Private Node and Echolink

WY7WL · March 23, 2025, 4:37pm

Hello,

I’m starting a new AllStar build on a AWS Debian 12 server. This is about my 10th build of ASL and all was going well until I tired to setup a private node for EchoLink. (This is my first setup on ALS3)

I used the menu to create node 1997

I added the private node to [globals] in extentions.conf
IF, I add: exten => 1997,1,rpt,1997 under [radio-secure] the private node doesn’t connect. I’ve tried a few different combinations.

[globals]                                                                                                                                          
HOMENPA = 999 ; change this to your Area Code                                                                                                      
NODE = 527051   ; change this to your node number                                                                                                  
NODE = 1997                                                                                                                                        
                                                                                                                                                   
[default]                                                                                                                                          
exten => i,1,Hangup                                                                                                                                
                                                                                                                                                   
[radio-secure]                                                                                                                                     
                                                                                                                                                   
;exten => ${NODE},1,rpt(${EXTEN})                                                                                                                  
exten => _XXXX!,1,NoOp(Connect from node: ${CALLERID(num)})                                                                                        
        same => n,NoOp(Connect to: ${EXTEN})

Here is the rpt.conf:

Top of page:

527051 = radio@127.0.0.1/527051,NONE                                                                                                               
1997 = radio@127.0.0.1/1997,NONE

At the bottom of page:

[1997](node-main)                                                                                                                                  
                                                                                                                                                   
duplex = 0

The problem is can make outbound EL connections, but cannot make inbound connections. YES, I have the correct ports opened. (I’ve checked like 20x) No, I’m not trying to connect behind the same IP

My guess my extension.conf file is incorrect or I need more variables for the node at the bottom of the rpt.conf.

I had screenshots to add, being a new user to the site it wouldn’t allow me to attach them.

Thanks for any input.

Will

WA3WCO · March 23, 2025, 6:51pm

I’m a bit curious as to why you are setting up a private node for EchoLink … 'cause I’m using my standard ASL node with no modifications to extensions.conf

Q’s?

you noted that you have the EL ports opened.
- with port forwarding?
- also allowed by any incoming firewalls?
did you remember to set astnode (in echolink.conf)

WY7WL · March 23, 2025, 8:48pm

I use it as a -L node that stays up and running.

Yes, port forwarding is open for UDP 5199, 5198 and TCP 5200

Yes, I have 1997 in the astnode in echolink.conf

Not sure on the firewall. I haven’t in the past had an issue with Amazon AWS. I’ll look around in there to see if there is an option. My ASL node allows connections for what that’s worth.

WY7WL · March 24, 2025, 12:53am

I just tried to setup EL on my ASL node and same issue. I can make outbound connections, but no inbound connections. Seems like a port forwarding issue so I deleted UDP 4569 in the security groups and sure enough I can’t make a connection to my ASL node. So it seems like the port forwarding is working? Odd. I also tried allowing “All traffic” and still no connection.

Mike · March 24, 2025, 12:31pm

Not familiar with your cloud install, but if UFW is installed on that AWS version, you might want to allow the ports on the local firewall.

WY7WL · March 24, 2025, 2:05pm

Mike,

I tried a few different commands and all returned : command not found. So, it appears its not installed.

This is what iptables -L returned:

Chain INPUT (policy ACCEPT)                                                                                                                        
target     prot opt source               destination                                                                                               
                                                                                                                                                   
Chain FORWARD (policy ACCEPT)                                                                                                                      
target     prot opt source               destination                                                                                               
                                                                                                                                                   
Chain OUTPUT (policy ACCEPT)                                                                                                                       
target     prot opt source               destination

Mike · March 24, 2025, 2:25pm

I’m not going to suggest anything I might do since I don’t fully understand the setup.

While if UFW is installed, it only controls iptables with a simple interface.

You might try

sudo ufw status

If that returns anything, you can allow the ports there

Not that you can’t control iptables directly with some effort.
But often these cloud installs have different config’s for firewall management point, so I am at a loss to know any better.
But you do need to determine what is there.

WY7WL · March 25, 2025, 12:55am

~$ sudo ufw status                                                                                                          
sudo: ufw: command not found

I’ve had about three of these cloud nodes, and never had this problem. I’ve been using Debian 10 and ALS. The ports are controlled from the instance security group page.

I still think I’ve done something dumb somewhere. I might just start over and try a new install.

Mike · March 25, 2025, 11:37am

[globals]
HOMENPA = 999 ; change this to your Area Code
NODE = 527051 ; change this to your node number < this node variable
NODE = 1997 < is the same as this one

[default]
exten => i,1,Hangup

[radio-secure]

;exten => ${NODE},1,rpt(${EXTEN})
exten => _XXXX!,1,NoOp(Connect from node: ${CALLERID(num)})
same => n,NoOp(Connect to: ${EXTEN})

One of them should be NODE1 or something different.
You likely have other issues with your dial plan, but I can’t tell because I can’t see it all.

WY7WL · March 26, 2025, 1:12am

I tried adding the NODE1… No change. I have not modified the dial plan otherwise.

[general]                                                                                                                                          
                                                                                                                                                   
static = yes       ; These two lines prevent the command-line interface                                                                            
writeprotect = yes ; from overwriting the config file. Leave them here.                                                                            
                                                                                                                                                   
[globals]                                                                                                                                          
HOMENPA = 999 ; change this to your Area Code                                                                                                      
NODE = 527051   ; change this to your node number                                                                                                  
NODE1 = 1997                                                                                                                                       
                                                                                                                                                   
[default]                                                                                                                                          
exten => i,1,Hangup                                                                                                                                
                                                                                                                                                   
[radio-secure]                                                                                                                                     
                                                                                                                                                   
                                                                                                                                                   
                                                                                                                                                   
;exten => ${NODE},1,rpt(${EXTEN})                                                                                                                  
exten => _XXXX!,1,NoOp(Connect from node: ${CALLERID(num)})                                                                                        
        same => n,NoOp(Connect to: ${EXTEN})                                                                                                       
        ;same => n,NoOp(The IAXPEER is ${IAXPEER(CURRENTCHANNEL)})                                                                                 
        same => n,NoOp(The Channel IP is ${CHANNEL(peerip)})                                                                                       
                                                                                                                                                   
        ;If channel IP eq localhost go to connect                                                                                                  
        same => n,GotoIf($["${CHANNEL(peerip)}" = "127.0.0.1"]?connect)                                                                            
                                                                                                                                                   
        ;If allowlist/extension doesn't exist check the denylist                                                                                   
        same => n,GotoIf($[${DB_KEYCOUNT(allowlist/${EXTEN})} = 0]?denylist) ;goto denylist                                                        
        ;If allowlist/extension/callerid exists go to connect                                                                                      
        same => n,GotoIf(${DB_EXISTS(allowlist/${EXTEN}/${CALLERID(num)})}?connect) ;goto connect                                                  
        same => n,NoOp(${EXTEN} not in allowlist, Hangup)                                                                                          
        same => n,Hangup                                                                                                                           
                                                                                                                                                   
        ;If denylist/extension/callerID doesn't exist goto connect                                                                                 
        same => n(denylist),GotoIf(${DB_EXISTS(denylist/${EXTEN}/${CALLERID(num)})}?:connect) ;don't goto connect                                  
        same => n,NoOp(${EXTEN} is in denylist, Hangup)                                                                                            
        same => n,Hangup                                                                                                                           
                                                                                                                                                   
        same => n(connect),rpt(${EXTEN})                                                                                                           
        same => n,Hangup

Mike · March 26, 2025, 2:19am

I can’t say anymore without seeing the entire dialplan.

WY7WL · March 26, 2025, 12:52pm

Ok. Lemme try and figure out how to export that. I’m at work now. I’ll look tonight. Thanks for your help Mike.

WY7WL · March 27, 2025, 12:47am

[general]                                                                                                                                          
                                                                                                                                                   
static = yes       ; These two lines prevent the command-line interface                                                                            
writeprotect = yes ; from overwriting the config file. Leave them here.                                                                            
                                                                                                                                                   
[globals]                                                                                                                                          
HOMENPA = 999 ; change this to your Area Code                                                                                                      
NODE = 527051   ; change this to your node number                                                                                                  
NODE1 = 1997                                                                                                                                       
                                                                                                                                                   
[default]                                                                                                                                          
exten => i,1,Hangup                                                                                                                                
                                                                                                                                                   
[radio-secure]                                                                                                                                     
                                                                                                                                                   
                                                                                                                                                   
                                                                                                                                                   
;exten => ${NODE},1,rpt(${EXTEN})                                                                                                                  
exten => _XXXX!,1,NoOp(Connect from node: ${CALLERID(num)})                                                                                        
        same => n,NoOp(Connect to: ${EXTEN})                                                                                                       
        ;same => n,NoOp(The IAXPEER is ${IAXPEER(CURRENTCHANNEL)})                                                                                 
        same => n,NoOp(The Channel IP is ${CHANNEL(peerip)})                                                                                       
                                                                                                                                                   
        ;If channel IP eq localhost go to connect                                                                                                  
        same => n,GotoIf($["${CHANNEL(peerip)}" = "127.0.0.1"]?connect)                                                                            
                                                                                                                                                   
        ;If allowlist/extension doesn't exist check the denylist                                                                                   
        same => n,GotoIf($[${DB_KEYCOUNT(allowlist/${EXTEN})} = 0]?denylist) ;goto denylist                                                        
        ;If allowlist/extension/callerid exists go to connect                                                                                      
        same => n,GotoIf(${DB_EXISTS(allowlist/${EXTEN}/${CALLERID(num)})}?connect) ;goto connect                                                  
        same => n,NoOp(${EXTEN} not in allowlist, Hangup)                                                                                          
        same => n,Hangup                                                                                                                           
                                                                                                                                                   
        ;If denylist/extension/callerID doesn't exist goto connect                                                                                 
        same => n(denylist),GotoIf(${DB_EXISTS(denylist/${EXTEN}/${CALLERID(num)})}?:connect) ;don't goto connect                                  
        same => n,NoOp(${EXTEN} is in denylist, Hangup)                                                                                            
        same => n,Hangup                                                                                                                           
                                                                                                                                                   
        same => n(connect),rpt(${EXTEN})                                                                                                           
        same => n,Hangup                                                     
                                                                                                                                                   
[iaxrpt]                                                                                                                                           
; Entered from iaxrpt in iax.conf                                                                                                                  
; Info: The X option passed to the Rpt application                                                                                                 
; disables the normal security checks.                                                                                                             
; Because incoming connections are validated in iax.conf,                                                                                          
; and we don't know where the user will be coming from in advance,                                                                                 
; the X option is required.                                                                                                                        
exten => ${NODE},1,rpt(${EXTEN}|X)       ; NODE is the Name field in iaxrpt                                                                        
                                                                                                                                                   
[iax-client]                            ; for IAX VoIP clients.                                                                                    
exten => ${NODE},1,Ringing()                                                                                                                       
        same => n,Wait(10)                                                                                                                         
        same => n,Answer()                                                                                                                         
        same => n,Set(CALLSIGN=${CALLERID(name)})                                                                                                  
        same => n,NoOp(Caller ID name is ${CALLSIGN})                                                                                              
        same => n,NoOp(Caller ID number is ${CALLERID(number)})                                                                                    
        same => n,GotoIf(${ISNULL(${CALLSIGN})}?hangit)                                                                                            
        same => n,Playback(rpt/connected-to&rpt/node)                                                                                              
        same => n,SayDigits(${NODE})                                                                                                               
        same => n,rpt(${NODE}|P|${CALLSIGN}-P)                                                                                                     
        same => n(hangit),NoOp(No Caller ID Name)                                                                                                  
        same => n,Playback(connection-failed)                                                                                                      
        same => n,Wait(1)                                                                                                                          
        same => n,Hangup                                                                                                                           
                                                                                                                                                   
; Comment-out the following clause if you want Allstar Autopatch service                                                                           
[pstn-out]                                                                                                                                         
exten => _NXXNXXXXXX,1,playback(ss-noservice)                                                                                                      
        same => n,Congestion                                                                                                                       
                                                                                                                                                   
; Un-comment out the following clause if you want Allstar Autopatch service                                                                        
;[pstn-out]                                                                                                                                        
;exten => _NXXNXXXXXX,1,Dial(IAX2/allstar-autopatch/\${EXTEN})                                                                                     
; same => n,Busy                                                                                                                                   
                                                                                                                                                   
[invalidnum]                                                                                                                                       
exten => s,1,Wait(3)                                                                                                                               
        same => n,Playback(ss-noservice)                                                                                                           
        same => n,Wait(1)                                                                                                                          
        same => n,Hangup                                  

[radio]                                                                                                                                            
exten => _X11,1,Goto(check_route,${EXTEN},1);                                                                                                      
exten => _NXXXXXX,1,Goto(check_route,1${HOMENPA}${EXTEN},1)                                                                                        
exten => _1XXXXXXXXXX,1,Goto(check_route,${EXTEN},1)                                                                                               
exten => _07XX,1,Goto(parkedcalls,${EXTEN:1},1)                                                                                                    
exten => 00,1,Goto(my-ip,s,1)                                                                                                                      
                                                                                                                                                   
[check_route]                                                                                                                                      
exten => _X.,1,Noop(${EXTEN})                                                                                                                      
; no 800                                                                                                                                           
exten => _1800NXXXXXX,2,Goto(invalidnum,s,1)                                                                                                       
exten => _1888NXXXXXX,2,Goto(invalidnum,s,1)                                                                                                       
exten => _1877NXXXXXX,2,Goto(invalidnum,s,1)                                                                                                       
exten => _1866NXXXXXX,2,Goto(invalidnum,s,1)                                                                                                       
exten => _1855NXXXXXX,2,Goto(invalidnum,s,1)                                                                                                       
; no X00 NPA                                                                                                                                       
exten => _1X00XXXXXXX,2,Goto(invalidnum,s,1)                                                                                                       
; no X11 NPA                                                                                                                                       
exten => _1X11XXXXXXX,2,Goto(invalidnum,s,1)                                                                                                       
; no X11                                                                                                                                           
exten => _X11,2,Goto(invalidnum,s,1)                                                                                                               
; no 555 Prefix in any NPA                                                                                                                         
exten => _1NXX555XXXX,2,Goto(invalidnum,s,1)                                                                                                       
; no 976 Prefix in any NPA                                                                                                                         
exten => _1NXX976XXXX,2,Goto(invalidnum,s,1)                                                                                                       
; no NPA=809                                                                                                                                       
exten => _1809XXXXXXX,2,Goto(invalidnum,s,1)                                                                                                       
; no NPA=900                                                                                                                                       
exten => _1900XXXXXXX,2,Goto(invalidnum,s,1)                                                                                                       
                                                                                                                                                   
; okay, route it                                                                                                                                   
exten => _1NXXXXXXXXX,2,Goto(pstn-out,${EXTEN:1},1)                                                                                                
exten => _X.,2,Goto(invalidnum,s,1)                                                                                                                
                                                                                                                                                   
[my-ip]                                                                                                                                            
exten => s,1,Wait(1)                                                                                                                               
        same => n,SayAlpha(${CURL(http://myip.vg)})                                                                                                
        same => n,Hangup                                              

[allstar-sys]                                                                                                                                      
exten => _1.,1,Rpt(${EXTEN:1}|Rrpt/node:NODE:rpt/in-call:digits/0:PARKED|120)                                                                      
exten => _1.,n,Hangup                                                                                                                              
                                                                                                                                                   
exten => _2.,1,Ringing                                                                                                                             
exten => _2.,n,Wait(3)                                                                                                                             
exten => _2.,n,Answer                                                                                                                              
exten => _2.,n,Playback(rpt/node)                                                                                                                  
exten => _2.,n,Saydigits(${EXTEN:1})                                                                                                               
exten => _2.,n,Rpt(${EXTEN:1}|P|${CALLERID(name)}-P)                                                                                               
exten => _2.,n,Hangup                                                                                                                              
                                                                                                                                                   
exten => _3.,1,Ringing                                                                                                                             
exten => _3.,n,Wait(3)                                                                                                                             
exten => _3.,n,Answer                                                                                                                              
exten => _3.,n,Playback(rpt/node)                                                                                                                  
exten => _3.,n,Saydigits(${EXTEN:1})                                                                                                               
exten => _3.,n,Rpt(${EXTEN:1}|Pv|${CALLERID(name)}-P)                                                                                              
exten => _3.,n,Hangup                                                                                                                              
                                                                                                                                                   
exten => _4.,1,Ringing                                                                                                                             
exten => _4.,n,Wait(3)                                                                                                                             
exten => _4.,n,Answer                                                                                                                              
exten => _4.,n,Playback(rpt/node)                                                                                                                  
exten => _4.,n,Saydigits(${EXTEN:1})                                                                                                               
exten => _4.,n,Rpt(${EXTEN:1}|D|${CALLERID(name)}-P)                                                                                               
exten => _4.,n,Hangup                                                                                                                              
                                                                                                                                                   
exten => _5.,1,Ringing                                                                                                                             
exten => _5.,n,Wait(3)                                                                                                                             
exten => _5.,n,Answer                                                                                                                              
exten => _5.,n,Playback(rpt/node)                                                                                                                  
exten => _5.,n,Saydigits(${EXTEN:1})                                                                                                               
exten => _5.,n,Rpt(${EXTEN:1}|Dv|${CALLERID(name)}-P)                                                                                              
exten => _5.,n,Hangup 

[allstar-public]                                                                                                                                   
                                                                                                                                                   
exten => s,1,Ringing                                                                                                                               
        same => n,Set(RESP=${CURL(https://register.allstarlink.org/cgi-bin/authwebphone.pl?${CALLERID(name)})})                                    
        same => n,Set(NODENUM=${CALLERID(number)})                                                                                                 
        same => n,GotoIf($["${RESP:0:1}" = "?"]?hangit)                                                                                            
        same => n,GotoIf($["${RESP:0:1}" = ""]?hangit)                                                                                             
        same => n,GotoIf($["${RESP:0:5}" != "OHYES"]?hangit)                                                                                       
        same => n,Set(CALLSIGN=${RESP:5})                                                                                                          
        ;exten => s,n,GotoIf($[${DB_EXISTS(whitelist/${CALLSIGN})}]?:hangit)  ; Not in whitelist                                                   
        same => n,Wait(3)                                                                                                                          
        same => n,Playback(rpt/node,noanswer)                                                                                                      
        same => n,Saydigits(${NODENUM})                                                                                                            
        same => n,Set(CALLERID(name)=${CALLSIGN})                                                                                                  
        same => n,Set(CALLERID(num)=0)                                                                                                             
        same => n,Rpt(${NODENUM}|X)                                                                                                                
        same => n,Hangup                                                                                                                           
        same => n(hangit),Answer                                                                                                                   
        same => n,Wait(1)                                                                                                                          
        same => n,Hangup                                                                                                                           
                                                                                                                                                   
#tryinclude custom/extensions.conf

Sorry to copy and paste. I couldn’t figure out how to get and export to work correctly.

Mike · March 27, 2025, 11:19am

copy/paste is just fine.
Whatever you are comfortable with since you may not be able to attach?

I see no reason in this. But I too can overlook. So it is there for other to comb over.

Can you show us echolink.conf

and just a FYI…
EL connections can only be one per WAN IP address so you need to be sure your mobile, that may have the app is not also connecting through your router.
By default, the app will run in the background and make a connection unknowingly to you when wifi is available.
The effects of this are not always the same for each user. Not consistent. Often no warnings either…
Just take that into your troubleshooting calculus.

WY7WL · March 28, 2025, 9:56pm

Well here is something… I was trying to connect the node with the CLI running and this error came up. I can’t find that 1999 node anywhere in radio-secure. But that’s the problem. I’m using private node 1997 for echolink.

[2025-03-28 21:44:36.732] ERROR[755]: chan_echolink.c:3341 do_new_call: Cannot find database entry for IP address 128.235.36.250, Callsign WY7WL.  
    -- Executing [1999@radio-secure:1] NoOp("echolink/el0-0", "Connect from node: 3980490") in new stack                                           
    -- Executing [1999@radio-secure:2] NoOp("echolink/el0-0", "Connect to: 1999") in new stack                                                     
[2025-03-28 21:44:41.854] WARNING[1033][C-00000013]: func_channel.c:576 func_channel_read: Unknown or unavailable item requested: 'peerip'

The same error appears when I remove the private node and just try to use my ASL node number in the echolink.conf astnxode

Mike · March 29, 2025, 2:20pm

Let’s make sure I correctly understand the issue.
You can not connect from 527051 to 1997 ?

Or which. Please keep the answer completely simple, no long story.

Those lines allows internal nodes to connect without any other condition.

Is 1997 properly desribed in rpt.conf ?

WY7WL · March 29, 2025, 6:25pm

Yes, I CAN connect 527051 to 1997.

I do not get inbound EchoLink connections. The error message from CLI posted above was while attempting to connect inbound EchoLink. In this error includes a node 1999. Which I have no where in the dial plan or rpt.conf.

WA3WCO · March 29, 2025, 7:21pm

This feels like you have a typo. Maybe try :

cd /etc/asterisk
grep 1999 *.conf

and then look at any file/line that included “1999”

vk3jed · March 29, 2025, 8:36pm

Have a look in echolink.conf. What does the line starting with "node =" say? I suspect that's the cause of your problem. The node number here is the one you want inbound Echolink calls to be routed to.

WY7WL · March 30, 2025, 12:09am

grep 1999 *.conf                                                                                             
gps.conf:                            ;   145.000MHz T146 -060, AllStar Node 1999                                                                   
gps.conf:;    [1999](node-main)                                                                                                                    
gps.conf:;    aprstt = 1999            <--- Add this line to "rpt.conf"                                                                            
gps.conf:;[1999](general)                                                                                                                          
gps.conf:;comment = AllStar Node 1999 ; per-node setting                                                                                           
iax.conf:;register => 1999:12345@register.allstarlink.org    ; This must be changed to your node number, password                                  
rpt.conf:; rxchannel = SimpleUSB/1999        ; SimpleUSB                                                                                           
rpt.conf:; rxchannel = Radio/1999            ; USBRadio (DSP)                                                                                      
rpt.conf:; rxchannel = Voter/1999            ; RTCM device                                                                                         
rpt.conf:; 809 = ilink,9,1999,"Testing"      ; would send a text message to node 1999 replace 1999 with 0 for all connected nodes                  
simpleusb.conf:;;;;; this file. The simpleusb_tune_usb_1999.conf ;;;;;                                                                             
usbradio.conf:;;;;; this file. The usbradio_tune_usb_1999.conf  ;;;;;                                                                              
voter.conf:[527051]                          ; define the 1999 instance stanza

Anything look odd there?

Private Node and Echolink

I added the private node to [globals] in extentions.conf IF, I add: exten => 1997,1,rpt,1997 under [radio-secure] the private node doesn’t connect. I’ve tried a few different combinations.

Here is the rpt.conf:

I added the private node to [globals] in extentions.conf
IF, I add: exten => 1997,1,rpt,1997 under [radio-secure] the private node doesn’t connect. I’ve tried a few different combinations.