[Asterisk] Part 2: Installation, Configuration of an Askozia PBX and getting it working with Snom 360

- Download and burn the latest 1.0 Release as PC Live ISO (www.askozia.com,i.e. pbx-cdrom-1.0.3.iso, 30 MB)
- Insert and boot from in your target PC
( You could now already use this as live running Askozia Version - but we're going to install it onto the HDD )
- Just choose option "Install to Harddrive", choose the HDD you want to install onto and accept the questions, warning that your Data will be erased.
- Reboot and remove the CD from the drive.
- Choose Option 2 and set IP, Subnet (default 24), Gateway, DNS, choose wheter you want to go back to http or use ssl encrytpted https
- Go to your PC and enter http://ipoftheaskoziapbx or https://ipoftheaskoziapbx depending on your reacion to the last installation step.
- The default login data is admin, askozia
- Go to the General Setup, change Username, Password and other Settings you would like and save.
- Go to Voicemail, enter an E-Mail Account (username, pw, email, smtp server) you would like to use for the Voice Mail feature. Save the configuration and enter your own E-Mail Adress in "Test E-Mail" and press E-Mail Me - if that does work, you got Voicemail working.
- Go to Interfaces, change the Interface settings to your like and add ISDN or Analog Interface if you got such.
- Now your basic installation is done, go to reboot and restart your system.

Create an Sip Account and connect Snom 360
- Login to your Askozia again
- Choose Phones and click on "Add Sip"
- Enter the needed Information:
- Extension is your phone number
- Caller ID is the Name of the personal behind that number
- Password is needed to secure the SIP Account
- Voicemail is the E-Mail Adress of the Person, so Askozia can send you a) missed call notifications, b) your Mailbox Entrys as wav
- You need to activate for a) "send missed call notifications" as well
- Choose your Language
- And you may enter an Description and Advanced Settings if you want
- Press Save

- Login to your Snom 360
- Choose Identity 1 (i.e.)
- Enter the needed Information:
- Identity active: on
- Displayname you can choose to your like - maybe Sip Askozia
- Account is the Extension / Phone Number
- Password is the Sip Password
- Registrar is the IP of your Askozia PBX
- Press Save and Re-Register
- Enter your Password again on the Snom 360 and press the "Check Mark" button

Now you're done and can phone. Just enter the number of the other SIP Phone and press "Check Mark" to start calling.

Conferencing:
Under Services, Conferencing you got an Conference Room in the Askozia. On default calling number 2663 will get you there and you can conference with other Sip Users

Applications:
Under Dialplan, Applications you can call 3 Applications. 00003246 - Echo Test, 00009253 - WakeMe (an Wake Up Call Manager), 000064554 (1000Hz Test Tone)

Call Groups:
Under Dialplan, Call Groups you can set Call Groups (one Extension does ring multiple Phones)

Interfaces:
Under Interfaces you can change Interface settings - i.e. configure an ISDN Interface like an AMV Fritz Card ISDN which is recognized in Askozia Stable 1.0.3

Providers:
Under Accounts, Providers you may add an Sipgate Account i.e. to the PBX

Phones:
Under Accounts, Phones you can change Phone settings and add Provider Accounts to the Phone

[Asterisk] Part 1: Basics and Choosing the right OS

Finally the time has come for our first VoIP or Voice over IP Project. The final goal of this project shall be to integrate an Software Asterisk VoIP System into an already existing PBX / ISDN Enviroment, allowing Users on Analog and ISDN Phones to recieve and send VoIP Calls by using the Asterisk Gateway - and vice versa. An good starting point is the most famous open source Voice PBX, called Asterisk. Asterisk is aviable in many flavors and colors: As commandline on little OpenWRT enabled Routers to an Highpowered Cluster Solution running ten thousands of phones at the same time - beeing managable via an nice looking Webinterface and Batch Files.

As an starting point, myself and Co Worker Sebastian picked out the three most popular releases and integrations of the Asterisk server:

- AsteriskNoW! ( http://www.asterisk.org/asterisknow/ )
AsteriskNow is an development of dignium which does also develop Asterisk.
Uses CentOS.

- trixbox ( http://www.trixbox.org/ )
Trixbox is an PBX which has been build for business use and therefor has many options and special settings.
Uses CentOS.

- Askozia ( http://www.askozia.com/ )
Askozia is using the same system the m0n0wall and FreeNAS Appliances are build upon and is therefor very small and very lightweight.
Uses FreeBSD / m0n0wall / FreeNAS System.

AS for the test systems, we did decide to put all three Systems on real world servers, the first two ones because of their quite heavy weight resource needs onto 2 identical Tyan Tomcat Servers, powered by Pentium 4, 3 GhZ, 1 GB of Ram and an Sata Raid Controller, Mirroring the 160 GB Drive (Raid 1) to a second HDD. We got two 1 Gbit NICs and other stuff.

The test node for the Askozia is an Pentium 2 MMX, 500 MhZ, 64 MB Ram, 8 GB Hdd. 1 100 Mbit NIC and an AMV Fritz Card.

After extensiv tests of the systems we came to choose two favorites:
- Askozia
Because of its very lightweight, very simple configuration and low impact even on the tiny system
Downside: Not many options, shell access only with additional packages, limited expert options

- trixbox
For beeing very powerful and posessing many options.
Downside: Hardware hungry, VERY much options

Having these said we did shut down the two big servers and concentrated on the low end HP Desktop running Askozia. For beeing able to connect to an ISDN PBX we needed support for the AMV Fritz Card. Luckily we found this support included in the stable 1.0.3 release. The current 2.0.0 beta does NOT run with AVM and does not even recognize the Card. I wrote an report on the Forum and the admin did quickly reply to this, I'm waiting for an fix of the problem and therefor continued the work with the 1.0.3. Actually including Voicemail, two Sipphones, Conference Room and such is so easy that anyone can do it within less than 5 Minutes. But first things first - in the Installation How To.

Snom 360 Update and Password Reset

WARNING, this is ONLY for Users on an Snom 360 with Firmware Revision 6.X.
If you got an different Revision the steps could be different.
Check out the Snom Wiki in that case ( http://wiki.snom.com/Firmware ).
Basically we just do reflash the Firmware with the same Revision again to erase data and passwords and unlock the Phone.
Than we do an automatic update to the latest release.

- Download the latest Snom 360 Firmware from the Snom Website for your Revision ( http://wiki.snom.com/Firmware/V6/Latest_Release )
- Download tftpd32 or an similar tftp Server
- Rename the Firmware to snom360.bin and upload it to the root Directory of the tftp Server
- Plug in the Network Port and Power to the Snom
- As the message "To Update by TFTP: Press Any Key" appears, press any key on the phone
- Enter valid IP Data for the Phone. Always press Next. I.e. the IP, the Subnet, the Gateway, DNS and the IP of your tfp Server.
- As you're finished, it will ask for this again and again, press Check Mark right beside the big X Button. The tfp Download will start. Don't unplug the phone during the Firmware Update. The Phone will automatically reboot after the flash is done.
- After this flash we have reset all data - including the passwords, so we now can press the Help Button on the phone and get the ip adress of the phone, connect to it by using an HTML Browser. But before you access the website, you need to enter the Administrative mode of the phone, otherwise you won't be able to set any setting or update the phone. So press the Settings Button and press "Administrative Mode" - password is 0000 on default. Press Check Mark to accept. Now access the Website.
- To update to version 7 Firmware (the latest Firmware, experimental) you need to go to the Advanced Tab, scroll down to Update. Set the Update Policy to "Update automatically" and the Setting URL to "http://provisioning.snom.com/update6to7/update_once.php". Press Save and Reboot, Accept with Yes. The Phone will Reboot.
- After the reboot, the phone will access the internet and check automatically for an update, download it and start flashing. It will reboot serval times, don't power it off until its done. It should take something like 10 Minutes or more, depending on your Internet connection. If it doesn't reboot anymore and does show the normal menu for longer than half an minute you can consider it ok.
- You can now create Identitys (Profiles) for your Sip / VoIP Accounts and reregister them via the Webinterface.

[EEE901/1000] Use Windows XP Bluetooth-Stack on Asus 901/1000

- Deactivate Bluetooth in the Asus-Tray-Utility
- Open C:\WINDOWS\INF\BTH.INF with the Editor.
- Look for:
[Manufacturer]
%Microsoft%=Microsoft
ALPS=ALPS, NT.5.1
Belkin=Belkin, NT.5.1
...

- Now add "Asus=ASUS, NT.5.1". It should look like this:
[Manufacturer]
%Microsoft%=Microsoft
ALPS=ALPS, NT.5.1
Asus=ASUS, NT.5.1
Belkin=Belkin, NT.5.1
...

- Now look for "[Zeevo.NT.5.1]". It should look like this:
[Zeevo.NT.5.1]
Zeevo Bluetooth Solution=                        BthUsb, USB\Vid_0b7a&Pid_07d0&Rev_0126
Zeevo Bluetooth Solution=                        BthUsb, USB\Vid_0b7a&Pid_07d0&Rev_0133

- Beneath it, add following:
[Asus.NT.5.1]
Asus BT-253=                        BthUsb, USB\VID_0B05&PID_B700

- Result:
[Zeevo.NT.5.1]
Zeevo Bluetooth Solution=                        BthUsb, USB\Vid_0b7a&Pid_07d0&Rev_0126
Zeevo Bluetooth Solution=                        BthUsb, USB\Vid_0b7a&Pid_07d0&Rev_0133
[Asus.NT.5.1]
Asus BT-253=                        BthUsb, USB\VID_0B05&PID_B700

- Save and leave the editor
- Now it depends wheter you did install the Widcomm Software or wheter you start with an fresh Win XP Installation

With Widcomm-Software:
- Activate Bluetooth in the Asus-Tray-Utility, Bluetooth Symbol should be white
- Go to System, Software and remove Widcomm-Bluetooth-Software
- At the end, system want that you deactivate Bluetooth - do that via the Tray Utility
- Than, it wants to reboot - DON'T do that.
- Activate Bluetooth again in the Asus-Tray-Utility
- Windows should start installing its own Bluetooth Stack
- Reboot after that, you're done

Without Widcomm-Software:
- Just activate Activate Bluetooth in the Asus-Tray-Utility and it should start installing
- If not, go to the Hardware Manager and "search for changed Hardware"

Internal Notes:
C:\WINDOWS\INF\BTH.INF
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
bthprops.cpl

I found it btw in an german forum and did roughly translate it, because I found it very useful as I only use Bluetooth for s25@once with my Handy.

Windows 2000 / XP Password Special

So, you logged out of Windows and need to get your password back? Thats for what this little collection is for.

Lets say you need to "crack" an Windows 2000 / XP Password. For i.e. login data. Then you should go for Ophcrack: http://ophcrack.sourceforge.net/

If you just want to login into Windows 2000 / XP / Linux etc. without using or cracking the password with admin rights, go for konboot: http://www.piotrbania.com/all/kon-boot/

And should you stumble across the problem of having forgotten your network drive passwords and login but still have access to Windows and got these pw saved, use Nir Soft Network Password Recovery: http://www.nirsoft.net/utils/network_password_recovery.html

Be advised ONLY to use these programs if they come from the orginal website as other websites do add keyloggers and other nice stuff to them. And only use these tools if you own the pc or have the rights to - check your local law!

Quick'n Dirty Moodle Learning Platform Setup

Download and Install TurnKey LAMP (Vmware Appliance)
http://www.turnkeylinux.org/redir.php?url=http%3A%2F%2Fswitch.dl.sourceforge.net%2Fproject%2Fturnkeylinux%2Fturnkey-lamp%2F2009.10-hardy-x86%2Fturnkey-lamp-2009.10-hardy-x86.zip

go to http://IP

go to Webmin (https://IP:12321)
change root pw
change root pw in mysql
create mysql table utf8-unicode "moodle"
mkdir /var/moodledata
chown nobody /var/moodledata
chmod 777 /var/moodledata

root@lamp:/var# apt-get update
root@lamp:/var# apt-get install wget
root@lamp:/var# apt-get install php5-gd
root@lamp:/var# apt-get install php5-curl
root@lamp:/var# apt-get install php5-xmlrpc

cd /var/www
wget http://download.moodle.org/download.php/direct/stable19/moodle-weekly-19.zip
unzip moodle-weekly-19.zip

Access http://ip/moodle

(create config.php in /var/www/moodle)

change pwd,
user admin, pw admin

upload user.csv as iso8859-1 (if you're using öüä!) batch import

setting up firewall
setting up nat
setting up dyndns server for dyndns adress

with phpmyadmin moodle`.`mdl_mnet_host` change to:
Bearbeiten       Löschen       1      0      http://DYNDNSADRESS/moodle      CORRECTDNSADRESS.COM                    0      0      0      0      0      0      NULL      1

$ apt-cache search php | grep gd
php5-gd - GD module for php5

[ESXi 3.5] Dell Optiplex G620 ESXi 3.5 U5 & Problems with Ubuntu 9.10 and Vmware Tools

So, we happend to get an new ESXi 3.5 Server, using an Dell Optiplex G620 for that.

To install ESXi 3.5 U5 onto that Desktop Machine, you NEED to upgrade to Bios A11 and Shutdown CPU Limit ID - and do the Install in SATA Normal Mode (not Compability!). You also need to use the Tipps to install to an IDE Drive (so changing TYPE_IDE to TYPE_ISCSI in the TargetFilter.py) - than it will work flawlessly... (As long as you get the Bios updated, we had the "orignial" A01 Bios and it refused to use an Boot CD for the Update (did load but then always did disable Keyboard - you couldn't enter anything...). We solved the Problem by using an REAL Floppy Disk... Yeah, was hard to get one. That worked! Ah and by the way, the ESXi install did load then, but the Keyboard got Stuck again - we plugged in an USB Keyboard and that one worked, the PS2 didn't wanted to.. well, it always an Adventure setting up ESXi on non-listed Hardware - especially with Dell Bios ;-)...

So - the other Problem is the new and very cool Ubuntu 9.10 - which we did install on the ESXi with latest Software Upgraded. Both Ubuntu 9.10 and ESXi 3.5 U5 (and latest Update by Infrastructure Update Client...). So Problem was: You installed everything, installed VMWare Tools and everything worked - rebooted and your Network was fried... Actually non DNS Lookup did work at all - and everything else neither. DHCP and such worked but it looked like something on the "Hardware" (lol?) / Kernel Level screwed up.

My Co Worker Sebastian came up with one Post, giving an Solution to the Problem:

Unplug the Network from your Ubuntu (by going into the Infrastructure Client, choose Settings of the Machine, choose the NICs and unklick both "Connected" Buttons, press Enter)

sudo rmmod pcnet32
sudo rmmod vmxnet
sudo modprobe vmxnet

Replug the Network

And now it works again!

.....until the next reboot.... T_T'''... >.<'

So.. no final solution here but NOT installing VMWare Tools.

And thats my recommandation after the 5th reinstall of Ubuntu.

Will try again on the next Ubuntu and ESXi Upgrade.

Remote Desktop with XDMCP on Ubuntu 9.10

To access the unsecured(!) Remote Desktop of an Ubuntu 9.10 installation, you need following:

First, install the openssh-server:

sudo apt-get install openssh-server

Then, you need to enable the XDMCP Server.

That became a bit tricky on that Installation, as the "Point 'n Click" enabling has been removed.

Dunno why. So, thats how it works. First we copy over the "empty" custom.conf for gdm:

sudo cp /usr/share/doc/gdm/examples/custom.conf /etc/gdm/

Then we edit it:

sudo vi /etc/gdm/custom.conf

It should look like this in the end:

# GDM configuration storage

[xdmcp]
Enable=true
DisplaysPerHost=2

[chooser]

[security]

[debug]

After that, we need to restart gdm:

sudo restart gdm

And thats it, the XDMCP is running. To access it on Windows i.E., you have to download Xming ( http://sourceforge.net/projects/xming/ )

Download and install the Windows Client, start the XLaunch Tool. Choose One window, Next, Open Session via XDMCP, Next, Enter the IP of the Ubuntu Server under "Connect to Host" and Press Next, Press Next, Save the Config were you want to have it and Finish.

Thats it, an X Window with the Login to your Server will open. Please bare in mind that this XDMCP Session is NOT encrypted. You should Tunnel it via SSH...

// Big Parts were taken from http://www.peppertop.com/blog/?p=690

SSH Tunneling

One of the most important things by working in "dangerous" Networking Enviroments is protection.

And by that I don't mean the usual (and important!) Anti Virus, Anti Malware and Firewall Software, but Traffic Tunneling, meaning VPN or SSH.

SSH is the secure equivalent to the good old (and Plaintext transmitted) Telnet. And its also more powerful: Its use is not limited to remote Control, but can also provide an secured Datatunnel through which all your Traffic to your Remote Location (i.e. an Mysql Database, Web- or Mailserver or the Web itself) is tunneld - and encrypted. Giving therefore little to no chance to "Wiresharkes" and other Cable Tappers or Span Users.

So lets go:

1. Setting up the SSH Server
Setting up an ssh Server is as simple as:
apt-get install openssh-server
if you're running Debian or Ubuntu.

Optional you can configure that the "root" Account
won't be able to access via ssh and you can configure that
Plaintext Passwords aren't allowed. We will go for an Keybased Setup here,
but I would recommend not shutting down this Plaintext Password Authentification
if you can't access the machine physically easily (as the Certifactes are only valid
for one year...).

2. Configuring the SSH Server
vi /etc/ssh/sshd_config

- change Port to 18000
Port 18000
// Thats an must!

- deactivate root access
PermitRootLogin yes
// Thats optional, it does NOT allow your root Account to login via SSH.
// Only set that if you know what you're doing!

- deactivate password login
PasswordAuthentication no
// Thats optional as well, you can set that after this whole thing,
// as you have working SSH Key Authentification - but beware,
// you won't be able to login via an Password then!
// ( And that will hurt if your Keys are expired and don't work anymore... )

3. Configure Router (NAT and Firewall) to Allow Access to your SSH Server.
Use Dynamic DNS (i.E. DynDNS.org) to get an Dynamic DNS Adress.
( Means that an adress like myserver.dyndns.org will always point to
your dynamically changing IP Adress of your Router. Most Routers have an
DynDNS Client built in, so they update the DynDNS Account on every IP Change -
look it up in the Handbook / Config Menu)

4. Setting up an SSH User with Restricted Shell Access
sudo apt-get install rssh
// Installs the restricted shell
sudo useradd tunnel -m -s /usr/bin/rssh
// Creates an User named tunnel with the Restricted Shell
sudo passwd tunnel
// Enter the Password you want for the User

5. Setting up Squid HTTP Proxy
sudo apt-get install squid

6. Creating the Connection using Putty and Setting up the Clients
Download the Putty installer from
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
and install. Then open Putty:

Session -> Hostname and Port: Enter your DynDNS Adress and the Port you chose for SSH
Connection -> Enable TCP Keepalives
Connection -> SSH -> Don't start a shell or command at all
Connection -> SSH -> Enable compression
Connection -> SSH -> Tunnels: Source Port you can choose i.E. 20000
// Source Port is the Port the Tunnel will end on your "Client PC"
Connection -> SSH -> Tunnels: Destination Port localhost:3128
// Destination Port is in that Case the Server (localhost) and Port 3128
// which is the Squid Proxy. But it could also be something like
// IPofyourRouter:21 to forward the Telnet of your Router to Port 20000 on
// the Remote PC, or IporNameofyourHomePc:3389 to forward the Windows
// Remote Desktop - or anything else. You would then connect with the
// Remote Desktop Tool to "localhost:20000" to Access your PC at Home.
Session -> Press Save and Save the Session
Session -> Press Open and Enter your Login, i.E. tunnel and password

You won't see anything as it stays open and "nothing happens".

Go to your Internet Explorer \ Firefox and enter as Proxy localhost, Port 20000

Internet Explorer:
Extras, Internetoptions, Lan Settings, Choose Proxy Server for Lan
Enter localhost, Port 20000

Firefox:
Extras, Settings, Advanced, Network, Settings
Manual Proxy Configuration, HTTP Proxy: localhost, Port 20000
For all Protocols

And now you'll be able to surf the Web Securely from everywhere through your
secured Tunnel!

WARNING: ONLY the Traffic is secured. Your DNS Lookups STILL go to your local
DNS Server. So i.e. the Local DNS Admin can see that you were surfing on
i.e. Google, Facebook or so - but can't see what you did transmit there.
To change that and to do DNS also tunneled via SSH do this:.

Internet Explorer:
don't know, isn't working

Firefox:
// Enter in the URL Bar:
about:config
// Look for this string and set it to "true"
network.proxy.socks_remote_dns

Only one thing to do left:
Set Keybased Authentification.
Keybased Authentification has two main Advantages:
a) You can use it allow scripts to identify themselfes via the key and use ssh
b) Its more secure as the Key does check its Serverpart and tells you if you're
connection has been redirected or intercepted. Its the way to go.

Creating keys:
su
// Enter password for root Access
ssh-keygen -t rsa -b 2048
Just "enter" through everything

Installing keys:
cd /home/tunnel/
mkdir .ssh
chmod 700 .ssh/
cd .ssh/
touch authorized_keys
cat ~/.ssh/id_rsa.pub > authorized_keys
chmod 600 authorized_keys
cd ..
chmod 700 .ssh/
chown tunnel -R .ssh/
exit

Download the key id_rsa in /root/.ssh/ via WinSCP to your PC
Startup puttygen which you did gain with the Putty installer.
Load the id_rsa in Putty and press on "Save Private Key"

Using key based Authentification with Putty:
Open Putty and load your Preset
Connection -> SSH -> Auth
And use the "Private Key File for Authentification" to point to your previously
set Private Key (wheter encrypted or not isn't important at this Point).
Go again to Session and Save again. Press Open.
You'll be asked to enter your Username and Passphrase (if you got one).
If you want to really automate that, you can even specify your Username in
Putty under SSH -> Connection -> Data "Auto Login Name"