FreeSWITCH package for pfSense 1.2.1 and 2.0 released. PBX or Proxy
-
mrguitar: I'm glad the work is appreciated! :)
Here is a little more…
SIP (TLS/SSL) and RTP (SRTP) Encryption Notes
FreeSWITCH
Run the following from SSH or the Console
./gentls_cert setup
//replace freeswitch.org with your domain name or IP address
./gentls_cert create -cn freeswitch.org -alt DNS:freeswitch.orgVars tab
<x-pre-process cmd="set" data="sip_tls_version=sslv23">Enable SSL for the Internal profile
<x-pre-process cmd="set" data="internal_ssl_enable=true"><x-pre-process cmd="set" data="external_ssl_enable=false">Dialplans tab (default.xml)
In order to encrypt both sides of the call
Uncomment the following line:
<action application="export" data="sip_secure_media=true"><condition field="${sip_has_crypto}" expression="^(AES_CM_128_HMAC_SHA1_32|AES_CM_128_HMAC_SHA1_80)$" break="never"><action application="set" data="sip_secure_media=true"></action></condition>Status tab
Should show (TLS) if it is enabled.
internal profile sip:mod_sofia@67.60.128.195:5061 RUNNING (0) (TLS)
internal-ipv6 profile sip:mod_sofia@[::1]:5061 RUNNING (0) (TLS)Linksys SPA942
SIP tab
SRTP Method: s-descriptorExt 1
SIP Transport: TLS
SIP Port: 5061
SRTP Private Key: leave blankCan make the calls secure using activation codes or set from the 'Users' tab.
Users Tab
Secure Call Setting: YesRegional (Activation Codes )
Secure All Call Act Code: *16
Secure No Call Act Code: *17
Secure One Call Act Code: *18
Secure One Call Deact Code: *19For Additional information see:
FreeSWITCH Wiki
SIP (TLS / SSL)
http://wiki.freeswitch.org/wiki/Tls#Linksys_TLS_SetupSRTP
http://wiki.freeswitch.org/wiki/SRTP</action></x-pre-process></x-pre-process></x-pre-process> -
mcrane,
I might have found a small bug. (sorry if this has already been discussed, I didn't want to re-read this whole thread again)
I uploaded a lot of recordings and setup several IVRs. I noticed that none of the sounds would "stick" in the IVR config screen unless I removed the "Auto" name and renamed them. Once the files were named, the IVRs worked great.
Cheers,
mrguitar -
Anytime I try to uninstall the freeswitch package, it seems to hang and never uninstalls. I installed the latest version 0.6 and I think I interrupted the install. Now I cant uninstall it. I simply get the following and it just hangs there.
Removing package... Loading package configuration freeswitch.xml... Loading package instructions...Any help would be appreciated.
-
Anytime I try to uninstall the freeswitch package, it seems to hang and never uninstalls. I installed the latest version 0.6 and I think I interrupted the install. Now I cant uninstall it. I simply get the following and it just hangs there.
Removing package... Loading package configuration freeswitch.xml... Loading package instructions...Any help would be appreciated.
Scroll down to the bottom of the page and see if there are any errors. If there are then please report the error.
Manual steps to remove the FreeSWITCH package run the following.
pfSense GUI -> Diagnostics -> Command -> PHP Execute
exec("killall -9 freeswitch");
unlink_if_exists("/usr/local/pkg/freeswitch.xml");
unlink_if_exists("/usr/local/pkg/freeswitch.inc");
unlink_if_exists("/usr/local/pkg/freeswitch_dialplan.xml");
unlink_if_exists("/usr/local/pkg/freeswitch_extensions.xml");
unlink_if_exists("/usr/local/pkg/freeswitch_external.xml");
unlink_if_exists("/usr/local/pkg/freeswitch_internal.xml");
unlink_if_exists("/usr/local/pkg/freeswitch_modules.xml");
unlink_if_exists("/usr/local/pkg/freeswitch_public.xml");
unlink_if_exists("/usr/local/pkg/freeswitch_vars.xml");
exec("rm -R /usr/local/freeswitch/");
exec("rm -R /usr/local/www/freeswitch/");
unlink_if_exists("/usr/local/etc/rc.d/freeswitch.sh");
unlink_if_exists("/tmp/freeswitch.tar.gz");
unlink_if_exists("/tmp/pkg_mgr_FreeSWITCH.log"); -
Didnt even see that error down there.
Warning: delete_package(/usr/local/pkg/freeswitch.inc): failed to open stream: No such file or directory in /etc/inc/pkg-utils.inc on line 740 Fatal error: delete_package(): Failed opening required '/usr/local/pkg/freeswitch.inc' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal:/usr/local/pkg') in /etc/inc/pkg-utils.inc on line 740 -
The error says that it can't find the file /usr/local/pkg/freeswitch.inc which is the include that defines the steps to uninstall the package. The FreeSWITCH package will not work if the freeswitch.inc file is missing. Without that file you will definitely need to run manually remove the package as I described in a previously.
-
I might have found a small bug. (sorry if this has already been discussed, I didn't want to re-read this whole thread again)
The bug had not been reported.
I uploaded a lot of recordings and setup several IVRs. I noticed that none of the sounds would "stick" in the IVR config screen unless I removed the "Auto" name and renamed them. Once the files were named, the IVRs worked great.
Cheers,
mrguitarActually the act of editing the recording no changes and then saving it would fix the problem. In looking into this I found another bug where the guid would change each time the edit page was saved. I have made some change that are available in 0.6.3 that should fix these problems. Please confirm that it is working now.
Anyone using IVR/Recordings is strongly encouraged to upgrade to 0.6.3 or higher.
-
Actually the act of editing the recording no changes and then saving it would fix the problem. I looking into this I found another bug where the guid would change each time the edit page was saved. I have made some change that are available in 0.6.3 that should fix these problems. Please confirm that it is working now.
Could this be a reason my recordings are unusable after upgrading packages?
Thanks for all the hard work Mcrane! ;D :)
-
Could this be a reason my recordings are unusable after upgrading packages?
Yes, after upgrading the package it would have also re-generated the guid which would have broken the IVR link to the recordings. To fix it you would have needed to select the recordings again under the IVR tab. This bug should be fixed. If you get a chance please confirm that this bug is fixed.
-
Thanks for excellent work!
Now I'm testing FreeSWITCH with two VoIP providers: Sipnet (out) and Telphin (in & out). -
Have one problem: can't send voicemail to email.
My settings:
SMTP host: my.smtp.server:465
SMTP auth: false
SMTP secure: no
SMTP from: pbx@pfsense.my.domainOn my.smtp.server in maillog found this (related to my pfsense's IP address):
Jan 24 18:25:03 www postfix/smtpd[10206]: connect from unknown[xx.xx.252.153]
Jan 24 18:25:03 www postfix/smtpd[10206]: lost connection after RSET from unknown[xx.xx.252.153]
Jan 24 18:25:03 www postfix/smtpd[10206]: disconnect from unknown[xx.xx.252.153] -
If you have your own email server to use to send the mail.
Port :465 is for TLS which I'm guess you are not using so your settings would be something like the following. Second thing to keep in mind is that to send email to the mail server without smtp authentication you will have to allow mail relay on your mail server for your pfsense ip address. Mail relay is usually disabled to prevent spammers from using your mail server to send spam.
SMTP host: my.smtp.server
SMTP auth: false
SMTP secure: no
SMTP from: pbx@pfsense.my.domainThe Gmail is a simple example for those that have a Gmail account but don't necessarily have their own mail server.
http://doc.pfsense.org/index.php/FreeSWITCH#Voicemail_to_EmailSMTP Host: smtp.gmail.com:465
SMTP Secure: tls
SMTP Auth: true
SMTP Username: Use your gmail email address here.
SMTP Password: Use your gmail email password here.
SMTP From: Use your gmail email address here. It may support any valid email address but this has not been tested.
SMTP From Name: Can be anything you choose. For my example I used: voicemail. -
All of requirements are ok. I'm able to send mail via telnet my.smtp.server 465 without any problem (while connecting to SMTP server from my pfsense's ip):
telnet my.smtp.server 465
ehlo myhostname
mail from: pbx@pfsense.my.domain
rcpt to: <my extension's="" email="">data
Subject: test
testI'll try different SMTP server soon.</my>
-
I have same problem with another mail server.
Also FreeSWITCH profile external don't starts after pfsense reboot (stop/start of profile helps), may be because of my WAN link is PPTP?
Here my /tmp/voicemailtoemail.txt after trying to send mail:
# cat /tmp/voicemailtoemail.txt To: taras@1adm.ru From: "Lucheev Dima" <102@10.10.15.1> Subject: Voicemail from "Lucheev Dima" <102> 00:00:11 Mailer Error: Language string failed to load: connect_host -
Taras Savchuk: contact me on irc #pfsense-freeswitch my username is mcrane and we can look further into the 'Language string failed to load' error.
Also FreeSWITCH profile external don't starts after pfsense reboot (stop/start of profile helps), may be because of my WAN link is PPTP?
Yes most likely if FreeSWITCH external loads before the PPTP interface connects then the external profile fails to start. Would need to look into a way to detect that and start it if it is not running. This could be done with some custom PHP code and the new pfSense package I wrote called 'PHP Service.'
-
Im still having issues with the recordings I make becoming unusable with a package upgrade. Just fyi.
Recorded using the phone… Changed the name to test4.wav Tested and it worked. Then I reinstalled the package and can no longer access it...
:)
-
If you do a package upgrade you need to make sure to first run the 'backup' from the 'Status' tab. The backup tar gzips the /usr/local/freeswitch directory to the /tmp directory and gives you an optional download. Then during the installation it checks for the .tgz backup file in the /tmp directory if it exists it restores the voicemail, sounds, music on hold, recordings and a few other things. The the configuration is stored in pfSense's config.xml is used to rewrite respective xml configuration files for FreeSWITCH.
The above instructions are shown with less detail on the 'Status' page next to 'backup' button. It is also on the wiki under the heading Uprades: http://doc.pfsense.org/index.php/FreeSWITCH
Current pfSense backup is a backup of the pfsense config.xml file only. I'm talking with other developers about extending pfSense backup / restore so it will be able to backup the config.xml as well as specified files and directories. If I get the time I will build a backup package to make a one step backup available in for pfSense 1.2.x versions.
-
I tested pfSense on the pfSense 1.2.3 snapshot it is working fine so far. But I should note that I had to disable SIP TLS support to get the 'Internal profile' to start. pfSense 1.2.3 is based on FreeBSD 7.1. I believe to get SIP TLS (used to encrypt SIP) to work with FreeBSD 7.1 will require a specific TLS build for FreeBSD 7.1.
-
Thanks mcrane! :)
-
4 things - 1. I AM IMPRESSED!!! Awesome work MCRANE
2. One little thing I noticed that didnt seem to be the appropriate behavior:
I made a gateway and entered a dialplan expression for that gateway and saved it. When I was looking at the settings in that gateway again the dialplan expression was blank, so I thought, hmm must have forgot it, and added it again and saved.
When I go to the Dialplan tab it now has a duplicate of the dialplan I just built for that gateway, but looking at the gateway again it is blank again - is this how it should work or a bug, or am I just expecting too much ;?
3. I am running this on the new pf vmware image, and I attempted to configure a gateway to my asterisk box on the same LAN, but when I do this and watch the asterisk console, nothing ever happens, and freeswitch just says FAIL_WAIT. I have played with the settings a bunch, to no avail, I am using a freepbx extension, but at any rate, I should see some failure on my asterisk cli at 50 verbosity. Is there an example of this that I can use? I saw this http://wiki.freeswitch.org/wiki/Connecting_Freeswitch_And_Asterisk but was hoping to use a freepbx extension.
4. I didnt notice a way to specify the port for a particular gateway - it would be nice if that were available on the "Gateways" page, I am assuming its something you set on the "External" page.
