Re: [Ekiga-list] Account is no locked anymore. What to do?

[junk_no_spam <junk_no_spam verizon net>]

On 08/18/2013 02:36 PM, Csanyi Pal wrote:

> Have restarted gateway firewall:

Hope the restart did not delete your router changes.  :)

If pc was rebooted, I hope router pc ip assignment still matched what pc 
is using.

> Still can't call from Ekiga PC to phone. Why?


> Testing  WAN 95.85.141.89 ports
> STUN, required for SIP (phone calls) and RTP (video) UDP 3478  FAILED

STUN UDP ports 3478 and 3479 have to pass to/from router before Ekiga 
can even start the call.

Noticed some 1720 and 30xx port errors. Double check firewall rules to 
verify they are set to use tcp.

Modified the code to abort testing if there are problems in LAN pc 
firewall tests. If LAN testing has errors, WAN testing will have the 
same failures.

Also modified the error logic to reduce noise from netstat.


#!/bin/bash
#***********************************************************************
#*
#* voip_ck - check voip ports  version 2.0
#*
#*   Verify ports used by ekiga are open on pc and accessible
#*   through pc firewall and modem.
#*   Verify DiamondCard SIP servers have not blacklisted your WAN ip.
#*
#* Uses nc from netcat-openbsd rpm to test port connections
#*  wget from wget rpm,
#*  pkill from procps rpm,
#*  netstat from net-tools rpm, and
#*  dig from bind-utils rpm to check sip.diamondcard.us servers.
#*
#* If you are not going to be using the ports, and it is not marked required
#* free to remove the line from the port_ary.
#*
#* Do change _registar="sip.diamondcard.us" to your VOIP carrier
#*
#*
#* If behind NAT router, read
#*        http://wiki.ekiga.org/index.php/Ekiga_behind_a_NAT_router
#*
#*
#*     Required /etc/shorewall/rules snippet follows:
#*
#* # ekiga UDP Through NAT (STUN) ports
#* ACCEPT          $FW      net     udp     3478:3479
#* ACCEPT          net      $FW     udp     3478:3479
#*
#* # ekiga incomming SIP VoIP, Windows Messenger ports
#* ACCEPT          $FW      net     udp     5000:5100
#* ACCEPT          net      $FW     udp     5000:5100
#*
#* # ekiga  RTP
#* ACCEPT          $FW      net     udp     7070
#* ACCEPT          $FW      net     udp     16382
#*
#* # ekiga incomming H.323, Netmeeting ports
#* ACCEPT          net      $FW     tcp     1720
#* ACCEPT          $FW      net     tcp     1720
#*
#*
#***********************************************************************

    set -u
   _exe=$0
   _app=$(basename $_exe)

    _dport=0
    declare -a _errors=("")
    _fault_flg=0
    _fault_msg=""
    _ipv_mode="-4"
    ix=0
    _lan_ip=""
    _msg=""
    _nc_app="nc"
    _pkt_sw=""
    _pkt="-u"
    _registar="sip.diamondcard.us"
    _required=""
    _rpm=""
    _servers=""
    _servers_ip=""
    _sport=38564
    _svr_fn=$HOME/tmp/$_app.log
    _target="$_lan_ip"
    _test=""
    _test_msg=""
    _test_type=""
    _wan_ip=""

    declare -a port_ary=(
    "3478 udp mandatory Outgoing STUN for SIP (phone calls) and RTP 
(video)."
    "3479 udp mandatory Outgoing STUN for calls and video."
    "5060 udp required SIP listen port for incoming SIP signalling."
    "5000 udp required SIP SIP signalling range 5000-5100."
    "5100 udp required SIP end of SIP 5000-5100 and H.323 gatekeepers 
range."
    "5004 udp required RTP Incoming traffic from the other end. Often 
5004, 7070, 16382."
    "7070 udp required RTP Incoming traffic from the other end. Often 
5004, 7070, 16382."
    "16382 udp required RTP is the IETF standard used to transport 
audio and video. "
    "1720 tcp optionial H.323 Listening port for H.323 gatekeepers 
(Netmeeting)."
    "30000 tcp optionial H.245 channel for old H.323 implementations 
(Netmeeting).  "
    "30010 tcp optionial H.245 end of 30000-30010 range (Netmeeting)."
    )

    function port_test ()
    {
      _fault_flg=0
      _errors=("")
      if [ "$_test_type" = "LAN" ] ; then
        _test_msg="pc firewall"
        _target="$_lan_ip"
      else
        _test_msg="router firewall"
        _target="$_wan_ip"
      fi

      echo " "
      echo "Testing  $_test_type $_target ports"
      i=0
      while [ $i -ne ${#port_ary[ ]} ] ; do
        set --  $(echo ${port_ary[$i]})
        _dport=$1
        _pkt=$2
        _required=$3
        shift 3
        _test="$@"

        if [ "$_pkt" = "udp" ] ; then
          _pkt_sw="-u"
        else
          _pkt_sw=""
        fi

        _test_args="$_ipv_mode -s $_sport $_pkt_sw  -w 2 $_target"
        rm -f $_svr_fn

        /bin/echo -n "$_required $_pkt port $_dport "
        _msg="$_test_type $_test_msg port ${port_ary[$i]}"

        $_nc_app $_ipv_mode -l $_pkt_sw $_dport > $_svr_fn  2>&1 &
        /bin/echo "$_msg" |$_nc_app $_test_args $_dport
        _count=$(grep -c "$_msg" $_svr_fn)
        if [ $_count -eq 0 ] ; then
          /bin/echo " FAILED"
          (( _fault_flg++ ))
          _errors+=("")
          _errors+=("$_required $_test_type $_pkt $_dport FAILED")
          _errors+=("$_test")
          _errors+=("")
          _errors+=("Sent:     $_msg ")
          _errors+=("Received: $(cat $_svr_fn )")
          _errors+=("run netstat | grep  $_dport")
          _errors+=("if you have port in use errors.")
        else
          /bin/echo " passed"
        fi
        (( i++ ))
      done
      /bin/echo "

      "
    } # end function port_test


        #**********************************
        #* main code start here
        #**********************************
              #**********************************
              #* Verify needed apps are installed
              #**********************************

    _apps="pkill nc wget dig hostname netstat /bin/echo"
    for _app in $_apps ; do
      set -- $(type $_app 2>&1)
      if [ "$2" != "is" ] ; then
        _errors+=("unable to find $_app")
        (( _fault_flg++ ))
      fi
    done


    if [ $_fault_flg -gt 0 ] ; then
      echo "
      $_exe fatal error:"
      for ix in ${!_errors[*]} ; do
        printf "   %s\n" "${_errors[$ix]}"
      done
      echo "Please install missing application "
      exit 1
    fi

    _lan_ip=$(hostname --ip-address)
    _wan_ip=$(wget -qO - http://myip.dnsomatic.com/)
    mkdir -p $HOME/tmp


    set -- $(type nc)
    _nc_app=$3


    pkill -u $USER -f $_nc_app > /dev/null 2>&1

        #**************************************************
        #* check LAN pc firewall then WAN router ports
        #**************************************************


    echo "
     Testing LAN PC firewall, WAN Router ports and Registar sip server 
connectivity
    "

    for _test_type in LAN WAN ; do
      port_test
      if [ $_fault_flg -ne 0 ] ; then
        break
      fi
    done

    pkill -u $USER -f $_nc_app  > /dev/null 2>&1
    sleep 1
    echo "ignore any Terminated   \$_nc_app \$_ipv_mode .... messages "

    if [ $_fault_flg -gt 0 ] ; then
      if [ ${#_errors[*]} -gt 0 ] ; then
        echo "$_exe fatal error:"

        for ix in ${!_errors[*]} ; do
          printf " %s\n" "${_errors[$ix]}"
        done

        echo "Solution:"

        if [ "$_test_type" = "LAN" ] ; then
          echo "Open FAILED port in $_test_type's firewall"
          echo "Allow ip/app in $_target's /etc/hosts.allow or"
          echo "Remove ip/app in $_target's /etc/hosts.deny"
          echo "if you are using tcpwrappers and modified those files"
        else
          echo "Open and forward FAILED port to LAN $_lan_ip"
          echo "in the $_test_type's router"
        fi
      fi

      echo "
      Clear all port FAILED failures to finish
      $_exe testing.

      Assuming you did not get any  nc: errors;
      LAN port failures are a PC problems with the firewall.
      Maybe /etc/hosts.(allow | deny) if you are using them.

      WAN failures are a ROUTER firewall problems and you
      need to open/forward ports to your LAN pc

      For any questions about ports/router, refer to

http://wiki.ekiga.org/index.php/Manual#Using_Ekiga_with_routers_and_firewalls

      If you get $_nc_app argument error, then you do not have a compatible
      netcat-openbsd $_nc_app application.
      "
      exit 1
    fi


    echo "
          Testing sip servers by ip then by name.
    "
        #*************************************************
        #* get registar's sip udp server and ip address
        #*************************************************

    while read -r line; do
      set -- $line
      _servers="$_servers $4"
      set -- $(host $4)
      _servers_ip="$_servers_ip $4"
    done < <((dig +short _sip._udp.$_registar SRV))

        #*********************************************
        #* ping by ip then by name
        #*********************************************

   for _serv in $_servers_ip $_servers ; do
      _cmd="ping -c1 -w 2 $_serv"
      /bin/echo -n "$_cmd"
      $_cmd > /dev/null 2>&1
      if [ $? -ne 0 ] ; then
        /bin/echo " FAILED"
        (( _fault_flg++ ))
      else
        /bin/echo " passed"
      fi
    done

    /bin/rm $_svr_fn


    if [ $_fault_flg -ne 0 ] ; then
      echo "
      If one sip server FAILED and the other passed, then I
      am betting your ip ($_wan_ip) has been blacklisted.
      You will need to contact diamond to clear it from their blacklist.
      Repeated pings can also get you blacklisted.  :(
      "
    else
      echo "
      Yay, if all tests passed, that indicates echo test should work.

      You may want to consider running something like audacity to check
      microphone input and on what device before setting it in Ekiga 
preferences.

      Assuming you have the account configured correctly.
      I had to remove the Ekiga account, on one ekiga release,
      to get my diamond account working.

      My Account settings:
      Name:      sip.diamondcard.us
      Registrar: sip.diamondcard.us
      User and Authentication user are both the same value.

      My Audio-> codec preference order had to be
      PCMU
      PCMA
      Speex
      All others not selected. I have not done any video call testing.
      "
    fi

#****************** end voip_ck 
*********************************************