ViciBox v.8.1.2 released - October 2, 2018

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

ViciBox v.8.1.2 released - October 2, 2018

Postby Kumba » Sat Sep 22, 2018 11:15 am

ViciBox v.8.1.1 has been released. There have been significant improvements and so many new features added that we decided it warranted it's own release. Underneath it's pretty much the same platform as ViciBox v.8.0 and installs in the same way so the learning curve is small on that part.

The ISO can be downloaded from here : http://download.vicidial.com/iso/vicibo ... -8.1.2.iso

I am also working on a new ViciBox v.8.1 installation manual which should be done in the next few days. Unfortunately because of all the new features added, like the integrated firewall, the Installation Manual will be more of a Quick Install Guide then a full fledged manual. The plan is to make an HTML manual similar to what other projects use to cover the more advanced topics like MD RAID install, integrated firewall, webRTC, etc.

Here's a list of notable features and fixes :
- Asterisk v.13 support with v.13.21.1-vici in image (SVN 2960+)
- Asterisk v.11 pre-install downgrade script for older installs
- G729/G723 codecs auto-installed from asterisk.hosting.lv
- WhiteList/BlackList IP ACL firewall integrated with ViciDial IP Lists
- Dynamic IP ACL firewall based on agent web logins
- Default voipbl.org IP blocking to prevent the bulk of SIP attacks
- IP blocking by country aka geoblock
- Certbot set-up script to generate valid SSL certificates from LetsEncrypt.org
- WebRTC/ViciPhone ready with a valid SSL certificate and minor setup
- Self-signed SSL setup in Apache and Asterisk by default
- SNMP configs for network monitoring (Icinga2/Nagios/etc)
- VoiceMail spool manager to delete voicemails over a certain age
- Hardened Apache config to be mostly PCI-DSS web compliant
- Voicemail attachments changed to MP3 instead of WAV
- Reworked and simpler install with less oddities


Base platform :
- OpenSuSE v.42.3 64-bit
- Kernel v.4.4.155
- Asterisk v.13.21.1-vici
- DAHDI v.2.11.1
- libPRI v.1.6.0
- Amfletec VoiceSync v.1.3.8
- OpenR2 v.1.3.3 for MFC/R2
- ViciDial SVN v.2.14-689a build 180922-0958 revision 3035
- Apache v.2.4.32
- MySQL v.10.2.17
- PHP v.5.5.14
- OpenSSH v.7.7p1
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.0 released - August 22, 2018

Postby williamconley » Sat Sep 22, 2018 11:34 am

OOooooooOOOOoo: 8-)

This should be fun to investigate. ViciPhone, g729, Whitelist, SSL ... Dang. You've been busy.
Vicidial Installation and Repair, plus Hosting and Colocation
SugarCRM integration - Customization and Add-ons - We Bring It All Together.
http://www.PoundTeam.com # 352-269-0000 # +44 (203) 769-2294 # +506 4001-8914
williamconley
 
Posts: 18992
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: ViciBox v.8.1.0 released - August 22, 2018

Postby Kumba » Sat Sep 22, 2018 12:19 pm

Here's the short list on how to enable or play with the new stuff:

Integrated Firewall - /usr/local/bin/VB-firewall.pl
- Run it with --debug to see it's flags and what-not
- the ACL is persistent across a cluster as it's stored in the DataBase
- By default only the voipbl.org black list is enabled
- You will need to enable IP Lists in ViciDial to edit the built in black/white list
- The white list is in an IP List in ViciDial called 'ViciWhite'
- You'll need to do a 'touch /etc/sysconfig/scripts/SuSEfirewall2-viciwhite' to enable loading the whitelisting rules
- The black list is in an IP List in ViciDial called 'ViciBlack'
- The white/black lists support CIDR notation as well as single IPs
- White/Dynamic lists are mutually exclusive from Black/VoIPBL/Geoblock, so one or the other
- /etc/sysconfig/scripts/SuSEfirewall2-custom can be modified to control IP ACL blocking I.E. block everything instead of just IAX/SIP/RTC, etc
- Uses IPSet rules which is dynamic and many orders of magnitude faster then individual iptables entries
- The White/Dynamic/Black IP ACL is persistent across a cluster, so all servers have the same IPs listed
- RFC1918 IP address' are added by default when whitelisting is enabled
- The Dynamic function searches for valid user LOGINs from vicidial_user_log for the last 14 days, and allows those IPs to get to SIP/IAX/RTC
- You'll need to do a 'touch /etc/sysconfig/scripts/SuSEfirewall2-vicidynamic' to enable loading the dynamiclist rules
- Firewall only applies to the 'External' zone, Internal zone is still unprotected
- Geoblock is just a call to /usr/local/bin/ipset-geoblock and works without internet connectivity
- VoIPBL black list is just a call to /usr/local/bin/ipset-voipbl but requires internet connectivity
- You'll want to change the crontab entry to run every minute for White/Dynamic/Black lists, I.E. * * * * * /usr/local/bin/VB-firewall.pl
- You only need to run the voipbl list every few hours, so create new crontab entries for the other stuff
- The white/black IP lists don't care if it's active in ViciDial, so it's recommended to leave them inactive to keep them from conflicting with other things in ViciDial

There's lots going on here with the Firewall, and modifying IPtables and firewall scripts has a high potential to block the network from the server. If you aren't super comfortable with that I would suggest you play with it on non-production servers or wait until I can make a more detailed manual for it.



Certbot SSL setup - /usr/local/bin/vicidial-certbot
- You need a FULLY QUALIFIED DOMAIN NAME (FQDN), I.E. vicibox.somedomain.com
- SSL only works with internet IPs in general
- LetsEncrypt SSL certs expire after 90 days, but will set a crontab entry for you
- Updates apache and asterisk for you
- Attempts to do some basic network checks, but it's not super strict
- If you don't have a static IP, you will need to update the DNS for your FQDN when it changes, otherwise this will just break
- Not the most foolproof script, but it works

Long story short you need to be able to go to http://vicibox.somedomain.com from your couch at home and be able to log into the ViciBox web interface across the internet before certbot will even begin to work. Once the web interface is up and the FQDN is correct, certbot will work just fine.



G729/G723 Codecs - /usr/src/astguiclient/conf/codec-install.sh
- Installs the OpenSource and now royalty free codecs from asterisk.hosting.lv
- Requires internet connectivity, otherwise you'll have to copy them manually
- Support asterisk 1.4 through 15 for what it's worth
- Should be run after switching from Asterisk 13 to Asterisk 11, or between hardware
- So far has worked pretty reliably and is ran initially as part of vicibox-install


WebRTC/ViciPhone ready
- Requires a valid SSL and web accessible FQDN i.e. https://vicibox.somedomain.com
- There is a template called 'webRTC' under Admin --> Templates that needs updated with your SSL certificate
- Asterisk also needs /etc/asterisk/http.conf updated with your valid SSL certificate
- The server needs it's 'Web Socket URL' under Admin --> Servers set to it's FQDN, I.E. wss://vicibox.somedomain.com:8088
- Still have to get the rest of the ViciPhone install together, but the above makes WebRTC work


Voice Mail Spool Manager - /usr/local/bin/vmspool_manager.pl
- There's a commented out crontab entry for it on the dialers
- It's pretty self explanatory, just run it with --help to see it's options


Asterisk v.11 downgrade - /usr/local/bin/vicibox-ast11
- This should be run BEFORE you run vicibox-install or vicibox-express
- If you run this after, you will need to modify your configs and things for the new version
- Uninstalls Asterisk v.13, changes the repositories to Asterisk 11, and install Asterisk 11
- Can break your system if you run it randmonly


Apache/PHP hardening and SSL
- The out of the box config should pass most of the PCI-DSS Web Scan tests
- The few cross-site bugs tend to break vicidial if you aren't careful
- The scan results that don't pass are a low-severity type meaning it's almost no risk
- The self-signed SSL will allow https to work, but the browser will throw up an error about it
- HTTPS is enabled by default and both HTTP and HTTPS are allowed through the firewall
- OpCache tuned up quite a bit which results in a noticable improvement in web server speed
- PHP execution is disabled in the audio store and recording/archive directories
- Removed extra apache configs like the web manual, perl CGI stuff, etc
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.0 released - August 22, 2018

Postby williamconley » Sat Sep 22, 2018 12:29 pm

Have you constructed the auto-renew weekly run for certbot yet?
Vicidial Installation and Repair, plus Hosting and Colocation
SugarCRM integration - Customization and Add-ons - We Bring It All Together.
http://www.PoundTeam.com # 352-269-0000 # +44 (203) 769-2294 # +506 4001-8914
williamconley
 
Posts: 18992
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: ViciBox v.8.1.0 released - August 22, 2018

Postby Kumba » Sat Sep 22, 2018 12:30 pm

williamconley wrote:Have you constructed the auto-renew weekly run for certbot yet?


LetsEncrypt is good for 90 days, the script will set a monthly cronjob to renew it which should be more then enough.
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.0 released - August 22, 2018

Postby williamconley » Sat Sep 22, 2018 12:38 pm

Kumba wrote:
williamconley wrote:Have you constructed the auto-renew weekly run for certbot yet?


LetsEncrypt is good for 90 days, the script will set a monthly cronjob to renew it which should be more then enough.

Our experience has been "daily is overkill, weekly is good, but monthly with one hiccup can allow expiration by accident". For instance: Server off for a couple hours (for whatever reason) during that monthly job means there's now 59 days between two checks. The renewal period is open for 30 days before expiration. 59 Days is too long. Weekly, however, has proven to be without fail.

Easy change ...
Vicidial Installation and Repair, plus Hosting and Colocation
SugarCRM integration - Customization and Add-ons - We Bring It All Together.
http://www.PoundTeam.com # 352-269-0000 # +44 (203) 769-2294 # +506 4001-8914
williamconley
 
Posts: 18992
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: ViciBox v.8.1.0 released - August 22, 2018

Postby Kumba » Sat Sep 22, 2018 12:43 pm

williamconley wrote:
Kumba wrote:
williamconley wrote:Have you constructed the auto-renew weekly run for certbot yet?


LetsEncrypt is good for 90 days, the script will set a monthly cronjob to renew it which should be more then enough.

Our experience has been "daily is overkill, weekly is good, but monthly with one hiccup can allow expiration by accident". For instance: Server off for a couple hours (for whatever reason) during that monthly job means there's now 59 days between two checks. The renewal period is open for 30 days before expiration. 59 Days is too long. Weekly, however, has proven to be without fail.

Easy change ...


Easy enough to just modify the crontab entry after it's done then. By default it runs at midnight on the 1st day of each month.
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.0 released - August 22, 2018

Postby williamconley » Sat Sep 22, 2018 12:55 pm

Very true. Simple fix to day 1 instead of month 1.
Vicidial Installation and Repair, plus Hosting and Colocation
SugarCRM integration - Customization and Add-ons - We Bring It All Together.
http://www.PoundTeam.com # 352-269-0000 # +44 (203) 769-2294 # +506 4001-8914
williamconley
 
Posts: 18992
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: ViciBox v.8.1.0 released - August 22, 2018

Postby bigape » Sat Sep 22, 2018 5:48 pm

Kumba wrote:Certbot SSL setup - /usr/local/bin/vicidial-cerbot
- You need a FULLY QUALIFIED DOMAIN NAME (FQDN), I.E. vicibox.somedomain.com



Small typo, should be:
/usr/local/bin/vicibox-certbot
bigape
 
Posts: 3
Joined: Thu Jul 19, 2018 11:01 am

Re: ViciBox v.8.1.0 released - August 22, 2018

Postby Kumba » Sat Sep 22, 2018 10:00 pm

bigape wrote:
Kumba wrote:Certbot SSL setup - /usr/local/bin/vicidial-cerbot
- You need a FULLY QUALIFIED DOMAIN NAME (FQDN), I.E. vicibox.somedomain.com



Small typo, should be:
/usr/local/bin/vicibox-certbot



Fixed
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.0 released - September 22, 2018

Postby dspaan » Mon Sep 24, 2018 7:24 am

This is a very exciting release! Thank's so much Kumba and the vicidial team for these new features. :P

The new firewall feature, does this also have an agent login like Dynamic Goodguys has? So you can access the system from a non authorized IP?

edit: I created a new thread about the firewall: viewtopic.php?f=4&t=38741

And one about certbot: viewtopic.php?f=4&t=38742
Regards, Dennis

Vicibox 8.1.2
Version: 2.14-717a
SVN Version: 3129
DB Schema Version: 1574
Build: 190724-1603
dspaan
 
Posts: 1233
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: ViciBox v.8.1.0 released - September 22, 2018

Postby Kumba » Mon Sep 24, 2018 3:38 pm

dspaan wrote:edit: I created a new thread about the firewall: viewtopic.php?f=4&t=38741

And one about certbot: viewtopic.php?f=4&t=38742


They were moved from the general support to the ViciBox support. These are vicibox features not ViciDial features.
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.0 released - September 22, 2018

Postby williamconley » Mon Sep 24, 2018 4:00 pm

Kumba wrote:
dspaan wrote:edit: I created a new thread about the firewall: viewtopic.php?f=4&t=38741

And one about certbot: viewtopic.php?f=4&t=38742


They were moved from the general support to the ViciBox support. These are vicibox features not ViciDial features.

Both greatly appreciated, very cool, features of the new installer. Tx.
Vicidial Installation and Repair, plus Hosting and Colocation
SugarCRM integration - Customization and Add-ons - We Bring It All Together.
http://www.PoundTeam.com # 352-269-0000 # +44 (203) 769-2294 # +506 4001-8914
williamconley
 
Posts: 18992
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: ViciBox v.8.1.0 released - September 22, 2018

Postby dspaan » Mon Sep 24, 2018 5:49 pm

Is Viciphone something that should already be working? I downloaded it from github and tried to set it up similar to these instructions: viewtopic.php?f=8&t=38057

But when i login as agent i see this:

Thank you for choosing ViciPhone.

In order to use ViciPhone you must use "https://phone1.viciphone.com/viciphone.php" as your Webphone URL.

If you are using ViciPhone in conjunction with Vicidial you will need to change this setting in ADMIN → System Settings.
Regards, Dennis

Vicibox 8.1.2
Version: 2.14-717a
SVN Version: 3129
DB Schema Version: 1574
Build: 190724-1603
dspaan
 
Posts: 1233
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: ViciBox v.8.1.0 released - September 22, 2018

Postby ccabrera » Mon Sep 24, 2018 6:01 pm

My guess is that you are pointing the Webphone URL to the index.html, as I just did an hour ago. This was fixed by going to the System settings and updating the Webphone URL to point to the location of the viciphone.php.

Since I unzipped the viciphone-1.0.0.zip into /srv/www/htdocs/agc/viciphone, my URL was /agc/viciphone/viciphone.php. After doing that and opening the ports in the firewall, everything went smoothly.
Christian Cabrera
Enlaza Comunicaciones - Vicidial Partner
Mexico City
ccabrera
 
Posts: 113
Joined: Fri Jan 14, 2011 7:53 pm
Location: México, DF

Re: ViciBox v.8.1.0 released - September 22, 2018

Postby Kumba » Mon Sep 24, 2018 6:22 pm

Once you have verified that your SSL setup is working correctly (https:// works), you need to do a few additional setup tasks in ViciDial. This is only for a all-in-one setup. A cluster setup is more of a pain as templates have to be made for each individual telephony server and assigned to different phones and stuff.

Go to Admin --> Servers and click on the Server ID. The Web Socket URL for it needs to be set to : wss://<FQDN>:8089

Next you need to go to Admin --> Templates and select the webRTC template. Here you need to change the dtlscertfile= and dtlsprivatekey= directives to :
dtlscertfile=/etc/certbot/live/<FQDN>/cert.pem
dtlsprivatekey=/etc/certbot/live/<FQDN>/privkey.pem

After that, you need to go to Admin --> System Settings and change the Webphone URL to : https://phone.viciphone.com/viciphone.php

Then when you are adding phones, you will change 'Set to Web Phone' to 'Y' and the Template ID to 'webRTC'.

Also I allowed the wrong port in the firewall config. Here's how you fix that:

1) sed -i 's/8088/8089/g' /etc/sysconfig/scripts/SuSEfirewall2-custom
2) SuSEfirewall2

I've also added the fix to the ViciBox v.8.1 bugfix thread.

Unfortunatley the complexity of getting SSL working and all that means that this last bit of set-up has to be done by the admin after install. Probably the only thing I'll add in ViciBox v.8.1.1 is setting the Web Phone URL under System Settings. Anything else I set, without knowing that SSL is working properly, has the potential to just mess everything up.
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.0 released - September 22, 2018

Postby ccabrera » Mon Sep 24, 2018 6:31 pm

Kumba:

Can we trust https://phone.viciphone.com/viciphone.php to be always available, or should we install our local copy?

I tried to read more about it at https://viciphone.com (same URL Google has currently indexed) but I can't reach it. Seems https://viciphone.com is currently unavailable, so that's why I'm asking about the stability of phone.viciphone.com

Regards,
Christian Cabrera
Enlaza Comunicaciones - Vicidial Partner
Mexico City
ccabrera
 
Posts: 113
Joined: Fri Jan 14, 2011 7:53 pm
Location: México, DF

Re: ViciBox v.8.1.0 released - September 22, 2018

Postby Kumba » Mon Sep 24, 2018 6:59 pm

ccabrera wrote:I tried to read more about it at https://viciphone.com (same URL Google has currently indexed) but I can't reach it. Seems https://viciphone.com is currently unavailable, so that's why I'm asking about the stability of phone.viciphone.com


That's a DNS thing. phone.viciphone.com is going DNS load balanced across three data centers. One in Tampa, FL, one in Columbus, OH, and one in San Francisco, CA. The same datacenters are responsible for the nameservers hosting viciphone.com. Currently phone1.viciphone.com and phone3.viciphone.com are up and functional. Once I get phone2.viciphone.com (columbus) up that will be all three sites. Each site will have multiple servers serving that sites domain.

But you can download and install ViciPhone on your own server. Just change the "Webphone URL" on the Admin --> System Settings to be wherever you installed it on your server. I.E. https://<FQDN>/viciphone.php
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.0 released - September 22, 2018

Postby dspaan » Tue Sep 25, 2018 2:12 am

ccabrera wrote:My guess is that you are pointing the Webphone URL to the index.html, as I just did an hour ago. This was fixed by going to the System settings and updating the Webphone URL to point to the location of the viciphone.php.

Since I unzipped the viciphone-1.0.0.zip into /srv/www/htdocs/agc/viciphone, my URL was /agc/viciphone/viciphone.php. After doing that and opening the ports in the firewall, everything went smoothly.


You are right, i can see the viciphone now when i login, my URL in system settings is /viciphone/viciphone.php. But it says Disconnected as status.


Kumba wrote:Once you have verified that your SSL setup is working correctly (https:// works), you need to do a few additional setup tasks in ViciDial. This is only for a all-in-one setup. A cluster setup is more of a pain as templates have to be made for each individual telephony server and assigned to different phones and stuff.

Go to Admin --> Servers and click on the Server ID. The Web Socket URL for it needs to be set to : wss://<FQDN>:8089

Next you need to go to Admin --> Templates and select the webRTC template. Here you need to change the dtlscertfile= and dtlsprivatekey= directives to :
dtlscertfile=/etc/certbot/live/<FQDN>/cert.pem
dtlsprivatekey=/etc/certbot/live/<FQDN>/privkey.pem

After that, you need to go to Admin --> System Settings and change the Webphone URL to : https://phone.viciphone.com/viciphone.php

Then when you are adding phones, you will change 'Set to Web Phone' to 'Y' and the Template ID to 'webRTC'.

Also I allowed the wrong port in the firewall config. Here's how you fix that:

1) sed -i 's/8088/8089/g' /etc/sysconfig/scripts/SuSEfirewall2-custom
2) SuSEfirewall2

I've also added the fix to the ViciBox v.8.1 bugfix thread.

Unfortunatley the complexity of getting SSL working and all that means that this last bit of set-up has to be done by the admin after install. Probably the only thing I'll add in ViciBox v.8.1.1 is setting the Web Phone URL under System Settings. Anything else I set, without knowing that SSL is working properly, has the potential to just mess everything up.


My SSL is working fine and i already made all those changes because during the cert setup the script gave me the above instructions as well. But i just double checked them and everything is as you mentioned. System settings URL done, edited webRTC template, changed my phone to web and used the template and set web to Y. I also applied the firewall fix you provided. I enabeld debug=Y for the phone but i don't see an error. Only thing i see is that the server it's connecting to is displayed by IP in the debug out and not FQDN. Could that be it?
Regards, Dennis

Vicibox 8.1.2
Version: 2.14-717a
SVN Version: 3129
DB Schema Version: 1574
Build: 190724-1603
dspaan
 
Posts: 1233
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: ViciBox v.8.1.0 released - September 22, 2018

Postby Kumba » Tue Sep 25, 2018 1:46 pm

Can you start a new thread with all this info? that way others can find it if they need to.
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.0 released - September 22, 2018

Postby dspaan » Wed Sep 26, 2018 3:09 am

Yes, here you go: viewtopic.php?f=8&t=38750

You can delete the latest posts here because i quoted all of them in this new topic.
Regards, Dennis

Vicibox 8.1.2
Version: 2.14-717a
SVN Version: 3129
DB Schema Version: 1574
Build: 190724-1603
dspaan
 
Posts: 1233
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby dito » Mon Oct 08, 2018 9:39 am

Hi all, i missed the annoucement .. i was in parents visit !
i will found what to vicitest this week yeeey ! 8)
congrats ... i will feed you back.
cheers
dito
VoIP TUNISIE
support@crm.tn - https://crm.tn
dito
 
Posts: 49
Joined: Wed Nov 11, 2015 9:29 pm

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby vkad » Fri Oct 12, 2018 12:11 pm

Any chance we can get OPUS? It should be much better than G729 for now....
Vicibox 8.0.1 (Asterisk 13.21.0-vici) + Remote WebRTC Agents
Version: 2.14b0.5 | SVN: 2990 | DB Version: 1548
1 x DB + Web + Dialer - E3 1270 v6 + 16gb ddr4 + 256gb SSD
2 x Additional Dialer - E3 1270 v6 + 8gb ddr4 + 256gb SSD
vkad
 
Posts: 199
Joined: Thu Nov 09, 2017 3:46 am

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby Kumba » Sun Oct 14, 2018 11:40 am

Opus is in v.8.1.2.
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby dspaan » Sun Oct 14, 2018 4:44 pm

What are the advantages of G729 nowadays when we have so much bandwith? Whare are the advantages of Opus?
Regards, Dennis

Vicibox 8.1.2
Version: 2.14-717a
SVN Version: 3129
DB Schema Version: 1574
Build: 190724-1603
dspaan
 
Posts: 1233
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby williamconley » Sun Oct 14, 2018 5:02 pm

Not everybody has bandwidth.
Vicidial Installation and Repair, plus Hosting and Colocation
SugarCRM integration - Customization and Add-ons - We Bring It All Together.
http://www.PoundTeam.com # 352-269-0000 # +44 (203) 769-2294 # +506 4001-8914
williamconley
 
Posts: 18992
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby Kumba » Mon Oct 15, 2018 11:53 am

dspaan wrote:What are the advantages of G729 nowadays when we have so much bandwith? Whare are the advantages of Opus?


Advantages are mostly bandwidth. G729 is a fixed rate codec so it always consumes a set amount of bandwidth (32K/sec) which is smaller then ULAW (87K/sec). Opus is a variable rate codec so it can go up or down within your configuration for it. The other thing is compatibility. G729 is going to be your only option for what SIP carriers support outside of the standard ULAW/ALAW codecs. Opus is built into WebRTC and is why it's become popular on Asterisk lately.

The last thing is that both of these codecs use significant CPU resources so you'll need to plan appropriately if you are running them across a cluster.
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby alexgrad » Wed Oct 17, 2018 12:30 pm

Today's openssh update broke Pubkey Authentication.
sshd: fatal: mm_answer_keyverify: buffer error: incomplete message

openssh-7.8p1-198.1
alexgrad
 
Posts: 13
Joined: Thu Aug 23, 2018 11:09 am

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby Kumba » Wed Oct 17, 2018 1:11 pm

Probably means the broke something for security somewhere. Have to go through the changelog and see what's up.
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby alexgrad » Wed Oct 17, 2018 1:37 pm

Kumba wrote:Probably means the broke something for security somewhere. Have to go through the changelog and see what's up.

What's the reason to update to Experimental 7.8?
The openSUSE Leap 42.3 stable version is 7.2p2.
There are a lot of incompatible changes in 7.8.
alexgrad
 
Posts: 13
Joined: Thu Aug 23, 2018 11:09 am

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby Kumba » Wed Oct 17, 2018 2:23 pm

That package follows the OpenSuSE Network repository. So they pushed the update in there which caused it to update.

OpenSSH 7.2 triggers PCI Web-DSS scans which needed 7.7p1 to pass.
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby alexgrad » Wed Oct 17, 2018 3:19 pm

Kumba wrote:That package follows the OpenSuSE Network repository. So they pushed the update in there which caused it to update.

OpenSSH 7.2 triggers PCI Web-DSS scans which needed 7.7p1 to pass.

What's CVE?

#zypper search -s openssh
v | openssh | package | 7.8p1-198.1 | x86_64 | openSUSE-Leap-42.3-ViciDial
i+ | openssh | package | 7.2p2-21.1 | x86_64 | openSUSE-Leap-42.3-Update
v | openssh | package | 7.2p2-18.1 | x86_64 | openSUSE-Leap-42.3-Update
v | openssh | package | 7.2p2-15.1 | x86_64 | openSUSE-Leap-42.3-Update
v | openssh | package | 7.2p2-13.1 | x86_64 | openSUSE-Leap-42.3-Oss

I think 7.2p2-21.1 is the latest stable version without any unfixed CVEs.

I think better to unlink openssh package from network repository.
alexgrad
 
Posts: 13
Joined: Thu Aug 23, 2018 11:09 am

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby Kumba » Wed Oct 17, 2018 3:33 pm

I'll have to back it out to 7.7p1. As far as the CVE's the PCI WebDSS scan goes solely by reported version number of SSH. THey don't have a mechanism to say anything has been patched really. So the minimum SSH is 7.7 to pass it. You would have to see if they will give you a list of the CVE's the reject from. I don't remember them off the top of my head.

Some of the CVE's are just "If this is enabled bad things happen, but it's only disabled by default in version X and above" which makes it really useless since the option can be enabled in newer versions.

You can manually downgrade OpenSSH to the one from the OSS repository using zypper in the meantime if you want.
Kumba
 
Posts: 812
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby vkad » Thu Oct 18, 2018 4:18 pm

Kumba wrote:
dspaan wrote:What are the advantages of G729 nowadays when we have so much bandwith? Whare are the advantages of Opus?


Advantages are mostly bandwidth. G729 is a fixed rate codec so it always consumes a set amount of bandwidth (32K/sec) which is smaller then ULAW (87K/sec). Opus is a variable rate codec so it can go up or down within your configuration for it. The other thing is compatibility. G729 is going to be your only option for what SIP carriers support outside of the standard ULAW/ALAW codecs. Opus is built into WebRTC and is why it's become popular on Asterisk lately.

The last thing is that both of these codecs use significant CPU resources so you'll need to plan appropriately if you are running them across a cluster.


Can you please provide an auto-installer for opus codec?
Vicibox 8.0.1 (Asterisk 13.21.0-vici) + Remote WebRTC Agents
Version: 2.14b0.5 | SVN: 2990 | DB Version: 1548
1 x DB + Web + Dialer - E3 1270 v6 + 16gb ddr4 + 256gb SSD
2 x Additional Dialer - E3 1270 v6 + 8gb ddr4 + 256gb SSD
vkad
 
Posts: 199
Joined: Thu Nov 09, 2017 3:46 am

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby williamconley » Thu Oct 18, 2018 4:25 pm

vkad wrote:Can you please provide an auto-installer for opus codec?


Kumba wrote:Opus is in v.8.1.2.


If you want "auto": Either install 8.1.2 or look at the install script ON 8.1.2
Vicidial Installation and Repair, plus Hosting and Colocation
SugarCRM integration - Customization and Add-ons - We Bring It All Together.
http://www.PoundTeam.com # 352-269-0000 # +44 (203) 769-2294 # +506 4001-8914
williamconley
 
Posts: 18992
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby vkad » Thu Oct 18, 2018 5:51 pm

williamconley wrote:
vkad wrote:Can you please provide an auto-installer for opus codec?


Kumba wrote:Opus is in v.8.1.2.


If you want "auto": Either install 8.1.2 or look at the install script ON 8.1.2



is opus installed by default in 8.1.2?

If my carrier doesn't do g729, is it even worth to do g729 over opus? in the end my carrier only does g711....

Also, is it possible to switchover to opus if the bandwidth is insufficient.

Also, how do I turn on opus? Any recommended settings?

Thanks
Vicibox 8.0.1 (Asterisk 13.21.0-vici) + Remote WebRTC Agents
Version: 2.14b0.5 | SVN: 2990 | DB Version: 1548
1 x DB + Web + Dialer - E3 1270 v6 + 16gb ddr4 + 256gb SSD
2 x Additional Dialer - E3 1270 v6 + 8gb ddr4 + 256gb SSD
vkad
 
Posts: 199
Joined: Thu Nov 09, 2017 3:46 am

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby williamconley » Thu Oct 18, 2018 6:17 pm

Now ya lost me entirely. If your carrier ONLY does g711, you have no need of any of this. Why are you asking?
Vicidial Installation and Repair, plus Hosting and Colocation
SugarCRM integration - Customization and Add-ons - We Bring It All Together.
http://www.PoundTeam.com # 352-269-0000 # +44 (203) 769-2294 # +506 4001-8914
williamconley
 
Posts: 18992
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby vkad » Thu Oct 18, 2018 9:45 pm

williamconley wrote:Now ya lost me entirely. If your carrier ONLY does g711, you have no need of any of this. Why are you asking?


Some of the agents are based in Phillipines (remote agents), madagascar and south africa. Thus they use their home bandwidth. Most of them have latency of upto 150-180ms to the cluster, but the bandwidth is the becomes an issue as some of them only have around 500kbps which brings g711 to its knees.

Most of these agents are work from home mums, disabled people or the elderly who wouldn't be able to work otherwise if they had to travel to work.

I thought of using opus for the leg where the agents have poor internet connection from home.

So,
Agent with slow internet <---------OPUS vs G729---------->Cluster in LA (Is everything converted to slin, even g711???)<------------G711------------->Carriers

Also, all the agents use WebRTC/viciphone btw.
Vicibox 8.0.1 (Asterisk 13.21.0-vici) + Remote WebRTC Agents
Version: 2.14b0.5 | SVN: 2990 | DB Version: 1548
1 x DB + Web + Dialer - E3 1270 v6 + 16gb ddr4 + 256gb SSD
2 x Additional Dialer - E3 1270 v6 + 8gb ddr4 + 256gb SSD
vkad
 
Posts: 199
Joined: Thu Nov 09, 2017 3:46 am

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby williamconley » Thu Oct 18, 2018 10:01 pm

Soft phones can have g729 embedded. Most hardware VOIP phones have it installed by default. I don't know of any that have OPUS.

Both sides of the tunnel must have the codec for it to work.

GSM, however, is already in almost every VOIP device during a stock install and uses much less bandwidth than ULAW/G711. G729 uses even less bandwidth and is widely accepted in most devices, but costs money up until recently. Not sure if any softphones have g729 free yet, or OPUS. I'd let that be my guide if I were you (find out), but start with GSM as it's less CPU intense and already installed everywhere.

Please note that the codec you use with your agents is in NO way related to the codec you use with your carriers. Some people forget that too easily. 8-)
Vicidial Installation and Repair, plus Hosting and Colocation
SugarCRM integration - Customization and Add-ons - We Bring It All Together.
http://www.PoundTeam.com # 352-269-0000 # +44 (203) 769-2294 # +506 4001-8914
williamconley
 
Posts: 18992
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: ViciBox v.8.1.2 released - October 2, 2018

Postby dspaan » Fri Oct 19, 2018 1:27 am

Ulaw/alow only uses 60kbps up/down. Are you telling me these work at home agents don't have that bandwith?
Regards, Dennis

Vicibox 8.1.2
Version: 2.14-717a
SVN Version: 3129
DB Schema Version: 1574
Build: 190724-1603
dspaan
 
Posts: 1233
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Next

Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: No registered users and 3 guests