ViciBox v.8.1 Bug Fixes and Updates - March 31, 2019

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

ViciBox v.8.1 Bug Fixes and Updates - March 31, 2019

Postby Kumba » Mon Sep 24, 2018 5:20 pm

ViciBox v.8.1.1 and under has a broken vicibox-certbot install. The fixes are numerous and replacement of it is recommended. Here is how you do that

1) cd /usr/local/bin
2) rm vicibox-certbot
3) wget http://download.vicidial.com/vicibox/vicibox-certbot
4) chmod 755 vicibox-certbot


------------------------------------------------------------


ViciBox v.8.1.0 had the wrong rtc port opened in the firewall. It was opening the non-tls port (8088) instead of the tls port (8089). This issue prevent the WebRTC features from working correctly, like ViciPhone.

Here's how to fix that :
1) sed -i 's/8088/8089/g' /etc/sysconfig/scripts/SuSEfirewall2-custom
2) SuSEfirewall2


------------------------------------------------------------


ViciBox v.8.1.0 did not issue an apache or asterisk soft reload after attempting a certbot certificate renewal. If the SSL certificate is renewed then Apache/Asterisk will need to re-read the new cert. If you have a cluster then you only need to run the apache or asterisk parts depending upon what your server is doing. Here is the fix :

1) crontab -l > /tmp/rootcron
2) echo '10 0 1 * * /usr/sbin/apache2ctl -k graceful >/dev/null 2>&1' >> /tmp/rootcron
3) echo '11 0 1 * * /usr/sbin/asterisk -rx "module reload http" >/dev/null 2>&1' >> /tmp/rootcron
4) crontab /tmp/rootcron


------------------------------------------------------------


ViciBox v.8.1.0 had the wrong IPSet type for whitelistnets. It should have been nethash not iphash. You can correct it by doing the following :

1) sed -i 's/whitelistnets iphash/whitelistnets nethash/g' /etc/sysconfig/scripts/SuSEfirewall2-custom
2) reboot (rules have to be recreated, so easiest to reboot)


------------------------------------------------------------


ViciBox v.8.1.0 had the Asterisk REST Interface enable by default. You can correct this by doing the following:

1) sed -i 's/enabled=yes/enabled=no/g' /etc/asterisk/ari.conf
2) reboot (can be done overnight from crontab)


------------------------------------------------------------


While not really a ViciBox bug, Asterisk v.13 has an issue where doing a 'module reload http' does not actually reload the HTTP module unless the file /etc/asterisk/http.conf has actually changed. At some point this will be fixed in upstream Asterisk v.13 but in the meantime you will need to modify your crontab entry for certbot to work around this issue. Here's how you do that :

1) crontab -e
2) Change this line : 11 0 * * 0 /usr/sbin/asterisk -rx "module reload http" >/dev/null 2>&1'
to : 11 0 * * 0 touch /etc/asterisk/http.conf; /usr/sbin/asterisk -rx 'module reload http' >/dev/null 2>&1
3) ctrl-X to exit and save the file

You are basically putting 'touch /etc/asterisk/http.conf;' in front of the asterisk command. That will cause the module to actually reload and pull in the new Certbot SSL certificates. If your dialer reboots every week or every day from the crontab you can skip this step.


------------------------------------------------------------


ViciBox v.8.1.2 and under has incorrect kernel printk settings. This results in a bunch of kernel messages, mainly from iptables, being strewn across the console when you are on it. It doesn't affect SSH connections but it's quite annoying nontheless. The issue is more of an annoyance then a bug but here is how you would fix it

1) echo "kernel.printk = 4 4 1 7" >> /etc/sysctl.conf
2) echo "4 4 1 7" > /proc/sys/kernel/printk


------------------------------------------------------------


ViciBox v.8.1.2 and under had the Spectre mitigation patches enabled which causes a significant performance impact on Database servers. Linux kernels above 4.4.110 had the Spectre patches enabled by default if the CPU is found to be vulnerable to Spectre. While this results in very little CPU penalty, it does impose quite a significant penalty on I/O operations like Disk and RAM. This results in a significant impact on the DataBase server. The solution is to add 'nopti nospectre_v2 nospec' to the Kernel boot command line. Here's how you do that:

1) yast bootloader
2) Press ALT-K to go to the Kernel Parameters
3) Press ALT-P to go to the Optional Kernel Command Line Parameter field
4) At the end of the line, type in : nopti nospectre_v2 nospec
5) Press ALT-O or F10 to accept and save changes
6) Type 'reboot' at the command prompt to reboot and load the new kernel settings.


------------------------------------------------------------


ViciBox v.8.1.2 and under had a relative path in VB-firewall.pl that did not resolve properly when ran from CRON. It didn't cause any real issues but it generated warnings and root mail inadvertently. You can fix that by doing the following :

1) sed -i 's+`iptables+`/usr/sbin/iptables+g' /usr/local/bin/VB-firewall.pl


------------------------------------------------------------


ViciBox v.8.1.2 and under has an issue with the IPSet being created with too small a hash size for the VoIP Black List that is being loaded into it. This causes no performance or errors in operation, but results in every entry after 65536th entry to just be discarded, resulting in no filtering at all. The fix is pretty basic:

1) pico /etc/sysconfig/scripts/SuSEfirewall2-custom
2) Find the IPSet line: On around line 61, you will see the '/usr/sbin/ipset' line that create the 'badips' IPSet
3) Add " maxelem 262144" to the end of this line, it should look like this once done: /usr/sbin/ipset -N badips iphash -exist maxelem 262144
4) Press CTRL-X to exit after making your changes
5) Press ENTER to save is with the same filename
6) Reboot when convenient and it will recreate the IPSet with the new changes. Alternatively you can destroy the old IPSet then re-run the firewall script to recreate it. The rebooting method is just foolproof.
Kumba
 
Posts: 939
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.8.1 Bug Fixes and Updates - October 4, 2018

Postby dito » Tue Oct 09, 2018 4:54 am

hello all,
thanks for continuing this great work.
tried the new release it took about 10-15 min to get it up .. running and functionnal ..
very nice stuff done on the firewall side / geoblock congratz i liked it .. :D
Last edited by dito on Tue Oct 09, 2018 5:45 am, edited 1 time in total.
VoIP TUNISIE
support@crm.tn - https://crm.tn
dito
 
Posts: 49
Joined: Wed Nov 11, 2015 9:29 pm

Re: ViciBox v.8.1 Bug Fixes and Updates - October 4, 2018

Postby dspaan » Tue Oct 09, 2018 4:58 am

See this thread about the firewall: viewtopic.php?f=8&t=38741
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1374
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: ViciBox v.8.1 Bug Fixes and Updates - October 4, 2018

Postby dito » Tue Oct 09, 2018 5:59 am

dspaan wrote:See this thread about the firewall: viewtopic.php?f=8&t=38741

thanks for the information.
VoIP TUNISIE
support@crm.tn - https://crm.tn
dito
 
Posts: 49
Joined: Wed Nov 11, 2015 9:29 pm

Re: ViciBox v.8.1 Bug Fixes and Updates - November 3, 2018

Postby dspaan » Wed Nov 14, 2018 4:30 am

While not really a ViciBox bug, Asterisk v.13 has an issue where doing a 'module reload http' does not actually reload the HTTP module unless the file /etc/asterisk/http.conf has actually changed. At some point this will be fixed in upstream Asterisk v.13 but in the meantime you will need to modify your crontab entry for certbot to work around this issue. Here's how you do that :

1) crontab -e
2) Change this line : 11 0 * * 0 /usr/sbin/asterisk -rx "module reload http" >/dev/null 2>&1'
to : 11 0 * * 0 touch /etc/asterisk/http.conf; /usr/sbin/asterisk -rx 'module reload http' >/dev/null 2>&1
3) ctrl-X to exit and save the file

You are basically putting 'touch /etc/asterisk/http.conf;' in front of the asterisk command. That will cause the module to actually reload and pull in the new Certbot SSL certificates. If your dialer reboots every week or every day from the crontab you can skip this step.


Even though i ran the certbot install script i have nothing in my crontab for certbot. How do i fix that before i fix this?
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1374
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands


Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: No registered users and 58 guests