[arm-allstar] Update issue...

Thu Nov 15 12:34:40 EST 2018

I really wish users would actually read and understand the update
announcements we send out. This was clearly described in the update
announcement of November 12. I will repeat again here. There is a way
around this security fix but you use it at your own risk and understanding
of the possible consequences.

Prior message -

Allstar has a often little known and used command *4 mapped to ilink,4
which can be used to send DTMF commands to OTHER nodes just like you would
to your own. The node you would control needs to be connected for the
control to work.

While this is in some cases a useful command it also has enormous security
risks if used in a nefarious way. To eliminate this problem we have turned
off this feature by default in the hamvoip code with this update. Users who
need to use it can turn it on with this added command in the node stanza of
each node requiring it in rpt.conf. Leaving the command out or setting it
to 0 has the same effect of restricting its use. Few users will have a need
to turn this on -

remote_dtmf_allowed=1

This command is only needed at the node you want to control and on any
nodes in between if it is not a direct connect. It is not required on the
source node unless you also want it to be controlled from somewhere else.
Keep in mind that it is a general security issue to turn this on and you
should only to do so if it is needed. This is the classic "back door" which
probably made sense when Allstar was a small group with trust between
users. We will be introducing a pin number security feature for this in a
future update which will make it more secure to leave it on.

And I might also add that Supermon is an excellent alternative to control
remote nodes. It has the capability to send DTMF directly, is independent
of in-between nodes, You do not have to be connected to send the commands,
is secure, and useable on any device that has a web browser.

*73 Doug*

*WA3DSP*

*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*

On Thu, Nov 15, 2018 at 11:34 AM "David McGough via ARM-allstar" <
arm-allstar at hamvoip.org> wrote:

>
> Hi Vendel,
>
> This is a security feature added in the latest release. Remote DTMF
> commands are disabled by default.  To re-enable, in the rpt.conf
> node stanza which you want to remote control, add the statement:
>
> remote_dtmf_allowed=1
>
>
> 73, David KB4FXC
>
>
> On Thu, 15 Nov 2018, "Vendel via ARM-allstar" wrote:
>
> > Hello all, I just updated my Controller/ Node software and I noticed
> the DTMF commands issued by IAXRPT on my PC no longer work. The Android
> version of IAXRPT works fine as does my HT. Here is what CLI shows when I
> issue the commands,
>
> [Nov 15 11:15:45] WARNING[408]: app_rpt.c:11779 handle_link_data: DTMF
> commands disabled! link string: D 42883 0 1 *
> [Nov 15 11:15:45] WARNING[408]: app_rpt.c:11779 handle_link_data: DTMF
> commands disabled! link string: D 42883 0 1 7
> [Nov 15 11:15:46] WARNING[408]: app_rpt.c:11779 handle_link_data: DTMF
> commands disabled! link string: D 42883 0 1 0
> K2DSI*CLI>
>
> Any idea whatâ€™s happening? Thanks as always, Vendel/ K2DSI.
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>