search

geeekpi / cm4routerboard

Raspberry Pi Computer Module 4 internet extand board firmware and config files
MIT License
14 stars 1 forks source link

Using Trying to Register both a Hard Phone and Cisco Jabber / Installing Updates #8

Open David-McGuire opened 2 years ago

David-McGuire commented 2 years ago

When Trying to Register both a Hard Phone and Cisco Jabber. i am not able to get to the "Service Doman" the CIsco MRA uses the following protocols and associated services:

Protocol Security Service SIP TLS Session establishment – Register, Invite etc. HTTPS TLS Logon, provisioning/configuration, directory, visual voicemail RTP SRTP Media - audio, video, content sharing.

Network topology is as follows:

Network Cable Modem -> OpenWrt on a Raspberry Pi on interface eth1 (Wan) -> eth0 (Lan) -> unmanaged Gig switch -> unmanaged Gig switch -> Cisco 8841 phone if that helps.

I have included the following output from the OpenWrt as well below.

I am not sure if this is a issue with the code or not but when posting this on the "OpenWrt" " there has been the suggestion of upgrading this to the current code of 21.02.3 and i do not believe that this has been ported to the supported to our 52Pi CM4routerboard, or if this will.

One item i did notice was that when under "Software" there are alot of Updates listed but none would install I would get the followig error when truing to upgrade "base-files | 1-r0-0765466 » 1491-r20091-9f1d622328"

Error "umount: tmpfs busy - remounted read-only umount: can't remount tmpfs read-only umount: proc busy - remounted read-only Collected errors:

Not sure if this also is an open issue or not, but it seems to happen to all the updates. 

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2022.07.12 00:37:10 =~=~=~=~=~=~=~=~=~=~=~=
login as: 
root@192.168.1.1's password: 

BusyBox v1.35.0 (2022-01-13 23:46:39 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r0-0765466
 -----------------------------------------------------
e]0;root@OpenWrt: ~aroot@OpenWrt:~# ubus call system board; uci export dhcp; uci export network; uci

 export firewall; ip route show default
{
    "kernel": "5.10.90",
    "hostname": "OpenWrt",
    "system": "ARMv8 Processor rev 3",
    "model": "Raspberry Pi Compute Module 4 Rev 1.0",
    "board_name": "raspberrypi,4-compute-module",
    "rootfs_type": "ext4",
    "release": {
        "distribution": "OpenWrt",
        "version": "SNAPSHOT",
        "revision": "r0-0765466",
        "target": "bcm27xx/bcm2711",
        "description": "OpenWrt SNAPSHOT r0-0765466"
    }
}
package dhcp

config dnsmasq
    option domainneeded '1'
    option localise_queries '1'
    option rebind_protection '1'
    option rebind_localhost '1'
    option local '/lan/'
    option domain 'lan'
    option expandhosts '1'
    option authoritative '1'
    option readethers '1'
    option leasefile '/tmp/dhcp.leases'
    option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
    option localservice '1'
    option ednspacket_max '1232'
    option confdir '/tmp/dnsmasq.d'
    option quietdhcp '1'
    option filterwin2k '1'

config dhcp 'lan'
    option interface 'lan'
    option start '100'
    option limit '150'
    option leasetime '12h'
    option dhcpv4 'server'
    option dhcpv6 'server'
    option ra 'server'
    option ra_slaac '1'
    list ra_flags 'managed-config'
    list ra_flags 'other-config'

config dhcp 'wan'
    option interface 'wan'
    option ignore '1'

config odhcpd 'odhcpd'
    option maindhcp '0'
    option leasefile '/tmp/hosts/odhcpd'
    option leasetrigger '/usr/sbin/odhcpd-update'
    option loglevel '4'

config host
    option name 'SEPxxxxxxxxx4976'
    option ip '192.168.1.214'
    option mac 'xx:xx:xx:xx:49:76'

package network

config interface 'loopback'
    option device 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'XXXX:XXXX:1ed3::/48'

config device
    option name 'br-lan'
    option type 'bridge'
    list ports 'eth0'

config interface 'lan'
    option device 'br-lan'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config interface 'eth1'
    option device 'eth1'
    option proto 'dhcp'

package firewall

config defaults
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option synflood_protect '1'

config zone
    option name 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'
    list network 'lan'

config zone
    option name 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
    list network 'wan'
    list network 'wan6'
    list network 'eth1'

config forwarding
    option src 'lan'
    option dest 'wan'

config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-IGMP'
    option src 'wan'
    option proto 'igmp'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-DHCPv6'
    option src 'wan'
    option proto 'udp'
    option src_ip 'fc00::/6'
    option dest_ip 'fc00::/6'
    option dest_port '546'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-MLD'
    option src 'wan'
    option proto 'icmp'
    option src_ip 'fe80::/10'
    list icmp_type '130/0'
    list icmp_type '131/0'
    list icmp_type '132/0'
    list icmp_type '143/0'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Input'
    option src 'wan'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Forward'
    option src 'wan'
    option dest '*'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-IPSec-ESP'
    option src 'wan'
    option dest 'lan'
    option proto 'esp'
    option target 'ACCEPT'

config rule
    option name 'Allow-ISAKMP'
    option src 'wan'
    option dest 'lan'
    option dest_port '500'
    option proto 'udp'
    option target 'ACCEPT'

config rule
    option name 'Support-UDP-Traceroute'
    option src 'wan'
    option dest_port '33434:33689'
    option proto 'udp'
    option family 'ipv4'
    option target 'REJECT'
    option enabled 'false'

config include
    option path '/etc/firewall.user'

default via x.x.240.1 dev eth1  src x.x.242.69 
x.x.240.0/21 dev eth1 scope link  src x.x.242.69 
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1 
e]0;root@OpenWrt: ~aroot@OpenWrt:~# ubus call system board; uci export dhcp; uci export network; uci

export firewall; ip route show default