Allstarlink Lessons Learned

This page is was created to share the lessons I learned in setting up and administering the Allstarlink server running on the NH6XO repeater net. Allstarlink is a very versatile and powerful platform but getting starting with it has a huge learning curve, especially if you're not very familiar with Linux. The content on this page is designed to help those who wish to setup a private node and also some tips and tricks to helping out anyone running an Allstar/Asterisk Server.

THIS PAGE IS GEARED TOWARD THOSE WHO WANT A PRIVATE NODE, not the public type as described on the Allstarlink homepage. However, most of the info here is applicable to public nodes as well. Setting up a private node is inherently more complex because the configuration files and options are not automatically generated.

 

Here is a great guide (PDF) authored by the late Jim Kehler, KH2D, to help you install and get your node up and running: SETTING UP AN ALLSTARLINK PRIVATE NODE. Remember, you DO NOT need to register with Allstarlink to get a node number if you are setting up a private node. You will be making up your own node number.

Once you've got that sucker running, there are a few things that are not addressed in the stock installation.

I have found the answers to most of my specific questions here at the Allstar/App_rpt support page.

BEFORE YOU START downloading any files from here, read this: Right click -> Save link as. Do not attempt to copy/paste after it displayed on your browser. Remove the .txt extension if it saved that way. DO NOT edit the file in Windows as it will severely mess up the formatting, causing the script or config file not to work.

Of course, use all the information provided on this page AT YOUR OWN RISK. I'm not an expert, I'm just trying to make life a little easier for those struggling with a very steep learning curve.

I use SSH Secure Shell to connect to my server (after you login successfully, click on the little folder icon near the top to get SFTP to transfer files). Remember, you have to use Port 222 (instead of default 22) to connect.

Example Configuration Files

An example set of private node configuration files can be found HERE. Please read the readme inside of the zip file for detailed information.

 

Rotating the Asterisk 'messages' log file

There is a log file which asterisk outputs to keep track of events which can be found in /var/log/asterisk/messages.

The problem with a stock installation of Allstar is that the messages file never gets rotated. Consequently, this file can become HUGE and unwieldy to deal with. Mine grew to 2GB over a 3 year time period with pretty light traffic. Most of the log content was because of failed registration and call attempts from hackers- more on that later.

I got the info on how to rotate the messages file from THIS WEBSITE . However, all you need to do is: Right click -> Save as on THIS FILE . Upload it directly to your node server in the /etc/logrotate.d/ directory using SFTP.

 

Lock Down Asterisk a Bit More

Replace /etc/asterisk/manager.conf with THIS ONE (This disables the Asterisk Manager Interface which can be a point of entry for hackers)

Edit /etc/asterisk/sip.conf and set "alwaysauthreject=yes" (This prevents Asterisk from leaking authentication info by sending the same response unless all credentials match)

Of course, to use these new configs, you have to use the astres.sh command.

 

Install Fail2ban to Keep the Hackers at Bay

My Allstar link system was getting repeated failed requests to register extensions. With a little digging on Google, I found that this was quite a common problem with Asterisk servers because hackers are trying to gain access to your server by 'brute force' so they can place free calls. Although unlikely to be successful because of the way Allstar is setup, these failed attempts cause the Asterisk log file to grow huge and creates a bunch of unnecessary network traffic eating up your bandwidth and loading your server.

Fail2ban keeps track of the server logs and watches for failed attempts to register with the Asterisk server as well as failed SSH login attempts. You can configure it to do other things but SSH and Asterisk are really the only things you are concerned about on a typical Allstar install.

Run the following commands to install fail2ban:

# wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm (This retrieves repository info for the extra packages)

# rpm -ivh epel-release-5-4.noarch.rpm (This activates the repository info for the extra packages)

# yum install fail2ban (Answer yes to everything and this will automagically install fail2ban for you)

Upload JAIL.CONF into the /etc/fail2ban/ directory and overwrite the original (might want to make a copy of the original first)

Upload ASTERISK.CONF into the /etc/fail2ban/filter.d/ directory

Add "fail2ban-client start" on its own line to the /etc/rc.d/rc.local file (This starts fail2ban upon system start) Use vi or nano to edit the rc.local file

 

That's pretty much all there is to installing it. Commands to know to control and view the status of fail2ban:

# fail2ban-client status (shows status)

# fail2ban-client status asterisk-iptables (shows the specific statistics for asterisk blocks)

# fail2ban-client status ssh-iptables (shows the specific statistics for blocks)

# fail2ban-client start (manually start)

# fail2ban-client stop (manually stop)

# fail2ban-client reload (restart)

More info HERE

 

Install Email Program 'Mutt' to read root emails

Type the command "yum install mutt" to install Mutt, which is a command line email program. This will allow you to easily read any messages the system sends to you. This includes Cron errors and other system messages like log rotation info.


Commands to Know

"radio-tune-menu" This command brings up the audio tuning menu for setting up your URI

"cd /[directory]" How to change directories in Linux. ex: to get to the Asterisk Config Files it's "cd /etc/asterisk"

"vi [filename]" A very old school text editor. Found on just about any Unix/Linux machine. Google to find out the commands. ":wq<enter>" saves and exits.

"nano [filename]" A more contemporary command line text editor but not as powerful as vi

"asterisk -r" opens the Asterisk console and shows you what's happening on Allstar. Type 'exit' to leave console.

"netstat -all" shows what network connections are currently going on

"date" shows system time

"top" shows CPU/RAM usage and running processes. CTRL-C exits

"astres.sh" restarts Asterisk

"astup.sh" starts Asterisk

"astdn.sh" stops Asterisk

"ntpstat" and "ntpq -pn" shows the Network Time Sync Status.

 

Helpful Hints

SETUP: Running the "setup" command at the prompt will allow you to setup basic things like IP address, Timezone, Keyboard, etc.

NETWORK config file is /etc/sysconfig/network-scripts/ifcfg-eth0 You can alternatively use this instead of setup to configure a static IP.

NAMESERVER config file is /etc/resolv.conf You need to specify nameservers if using a static IP. This can also be set with the "setup" command. You should use at least two. The syntax is "nameserver [IP]" i.e. "nameserver 8.8.8.8"

NTP: config file is in /etc/ntp.conf You can add your own nearby NTP server for more reliability if you like.

PORT FORWARDING: If you're running behind a NAT router (i.e. Linksys, Netgear, etc), as most using a home internet connection are, then you need to forward port 4569 UDP to the internal address of your node server. Your node should be configured as a static IP in this case (see first helpful hint). See HERE. You also have to forward port 222 if you want to administer your node from the outside world.

DYNAMIC DNS: If you're running a private node on a home internet connections, chances are you have a dynamic IP address. You need to sign up with a dynamic dns service like NO-IP so that other private nodes can find your node.

CONTROLLER LINKING: If you are hooking up your URI to a port of an external repeater controller, you need to know about the "linktolink=yes" variable (not stock in the rpt.conf file). It should be added just below "duplex=0" variable. This removes courtesy tones, hang time, etc so that Allstar is transparent. See HERE also.

HUB NODES: Virtual hub nodes can be created by defining rxchannel= Zap/pseudo

ADDITIONAL NODES ON SAME SERVER: Additional nodes using USB dongles can be specified by defining rxchannel = Radio/usb2, rxchannel = Radio/usb3, etc. Make sure to select the proper dongle when using radio-tune-menu. I check which one is which by using the flash/toggle PTT/tone option.

 

 

Last Updated January 18, 2014