vicidial.org

[tim33]

I intend to purchase the manual when I can afford it. I have read the free version.

I have spent the last 2 days setting up Vicidial from a freshly downloaded Vicibox. I don't have any experience or knowledge of VOIP or Asterisk but a small amount of Linux knowledge.

I have outbound calls working. My next step is to get the caller id displaying properly. I have set "Campaign CallerID" to the VOIP number. I have set "Outbound CallerID" to the number.

I have tried adding caller id related settings into the Carrier page with no success.

Here are my stats:

VERSION: 2.12-560a
BUILD: 160617-1427

Registration String:
register => xxxxxx:xxxxxxx@xxx.au:5060

Account Entry:
[xxx]
disallow=all
allow=ulaw
type=friend
username=xxxxxx
secret=xxxxxxx
host=xxx.au
dtmfmode=rfc2833
context=trunkinbound
fromuser=xxxxxxxxxx
callerid=xxxxxxxxxx

Globals String:
TRUNK1=SIP/xxx

Dialplan Entry:
exten => _90[2-9]xxxxxxxx,1,AGI(agi://127.0.0.1:4577/call_log)
exten => _90[2-9]xxxxxxxx,2,Set(CALLERID(num)=xxxxxxxxxx)
exten => _90[2-9]xxxxxxxx,3,Dial(${TRUNK1}/${EXTEN:1},,tTor)
exten => _90[2-9]xxxxxxxx,4,Hangup

Why does caller ID work from a softphone when using the VOIP account without any configuration?

Thanks in advance for your help.

[udy786]

Hi,

Remove fromuser and callerid from your SIP account entry and try.

As per your dialplan, you have done set fixed callerid so remove that also if you want to display Campaign callerid.

[tim33]

Hi and thanks for your feedback. I have followed your instructions for both the SIP account and the dialplan. These are the settings I had before trying to get this working. However just to make sure I have tested again and still not working.

[xxx]
disallow=all
allow=ulaw
type=friend
username=xxxxxxxx
secret=xxxxxxxx
host=xxxxxxxx.au
dtmfmode=rfc2833
context=trunkinbound

TRUNK1=SIP/xxxx

exten => _90[2-9]xxxxxxxx,1,AGI(agi://127.0.0.1:4577/call_log)
exten => _90[2-9]xxxxxxxx,2,Dial(${TRUNK1}/${EXTEN:1},,tTor)
exten => _90[2-9]xxxxxxxx,3,Hangup

[MJCoate]

Hello,

VICIdial will handle displaying the caller ID number via the "Campaign CallerID" that you have already set - no need to do it in the dial plan. What caller ID is showing on outbound calls, if any? Are these calls dialed through a campaign?

[tim33]

Hi,

Thanks for the feedback.

The caller ID is displaying a number from another state in Australia. I have setup a test list in addition to a real list both under the same campaign. The test list contains my phone number so I can test the caller ID when I need to.

[tim33]

If someone could point me in the right direction in terms of technology and documentation to research that would be appreciated. For example, do I need to go and read up on Asterisk, SIP etc to get this working?

[tim33]

After trial and error I got caller ID working. It was simply a matter of adding fromuser=x with "x" being my voip username. I also removed all references to the phone number in Vicidial. Now I'm trying to get inbound calling set up. It is just randomly working once in a while and then isn't the rest of the time.

[tim33]

My provider is sending this to my system: "To: <sip:s@xx.xxx.xx.xx:5060>" where the address is my external ip

I have followed the instructions in viewtopic.php?t=23376 given by striker to add:

exten => s,1,AGI(agi-DID_route.agi)

to extensions.conf under [trunkinbound]

it now looks like:

exten => s,1,AGI(agi-DID_route.agi)
exten => s,n,Hangup()

exten => _X.,1,AGI(agi-DID_route.agi)
exten => _X.,n,Hangup()

I also followed instructions at http://blog.harritronics.com/2011/06/as ... -call.html and set domain= to both my internal and external ip:

[xxx]
host=xxx.au
domain=xxx.xxx.x.xx
domain=xx.xxx.xx.xx
username=xxxxx
fromuser=xxxxx
remotesecret=xxxxx
disallow=all
allow=ulaw
type=friend
dtmfmode=rfc2833
context=trunkinbound

I now have inbound working SOME OF THE TIME. I can see that when it doesn't work it doesn't register with the Asterisk CLI so what is it likely to be?

[williamconley]

You should really have opened a new topic for this. Obviously this is not related to "Caller ID for Outbound Calls".

When inbound does not work and there is no CLI output in Asterisk, there are some possibilities to dig into:

1) how do you know they are sending the call to your IP Address? Does registration fail? (I did not read the rest of the post ... if this is IP authentication then obviously registration does not fail, LOL)

2) If they are sending to your IP address, what if they are sending from a different IP address than the previous call. Major Carriers have multiple IPs and rotate calls among them. Turn off your firewall completely and allow all traffic during a test (and quickly turn it back on, of course).

3) Authentication to send a call to your server could be failing in sip. If the incoming call can not authenticate to a sip account, sip will reject the call and nothing will ever appear in the CLI. So try turning on sip debugging to see if there is some invisible stuff happnin'

[tim33]

I'm so thankful for your response William. I will keep the posting in a new topic in mind for the future. I am so happy with my new system even though it's not perfect. I would never have imagined being able to setup an outbound dialer, inbound lines with interactive voice prompt etc so easily. I start selling today thanks to Vicidial (outbound works fine).

With "sip show peers" my carrier is connected "OK (32ms)". Does this mean they will always send the call to my IP? In regards to different IPs and the firewall do you mean my router firewall or a firewall in linux on the Vicidial machine?

I get about 1 in 5 inbound calls failing to connect. I get a fast busy signal or engaged busy signal. The rest are fine, with great quality.

I own a run of the mill home router: NetComm NB604N. I have forwarded the ports as below. In point 2 that you made are you implying that I should only have ports open for my carriers IP address? Is my setup wildly insecure with no restriction on originating IP?

Server Name External Port Start External Port End Protocol Internal Port Start Internal Port End Server IP Address
SIP 5060 5070 TCP/UDP 5060 5070
RTP 8766 30004 UDP 8766 30004
RTP 30006 35000 UDP 30006 35000

[williamconley]

With "sip show peers" my carrier is connected "OK (32ms)". Does this mean they will always send the call to my IP?

Nope. That just means you can send them a packet and receive a response from their sip server. Unrelated to inbound or outbound calls. Just a "yep, they're still there" checker. As such: If the response is ever "Nope! They're gone!" Vicidial will immediately STOP trying to send outbound calls to them. The call will fail without leaving your server. This is designed to allow instant failover based on the "qualify=yes" method for major servers (or those who actually configure failover, of course).

They will always send Inbound to your IP if you meet one of these two criteria:
1) They have a method by which you can specify the IP address to send calls to. Either in a web portal or some other "use this IP" speicification process ... even something like emailing your sales rep. LOL
2) Registration! sip show registry is how you find out if you are successfully registered.
* Note that their internal system determines which route a call will take to get to you. Some carriers use both registration and direct to IP methods and they have controls on their web portal to determine which DID goes to which "route". So this is pretty much reliant upon the methods in use at the carrier.

In regards to different IPs and the firewall do you mean my router firewall or a firewall in linux on the Vicidial machine?

Either or both. Both can block and cause problems. It's best to have the Vicidial server directly on the internet with its own public IP address and use the iptables firewall built in to the linux OS. You can also look up Dynamic Good Guys Firewall which has a "get ready to install it, but don't Actually install it" option which can harden your system quite well.

I own a run of the mill home router: NetComm NB604N. I have forwarded the ports as below. In point 2 that you made are you implying that I should only have ports open for my carriers IP address?

That would be a good idea. If the calls still work. You'll need all possible IPs from your carrier eventually, that's as good a place as any to put them. Especially if you're familiar with that router's configuration method. Note that any router must have a timeout method for rports/temporary ports/trigger ports (whatever you want to call them). If that timeout is shorter than your registration period ... registration will still be "in effect", but the port will be closed and the call will bounce off your firewall. Setting the firewall timeout value to a higher number or reducing the registration period will often resolve this issue succinctly.

Is my setup wildly insecure with no restriction on originating IP?

Yep. If you open ports to "the world", you'll get attacked. Ask anyone. You can get away with it for a day or two. Perhaps a week. But port 22 and 5060 are "known attack vectors". So is port 80, and they'll attack the phpMyAdmin folder there pretty quick.

Dynamic Good Guys is available free on Viciwiki.com. I hope they build it into the Vicibox.com installer eventually.

[tim33]

Thank you bud for your helpful comments.

In regards to sending to my IP my carriers show as registered. Why would calls not be sent to my IP, where else would they go?

With my router I can't see any way of opening the ports for just one IP or any way of setting timeout of ports, I guess an upgrade is in order.

I was selling yesterday, looking at the CLI because the calls stopped and saw some weird IP address come up. When I googled it it came up as a dodgy Polish IP. I immediately deleted the port redirection on my router and it stopped... Having the ports closed has made no difference to the functionality anyway. What are they trying to do?

[williamconley]

It's rare to get a router with a powerful firewall configuration. And by the time you spend enough $$ to make that happen, you coulda bought an extra Server. LOL

Best method: put your dialer directly on the web without a router, since iptables firewall in linux is quite robust. Failing that, you can point all useful ports to the Vicidial server and still let iptables firewall in OpenSuSE do its thing. Just remember to whitelist the local subnet before you lock it down, of course.

Also: With this method you'd only be able to forward the ports to ONE vicidial server. This becomes a bit of an issue when you have more than one server inside. Thus the recommendation for "each Vicidial server should have its own public IP".

The goal of the intruder is to use your Carrier Minutes without paying for them. once active, they can accept a contract for 0.1 cents per minute and let you pay for the calls while they get free money.

The only REAL need to have ports forwarded is for IP based authentication for inbound calls. Otherwise, port forwarding is unnecessary but often port "triggering" becomes necessary. That's when a packet on a control port (5060) outbound to one IP can generate a related inbound packet on a different port. That's how SIP works: Control on port 5060 and audio on an rport between 10000:25000.

If you register instead of using ip authentication at the carrier (if they allow it), then they will be sending to a port specified during the registration process. If you use IP auth: they send to port 5060. If port 5060 isn't assigned to your dialer ... the inbound calls for IP authentication bounce off your firewall in your router.

[tim33]

Hi William,

Thanks to your advice I have placed the vicidial server on the internet with its own public IP. The default configuration of the firewall "yast firewall" has HTTP, HTTPS and SSH as allowed services for External Zone and only Asterisk Server as allowed service for DMZ zone. If I set Zone as External do I need to add Asterisk Server as an allowed Service. Is there any documentation about configuring the firewall and preventing attacks? I have no idea what to do to secure the system.

Thanks,
Tim

[williamconley]

http://viciwiki.com/index.php/DGG

Includes whitelist lockdown. You can stop at that point or continue to install DGG, which provides a simple web page for adding authorized IPs and a roaming agent/manager web link for self-adding.