[arm-allstar] Supermon configuration

Doug Crompton wa3dsp at gmail.com
Fri Sep 21 19:12:05 EDT 2018 

 Giles,

For the allmon.ini file -

To manage the server supermon is on you would use either that servers IP
address or usually 127.0.0.1

To manage other servers on your LAN you would specify their local IP
address.

To manage other servers outside your LAN you would have to use the public
IP of that remote system and port 5038 would need to be port mapped at that
remote location.

Instead of an IP address an option that usually works for Public IP's would
be   node#.asnode.org:5038  or   40000.asnode.org:5038  for node 40000

In either the LAN or outside your LAN circumstances you would use
bindaddr=0.0.0.0 in the manager

All IP addresses would be  address:5038

How your VPN effects this I cannot answer.


*73 Doug*

*WA3DSP*

*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*



On Fri, Sep 21, 2018 at 6:57 PM "ve2gqf--- via ARM-allstar" <
arm-allstar at hamvoip.org> wrote:

> Doug,
>
> It works now, if I indicate in supermon.ini :
>
> [47646]
> host=192.168.2.153:5038      (192.168.2.153  is the RPI IP adress)
>
> host=127.0.0.1  doesn't work ! ?
>
> bindaddr = 0.0.0.0 in manager.conf
>
>
> Supermon is on the same RPI than Asterisk, and acces to the RPI over a
> VPN. I have no FW rules :
>
> [root at VE2RQF-900 supermon]# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> [root at VE2RQF-900 supermon]#
>
> lo is active (!) and has the good address :
>
> lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
>         inet 127.0.0.1  netmask 255.0.0.0
>
> Is there any other than FW to block loopback access ?
>
> Nany thank's for your support Doug,
>
> 73's Gilles VE2GQF
>
> Le 2018-09-21 à 10:13, "Doug Crompton via ARM-allstar" a écrit :
> > Giles,
> >
> >  It sounds like port 5038 is not getting from point A to point B. What is
> > the path? Do you allow that port through? Is there some firewall setup
> > limiting it? Do other ports (IAX, SSH) work through this same path?
> >
> >
> > *73 Doug*
> >
> > *WA3DSP*
> >
> > *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
> >
> > On Fri, Sep 21, 2018 at 9:50 AM "ve2gqf--- via ARM-allstar" <
> > arm-allstar at hamvoip.org> wrote:
> >
> >> Thank's Paul,
> >>
> >> In fact password was not ***, but I had test with other password
> >> (uppercase, lowercase) pwd, but there is n change !
> >>
> >> Another idea ?
> >>
> >> Manager.conf   has bindport  0.0.0.0                 Yes
> >> Secret set correctly at both allmon.ini and manager.conf  Yes
> >>
> >> The RPI is on site, and I have access throut a VPN, no FW on the RPI.
> >>
> >> Thank's Gilles VE2GQF
> >>
> >>
> >> Le 2018-09-20 à 08:49, "Paul - KN2R via ARM-allstar" a écrit :
> >>> Maybe it does not like the characters with asterisk "*" in password.
> >> Change those and see if it works.
> >>> Paul / KN2R
> >>>
> >>>
> >>>
> >>> -----Original Message-----
> >>> From: ARM-allstar [mailto:arm-allstar-bounces at hamvoip.org] On Behalf
> Of
> >> "Doug Crompton via ARM-allstar"
> >>> Sent: Wednesday, September 19, 2018 11:01 AM
> >>> To: ARM Allstar
> >>> Cc: Doug Crompton
> >>> Subject: Re: [arm-allstar] Supermon configuration
> >>>
> >>> Giles,
> >>>
> >>>  I am not sure what could be wrong. This does work. Did you follow all
> >> the directions in the howto at hamvoip.org?
> >>> Manager.conf   has bindport  0.0.0.0
> >>> Secret set correctly at both allmon.ini and manager.conf
> >>>
> >>> What is the path for this control? Is it within your LAN or out on the
> >> Internet?
> >>> If out on the Internet you need to port forward 5038 TCP.
> >>>
> >>>
> >>> *73 Doug*
> >>>
> >>> *WA3DSP*
> >>>
> >>> *http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*
> >>>
> >>>
> >>>
> >>>
> >>> On Wed, Sep 19, 2018 at 10:48 AM "ve2gqf--- via ARM-allstar" <
> >> arm-allstar at hamvoip.org> wrote:
> >>>> Thank you very much Doug for your response,
> >>>>
> >>>> I have made these corrections, without success.
> >>>>
> >>>> If it can helps :
> >>>>
> >>>> [root at VE2RQF-900 asterisk]# tcpdump port 5038
> >>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> >>>> decode listening on eth0, link-type EN10MB (Ethernet), capture size
> >>>> 262144 bytes
> >>>> 06:55:42.260508 IP VE2RQF-900.51582 > 192.168.27.134.5038: Flags [S],
> >>>> seq 4033407941, win 29200, options [mss 1460,sackOK,TS val 3964593032
> >>>> ecr 0,nop,wscale 7], length  0
> >>>> 06:55:43.265404 IP VE2RQF-900.51582 > 192.168.27.134.5038: Flags [S],
> >>>> seq 4033407941, win 29200, options [mss 1460,sackOK,TS val 3964594037
> >>>> ecr 0,nop,wscale 7], length  0
> >>>> 06:55:45.345406 IP VE2RQF-900.51582 > 192.168.27.134.5038: Flags [S],
> >>>> seq 4033407941, win 29200, options [mss 1460,sackOK,TS val 3964596117
> >>>> ecr 0,nop,wscale 7], length  0
> >>>> 06:56:38.029448 IP VE2RQF-900.51600 > 192.168.27.134.5038: Flags [S],
> >>>> seq 2964414919, win 29200, options [mss 1460,sackOK,TS val 3964648802
> >>>> ecr 0,nop,wscale 7], length  0
> >>>> 06:56:39.115401 IP VE2RQF-900.51600 > 192.168.27.134.5038: Flags [S],
> >>>> seq 2964414919, win 29200, options [mss 1460,sackOK,TS val 3964649888
> >>>> ecr 0,nop,wscale 7], length  0
> >>>>
> >>>> Another suggestion ?
> >>>>
> >>>> 73's Gilles VE2GQF
> >>>>
> >>>>
> >>>> Le 2018-09-18 à 23:21, "Doug Crompton via ARM-allstar" a écrit :
> >>>>> Giles,
> >>>>>
> >>>>>  It seems you changed a few lines in manager.conf that did not need
> >>>>> to be changed and did not change the one line you needed to change!
> >>>>> Here is
> >>>> what
> >>>>> it should look like -
> >>>>>
> >>>>> *manager.conf*
> >>>>> [general]
> >>>>> displaysystemname = yes
> >>>>> enabled = yes
> >>>>> ;webenabled = yes
> >>>>> port = *5038*
> >>>>>
> >>>>> ;httptimeout = 60
> >>>>> ; a) httptimeout sets the Max-Age of the http cookie ; b)
> >>>>> httptimeout is the amount of time the webserver waits
> >>>>> ;    on a action=waitevent request (actually its httptimeout-10)
> >>>>> ; c) httptimeout is also the amount of time the webserver keeps
> >>>>> ;    a http session alive after completing a successful action
> >>>>>
> >>>>> ;bindaddr = 127.0.0.1   ; Local interface only!
> >>>>> bindaddr = 0.0.0.0    ; Not secure
> >>>>> ;
> >>>>> ;displayconnects = yes
> >>>>> ;
> >>>>> ; Add a Unix epoch timestamp to events (not action responses) ;
> >>>>> ;timestampevents = yes
> >>>>>
> >>>>> [admin]
> >>>>> secret = *xxxx*
> >>>>> read = all,system,call,log,verbose,command,agent,user,config
> >>>>> write = all,system,call,log,verbose,command,agent,user,config
> >>>>>
> >>>>> Note - webenabled is commented, disolayconnects is commented and
> >>>>> most importantly
> >>>>> bindaddr=0.0.0.0  is uncommented and bindaddr=127.0.0.1 is commented
> >>>>> without this bindaddr change the manager cannot be accessed outside
> >>>>> of
> >>>> this
> >>>>> server.
> >>>>> Also note that if you port forward the manager port you could open
> >>>> yourself
> >>>>> up to
> >>>>> security problems. See the supermon howto at hamvoip.org for a
> >>>>> firewall script to avoid that.
> >>>>>
> >>>>>
> >>>>> *73 Doug*
> >>>>>
> >>>>> *WA3DSP*
> >>>>>
> >>>>> *http://www.crompton.com/hamradio
> >>>>> <http://www.crompton.com/hamradio>*
> >>>>>
> >>>>> On Tue, Sep 18, 2018 at 9:23 PM "ve2gqf--- via ARM-allstar" <
> >>>>> arm-allstar at hamvoip.org> wrote:
> >>>>>
> >>>>>> Hi Doug,
> >>>>>>
> >>>>>> I trying to run supermon on VE2RQF all looks good but I have an
> issue.
> >>>>>> Supermon can't connect to Asterisk Manager.  there is no firewall,
> >>>>>> no
> >>>> port
> >>>>>> blocked.
> >>>>>>
> >>>>>> [ VE2RQF-900 ] [ WAN IP: 70.82.65.122 <
> >>>>>> http://192.168.27.66/supermon/custom/iplog.txt> ] [ LAN IP:
> >>>> 192.168.2.153
> >>>>>> ] [ AstP: 4569 ] [ MgrP: 5038 ] [
> >>>>>> SShP: 222 ]
> >>>>>> [ Tuesday, September 18, 2018 EDT 19:16:05 up 2 days, 2:00, 5
> >>>>>> users,
> >>>> load
> >>>>>> average: 0.06, 0.09, 0.09 ]
> >>>>>>
> >>>>>> /  Node 47646 <http://stats.allstarlink.org/nodeinfo.cgi?node=47646
> >
> >> =>
> >>>>>> VE2RQF 927.300- Sherbrooke, Quebec    Bubble Chart
> >>>>>> <http://stats.allstarlink.org/getstatus.cgi?47646>  lsNodes <
> >>>>>> http://192.168.27.66/cgi-bin/lsnodes_web?node=47646>  /
> >>>>>> Node    Node Information        Received        Link    Direction
> >>>>>>  Connected       Mode
> >>>>>> Connecting to Asterisk Manager...
> >>>>>>
> >>>>>>
> >>>>>> my config files are below
> >>>>>>
> >>>>>> allmon.ini
> >>>>>> [47646]
> >>>>>> host=127.0.0.1:*5038*
> >>>>>> user=admin
> >>>>>> passwd=*xxxx*
> >>>>>> menu=yes
> >>>>>> hideNodeURL=no
> >>>>>>
> >>>>>> *manager.conf*
> >>>>>> [general]
> >>>>>> displaysystemname = yes
> >>>>>> enabled = yes
> >>>>>> webenabled = yes
> >>>>>> port = *5038*
> >>>>>>
> >>>>>> ;httptimeout = 60
> >>>>>> ; a) httptimeout sets the Max-Age of the http cookie ; b)
> >>>>>> httptimeout is the amount of time the webserver waits
> >>>>>> ;    on a action=waitevent request (actually its httptimeout-10)
> >>>>>> ; c) httptimeout is also the amount of time the webserver keeps
> >>>>>> ;    a http session alive after completing a successful action
> >>>>>>
> >>>>>> bindaddr = 127.0.0.1   ; Local interface only!
> >>>>>> ;bindaddr = 0.0.0.0    ; Not secure
> >>>>>> ;
> >>>>>> displayconnects = yes
> >>>>>> ;
> >>>>>> ; Add a Unix epoch timestamp to events (not action responses) ;
> >>>>>> ;timestampevents = yes
> >>>>>>
> >>>>>> [admin]
> >>>>>> secret = *xxxx*
> >>>>>> read = all,system,call,log,verbose,command,agent,user,config
> >>>>>> write = all,system,call,log,verbose,command,agent,user,config
> >>>>>>
> >>>>>> Can you say what I have missed ?
> >>>>>>
> >>>>>> Thank's,
> >>>>>>
> >>>>>> Gilles ve2gqf
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> ---
> >>>>>> L'absence de virus dans ce courrier électronique a été vérifiée par
> >>>>>> le logiciel antivirus Avast.
> >>>>>> https://www.avast.com/antivirus
> >>>>>> _______________________________________________
> >>>>>>
> >>>>>> ARM-allstar mailing list
> >>>>>> ARM-allstar at hamvoip.org
> >>>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >>>>>>
> >>>>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
> >>>>> _______________________________________________
> >>>>>
> >>>>> ARM-allstar mailing list
> >>>>> ARM-allstar at hamvoip.org
> >>>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >>>>>
> >>>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
> >>>> ---
> >>>> L'absence de virus dans ce courrier électronique a été vérifiée par le
> >>>> logiciel antivirus Avast.
> >>>> https://www.avast.com/antivirus
> >>>>
> >>>> _______________________________________________
> >>>>
> >>>> ARM-allstar mailing list
> >>>> ARM-allstar at hamvoip.org
> >>>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >>>>
> >>>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
> >>> _______________________________________________
> >>>
> >>> ARM-allstar mailing list
> >>> ARM-allstar at hamvoip.org
> >>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >>>
> >>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
> >>>
> >>> _______________________________________________
> >>>
> >>> ARM-allstar mailing list
> >>> ARM-allstar at hamvoip.org
> >>> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >>>
> >>> Visit the BBB and RPi2/3 web page - http://hamvoip.org
> >>
> >> ---
> >> L'absence de virus dans ce courrier électronique a été vérifiée par le
> >> logiciel antivirus Avast.
> >> https://www.avast.com/antivirus
> >>
> >> _______________________________________________
> >>
> >> ARM-allstar mailing list
> >> ARM-allstar at hamvoip.org
> >> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >>
> >> Visit the BBB and RPi2/3 web page - http://hamvoip.org
> > _______________________________________________
> >
> > ARM-allstar mailing list
> > ARM-allstar at hamvoip.org
> > http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> >
> > Visit the BBB and RPi2/3 web page - http://hamvoip.org
>
>
>
> ---
> L'absence de virus dans ce courrier électronique a été vérifiée par le
> logiciel antivirus Avast.
> https://www.avast.com/antivirus
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org

More information about the ARM-allstar mailing list