We Keep Coding

Pjsip/pjsua timeout errors and resolve errors calling phone numbers after registering with voip.ms from Raspberry Pi

The Goal
I'm trying to make a call to a telephone number. I'd like to be able to make a call from the raspberry pi, and also make a call to my voip.ms phone number and be able to answer or auto-answer and play some generic .wav file.
My current understanding of things
This maybe should be titled "My current misunderstanding of things". I'm new to sip and pjsip, and I think I must be missing some part of the process I don't understand. I was under the impression that, if I register with voip.ms, when I make a call it would route to voip.ms and they would do a lookup on the number/address, and then respond with an address that I would then begin to communicate with.
What I've done so far
Compiled
I've compiled Pjsip on a Raspberry Pi 3B+ properly, for what I can tell. I can include pjsua2.hpp in my c++ applications. I've roughly followed this tutorial
Tested compilation with pjsua binary && demo.cpp
I'm running into identical problems running a modified pjsua2_demo.cpp and the binary included in the pjsip build. For the sake of simplicity, I'll ask about the binary located (for me) at <project-path>/pjproject-2.8/pjsip-apps/bin/pjsua-armv7l-unknown-linux-gnueabihf.
Successfully registered with voip.ms
I have an account and phone number with Voip.ms and can become registered with voip.ms by executing the following script:
call_and_auto_answer.sh
./pjsua2-cpp/pjproject-2.8/pjsip-apps/bin/pjsua-armv7l-unknown-linux-gnueabihf \
--play-file ~/CantinaBand60.wav \
--local-port=5060 \
--auto-answer 200 \
--auto-play \
--auto-loop \
--max-calls 5 \
--config-file ./sip.cfg
Where the config looks like:
sip.cfg
#
# Logging options:
#
--log-level 5
--app-log-level 4
#
# Account 0:
#
--id sip:<my-subaccount-username>#sip.voip.ms
--registrar sip:<server-location>.voip.ms
--reg-timeout 300
--realm *
--username <my-subaccount-username>
--password <my-subaccount-password>
--use-timer 1
#
# Network settings:
#
--local-port 5060
#
# Media settings:
#
--srtp-keying 0
--auto-play
--auto-loop
--play-file /home/pi/CantinaBand60.wav
--snd-auto-close 1
#using default --clock-rate 16000
#using default --quality 8
#using default --ec-tail 200
#using default --ilbc-mode 30
--rtp-port 4000
#
# User agent:
#
--auto-answer 200
--max-calls 5
#
# SIP extensions:
#
--use-timer 1
When I enter the cli, I see for my account list:
Account list:
[ 0] <sip:192.168.1.49:5060>: does not register
Online status: Online
[ 1] <sip:192.168.1.49:5060;transport=TCP>: does not register
Online status: Online
*[ 2] sip:<my-subaccount-username>#sip.voip.ms: 200/OK (expires=285)
Online status: Online
Buddy list:
-none-
Voip.ms shows I've registered on their website.
The problem
I'm trying to call my personal cell phone from my pi (I assume using the registered voip.ms phone number), and call my pi from my personal cell phone. While calling out I'm typically getting either 408 Request Timeout errors or 502 gethostbyname errors.
Different destinations, different errors
Depending on the destination for my call from the pi, I get one of two different errors most of the time
Timeout Error
I get an error that says,
18:19:19.757 pjsua_app.c ....Call 4 is DISCONNECTED [reason=408 (Request Timeout)]
18:19:19.757 pjsua_app_comm ....
[DISCONNCTD] To: <destination-sip-address>
where is any of the following:
sip:
sip:
sip:thetestcall#sip2sip.info
sip:thetestcall#iptel.org
sip:201#ideasip.com
and the phone numbers are formatted like: 3035551234, though I've tried prepending a 1 and a +1 just to check.
Lookup Error
I get an error that says,
19:09:45.435 sip_resolve.c ....Failed to resolve '<destination-sip-address>'. Err=70018 (gethostbyname() has returned error (PJ_ERESOLVE))
19:09:45.435 tsx0x18520dc ....Failed to send Request msg INVITE/cseq=10722 (tdta0x185012c)! err=70018 (gethostbyname() has returned error (PJ_ERESOLVE))
19:09:45.435 pjsua_app.c .......Call 4 is DISCONNECTED [reason=502 (gethostbyname() has returned error (PJ_ERESOLVE))]
19:09:45.435 pjsua_app_comm .......
[DISCONNCTD] To: sip:<destination-sip-address>
where is any of the following:
sip:
sip:
sip:abcd1234
Possible Successes
I'm getting what looks like a success while calling:
sip:**12340#ideasip.com
It confirms the call and has a bunch of messages, notable including:
19:16:17.550 pjsua_core.c ....TX 1300 bytes Request msg INVITE/cseq=13899 (tdta0x15c263c) to UDP 208.97.25.11:5060:
...
19:16:17.551 pjsua_app.c .......Call 4 state changed to CALLING
...
>>> 19:16:17.606 pjsua_core.c .RX 575 bytes Response msg 100/INVITE/cseq=13899 (rdata0x6d7008a4) from UDP 208.97.25.11:5060:
...
19:16:17.609 pjsua_core.c .RX 946 bytes Response msg 200/INVITE/cseq=13899 (rdata0x6d7008a4) from UDP 208.97.25.11:5060:
...
19:16:17.609 pjsua_app.c .....Call 4 state changed to CONNECTING
...
19:16:17.610 pjsua_app.c .....Call 4 state changed to CONFIRMED
...
19:16:17.676 pjsua_core.c .RX 594 bytes Response msg 100/INVITE/cseq=13900 (rdata0x6d7008a4) from UDP 208.97.25.11:5060:
...
19:16:17.678 conference.c ......Port 5 (sip:**12340#ideasip.com) transmitting to port 5 (sip:**12340#ideasip.com)
...
19:16:17.678 conference.c ......Port 1 (/home/pi/CantinaBand60.wav) transmitting to port 5 (sip:**12340#ideasip.com)
...
19:16:36.931 pjsua_app.c ......Call 4 is DISCONNECTED [reason=200 (Normal call clearing)]
Same Network
Additionally, if I set up a second pjsip client on the same network, I can call it from pi1 and answer the call on pi2.
Incoming calls
When I register with voip.ms, then try to call my voip.ms phone number from my personal cell phone, the call fails with a message on my iPhone that says, User Busy. This makes me think I'm messing something up with the registration, or that I'm missing some component, like a subscribe or link with that voip.ms account.
Final thoughts
I'm not sure what I'm missing here. I've read through a ton of the pjsip and pjsua docs, and I can't find anything I'm missing. Does anybody have insight into how to make a call to a phone number and allow for incoming calls? This has been quite a few days of solid work.

So I figured out the answer to my question. Here's the skinny:
Voip.ms registration
My registration with voip.ms wasn't configured properly. I was given credentials by a coworker, but upon further inspection of the sip endpoint, I found that the DiD number purchased for the account wasn't associated with the subaccount my coworker created for me. So, depending on the recipient's phone carrier, I was given different errors. Additionally, when I was testing inbound calls and receiving the error, User Busy, this was because the account I registered wasn't associated with the phone number.
To fix this, on voip.ms I associated the DiD number to my subaccount, and then went to my subaccount information and set the callerId number to be my DiD number, though I think you can override this value via pjsip.
Outbound sip calls
Secondly, to call a phone number, outbound calls should follow the following format:
sip:<phoneNumber>#<endpoint>
So for me, this looked very much like:
sip:5551234567#newyork.voip.ms

Lua open socket error

I am using lua as module for nginx (openresty) to get files from remote host. My function:
function readfile(url)
local http = require ("socket.http")
if not http then
error("Couldn't open socket.http")
end
http.TIMEOUT = 5
local body, code = http.request(url)
if not body then
error("Couldn't read the remote file: " .. code)
end
return body
end
I have tested this code by using Siege. When I set the users more then 100 (for example), I catch this error:
2018/03/27 09:36:38 [info] 10#10: *91018 shutdown() failed (107: Socket not connected), client: 172.18.0.7, server: localhost
I have more errors when i set more users. What does it mean? Thank you for the help.

Don't use luasocket library with OpenResty. The resulting code would block on http.request().
I suppose that all nginx worker just blocked and it is the reason of these errors.
For you purpose you may use one of the libraries below:
lua-resty-http
lua-resty-http-simple
First is more fexible, allow to use secure transport.
Second has simpler API.
And both use internally nginx Lua cosocket API and are 100% nonblocking out of the box.

The lua-resty-http or lua-resty-http-simple do not work in the init_by_lua in http context.
it is fine to use it in the init context where blocking is not considered harmful.

ADMU0509I: The Application Server "server1" cannot be reached. It appears to be stopped

I have setup a WebSphere Application Server on my RHEL 7 virtual machine. When I start the server, it starts fine and I can access the admin console but when I try to stop or get the status of the server using the script
sh stopServer.sh -server1 / sh serverStatus.sh server1
It gives the following message,
ADMU0509I: The Application Server "server1" cannot be reached. It appears to be stopped.
My wsadmin scripts are not working, when I run the script
sh wsadmin.sh -user wasadmin -password Password
I get the following error
WASX7023E: Error creating "SOAP" connection to host "localhost"; exception information: com.ibm.websphere.management.exception.ConnectorNotA
vailableException: [SOAPException: faultCode=SOAP-ENV:Protocol; msg=; targetException=java.net.MalformedURLException]
WASX7213I: This scripting client is not connected to a server process; please refer to the log file /opt/IBM\WebSphere/AppServer
/profiles/AppSrv01/logs/wsadmin.traceout for additional information.
I can access the console on the browser without any issue.

To expand on this more specifically. The file ssl.client.props looks like this typically around the com.ibm.ssl.protocol property:
$ grep -i tls -C 2 /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/properties/ssl.client.props
#-------------------------------------------------------------------------
com.ibm.ssl.alias=DefaultSSLSettings
com.ibm.ssl.protocol=SSL_TLS
com.ibm.ssl.securityLevel=HIGH
com.ibm.ssl.trustManager=IbmPKIX
--
#-------------------------------------------------------------------------
#com.ibm.ssl.alias=AnotherSSLSettings
#com.ibm.ssl.protocol=SSL_TLS
#com.ibm.ssl.securityLevel=HIGH
#com.ibm.ssl.trustManager=IbmX509
This property can take a number of values:
This property is the SSL handshake protocol that is used for this SSL
configuration. This property attempts Transport Layer Security (TLS)
first, but accepts any remote handshake protocol, including SSLv3 and
TLSv1. Valid values for this property include SSL_TLS, SSL, SSLv2
(client side only), SSLv3, TLS, TLSv1, SSL_TLSv2, TLSv1.1, and
TLSv1.2.
These values are described in this table:
References
ssl.client.props client configuration file
Appendix A: Protocols and Cipher Suites

For me this problem came when the security level of the WAS was not consistent.
In the IBM console, it was set to TLSv1.2 and in ssl.client.props file it was set to SSL_TLS. Once they were changed to the same value my console could connect to WAS.

fail2ban custom filter for custom node.js application

Need some help related to create a custom filter for custom app which is websocket server written in node.js . As per my understanding from other articles the custom node.js app needs to write a log which enters any authentication failed attempts which will further be read by Fail2ban to block IP in question . Now I need help with example for log which my app should create which can be read or scanned by fail2ban and also need example to add custom filter for fail2ban to read that log to block ip for brute force .

Its really old question but I found it in google so I will write answer.
The most important thing is that line you logging needs to have right timestamp because fail2ban uses it to ban and unban. If time in log file is different than system time, fail2ban will not find it so set right timezone and time in host system. In given example I used UTC time and time zone offset and everything is working. Fail2Ban recognizes different types of timestamps but I didn't found description. But in fail2ban manual you can find two examples. There also exist command to check if your line is recognized by written regular expression. I really recommend to use it. I recommend also to use "regular expression tester". For example this one.
Rest of the log line is not really important. You just need to pass user ip.
This are most important informations but I will write also example. Im just learning so I did it for educational purposes and Im not sure if given example will have sense but it works. I used nginx, fail2ban, pm2, and node.js with express working on Debian 10 to ban empty/bad post requests based on google recaptcha. So set right time in Your system:
For debian 10 worked:
timedatectl list-timezones
sudo timedatectl set-timezone your_time_zone
timedatectl <-to check time
First of all You need to pass real user ip in nginx. This helped me so You need to add line in You server block.
sudo nano /etc/nginx/sites-available/example.com.
Find location and add this line:
location / {
...
proxy_set_header X-Forwarded-For $remote_addr;
...
}
More about reverse proxy.
Now in node.js app just add
app.set('trust proxy', true)
and you can get user ip now using:
req.ip
Making it work with recaptcha:
All about recaptcha is here: Google Developers
When You get user response token then you need to send post request to google to verify it. I did it using axios. This is how to send post request. Secret is your secret, response is user response.
const axios = require('axios');
axios
.post(`https://www.google.com/recaptcha/api/siteverify?secret=${secret}&response=${response}`, {}, {
headers: {
"Content-Type": "application/x-www-form-urlencoded; charset=utf-8"
},
})
.then(async function (tokenres) {
const {
success, //gives true or false value
challenge_ts,
hostname
} = tokenres.data;
if (success) {
//Do something
} else {
//For fail2ban. You need to make correct timestamp.
//Maybe its easier way to get this but on my level of experience
//I did it like this:
const now = new Date();
const tZOffset = now.getTimezoneOffset()/60;
const month = now.toLocaleString('en-US', { month: 'short' });
const day = now.getUTCDate();
const hours = now.getUTCHours()-tZOffset;
const minutes = now.getUTCMinutes();
const seconds = now.getUTCSeconds();
console.log(`${month} ${day} ${hours}:${minutes}:${seconds} Captcha verification failed [${req.ip}]`);
res.send(//something)
}
Time zone offset to set right time. Now pm2 save console.log instructions in log file in /home/youruserdir/.pm2/logs/yourappname-out.log
Make empty post request now. Example line of bad request will look like this:
Oct 14 19:5:3 Captcha verification failed [IP ADRESS]
Now I noticed that minutes and seconds have no 0 but fail2ban still recognizes them so its no problem. BUT CHECK IF DATE AND TIME PASSES WITH YOUR SYSTEM TIME.
Now make filter file for fail2ban:
sudo nano /etc/fail2ban/filter.d/your-filter.conf
paste:
[Definition]
failregex = Captcha verification failed \[<HOST>\]
ignoreregex =
Now ctrl+o, ctrl+x and you can check if fail2ban will recognize error lines using fail2ban-regex command:
fail2ban-regex /home/youruserdir/.pm2/logs/yourappname-out.log /etc/fail2ban/filter.d/your-filter.conf
Result will be:
Failregex: 38 total
|- #) [# of hits] regular expression
| 1) [38] Captcha verification failed \[<HOST>\]
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [38] {^LN-BEG}(?:DAY )?MON Day %k:Minute:Second(?:\.Microseconds)?(?: ExYear)?
`-
Lines: 42 lines, 0 ignored, 38 matched, 4 missed
[processed in 0.04 sec]
As You can see 38 matched. You will have one. If You have no matches, check pm2 log file. When I was testing on localhost my app gave IP address with ::127.0.0.1. It can be ipv6 related. It can maybe make make a problem.
Next:
sudo nano /etc/fail2ban/jail.local
Add following block:
[Your-Jail-Name]
enabled = true
filter = your-filter
logpath = /home/YOURUSERDIR/.pm2/logs/YOUR-APP-NAME-out.log
maxretry = 5
findtime = 10m
bantime = 10m
So now. Be sure that you wrote filter name without .conf extension.
In logpath be sure to write right user dir and log name. If You will get 5(maxrety) wrong post requests in 10minutes(finditme) then user will be banned for 10 minutes. You can change this values.
Now just restart nginx and fail2ban:
sudo systemctl restart nginx
sudo systemctl restart fail2ban
After You can check if Your jail is working using commands:
sudo fail2ban-client status YOUR-JAIL-NAME
There will be written how much matches was found and how much ips are banned. More information You can find in fail2ban log file.
cat /var/log/fail2ban.log
Found IPADDR - 2021-10-13 13:12:57
NOTICE [YOUR-JAIL-NAME] Ban IPADDRES
I wrote this step-by-step because probably only people with little experience will look for this. If You see mistakes or you can suggest me something then just comment.

Asterisk 11 not transcoding

I have defined an ip address / domain in sip.conf and defined it in a way that I forced the call to come on g729
Now I reloaded the asterisk after exiting sip.conf by saving it
and called the number by making thu debug on .. expecting the call to be on g729 but the call comes only on pcmu or pcma (ulaw / alaw)
any ideas?
my sip.conf
[IP]
host = IP
type = peer
port = 8060
disallow = all
allow = g729
canreinvite = no

Very likly it use other section.
Do following:
asterisk -r
core set verbose 5
sip set debug on
and check output.