Debian 9 or 10 for new installs

Status
Not open for further replies.

ZPM

Member
Nov 15, 2017
64
6
8
46
Do we stick with Debian 9 for installs or should we be using 10 for production?
 

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,070
577
113
I would stick with 9. I have 10 running on Raspberry Pi4 but according to @MichaelJerris , one of the freeswitch devs, FS1.8 will never be available for Debian 10.

I'd stick with their advice unless there is no alternative.
 

smn

Member
Jul 18, 2017
201
20
18
Do we stick with Debian 9 for installs.

Yes.
I would stick with 9. I have 10 running on Raspberry Pi4 but according to @MichaelJerris , one of the freeswitch devs, FS1.8 will never be available for Debian 10.

I'd stick with their advice unless there is no alternative.

Until they change the version number and then suddenly everyone needs to upgrade immediately. At least that was my interpretetion of how it went down when they finally release 1.8. Suddenly, seemingly almost overnight, anyone running v1.6 on debian 8 was a loser.
 
Last edited:

marko

New Member
Aug 15, 2019
7
0
1
not out of the box - there is a problem with the ioncube loader directories in the install script - I symlinked the new ioncube path to the /usr/lib/php/20160303 called for in the script, but I still get /usr/lib/php/20160303/ioncube_loader_lin_7.3.so: cannot open shared object file: No such file or directory
this is an upgrade from a once working fs1.8 installation.
 

marko

New Member
Aug 15, 2019
7
0
1
ok, the cannot open was a typo in the symlink. Now I get an error is the database schema
ERROR: relation "v_user_groups" does not exist
LINE 1: insert into v_user_groups (user_group_uuid, domain_uuid, gro...
I'm going to create a table and see what happens. Freeswitch still gives the lua error reported elsewhere.
 

Davesworld

Member
Feb 1, 2019
99
11
8
65
ok, the cannot open was a typo in the symlink. Now I get an error is the database schema
ERROR: relation "v_user_groups" does not exist
LINE 1: insert into v_user_groups (user_group_uuid, domain_uuid, gro...
I'm going to create a table and see what happens. Freeswitch still gives the lua error reported elsewhere.

This is weird, it is looking for a 2016 directory.
 
Last edited:

Davesworld

Member
Feb 1, 2019
99
11
8
65
Ok, the file exists in the 2018 directory, I just added /usr/lib/php/20160303 and linked it in there to see what happens.

Edit: In the installer there is a script to install the ioncube at /usr/src/fusionpbx-install.sh/debian/ioncube.sh , I changed 20160303 to 20180731 and did a fresh install with no errors on Debian Buster. Now we'll see how it actually works.
 
Last edited:

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,070
577
113
I installed a FS 1.10 last night with Debian 10. All is looking good at the moment.

There was an error that you just reminded me of but it was only with the ioncube loader, I need to point that out to mark.
 

Davesworld

Member
Feb 1, 2019
99
11
8
65
The only issue I have now is that not only am I unable to register phones to extensions but there is no indication that freeswitch is receiving the attempts, sip statuses look fine. Anveo Direct is able to route calls into the system and I can leave voicemails and the voicemails get mailed I just can't get the system to allow my sip phones to contact it, it would appear that the internal profile is the one that cannot be communicated with.

I can actually get the tls cert over port 5061 by issuing the command:
openssl s_client -connect mydomain.example:5061 < /dev/null | openssl x509 -noout -text
This at least tells me that I can reach it. I imported the database which may be important here.
 
Last edited:

noci

New Member
Aug 9, 2019
7
2
3
NL
Why is the LAN profile not included in fail2ban as an set of ignoreip? just copy & join all CIDR's into one line.
For php the path to ion cube needs to be repaired in the install.sh script.
The shared object is getting copied to the right place. only the .ini file gets old stuff.
 
Last edited:

Davesworld

Member
Feb 1, 2019
99
11
8
65
You definitely not fail2banned?

Not according to the logs, I did try it with fail2ban off for a time and since I do have the Grandstream app on my phone I tried there as well since it is a totally different network ip range.

I'll do my searching today definitely. Since I am getting all my incoming calls through the external profile to the FusionPBX itself and get voice messages, email notifications etc, I'm looking at something in the internal profile as the culprit.

Edit: Running IFTOP shows that I am getting the sip-tls traffic from my own ip at home to my FusionPBX which runs in a datacenter with a fixed IP. I also put ignore ip ranges in the fail2ban local config for my isp dhcp range for everything that is enabled excluding ssh as I I never bombard it with port 22 traffic with bad passwords. I definitely have the proper CIDR ranges in the freeswitch section. Yes, I have locked myself out of the web gui before, especially right after an install when everything is being sorted.
 
Last edited:

DigitalDaz

Administrator
Staff member
Sep 29, 2016
3,070
577
113
I definitely have the proper CIDR ranges in the freeswitch section

What do you mean by that? Generally the only thing to do with CIDRs would be your carrier IPs.
 

Alfa

New Member
Mar 1, 2017
9
0
1
38
Hi, same problem here:

Debian 10 - FS 1.10 -- No TLS working
Debian 9 - FS 1.10 -- TLS working for T19P E2, T46S -- TLS not working for W60B

In fs_cli with debug and SIP trace I found:
tls_early_post_process_client_hello:version too low
 

Davesworld

Member
Feb 1, 2019
99
11
8
65
Hi, same problem here:

Debian 10 - FS 1.10 -- No TLS working
Debian 9 - FS 1.10 -- TLS working for T19P E2, T46S -- TLS not working for W60B

In fs_cli with debug and SIP trace I found:
tls_early_post_process_client_hello:version too low

That is the only issue I am having also now, I had to switch to udp. Now to get TLS working on Buster.
 

Davesworld

Member
Feb 1, 2019
99
11
8
65
Ok I changed TLS version in variables to 1.2 and the remaining clients I left on tls started connecting. It was set to 1 originally, not even 1.0 or 1.1 but 1.

I believe the certs in Freeswitch will handle V1.3 these days.

EDIT: The cert itself is not necessarily the defining factor, the server capability and openssl version are what matters most I learned.
 
Last edited:
Status
Not open for further replies.