I’m helping someone set up a private node network. I can ping the “connect to” address, all required ports in the routers at each end is correctly opened and each node’s info is in their respective rpt.conf. Can’t connect either way however.
My question is. Does NOT FOUND simply mean it couldn’t connect the node described in rpt.conf or something else? Running the Asterisk CLI in verbose level 9 doesn’t show me the connect attempt (maybe that’s the clue)
It could be a number of issues. For example, are the both behind the same NAT router and have different bindport values in iax.conf? Please provide network configuration information. Can you communicate with each node using iaxRPT?
All the nodes on that network are on the same private LAN but also are internet accessible. As they are all remote to me, I did place the required stanzas in iax.conf on one of the nodes that is to used as his hub and was able to connect to it using iaxrpt.
Ken, not sure what process is used to do connects or node lookups.
Might I suggest looking at "/etc/asterisk/local/privatenodes.readme as well as “/etc/asterisk/local/privatenodes.txt” to see if it exists with the proper info which gets added to the astdb.txt file. Perhaps that is something causing the errror.
Ken … a further add… since I am not sure which platform is being used my path to the “privatenodes” info reference may not be correct in some cases. By looking at your astdb.php it should show you the path for whatever system.
Larry - N7FM
These are all private nodes (1000,1002, 1003, etc) on Maui and they obviously don’t register with the ASL servers. As such the correct info DOES appear in each rpt.conf and all necessary ports are forwarded on routers.
Since you revised your post, I see what you are doing.
So, this leads me to firewall issues.
The receiving end may need to ignore your IP for the iax port.
ASL uses the registration data to allow on iax, but private nodes don’t provide for that.
At this point you may want to set it to ignore in iptables and possibly fail2ban local since you may be in jail.
I don’t know what’s on a pi4 image, but iptables was install-able in the asl menu and fail2ban as well.
But it is whatever is at the other stations.
-A INPUT -s x.x.x.x -p udp -m udp --dport 4569 -j ACCEPT
It may be that when you put that entry in iptables, it will clear in fail2ban as well, if you were in jail.
Nice config. I had pushed a lot of skywarn/ecom folks to do the same for their nets over the years.
I was the only one who would do it. Can’t figure out why. Just makes sense. I started doing t many years ago when the registration server had issues. Last thing you want to deal with during ecom.
The system over there is connected via their county microwave backbone system. My system here is also all private nodes, connected via the AREDN Mesh network (5.8 gHz). We link our systems together 99.99% of the time
Turns out that doing the connects from node-to–node via bash works fine. For example:
/usr/sbin/asterisk -rx 'rpt fun 1000 *8131009'
What we discovered is there is apparently an issue with Supermon 7+ when issuing a connect to SOME nodes. We’re not quite sure why but it appears to be an issue with that, not ASL