listening ? [x]

Save

mysqltcplisten

 

Log Out of the ScopTEL GUI

From Linux console type:

service mysqld restart

scopserv_yum install voipmonitor

service scopserv restart

Login to your account at http://www.voipmonitor.org and copy your license data to clipboard

voipmonitorlicense

 

Login to the ScopTEL GUI

Click on the VoIPmonitor Tools menu in the ScopTEL GUI and paste your key.

toolsvoipmonitorlicense

 

After clicking on ‘Recheck’ your installation should be finished

installfinishederror

But you will probably see this error when you click on Installation is Finished.

installfinishederrorignore

Click OK and ignore the error.  A ScopTEL crond task will automatically execute this command.

From Linux console type:

service voipmonitor start

Now you can click on Tools>VoIPmonitor in the ScopTEL GUI and start using VoIPmonitor.

You may need to edit the network interface(s) that VoIPmonitor is configured to monitor.

voipmonitorethconfig

 

If you edit and save this configuration you must…

From Linux console type:

service voipmonitor restart

 

Then open the ScopTEL GUI and go to Tools>VoIPmonitor to see VoIPmonitor options and reports.

voipmonitorworking

Read More

ScopTEL Troubleshooting Guide

ScopServ has compiled an indispensable document listing the most common support problems and tips to fix these problems.

•General Troubleshooting
•Log Files
•SIP Response Codes
•OS CLI Commands
•Asterisk CLI Commands
•Database Repair Commands
•MySQL Repair is Taking Too Long
•ScopTEL GUI is Slow
•ScopTEL GUI Will Not Restart
•ScopTEL GUI Fatal Error and Dead Call Processing
•Debugging Authentication Failures
•Debugging Call Failures with ‘database show’
•Debugging Call Failures with SIP Cause Codes
•ScopSTATS System Monitoring Logs
Read More

Configure High Availability Telephony server

The ScopTEL IP PBX supports different methods for High Availability and replication of MySQL databases; this article will explain the easiest way to configure two (2) servers in a failover (active/passive) scenario.

We will show how to replicate the configuration, voicemail, and prompts from the Master with the IP address 192.168.99.164 to a Slave (192.168.99.165) using a Floating IP Address (192.168.99.100).

 

Requirements

Both servers must use the ScopServ installation disk (ISO).  The image is available to download at http://download.scopserv.com/iso/

The shared partition must exist on both servers as a primary partition and the mount point must be /share

In order to simplify the configuration of the High Availability setup, we automatically created a shared 10GB partition on the disk layout.

We highly recommend not to exceed a shared partition of 10Gb due to the length of time required to sync the shared partition.  The maximum shared partition size is 50Gb

You must absolutely use  Server version 2.6.9 or greater and Telephony version 2.7.16 or greater.

 

Recommendations

We highly recommend that you update all packages to the latest versions. To proceed, go to Server -> Packages Manager and click on Update Now.

We strongly recommend reading the ‘DRBD User’s Guide’ available at http://www.drbd.org/users-guide-8.3/ that covers all aspect of Shared Storage (DRBD), including troubleshooting informations.

Update Now on Packages Manager

Preparing your Network Configuration

It is recommended, though not strictly required, that you run your Shared Storage (DRBD) replication over a dedicated connection. The most reasonable choice for this is a direct, back-to-back, Gigabit Ethernet connection. When the Shared Storage (DRBD) service is run over switches, use of redundant components is recommended.

It is generally not recommended to run Shared Storage (DRBD) replication via routers, for reasons of fairly obvious performance drawbacks (adversely affecting both throughput and latency).

 

– The Floating IP Address that will be used by VoIP devices is set to 192.168.99.100

– The Master Server is configured to use the hostname master.local and the IP Address 192.168.99.164

– The Slave Server will use slave.local as the hostname and the IP Address 192.168.99.165

It is very important that both servers can ping each other using the hostname and IP address. On both servers, go to Network -> Configuration and verify that the specified hostname matches. On Network -> Static Hosts,  you can create a hostname for each server.

Network Static Hosts configuration

MySQL Configuration

On both servers, go on Server -> MySQL Server -> Configuration and check the option Enable High Availability Support and click Save (do not change any of the default settings).

 

High Availability Configuration

First, we have to edit the High Availability configuration on the GUI of BOTH servers. We have to enable Automatic Failover (Heartbeat) and Shared Network Storage (DRBD) on Server -> High Availability.

We have to specify the Floating IP Address (192.168.99.100), the Primary (192.168.99.164), and Secondary (192.168.99.165) Server IP Addresses, and Hostnames.

For Shared Storage, you will have to specify the disk partition used for the shared storage. From SSH, you can use the df  command to retrieve the disk device. In this sample, the shared device is /dev/hda2

[note color=#ddd]# df

Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda3 65164472 2303744 59497120 4% /
/dev/hda1 101086 17217 78650 18% /boot
/dev/hda2 10080168 153732 9414384 2% /share[/note]

Make sure the High Availability configuration is correctly set as follows:

High Availability Configuration on Master and Slave servers

 

On the Options tab, you must absolutely enable the Telephony Server (Asterisk) and MySQL Database modules. It is recommended to enable all modules for a complete replication.

High Availability Options (Modules)

High Availability Options (Modules)

Before continuing, verify on both servers that directory /share exists. If it’s not the case, create it (located at root) using the command mkdir share, and affect it the right owner user/group with chown -R scopserv:scopserv /share

Reboot both servers to affect all network changes.

Enabling Services and Initializing Shared Storage

Under Configuration -> Server -> General, make sure that  Heartbeat (Failover) and Shared Storage (DRBD) services are enabled. You must start these services on both servers.

Once the services are running, you must initialize the Shared Storage partition. On the Master server, click on Initialize DRBD and a popup window will appear and ask you to confirm the initialization. You must wait for completion before executing the next step. Please be patient, completion of this step can take approximately 5-10 minutes.

Initialize DRBD on the Master server

 

Now that the initialization is complete on the Master server, you can go to the Slave server, click on Initialize DRBD and the following popup window will appear:

Initialize DRBD on the Master server

 

Services Status and Verification

The High Availability and Shared Storage are configured and the synchronization of the disk must be in progress (see following image).

When the synchronization is complete, the status available on Server -> General must look like the following:

At this point, HA is configured and running. It’s now time to make some modifications in configuration to affect floating IP address.

On both servers:

  • Server -> Configuration -> Provisioning:
    • SIP Server Address
    • TFTP Provisioning
    • HTTP Provisioning

On Master Server only:

  • Telephony -> Configuration -> Provisioning: Default SIP Server
  • Telephony -> Configuration -> Channels:
    • SIP Channel: Binding Address
    • IAX Channel: Address
Read More

ScopTel / Active Directory : Extension Synchronization

SCOPTEL 2.7
PHONE EXTENSION
ACTIVE DIRECTORY SYNCHRONISATION

DOWNLOAD THIS PROCEDURE : ACTIVE DIRECTORY PHONE EXTENSION SYNCHRONISATION

PREAMBULE

Following is the procedure to synchronize the Active Directory user’s with ScopTel’s phone extension database. We currently support the synchronization of the attributes below:

– Phone extension
– Full name
– Username

PROCEDURE

Login to ScopTel

1

Go to menu “Configuration / Telephony / Configuration”

2

Click on the “Synchronization” tab

3

Click on “Add new sync source”

4

Select the tenant to be synchronized with

5

Follow these steps:
1. Select “Phone Extensions”
2. Type “Active Directory”
3. Click on the “Source”tab

6

Follow these steps:
1. Type the domain controller IP address
2. Type the “Distinguished Name” of your administrator account. Refer to appendix for more explanation
3. Type the account password.
4. Type the base “Distinguished Name” where to synchronize the user account. Refer to appendix for more explanation
5. Type “(objectClass=user)” in the “Filter Prefix”
6. Click the “Attributes”tab

7

Follow these steps:
1. Type “ipPhone” in attribute name of Phone Extension
2. Type “displayName”in attribute name of Full Name
3. Type “samAccountName”in attribute name of Username
4. Click on “Options”tab

8

Follow these steps:
1. Check the “Update existing Extensions?”
2. Check the “Executes a Commit if we detect changes?”
3. Check the “Enable Auto Synchronization” and fill out the schedule of syncronization
4. Click on “Save”button

9

Click on “Commit”button

10

ScopTel is now ready to be synchronized with Active Directory following the schedule configured. Please refer to appendix section for proper user creation and configuration in Active Directory.

APPENDIX

BASE DN
The base DN is where the synchronization will start the search for user’s object. In this case, we created a “test” Organization Unit to store a user object. Therefore the Base DN would be:

OU=test,DC=SCOPSERV,DC=local

11

ADMINISTRATOR ACCOUNT LOGIN DN

The “admin” account is in the Users component under SCOPSERV.local, so my distinguished name would be:

CN=admin,CN=Users,DC=SCOPSERV,DC=local

In Active Directory, “Users” is not an Organization Unit, it’s a common name and sometimes this can be confusing.

12

CONFIGURING USER EXTENSION

Open up the Active Directory User’s and Computer MMC snap-in. Create a user and edit the properties, go under “Telephones” tab. Simply type in the user Extension to be synchronized with ScopTel.

1314

Read More

Enable Automatic Failover (Heartbeat) with ScopTEL IP PBX

How to Enable Automatic Failover ?

This article illustrates how to implementing VERY simple active/passive IP failover using ScopTEL IP PBX.

The Automatic Failover (heartbeat) module allows two (2) servers to share an high availability IP address.

Each server has its own normal IP address used to administer the server. There is then a 3nd  Floating IP address that SIP/IAX2 clients and SIP Gateways/Trunks connect to. This normally runs on the primary server as an IP alias for the WAN (eth0:0) Interface.

The backup (slave) server then monitors the health of the primary server, and if it crashes the backup (slave) takes over the service IP address. The backup monitors the primary through the LAN network and optionally through a null modem cable connected between the serial ports on each server.

 

For the purposes of this article we will have two (2) servers, and three (3) IP addresses, for this setup we have two (2) internal/LAN IP’s and one (1) Public/WAN IP address.

The IP/Hostnames/DNS we will be using are as follows:

  • pbx.dr.scopserv.com: 205.237.45.129 (WAN) (Floating IP, not a physical server/node)
  • pbx01.dr.scopserv.com 192.168.120.101 (LAN) (Server/Node 1)
  • pbx02.dr.scopserv.com 192.168.120.102 (LAN) (Server/Node 2)

 

To configure Heartbeat on ScopTEL PBX is pretty easy. Do the steps below on both servers :

  • Log into ScopTEL PBX GUI as administrator
  • Go on Configuration -> Server -> High Availability module.
  • Click on Edit and check the Enable Automatic Failover (Heartbeat) option.
  • Set Floating IP Address used by SIP/IAX2 clients and/or Gateways/Trunks.
  • Define the IP Address and Hostname for both servers.

You also have others options to manage the Failover (Heartbeat) service. By sample, if you want to use a null model cable instead of Network  broadcast, you can change the Interface Mode to Serial Port.

 

Server -> High Availability -> Heartbeat

Server -> High Availability -> Heartbeat

 

That’s it!!! Fire up both servers/nodes, pull the plug on your primary node (server 1), and check backup server (server 2) to see that it has taken over your High Availability services and Floating IP Address.

 

Read More

Setting up an LDAP Directory Server on ScopTEL PBX

What is LDAP ?

LDAP (Lightweight Directory Access Protocol) as its name states it, is a protocol to get access to Directory Service. A well known LDAP is Active Directory that is specific to Windows Server. But for Linux, it is called OpenLDAP.

In order to use LDAP with ScopTEL PBX software, you must configure an LDAP directory server. This server stores the LDAP entries and makes them accessible to supported phones and other applications that need the information.

 

[note color=#ddd]This new functionality is offered in the latest version of Server Management 2.2.0.[/note]

 

ScopTEL integrated LDAP Manager

The LDAP manager integrated in ScopTEL PBX  was designed to make LDAP Server management as easy as possible for the user. It abstracts from the technical details of LDAP and allows persons without technical background to manage a local LDAP server.

  • Management of basic options like DN, Authentication and caching.
  • Manage Schema and dependencies
  • Authentication (User/Password)
  • Access Control (ACL)

 

Configure LDAP Directory Server

Configuring the OpenLDAP server on ScopTEL PBX is very simple:

  • – Log into ScopTEL GUI and go on Server -> LDAP Server
  • – Click on Edit and set basic options like Top-Level DN and Authentication.
  • – Click on Save. The OpenLDAP service configurations will automatically be reloaded.

LDAP Server Configuration

LDAP Server Configuration


Adding Initial Entries via ldapadd and LDIF file

Next we will add some initial entries to the LDAP server. I suggest creating an LDIF file and loading the contents into the database using the ldapadd utility. You must create an LDIF file (ex. server.ldif) . This the content of my initial LDIF file. Remember to replace all information in bold with your own.

 

[note color=#ddd]dn: dc=scopserv,dc=local
objectClass: dcObject
objectClass: organization
dc: scopserv
o: Top Level[/note]


Once this has been written to a file
server.ldif you may import it using the the ldapadd utility. First make sure your OpenLDAP server has been started. Next change directories to the directory containing the ldap file you just created and run the ldapadd utility. 

[note color=#ddd]ldapadd -x -W -D 'cn=manager,dc=scopserv,dc=local' -f server.ldif -c[/note]

You will be prompted for the rootpw (Bind Password). Enter the password and the utility should dump you to a command prompt if no errors are encountered.

 

Add entries to Directory

To add person entries to the directory, go on Organizer -> Address Book and click on New Contact. You can select in which directory (Shared and Personal Directory) you want to include the new entry.

 

Organizer -> Addressbook

Organizer -> Addressbook

 

Configure Phone Provisioning

The following phones allow to use an LDAP server for Company Directory and CallerID Lookup :

  • AudioCodes
  • Bria (softphone)
  • Polycom (A license from Polycom is required to use this feature)
  • Sipura (SPA30x and SPA50x)
  • Snom

You can enable internal LDAP support on ScopTEL PBX Phone Provisioning from Telephony -> Provisioning -> LDAP.

 

Phone Provisioning -> Internal LDAP Server

Phone Provisioning -> Internal LDAP Server

Browse LDAP Directory

On ScopTEL PBX, we include a tool that allow to browse data from any LDAP Directory. You must click on Tools -> Server -> LDAP Explorer and browse across entries.

 

Tools -> LDAP Explorer

Tools -> LDAP Explorer

 

 

External Links:

Wikipedia: http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol

OpenLDAP: http://www.openldap.org

 

Read More

How to recover Shared Storage (DRBD) from split brain

After split brain has been detected, one node will always have the resource in a StandAlone connection state. The other might either also be in the StandAlone state (if both nodes detected the split brain simultaneously), or in WFConnection (if the peer tore down the connection before the other node had a chance to detect split brain).

 

Shared Storage (DRBD) Status

Shared Storage (DRBD) Status

 

If you get degraded Shared Storage (DRBD) you have to manually resolve split brain situation. You will need to log into Master/Slave server using SSH and connect as root.

 

On Master (primary) server :

[note color=#ddd]drbdadm connect all [/note]

 

On Backup (secondary) server :

[note color=#ddd]drbdadm invalidate all
drbdadm connect all
[/note]

 

Upon connection, your split brain victim immediately changes its connection state to SyncTarget, and has its modifications overwritten by the remaining primary node.

Read More

How to use the ScopTEL Version Switcher to move between ScopTEL releases and different releases of Asterisk

ScopTEL implements an Asterisk version switcher in our Packages Manager.

The version switcher easily toggles between Asterisk versions 1.4, 1.8 and 11

Each Asterisk version may have its place in the real world scenarios even though Asterisk 1.4 is discontinued.

Version 1.8 added great new features in Connected Party updates, CCNB, SRTP

Version 11 finally gives Asterisk T.38 gateway support.

Now you can choose which Asterisk version to deploy and quickly switch between versions to choose which version is best for you.

Module 4 - ScopTEL - Version Switcher for Telephony Server

 

Read More