ViciBox v.9.0 Bug/Fix thread - Updated October 17th, 2019

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

ViciBox v.9.0 Bug/Fix thread - Updated October 17th, 2019

Postby Kumba » Fri Sep 13, 2019 2:15 pm

Updated October 11th, 2019
ViciBox v.9.0.0 has the wrong default white list IPSets in it's config and an accidentally un-commented ipset create statements. Here's what you can do to correct these issues:

Code: Select all
sed -i 's/whitelistips/whiteips/' /usr/local/bin/VB-firewall.pl
sed -i 's/whitelistnets/whitenets/' /usr/local/bin/VB-firewall.pl
sed -i 's/print WHITETMP "create/#print WHITETMP "create/' /usr/local/bin/VB-firewall.pl
sed -i 's/print DYNAMICTMP "create/#print DYNAMICTMP "create/' /usr/local/bin/VB-firewall.pl
sed -i 's/print BLACKTMP "create/#print BLACKTMP "create/' /usr/local/bin/VB-firewall.pl
sed -i 's/print BLACKNETTMP "create/#print BLACKNETTMP "create/' /usr/local/bin/VB-firewall.pl


After that the ipsets should start being populated the next time VB-firewall.pl is ran. You can verify this by viewing 'ipset -L' or 'ipset -L <ipsetname>'

-------------------------------------

Updated October 11th, 2019
ViciBox v.9.0.0 has a certbot package shipped with it that does not generate the /etc/certbot configuration directory or files. The fix has been reported to simply copy the config files from ViciBox v.8.1 and everything then starts working as expected. So here's the instructions to install the config files:

Code: Select all
cd /root
wget http://download.vicidial.com/vicibox/vicibox9-certbotconfs.tar.xz
cd /etc
tar -xf /root/vicibox9-certbotconfs.tar.xz
ln -s certbot letencrypt


After that, you can use the vicibox-certbot script as normal. The bugfix thread for this is here: viewtopic.php?f=8&t=39667
Kumba
 
Posts: 805
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.9.0 Bug/Fix thread

Postby fogita » Mon Sep 30, 2019 6:29 pm

version: vicibox 9.0
cluster setup: 2 servers with web/telephony + db

After creating a call menu with full Menu ID and Menu Name and listing the call menu entries it will only display the first letter of the Menu Name, this is also the same for the voicemail chooser, all the mailboxes name and description are displayed with only the first letter or number.

see image below: you'll notice even the voicemail email address is truncated

https://1drv.ms/u/s!AvqahFqf54fTgdpcW0S ... w?e=8VtrKe

Regards,

Ogie Dela Cruz
fogita
 
Posts: 6
Joined: Wed Feb 11, 2009 10:18 am

Re: ViciBox v.9.0 Bug/Fix thread

Postby mflorell » Mon Sep 30, 2019 8:30 pm

That issue should be fixed now in svn/trunk
mflorell
Site Admin
 
Posts: 17330
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: ViciBox v.9.0 Bug/Fix thread

Postby gobofraggle » Wed Oct 02, 2019 12:38 pm

version: vicibox 9.0
cluster: 1 Web + DB, 1 Tele

I tried to run the certbot script, but it can't find cli.ini
It appears the certbot folder is missing entirely.

"Certbot config not found at /etc/certbot//cli.ini"

Thanks.
gobofraggle
 
Posts: 2
Joined: Wed Oct 02, 2019 7:58 am
Location: Florida

Re: ViciBox v.9.0 Bug/Fix thread

Postby Kumba » Sun Oct 06, 2019 2:10 am

gobofraggle wrote:I tried to run the certbot script, but it can't find cli.ini
It appears the certbot folder is missing entirely.

"Certbot config not found at /etc/certbot//cli.ini"



It looks like somewhere SuSE decided to abandon certbot in favor of dehydrated. What's odd is that it seems like the 'certbot' package has been broken for a while.

So... I'm going to need to completely re-write that to use the replacement 'dehydrated' program.
Kumba
 
Posts: 805
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.9.0 Bug/Fix thread

Postby xenia2608 » Mon Oct 07, 2019 6:21 pm

Tried to run ViciWhite and Dynamic ip List using manual provided for VICIbox v9.0.0 , but its not working . I am getting error after running "/usr/local/bin/VB-firewall.pl --white"
ViciBox Firewall white/dynamic/black list integration

Database Host : 10.0.0.2
Database Name : asterisk
Database User : cron
Database Pass : 1234
Database Port : 3306
White list : Enabled
Vici White List : ViciWhite
IPSet White List IPs : whitelistips
IPSet White List Nets : whitelistnets
RFC1918 White List : YES
Dynamic list : Disabled
Black list : Disabled
VoIP Black List : Disabled
Geo Block list : Disabled


Generating White List from IP List 'ViciWhite'...
Found 4 entires to process
Adding RFC1918 IPs to white lists
Writing IPSet rule files to /tmp//VB-WHITE-tmp and /tmp//VB-WHITENET-tmp
Loading white list IPSet rules into Kernel
ipset v6.36: Error in line 1: The set with the given name does not exist
White List had been loaded!


Already tried on several fresh install but still not working .
VERSION: 2.14-719a BUILD: 190930-2110 |Asterisk 13.27.0-vici|
|1xDatabase-Standalone|
RAM:16GB DDR4 2133 MHZ|SSD:256 GB|Intel Xeon E3 1240v6|Core 4x3.70 GHz
|1xWeb and Telephony|
RAM:16GB DDR4 2133 MHZ|SSD:512 GB|Intel Xeon E3 1240v6|Core 4x3.70 GHz
xenia2608
 
Posts: 31
Joined: Wed Nov 19, 2014 4:39 pm

Re: ViciBox v.9.0 Bug/Fix thread

Postby Marco Zink » Tue Oct 08, 2019 12:41 pm

It looks like somewhere SuSE decided to abandon certbot in favor of dehydrated. What's odd is that it seems like the 'certbot' package has been broken for a while.

So... I'm going to need to completely re-write that to use the replacement 'dehydrated' program.


I would recommend you try acme.sh, it is much simpler than dehydrated and really fast to set up: https://github.com/Neilpang/acme.sh
Marco Zink
 
Posts: 11
Joined: Fri Apr 24, 2015 2:09 pm

Re: ViciBox v.9.0 Bug/Fix thread

Postby gobofraggle » Tue Oct 08, 2019 2:38 pm

Kumba wrote:It looks like somewhere SuSE decided to abandon certbot in favor of dehydrated. What's odd is that it seems like the 'certbot' package has been broken for a while.

So... I'm going to need to completely re-write that to use the replacement 'dehydrated' program.


I was able to download certbot fresh and do everything manually. I've done it for 2 telephony servers now. It's not as quick and neat as the script in previous versions but it works. I've never used dehydrated. I'll have to try it out on the next one.
gobofraggle
 
Posts: 2
Joined: Wed Oct 02, 2019 7:58 am
Location: Florida

Re: ViciBox v.9.0 Bug/Fix thread

Postby Kumba » Wed Oct 09, 2019 12:24 am

Looks like I used 'whitelistips' and 'whitelistnets' in VB-firewall.pl but the name used for the IPSets were whiteips and whitenets. So the fix is to either rename the ipset rule for firewalld, or tell VB-firewall.pl to use the different ipsets.

The easiest solution is this:
1) sed -i 's/whitelistips/whiteips/' /usr/local/bin/VB-firewall.pl
2) sed -i 's/whitelistnets/whitenets/' /usr/local/bin/VB-firewall.pl

After that the white list IPs should be populated. I'll make a bugfix thread for it and it'll be in ViciBox v.9.0.1.

xenia2608 wrote:Tried to run ViciWhite and Dynamic ip List using manual provided for VICIbox v9.0.0 , but its not working . I am getting error after running "/usr/local/bin/VB-firewall.pl --white"
ViciBox Firewall white/dynamic/black list integration

Database Host : 10.0.0.2
Database Name : asterisk
Database User : cron
Database Pass : 1234
Database Port : 3306
White list : Enabled
Vici White List : ViciWhite
IPSet White List IPs : whitelistips
IPSet White List Nets : whitelistnets
RFC1918 White List : YES
Dynamic list : Disabled
Black list : Disabled
VoIP Black List : Disabled
Geo Block list : Disabled


Generating White List from IP List 'ViciWhite'...
Found 4 entires to process
Adding RFC1918 IPs to white lists
Writing IPSet rule files to /tmp//VB-WHITE-tmp and /tmp//VB-WHITENET-tmp
Loading white list IPSet rules into Kernel
ipset v6.36: Error in line 1: The set with the given name does not exist
White List had been loaded!


Already tried on several fresh install but still not working .
Kumba
 
Posts: 805
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.9.0 Bug/Fix thread - Updated October 9th, 2019

Postby xenia2608 » Wed Oct 09, 2019 2:17 am

Tried above fix , now it says "set with the same name already exists"

ViciBox Firewall white/dynamic/black list integration

Database Host : 10.0.0.2
Database Name : asterisk
Database User : cron
Database Pass : 1234
Database Port : 3306
White list : Enabled
Vici White List : ViciWhite
IPSet White List IPs : whiteips
IPSet White List Nets : whitenets
RFC1918 White List : YES
Dynamic list : Disabled
Black list : Disabled
VoIP Black List : Disabled
Geo Block list : Disabled


Generating White List from IP List 'ViciWhite'...
Found 3 entires to process
Adding RFC1918 IPs to white lists
Writing IPSet rule files to /tmp//VB-WHITE-tmp and /tmp//VB-WHITENET-tmp
Loading white list IPSet rules into Kernel
ipset v6.36: Error in line 1: Set cannot be created: set with the same name already exists
White List had been loaded!


For now sticking with firewalld .

Also if anyone can tell me difference between ViciBox_v9.x86_64-9.0.0-md.iso and ViciBox_v9.x86_64-9.0.0.iso
VERSION: 2.14-719a BUILD: 190930-2110 |Asterisk 13.27.0-vici|
|1xDatabase-Standalone|
RAM:16GB DDR4 2133 MHZ|SSD:256 GB|Intel Xeon E3 1240v6|Core 4x3.70 GHz
|1xWeb and Telephony|
RAM:16GB DDR4 2133 MHZ|SSD:512 GB|Intel Xeon E3 1240v6|Core 4x3.70 GHz
xenia2608
 
Posts: 31
Joined: Wed Nov 19, 2014 4:39 pm

Re: ViciBox v.9.0 Bug/Fix thread - Updated October 9th, 2019

Postby Kumba » Wed Oct 09, 2019 10:27 am

Set with the same name is normal. You can verify the whitelist loaded by running 'ipset -L whiteips' and 'ipset -L whitenets'
Kumba
 
Posts: 805
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.9.0 Bug/Fix thread

Postby tgalan » Thu Oct 10, 2019 10:28 am

Kumba wrote:
gobofraggle wrote:I tried to run the certbot script, but it can't find cli.ini
It appears the certbot folder is missing entirely.

"Certbot config not found at /etc/certbot//cli.ini"



It looks like somewhere SuSE decided to abandon certbot in favor of dehydrated. What's odd is that it seems like the 'certbot' package has been broken for a while.

So... I'm going to need to completely re-write that to use the replacement 'dehydrated' program.



@Kumba hope this help!!.

After install the Vicibox v9 no system updates (no zyppper ref, zypper up), trying to do the vicibox-certbot script.
I copied and pasted the /etc/certbot folder from an Vicibox v8.1.2 installation
The scrip runs and created the Cert and Keys pem files, only that it saved it /etc/letencrypt/live/FDQN folder.
So I needed to change the SSL location on the /etc/apache2/vhosts.d/1111-default-ssl.conf as well as on asterisk.

---------
Test Install Vicibox v9.0.0 Single Server
tgalan
 
Posts: 44
Joined: Wed Apr 01, 2009 7:02 pm

Re: ViciBox v.9.0 Bug/Fix thread - Updated October 9th, 2019

Postby marcelo » Thu Oct 10, 2019 12:18 pm

Hi Marcelo here.

BTY....newbie

- ViciBox v.9.0.0 190913-1108 * Released on Friday the 13th during a full moon. So spooky, much wow! |Vicidial 2.14-588c BUILD 190925-1346 | Asterisk 13.27.0-vici | Linux version 4.12.14-lp151.28.16-default | Single Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel(R) Xeon(R) CPU E5-2450 0 @ 2.10GHz

After suggested 'sed' changes to file /usr/local/bin/VB-firewall.pl

diff /usr/local/bin/VB-firewall.pl /usr/local/bin/BAK/VB-firewall.pl_ORIGINAL
38,39c38,39
< $IPWHITE='whiteips'; # IPSet whitelist
< $IPWHITENET='whitenets'; # IPSet whitelist for networks
---
> $IPWHITE='whitelistips'; # IPSet whitelist
> $IPWHITENET='whitelistnets'; # IPSet whitelist for networks

I am still getting:

vicibox9:/home/marcelo # /usr/local/bin/VB-firewall.pl --white --dynamic

ViciBox Firewall white/dynamic/black list integration

Database Host : localhost
Database Name : asterisk
Database User : cron
Database Pass : 1234
Database Port : 3306
White list : Enabled
Vici White List : ViciWhite
IPSet White List IPs : whiteips
IPSet White List Nets : whitenets
RFC1918 White List : YES
Dynamic list : Enabled
IPSet Dynamic Age : 14
IPSet Dynamic List : dynamiclist
Black list : Disabled
VoIP Black List : Disabled
Geo Block list : Disabled


Generating White List from IP List 'ViciWhite'...
Found 3 entires to process <<<<<<<<<<<<<<<< THIS IS EXPECTED accordingly my GUI post on white list. BUT....
Adding RFC1918 IPs to white lists
Writing IPSet rule files to /tmp//VB-WHITE-tmp and /tmp//VB-WHITENET-tmp
Loading white list IPSet rules into Kernel
ipset v6.36: Error in line 1: Set cannot be created: set with the same name already exists
White List had been loaded!

Generating Dynamic IP List rules...
Looking for valid web logins within the last 14 days
Writing IPSet rule file to /tmp//VB-DYNAMIC-tmp
Loading dynamic list IPSet rules into kernel
ipset v6.36: Error in line 1: Set cannot be created: set with the same name already exists
Dynamic List had been loaded!

......BUT We do not see these 3 entries listed:

vicibox9:/home/marcelo # ipset -L whiteips
Name: whiteips
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 262144
Size in memory: 88
References: 5
Number of entries: 0 <<<<<<<<<<< NONE here, where expected 3
Members:



Please advise.
marcelo
 
Posts: 21
Joined: Wed Oct 09, 2019 12:20 pm

Re: ViciBox v.9.0 Bug/Fix thread - Updated October 9th, 2019

Postby xenia2608 » Thu Oct 10, 2019 1:12 pm

Yup, i can confirm, ipset -L whiteips not getting listed . wait for ViciBox v.9.0.1 .

For now i am using using Voipbl, geoblock and Firewalld to block and allow as per requirement .

Although i have enabled Voipbl and geoblock but after running ---

"ipset -L geoblock " i can see alot of ipnets in output but when i run " ipset -L voipbl " it says : ipset v6.36: The set with the given name does not exist .

***Bug : After adding ip to Viciwhite from portal, i can not delete all the ip from entry . It by default keeps one ip as an entry . Seems viciwhite list can not be empty even after disabling whitelist set .

Also if anyone can tell me difference between ViciBox_v9.x86_64-9.0.0-md.iso and ViciBox_v9.x86_64-9.0.0.iso


Seems ViciBox_v9.x86_64-9.0.0-md.iso has inbuilt software raid enabled . Can anyone confirm this . I tried this version and it creates another partition /dev/md4 which seems to be software raid 1 .
VERSION: 2.14-719a BUILD: 190930-2110 |Asterisk 13.27.0-vici|
|1xDatabase-Standalone|
RAM:16GB DDR4 2133 MHZ|SSD:256 GB|Intel Xeon E3 1240v6|Core 4x3.70 GHz
|1xWeb and Telephony|
RAM:16GB DDR4 2133 MHZ|SSD:512 GB|Intel Xeon E3 1240v6|Core 4x3.70 GHz
xenia2608
 
Posts: 31
Joined: Wed Nov 19, 2014 4:39 pm

Re: ViciBox v.9.0 Bug/Fix thread - Updated October 9th, 2019

Postby marcelo » Thu Oct 10, 2019 2:08 pm

xenia2608 wrote:Yup, i can confirm, ipset -L whiteips not getting listed . wait for ViciBox v.9.0.1 .

For now i am using using Voipbl, geoblock and Firewalld to block and allow as per requirement .

Although i have enabled Voipbl and geoblock but after running ---

"ipset -L geoblock " i can see alot of ipnets in output but when i run " ipset -L voipbl " it says : ipset v6.36: The set with the given name does not exist .

***Bug : After adding ip to Viciwhite from portal, i can not delete all the ip from entry . It by default keeps one ip as an entry . Seems viciwhite list can not be empty even after disabling whitelist set .

Also if anyone can tell me difference between ViciBox_v9.x86_64-9.0.0-md.iso and ViciBox_v9.x86_64-9.0.0.iso


Seems ViciBox_v9.x86_64-9.0.0-md.iso has inbuilt software raid enabled . Can anyone confirm this . I tried this version and it creates another partition /dev/md4 which seems to be software raid 1 .



Thank you @xenia2608
marcelo
 
Posts: 21
Joined: Wed Oct 09, 2019 12:20 pm

Re: ViciBox v.9.0 Bug/Fix thread - Updated October 9th, 2019

Postby Kumba » Thu Oct 10, 2019 7:30 pm

xenia2608 wrote:Tried above fix , now it says "set with the same name already exists"


Looks like I'm going to have to eat crow on this one. Turns out that is an ipset issue that was supposed to be commented out. You can see in line 545 where I commented out the create statement for the white nets due to this issue. I just forgot the second comment or used the wrong version. The fix is to just comment out line 544. I've updated the bugfix instructions to include a third step to correct this as well.
Kumba
 
Posts: 805
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.9.0 Bug/Fix thread - Updated October 9th, 2019

Postby Kumba » Thu Oct 10, 2019 7:47 pm

xenia2608 wrote:***Bug : After adding ip to Viciwhite from portal, i can not delete all the ip from entry . It by default keeps one ip as an entry . Seems viciwhite list can not be empty even after disabling whitelist set .


That would be a ViciDial issue not allowing you to submit an empty IP List. As a work around you can always put in 0.0.0.0/0 in if you want. The black list rules take precedence over white and dynamic list rules so it shouldn't cause any issues. I'll probably seed this list with that value going forward so it's at least there as an example.


xenia2608 wrote:Seems ViciBox_v9.x86_64-9.0.0-md.iso has inbuilt software raid enabled . Can anyone confirm this . I tried this version and it creates another partition /dev/md4 which seems to be software raid 1 .


Yes, there's a thread dedicated just to that alternate build target along with some preliminary scripts to get the RAID setup completely.

viewtopic.php?f=8&t=39638
Kumba
 
Posts: 805
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.9.0 Bug/Fix thread - Updated October 9th, 2019

Postby marcelo » Fri Oct 11, 2019 11:05 am

Kumba wrote:
xenia2608 wrote:Tried above fix , now it says "set with the same name already exists"


Looks like I'm going to have to eat crow on this one. Turns out that is an ipset issue that was supposed to be commented out. You can see in line 545 where I commented out the create statement for the white nets due to this issue. I just forgot the second comment or used the wrong version. The fix is to just comment out line 544. I've updated the bugfix instructions to include a third step to correct this as well.


>>>>>>>>>>>>>> Fix done

vicibox9:/home/marcelo # !diff
diff /usr/local/bin/VB-firewall.pl /usr/local/bin/BAK/VB-firewall.pl_ORIGINAL
38,39c38,39
< $IPWHITE='whiteips'; # IPSet whitelist
< $IPWHITENET='whitenets'; # IPSet whitelist for networks
---
> $IPWHITE='whitelistips'; # IPSet whitelist
> $IPWHITENET='whitelistnets'; # IPSet whitelist for networks
544c544
< #print WHITETMP "create $IPWHITE iphash -exist\n"; # Make sure we create the ipset just in case
---
> print WHITETMP "create $IPWHITE iphash -exist\n"; # Make sure we create the ipset just in case
You have new mail in /var/mail/root
vicibox9:/home/marcelo #

>>>>>>>>>>>>>>>>>> But an error message persists on Dynamic List:

Loading dynamic list IPSet rules into kernel
ipset v6.36: Error in line 1: Set cannot be created: set with the same name already exists
Dynamic List had been loaded!

>>>>>>>>>>>>>>>>>> Question: Is this about line 598?

598 print DYNAMICTMP "create $IPDYNAMIC iphash -exist\n"; # Make sure we create the ipset just in case

>>>>>>>>>>>>> Editing after publishing:

Sorry to say commenting line #598 fixes Dynamic List but it is not working guys.

>>>>>>>>>>>>>>>> What is not working?

We can add to the ipset whiteips but we CANNOT delete an entry.

I have added up to 5 IPs at the GUI "ViciWhite MODIFY IP LIST" and when deleting 3 of them and left with only two, our script shows:

Generating White List from IP List 'ViciWhite'...
Found 2 entires to process <<<<<<<<<<<<<< Which looks correct

vicibox9:/home/marcelo # ipset -L whiteips
Name: whiteips
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 262144
Size in memory: 328
References: 5
Number of entries: 5 <<<<<<<<<<<<<<< That is the old total not the list as is now with only 2 members
Members:
XXXXXXXXXXX



>>>>>>>>>>>>> Please advise.
marcelo
 
Posts: 21
Joined: Wed Oct 09, 2019 12:20 pm

Re: ViciBox v.9.0 Bug/Fix thread - Updated October 10th, 201

Postby Kumba » Fri Oct 11, 2019 5:58 pm

Remember, unless you specify --flush when running VB-firewall.pl, it will only add entries. I'll make this more evident in the documentation that --flush is what's needed. Basically this option flushes out the contents of the list before loading new entries.

I'll add the dynamic list create comment to the bugfix entry.
Kumba
 
Posts: 805
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.9.0 Bug/Fix thread - Updated October 17th, 201

Postby mariusmarais » Fri Nov 08, 2019 8:57 am

Found another VB9 bug...

When using the Start Call URL feature in a campaign, the vdc_query_db.php script crashes, breaking the agent UI. This is due to the use of ereg_replace on line 4988:

Code: Select all
$SCUfile_contents = ereg_replace(';','',$SCUfile_contents);


Luckily the regex is very simple, so replacing `ereg_replace` with `preg_replace` fixes the problem.
mariusmarais
 
Posts: 8
Joined: Mon Aug 19, 2019 8:24 am

Re: ViciBox v.9.0 Bug/Fix thread - Updated October 17th, 201

Postby mflorell » Fri Nov 08, 2019 1:43 pm

Good catch! I thought we had converted all of the "ereg"'s years ago, but looks like we missed that one. I've fixed it now in svn/trunk so you should be good to go after an upgrade!
mflorell
Site Admin
 
Posts: 17330
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida


Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: No registered users and 5 guests