ASL Proxy broken in ASL3?

AllStarLink
1

Asterisk Version: 2:22.4.1+asl3-3.5.4-1.deb12
ASL3 Version: 3.8-1.deb

I am trying to use the ASL proxy feature for mobile Shari node, it was working on older config. Using the wiki at Proxy - AllStarLink Wiki.

When trying to connect to node from shari I get this message on the proxy:

[Jul 19 11:14:44] NOTICE[2134]: chan_iax2.c:9471 socket_process: Rejected connect attempt from 108.21.160.123, request '0%s@radio-in' does not exist

So I'm guessing something in the app_rpt code has changed to not allow the varriable 0%s in rpt.conf [nodes] stanza.

Thanks,
Scott

2

You'll want to be using the new manual at https://allstarlink.github.io/. Look for SA818 under Advanced Topics.

I don't know how much of the Wiki doc is still relevant in ASL3.

3

It should work, but that page hasn't yet been updated for Asterisk 22 configuration. There are some differences. You'd likely need to compare other stanzas in extensions.conf to see what's changed.

4

I have incoming working to the shari via the proxy. :grinning_face:

I can make an outgoing connection to my node if I put
2298 = radio-proxy-out/02298,NONE
In the nodes stanza in rpt.conf

So as best I can tell %s = outgoing node number and maybe ,NONE so what is the equivalent in current asterisk? Is %s the from the variable in the source code?

Any Thoughts?

Thanks,
Scott

5

I don’t have anything intelligible to add here other than I would also like to have a working Proxy again. My old VPS died and I need to rebuild it. Can someone help get the proxy wiki page updated?

6

I’m not sure if this is useful to anyone, but being new to ASL, it wasn’t obvious to me…. You don’t NEED a transparent proxy setup if you’re willing to deal with two nodes.

  1. Set up one hub node in the cloud on a VPS that is publicly accessible.
  2. Connect FROM your local behind-the-firewall node to your public VPS node.
  3. Then manage all your lovely connections from the public node’s Allmon UI.

Just be sure to set up a firewall on the public node so you don’t get pwnd.

Again, obvious to most I’m sure. But for us noobs, this might be helpful. <3

I’m not sure if this was just my setup, but the public node wouldn’t authenticate my private node, so I added it to the [nodes] section. Public node is 500001. Private node is 500000.

LOCAL PRIVATE NODE:

; rpt.conf
[500000](node-main)
...
startup_macro = *3500001 ; connect to node 500001 at startup

PUBLIC VPS NODE:

; rpt.conf
[nodes]
500000 = radio@127.0.0.1/500000,NONE ; ip address doesn't matter I guess
500001 = radio@127.0.0.1/500001,NONE

I wasn’t sure why I needed to manually add a node entry in rpt.conf, and it’s interesting that it didn’t even have to be the correct IP for my home node. But without that entry the connection was denied.

7

I'm assuming you're using "500000" and "500001" as examples here. But for anyone else who sees this thread, make sure that any private node uses a number between 1000 and 1999.

8

Yes, those are placeholders, but I did use two real node numbers. It works fine. Is there a reason why my private at-home node cannot use a real node number? Or can you point to some docs so I can understand better?

Thanks!

9

Yes, it will work fine but they aren't "private nodes". That concept is reserved for numbers 1000-1999. Using node numbers assigned to you above 2000 is fine in the way you describe but they're still routable node numbers in theory. You can render them unreachable in a variety of methods including non-registration (orphans data) or firewall rules.

10

Ahh, very sorry there. I hate to use wrong terminology. And thank you for educating me!

The forum won’t let me edit the post because it’s too old. Just mentally replace “private” with “at-home” in my post – that’s what I meant. :slight_smile:

1 Like