The new Vicibox 8.1 webRTC viciphone feature

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

The new Vicibox 8.1 webRTC viciphone feature

Postby dspaan » Wed Sep 26, 2018 3:08 am

Taken from another thread:

Kumba wrote:WebRTC/ViciPhone ready
- Requires a valid SSL and web accessible FQDN
- There is a template called 'webRTC' under Admin --> Templates that needs updated with your SSL certificate
- Asterisk also needs /etc/asterisk/http.conf updated with your valid SSL certificate
- The server needs it's 'Web Socket URL' under Admin --> Servers set to it's FQDN
- Still have to get the rest of the ViciPhone install together, but the above makes WebRTC work


Kumba wrote:Once you have verified that your SSL setup is working correctly (https:// works), you need to do a few additional setup tasks in ViciDial. This is only for a all-in-one setup. A cluster setup is more of a pain as templates have to be made for each individual telephony server and assigned to different phones and stuff.

Go to Admin --> Servers and click on the Server ID. The Web Socket URL for it needs to be set to : wss://<FQDN>:8089

Next you need to go to Admin --> Templates and select the webRTC template. Here you need to change the dtlscertfile= and dtlsprivatekey= directives to :
dtlscertfile=/etc/certbot/live/<FQDN>/cert.pem
dtlsprivatekey=/etc/certbot/live/<FQDN>/privkey.pem

After that, you need to go to Admin --> System Settings and change the Webphone URL to : https://phone.viciphone.com/viciphone.php

Then when you are adding phones, you will change 'Set to Web Phone' to 'Y' and the Template ID to 'webRTC'.

Also I allowed the wrong port in the firewall config. Here's how you fix that:

1) sed -i 's/8088/8089/g' /etc/sysconfig/scripts/SuSEfirewall2-custom
2) SuSEfirewall2

I've also added the fix to the ViciBox v.8.1 bugfix thread.

Unfortunatley the complexity of getting SSL working and all that means that this last bit of set-up has to be done by the admin after install. Probably the only thing I'll add in ViciBox v.8.1.1 is setting the Web Phone URL under System Settings. Anything else I set, without knowing that SSL is working properly, has the potential to just mess everything up.


An alternative to above what i did is download viciphone from Github and upload it to /srv/www/htdocs/viciphone. Then i specified /viciphone/viciphone.php in Admin>System settings>Webphone URL.

ccabrera wrote:Can we trust https://phone.viciphone.com/viciphone.php to be always available, or should we install our local copy?

I tried to read more about it at viciphone.com (same URL Google has currently indexed) but I can't reach it. Seems https://viciphone.com is currently unavailable, so that's why I'm asking about the stability of phone.viciphone.com


Kumba wrote:That's a DNS thing. phone.viciphone.com is going DNS load balanced across three data centers. One in Tampa, FL, one in Columbus, OH, and one in San Francisco, CA. The same datacenters are responsible for the nameservers hosting viciphone.com. Currently phone1.viciphone.com and phone3.viciphone.com are up and functional. Once I get phone2.viciphone.com (columbus) up that will be all three sites. Each site will have multiple servers serving that sites domain.

But you can download and install ViciPhone on your own server. Just change the "Webphone URL" on the Admin --> System Settings to be wherever you installed it on your server. I.E. https://<FQDN>/viciphone.php


My SSL is working fine and i already made all those changes because during the cert setup the script gave me the above instructions as well. But i just double checked them and everything is as you mentioned. System settings URL done, edited webRTC template, changed my phone to web and used the template and set web to Y. I also applied the firewall fix you provided. I enabeld debug=Y for the phone but i don't see an error. Only thing i see is that the server it's connecting to is displayed by IP in the debug out and not FQDN. Could that be it?
Regards, Dennis

Vicibox 8.1.2
Version: 2.14b0.5
SVN Version: 3058
DB Schema Version: 1561
Build: 181116-1133
dspaan
 
Posts: 1162
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: The new Vicibox 8.1 webRTC viciphone feature

Postby mcargile » Wed Sep 26, 2018 11:09 am

Did you set the Web Socket URL in Admin -> Servers?
Michael Cargile | Director of Consulting | ViciDialGroup | www.vicidial.com

The official source for VICIDIAL services and support. 1-888-894-VICI (8424)
mcargile
Site Admin
 
Posts: 553
Joined: Tue Jan 16, 2007 9:38 am

Re: The new Vicibox 8.1 webRTC viciphone feature

Postby mcargile » Wed Sep 26, 2018 11:23 am

Also is the phone set to use your external IP address?
Michael Cargile | Director of Consulting | ViciDialGroup | www.vicidial.com

The official source for VICIDIAL services and support. 1-888-894-VICI (8424)
mcargile
Site Admin
 
Posts: 553
Joined: Tue Jan 16, 2007 9:38 am

Re: The new Vicibox 8.1 webRTC viciphone feature

Postby Kumba » Wed Sep 26, 2018 12:35 pm

Also the first vicibox-certbot had a few errors in it. Any reference to 8088 should have been 8089. So double check your server's Web Socket URL to make sure it's set to 8089 not 8088
Kumba
 
Posts: 754
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: The new Vicibox 8.1 webRTC viciphone feature

Postby dspaan » Wed Sep 26, 2018 1:00 pm

mcargile wrote:Did you set the Web Socket URL in Admin -> Servers?

yes

mcargile wrote:Also is the phone set to use your external IP address?

No, but i just did that and it didn't change anything. This is a server with just an external IP on the internet. there is no local IP.

Should the phone not show as registered in asterisk? Right now it doesn't when i check with sip show peers.
Also i suspect the new vicibox firewall, i tried rebooting but still the same problem. My IP is on the whitelist which is active.
After i rebooted the server and didn't start the firewall and logged in as agent it took like 10 seconds before i see the disconnected message in the viciphone interface and when i enable the firewall it goes to disconnected status immediately.
Regards, Dennis

Vicibox 8.1.2
Version: 2.14b0.5
SVN Version: 3058
DB Schema Version: 1561
Build: 181116-1133
dspaan
 
Posts: 1162
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: The new Vicibox 8.1 webRTC viciphone feature

Postby Kumba » Wed Sep 26, 2018 1:53 pm

dspaan wrote:when i enable the firewall it goes to disconnected status immediately.


What's the output of :
- iptables -L
- ipset -L whitelistips
- ipset -L whitelistnets
- Options used for VB-firewall.pl
Kumba
 
Posts: 754
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: The new Vicibox 8.1 webRTC viciphone feature

Postby dspaan » Wed Sep 26, 2018 2:17 pm

iptables -L
Code: Select all
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             match-set geoblock src
DROP       all  --  anywhere             anywhere             match-set geoblock src
DROP       tcp  --  anywhere             anywhere             match-set voipblnet src tcp dpt:8089
DROP       udp  --  anywhere             anywhere             match-set voipblnet src udp dpt:iax
DROP       udp  --  anywhere             anywhere             match-set voipblnet src udp dpt:sip
DROP       tcp  --  anywhere             anywhere             match-set voipblip src tcp dpt:8089
DROP       udp  --  anywhere             anywhere             match-set voipblip src udp dpt:iax
DROP       udp  --  anywhere             anywhere             match-set voipblip src udp dpt:sip
DROP       tcp  --  anywhere             anywhere             match-set badnets src tcp dpt:8089
DROP       udp  --  anywhere             anywhere             match-set badnets src udp dpt:iax
DROP       udp  --  anywhere             anywhere             match-set badnets src udp dpt:sip
DROP       tcp  --  anywhere             anywhere             match-set badips src tcp dpt:8089
DROP       udp  --  anywhere             anywhere             match-set badips src udp dpt:iax
DROP       udp  --  anywhere             anywhere             match-set badips src udp dpt:sip
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             ctstate RELATED
ACCEPT     udp  --  anywhere             anywhere             udp dpt:mdns PKTTYPE = multicast
input_ext  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-IN-ILL-TARGET "
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-FWD-ILL-ROUTING "

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain forward_ext (0 references)
target     prot opt source               destination

Chain input_ext (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             PKTTYPE = broadcast
ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     udp  --  anywhere             anywhere             udp dpt:sip match-set whitelistips src
ACCEPT     udp  --  anywhere             anywhere             udp dpt:iax match-set whitelistips src
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8089 match-set whitelistips src
ACCEPT     udp  --  anywhere             anywhere             udp dpt:sip match-set whitelistnets src
ACCEPT     udp  --  anywhere             anywhere             udp dpt:iax match-set whitelistnets src
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8089 match-set whitelistnets src
LOG        tcp  --  anywhere             anywhere             limit: avg 3/min burst 5 tcp dpt:8089 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC-TCP "
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8089
LOG        tcp  --  *****************************  anywhere             tcp dpt:http ctstate NEW limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC "
ACCEPT     tcp  --  *****************************  anywhere             tcp dpt:http
LOG        tcp  --  *****************************  anywhere             tcp dpt:ssh ctstate NEW limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC "
ACCEPT     tcp  --  *****************************  anywhere             tcp dpt:ssh
LOG        udp  --  *****************************  anywhere             udp dpt:sip ctstate NEW limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC "
ACCEPT     udp  --  ***************************** anywhere             udp dpt:sip
LOG        udp  --  *****************************  anywhere             udp dpts:ndmp:dnp ctstate NEW limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC "
ACCEPT     udp  --  *****************************  anywhere             udp dpts:ndmp:dnp
LOG        tcp  --  *****************************  anywhere             tcp dpt:https ctstate NEW limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC "
ACCEPT     tcp  --  *****************************  anywhere             tcp dpt:https
LOG        tcp  --  *****************************  anywhere             tcp dpt:radan-http ctstate NEW limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC "
ACCEPT     tcp  --  *****************************  anywhere             tcp dpt:radan-http
LOG        tcp  -- *****************************  anywhere             tcp dpt:8089 ctstate NEW limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC "
ACCEPT     tcp  --  *****************************  anywhere             tcp dpt:8089
DROP       all  --  anywhere             anywhere             /* sfw2.insert.pos */ PKTTYPE != unicast
LOG        tcp  --  anywhere             anywhere             limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
LOG        icmp --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
LOG        udp  --  anywhere             anywhere             limit: avg 3/min burst 5 ctstate NEW LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
DROP       all  --  anywhere             anywhere

Chain reject_func (0 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset
REJECT     udp  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-proto-unreachable


ipset -L whitelistips
Code: Select all
Name: whitelistips
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 264
References: 3
Number of entries: 3
Members:
*****************************
127.0.0.1
*****************************


ipset -L whitelistnets
Code: Select all
Name: whitelistnets
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 120
References: 3
Number of entries: 0
Members:


I have started the firewall with these options:
/usr/local/bin/VB-firewall.pl --white --whitelist=ViciWhite

Also,i cannot open https://mydomain.com:/ws in my browser, i read in this thread that it should display some page: https://github.com/chornyitaras/PBXWebP ... figuration
Last edited by dspaan on Wed Sep 26, 2018 2:30 pm, edited 1 time in total.
Regards, Dennis

Vicibox 8.1.2
Version: 2.14b0.5
SVN Version: 3058
DB Schema Version: 1561
Build: 181116-1133
dspaan
 
Posts: 1162
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: The new Vicibox 8.1 webRTC viciphone feature

Postby dspaan » Wed Sep 26, 2018 2:27 pm

I found the problem!

In /etc/asterisk/httpd.conf i had a correct path to my cert.pem but the path to privkey.pem showed up like this:

tlsprivatekey=/etc/certbot/live/<FQDN>/privkey.pem

Maybe another vicibox bug? Or maybe related to the other bug i posted about and which was figured out already:

Kumba wrote:Found the issue. In vicibox-certbot I have:

APACHE_CONF="/etc/apache2/vhosts/1111-default-ssl.conf"

when it should be:

APACHE_CONF="/etc/apache2/vhosts.d/1111-default-ssl.conf"

Regards, Dennis

Vicibox 8.1.2
Version: 2.14b0.5
SVN Version: 3058
DB Schema Version: 1561
Build: 181116-1133
dspaan
 
Posts: 1162
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: The new Vicibox 8.1 webRTC viciphone feature

Postby Kumba » Wed Sep 26, 2018 5:18 pm

dspaan wrote:I found the problem!

In /etc/asterisk/httpd.conf i had a correct path to my cert.pem but the path to privkey.pem showed up like this:

tlsprivatekey=/etc/certbot/live/<FQDN>/privkey.pem


It's a bug. The <FQDN> should have been $FQDN. It's fixed and will be in v.8.1.1. I'll probably release the roll-up version this weekend.
Kumba
 
Posts: 754
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: The new Vicibox 8.1 webRTC viciphone feature

Postby dspaan » Thu Sep 27, 2018 1:10 am

Another question, is it possible to auto hide the webphone when logging in?
Regards, Dennis

Vicibox 8.1.2
Version: 2.14b0.5
SVN Version: 3058
DB Schema Version: 1561
Build: 181116-1133
dspaan
 
Posts: 1162
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: The new Vicibox 8.1 webRTC viciphone feature

Postby dspaan » Tue Nov 13, 2018 6:38 pm

dspaan wrote:Another question, is it possible to auto hide the webphone when logging in?


Also, i have to press a link each time after logging in to dial the webphone, this can't be configured to be dialed automatically?
Regards, Dennis

Vicibox 8.1.2
Version: 2.14b0.5
SVN Version: 3058
DB Schema Version: 1561
Build: 181116-1133
dspaan
 
Posts: 1162
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: The new Vicibox 8.1 webRTC viciphone feature

Postby dspaan » Sun Mar 10, 2019 6:16 pm

Question, when using webphones in a cluster do you need to have a webserver running on each of the dialer servers?
Regards, Dennis

Vicibox 8.1.2
Version: 2.14b0.5
SVN Version: 3058
DB Schema Version: 1561
Build: 181116-1133
dspaan
 
Posts: 1162
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: The new Vicibox 8.1 webRTC viciphone feature

Postby mflorell » Sun Mar 10, 2019 9:46 pm

No, but you do need to have a valid SSL cert on every dialer that you want agents to be able to connect to through WebRTC.
mflorell
Site Admin
 
Posts: 17156
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida


Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: alo, Google [Bot] and 8 guests