OPNsense Forum
English Forums => General Discussion => Topic started by: Mohiuddin on November 26, 2017, 07:45:45 am
-
Hi
I was trying to include Asterisk13 in the PORTS and added 'net/asterisk13' in the config/17.7/ports.conf. But after completion of the build 'make dvd' I have installed the iso in a VM and seems Asterisk13 is not installed. I have found in the build log that at some point Asterisk13 was 'Deinstalled'!
Here's the partial log:
Installing zip-3.0_1...
Extracting zip-3.0_1: 100%
pkg: 301 packages installed
Updating database digests format: 100%
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 300 packages:
Installed packages to be REMOVED:
suricata-4.0.0
GeoIP-1.6.11
acme-client-0.1.16_1
acme.sh-2.7.4_1
open-vm-tools-nox11-10.1.10_2,2
apache-xml-security-c-1.7.3
apcupsd-3.14.14_2
apinger-0.7
clamav-0.99.2_4
arc-5.21p
arj-3.10.22_4
arp-scan-1.9
asterisk13-13.17.1
automake-1.15.1
autoconf-2.69_1
autoconf-wrapper-20131203
automake-wrapper-20131203
autossh-1.4e
bandwidthd-2.0.1_11
beadm-1.2.7_2
beep-1.0_1
bind911-9.11.2
bison-3.0.4,1
bsdinstaller-17.7
bsnmp-regex-0.6_1
bsnmp-ucd-0.4.2
bwm-ng-0.6_2
mosquitto-1.4.10_1
c-ares-1.12.0_2
curl-7.55.1
cmake-3.9.2
git-2.14.1
php70-curl-7.0.23
ddclient-3.8.3_3
opensmtpd-5.9.2p1_3,1
ca_root_nss-3.32.1
cciss_vol_status-1.11
choparp-20150613
syslogd-11.0
clog-1.0.1_3
collectd5-5.7.2_1
cpdup-1.18
cpustats-0.1
cvsps-2.1_2
cyrus-sasl-gssapi-2.1.26_7
openldap-sasl-client-2.4.45
openldap-sasl-server-2.4.45
pam_ldap-1.8.6_3
php70-ldap-7.0.23
cyrus-sasl-2.1.26_12
darkstat-3.0.719
dhcp6-20080615.2
dhcpleases-0.2
dnscrypt-proxy-1.9.5_1
dnsmasq-2.77_1,1
e2fsprogs-libuuid-1.43.6
openvpn-2.4.3
easy-rsa-3.0.1_1
fontconfig-2.12.1,1
libgd-2.2.4_1,1
libarchive-3.3.1,1
gdb-8.0_3
unbound-1.6.5
expat-2.2.1
expiretable-0.6_1
filterdns-0.2
filterlog-0.2
flowd-0.9.1_3
fping-3.16
freeradius3-3.0.15_1
freetds-1.00.49,1
rrdtool12-1.2.30_7
freetype2-2.8
freevrrpd-1.1_1
fusefs-libs-2.9.5
mc-light-4.1.40.p9_11
gawk-4.1.4_1
gdbm-1.13_1
gettext-0.19.8.1
gettext-tools-0.19.8.1
glib-2.50.2_5,1
gnokii-0.6.31_10,1
libfixbuf-1.7.1
yaf-2.8.4_2
gnu-watch-3.3.12
php70-gettext-7.0.23
gettext-runtime-0.19.8.1_1
webp-0.6.0_4
giflib-5.1.4
gmake-4.2.1_1
nettle-3.3
mpfr-3.1.5_1
mpc-1.0.3
gmp-6.1.2
pjsip-2.6_2
gsm-1.0.13_2
haproxy-1.7.9
help2man-1.47.4
honeybadger-0.0.0.2016022301
hyperscan-4.4.1_2
icu-58.2_3,1
idnkit-1.0_6
ifinfo-10.1
iftop-1.0.p4
igmpproxy-0.1_2,1
readline-7.0.3
python27-2.7.12_4
newt-0.52.20
python2-2_3
talloc-2.1.9
scons-2.5.1_1
py27-setuptools-36.2.2
py27-pytz-2017.2,1
py27-Babel-2.3.4
py27-Jinja2-2.9.5
py27-MarkupSafe-1.0
py27-certifi-2017.7.27.1
py27-urllib3-1.22
py27-requests-2.18.1_1
py27-telepot-9.1
py27-pycparser-2.10
py27-cffi-1.7.0
py27-cryptography-1.7.2
py27-openssl-16.2.0
py27-chardet-3.0.4
py27-ipaddress-1.0.18
py27-idna-2.5
py27-six-1.10.0
py27-pyasn1-0.2.2
py27-enum34-1.1.6
py27-sqlite3-2.7.12_7
py27-fail2ban-0.9.7
py27-netaddr-0.7.19
py27-pysocks-1.6.7
py27-ujson-1.35
sqlite3-3.20.1
php70-sqlite3-7.0.23
sqlite-2.8.17_4
postgresql95-client-9.5.9
krb5-1.15.1_5
libffi-3.2.1_1
ruby-2.4.1_2,1
libgpg-error-1.27
libgcrypt-1.8.1
m4-1.4.18,1
libtool-2.4.6
libconfig-1.4.9_1
sslh-1.18
libunistring-0.9.7
libidn2-2.0.4
wget-1.19.1_1
nano-2.8.7
texinfo-6.4_1,1
tinc-1.0.32
wol-0.7.1_3
indexinfo-0.2.6
iperf3-3.2
isc-dhcp43-client-4.3.6
isc-dhcp43-relay-4.3.6
isc-dhcp43-server-4.3.6
lldpd-0.9.4_3
jansson-2.10
tiff-4.0.8
spandsp-0.0.6
jbigkit-2.1_1
joe-4.2_1,1
jpeg-turbo-1.5.2
json-c-0.12.1
jsoncpp-1.8.1_1
kermit-9.0.304
openssh-portable-7.5.p1_1,1
ldns-1.7.0_1
lha-1.14i_7
obfsclient-0.0.2_7
liballium-0.0.1
libart_lgpl-2.3.21_3,1
libasr-1.0.2
radvd-1.15
libdaemon-0.14_1
libdnet-1.12_1
lua51-5.1.5_9
mysql56-client-5.6.37_1
lua53-5.3.4
ntp-4.2.8p10_2
libedit-3.1.20170329_2,1
tor-0.3.0.10_1
libevent-2.1.8
rsync-3.1.2_7
libiconv-1.14_10
mpg123-1.25.6
php70-mcrypt-7.0.23
libltdl-2.4.6
liblz4-1.8.0,1
libmcrypt-2.5.8_3
libmspack-0.5
libnet-1.1.6_5,1
libnghttp2-1.25.0
speex-1.2.0,1
libvorbis-1.3.5_1,3
libogg-1.3.2_2,4
liboping-1.8.0_1
siproxd-0.8.2
libosip2-5.0.0
libsigsegv-2.11
libslang2-2.3.1_1
libsodium-1.0.12
libstatgrab-0.91
opnsense-update-17.7.1
libucl-0.8.0
libunwind-20170113_1
libuv-1.14.1
openconnect-7.08
php70-7.0.23
php70-xml-7.0.23
pear-1.10.5
pear-PHP_CodeSniffer-3.0.1
php70-zlib-7.0.23
php70-xmlwriter-7.0.23
php70-simplexml-7.0.23
php70-ctype-7.0.23
php70-tokenizer-7.0.23
pecl-radius-1.4.0.b1
php-xdebug-2.5.0
php70-bcmath-7.0.23
php70-dom-7.0.23
phpunit6-6.3.0
php70-filter-7.0.23
php70-hash-7.0.23
php70-phar-7.0.23
php70-json-7.0.23
php70-mbstring-7.0.23
php70-mysqli-7.0.23
php70-openssl-7.0.23
php70-soap-7.0.23
php70-sockets-7.0.23
libxml2-2.9.4
libyaml-0.1.6_2
lmdb-0.9.21,1
lzo2-2.10_1
maradns-2.0.13
mdns-repeater-1.10_2
miniupnpd-1.9.20160113,1
mk-livestatus-1.2.8p16_2
mpd5-5.8_2
mtr-0.92
nrpe-2.15_7
nagios-plugins-2.2.1_5,1
net-snmp-5.7.3_17
nmap-7.40_1
oniguruma6-6.4.0
p5-Net-SSLeay-1.81
p5-IO-Socket-SSL-2.049_1
smtp-cli-3.6
peervpn-0.044
relayd-5.5.20140810_2
shadowsocks-libev-2.4.7
strongswan-5.6.0
tcpcrypt-0.3.r1
uftp-4.9.3,1
yara-3.6.3
openssl-1.0.2l,1
opnsense-lang-17.7.1
p5-Digest-HMAC-1.03_1
p5-MIME-Lite-3.030_1
p5-Email-Date-Format-1.005
p5-Error-0.17025
p5-File-LibMagic-1.15
p5-MIME-Types-2.13
p5-Mail-Tools-2.14
p5-Mozilla-CA-20160104
p5-Term-ReadKey-2.37
p5-TimeDate-2.30_2,1
pam_opnsense-17.1
patch-2.7.5
pcre-8.40_1
perl5-5.24.2
pkgconf-1.3.7,1
png-1.6.31
polarssl13-1.3.20
popt-1.16_2
portaudio-19.20140130_6
proxy-suite-1.9.2.4_3
radiusclient-0.5.6_3
rate-0.9_1
rhash-1.3.4
samplicator-1.3.8.r1
speexdsp-1.2.r3_1
sshlockout_pf-0.0.2_2
sudo-1.8.21p2
tayga-0.9.2
telegraf-1.3.0
unixODBC-2.3.4
unzoo-4.4_2
vault-0.8.2
vim-lite-8.0.1115
vnstat-1.15
vpnc-scripts-20161215
xerces-c3-3.2.0_2
zerotier-1.2.4_1
zip-3.0_1
Number of packages to be removed: 300
The operation will free 1 GiB.
[1/300] Deinstalling py27-requests-2.18.1_1...
[1/300] Deleting files for py27-requests-2.18.1_1: 100%
[2/300] Deinstalling py27-telepot-9.1...
[2/300] Deleting files for py27-telepot-9.1: 100%
...
...
[13/300] Deinstalling asterisk13-13.17.1...
[13/300] Deleting files for asterisk13-13.17.1: 100%
==> You should manually remove the "asterisk" user.
==> You should manually remove the "asterisk" group
==> You should manually remove the "dahdi" group
[14/300] Deinstalling bandwidthd-2.0.1_11...
[14/300] Deleting files for bandwidthd-2.0.1_11: 100%
...
...
[294/300] Deleting files for vault-0.8.2: 100%
==> You should manually remove the "vault" user.
==> You should manually remove the "vault" group
[295/300] Deinstalling vim-lite-8.0.1115...
[295/300] Deleting files for vim-lite-8.0.1115: 100%
[296/300] Deinstalling vnstat-1.15...
[296/300] Deleting files for vnstat-1.15: 100%
==> You should manually remove the "vnstat" user.
==> You should manually remove the "vnstat" group
[297/300] Deinstalling vpnc-scripts-20161215...
[297/300] Deleting files for vpnc-scripts-20161215: 100%
[298/300] Deinstalling xerces-c3-3.2.0_2...
[298/300] Deleting files for xerces-c3-3.2.0_2: 100%
[299/300] Deinstalling zerotier-1.2.4_1...
[299/300] Deleting files for zerotier-1.2.4_1: 100%
[300/300] Deinstalling zip-3.0_1...
[300/300] Deleting files for zip-3.0_1: 100%
Would appreciate a lot if You could help me out into this! :)
Best Wishes!
Mohiuddin.
-
Asterisk13 is already there as a pkg?
-
Hi mimugmail
The pkg is of freebsd repo and thats to run after OPNSense installation, I want to integrate the module in the main build so that I need not to run pkg install after OS installation.
-
I do not fully understand this request:
1. net/asterisk13 already is in ports.conf
2. If you want to preinstall additional packages you want to use ADDITIONS=asterisk13 as documented in https://github.com/opnsense/tools/blob/master/README.md but this post gives no context about whether this was the case or not.
Cheers,
Franco
-
Hi Franco
I see, my target is to make asterisk13 available already in the iso so that when I install the OPNSense the asterisk13 will already be there by default, but when I build the iso and isntall it in a VM it seems asterisk13 is not there.
-
What do I need to do to include a supportive packages like , gcc5, bsnmp etc to the build so that I need not install them After loading the iso to the system and run 'pkg install gcc5'. I have a whole bunch of packages to include more than 30+ and I want them in the iso build so that its a compact solution.
-
# make dvd ADDITIONS="asterisk13 gcc5"
But if you install each package, it will install all dependencies anyway. I'm not sure why you would need gcc5, but the above gives you the idea I hope. :)
Cheers,
Franco
-
Hi Franco
I would give You the list of packages if you want to know, but this gives me an idea, I have already ran the build with ADDITIONS=asterisk13, let's see if it meets my requirement, we are building a solution based on our requirement which requires a compact solution rather with a post installation scripts. I will get back with positive or negatives, till then Thanks lot lot lot and lot ;D , You're Awesome!
Best wishes!
Mohiuddin.
-
I am not trying to discourage anyone from trying this if you really want to, but personally I'd be wary about running Asterisk on the same system as my router for a couple of reasons. First of all Asterisk is a frequent target of hackers (usually people who want to make expensive international calls that you get billed for), so it is important that Asterisk be properly secured behind a good firewall, and that could be more difficult if it is running on the router itself. Second, hackers often try to get in by hammering you repeatedly with extension/password combinations, and while you can usually keep them out by using long and very random passwords, they are still using your bandwidth, which could impact other devices using your router.
If you are aware of this going in, and know how to mitigate such attacks, then great! But if you don't, you might be better off to run Asterisk on a separate device. I've run FreePBX and Asterisk on a Raspberry Pi (using iptables as the firewall) and it has worked well, though obviously you wouldn't want to do that if you had a large number of users that might all try to place calls at once. If you know more about securing OPNsense than I do (and odds are that you do), then maybe this isn't an issue for you, but I just wanted to mention it in case you hadn't considered it.
-
I agree wholeheartedly with comet. OPNsense is a great project and I applaud anybody who takes the time and effort to extend it in new and exciting ways.
However, to me a firewall is best when it appears as a black hole in the network. It ideally generates the very minimum of traffic and only accepts management traffic on a separate interface.
Just my €0.02
Bart...
-
I disagree, SIP incoming must only be allowed internally, in the WAN just outbound. So it's quite secure, or better, not worse secure than using Proxy. Since there is no Firewall pronect with a GUI for voip this would be a unique feature :)
-
Hi Everyone
We have been working on asterisk for several years and well aware of the pros and cons of asterisk pretty much :) I really appreciate a lot about your concerns, it's been a while we have secured the firewall by iptables, OPNSense having PF as firewall seems a bit challenging but thanks to its versatile security features and friendly GUI environment we believe it will not be a problem! Let's hope For the best!
Franco
Asterisk is successfully built via ADDITIONS. I will see and try load other modules as well, took a lot of time to complete the build You know! Thanks once again! I will come back again with some good news!
Best Wishes!
Maruf.
-
Great! If you want an UI for Asterisk and are willing to help we can work on this next year :)