myron/infra
1
0
Fork 0
mirror of https://github.com/myronblair/infra synced 2026-06-30 17:50:10 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
infra/ai-memory/project_fusionpbx.md
T
myron 52f6073593 Add Claude Code AI memory files 
AI context/memory from Claude Code sessions covering all
infrastructure: JARVIS, NovaCPX, DO sites, Proxmox, FusionPBX,
MediaStack, and project feedback/preferences.
2026-06-26 03:06:26 +00:00

5.1 KiB
Raw Permalink Blame History

name, description, metadata
name description metadata
fusionpbx-freeswitch-setup FusionPBX on DO 134.209.72.226; Yealink T48S ext 1000/1001/1002; SignalWire SIP trunk; inbound routing; provisioning
node_type type originSessionId
memory project 84bfb029-16a6-4be4-aca0-308e896c1219

FusionPBX (FreeSWITCH) PBX on DigitalOcean 134.209.72.226. SSH: root / Joker1974!@# (must proxy via 165.22.1.228 — direct SSH blocked) FusionPBX web: https://fusion.orbishosting.com (admin / fY7XP5swgtpbzrYLhkeVYkA4744) DB: fusionpbx user / pSJaF9mUJqPr4Sj5mwJyRqvCCpc, host 127.0.0.1 Domain: 134.209.72.226 (uuid: de6d867b-54d2-43f4-b1ed-8fd66803acac) — all devices under this domain

SIP Profile

Only external profile running (port 5080, UDP+TCP). No internal profile. Phones register on external profile — non-standard but working. Key settings (2026-06-02):

  • auth-calls = true
  • apply-inbound-acl = providers
  • proxy-media = true (fixes NAT audio issues)
  • aggressive-nat-detection = true, NDLB-force-rport = true
  • minimum-session-expires = 300

Warning: Every sofia profile external restart drops all phone registrations. Prefer reloadxml + reloadacl where possible.

Extensions

  • 1000: Myron Blair — Yealink T48S at 10.48.200.2, MAC 80:5e:c0:35:04:77, password Xk9mPw3nQv7rLs2t
  • 1001: Tommy Ivy — Yealink T48S at 10.48.200.43, password Tv8xNm4pWq6rZs3k
  • 1002: Home — Yealink AX86R at 10.48.200.65, password yXHaJTwa8rj?$GkrVFQB

1001 short registration: Registers with ~120s expiry. Causes brief unavailability during re-reg. Fix properly by setting registration expiry to 3600s on the phone itself.

Phones NAT

All phones come from FortiGate NAT IP 97.247.128.120 (updated 2026-06-17, was 97.154.109.245). This IP is in the providers ACL — required for both inbound call routing AND outbound calls from phones.

providers ACL (v_access_controls uuid: 47da18a2-6085-4740-a316-6d1bce8240b5)

Contains: all SignalWire IP ranges (172.110.216.0/21 + individual IPs) + 97.247.128.120 (FortiGate/phones).

SignalWire Gateway

  • FusionPBX gateway name: signalwire, profile: external
  • Username: fusion@orbis-hosting-0364f5f67488.sip.signalwire.com
  • register = false (IP-based auth), state NOREG / status UP = correct

CRITICAL — transport=udp required: SignalWire SIP Gateway External URI MUST be: sip:18177645007@134.209.72.226:5080;transport=udp Without ;transport=udp, SignalWire uses TCP from 152.42.144.114 / 159.65.244.171 which FreeSWITCH silently drops (no log entry, no response). Only UDP from 172.110.223.179 works. 20/22 calls failed before this fix.

Inbound Call Routing (DID: +18177645007)

SignalWire sends caller's number as Request-URI destination (not the DID) even with SIP Gateway configured. Single-mode Lua handler can't match this to v_destinations → falls to not-found.

Fix: Global catch-all dialplan:

  • Name: signalwire-inbound, context: public, order: 100, domain_uuid: NULL
  • Expression: ^.*$transfer 900 XML 134.209.72.226
  • If deleted, calls fall through to not-found (404)

Public dialplan order:

  1. caller-details (10, global, continue=true)
  2. signalwire-inbound (100, global) → IVR 900
  3. 18177645007 (100, domain-specific, expression ^(.*)$) → linked via v_destinations
  4. not-found (999, global)

IVR

  • Extension 900: active IVR, greeting: ivr_menu_16k.wav
  • Extension 800: old FIFO queue (disabled)
  • IVR dialplan in domain context 134.209.72.226, name "IVR", matches ^900$

Yealink Provisioning

URL: https://fusion.orbishosting.com/app/provision/ Boot file: {mac}.boot, model cfg: y000000000065.cfg, device cfg: {mac}.cfg Yealink web login uses textbook RSA (no padding): encrypt password with g_rsa_n/g_rsa_e from login page using pow(m,e,n). Web lockout: Multiple failed logins lock the web UI for several minutes. Provision trigger: GET /servlet?p=autoprovision-cfg&q=autoprovision Reboot API: POST /servlet?p=reboot&q=reboot (empty body)

2026-06-02 issue: yealink_firmware_t48s = t48s-66.81.0.110.rom in v_default_settings caused phone to get stuck downloading non-existent firmware. Fixed by disabling that setting (enabled=false). Phone 1000 (10.48.200.2) had its config reset during this process.

Ext 1000 recovery: If 1000 not registering — go to phone screen: Menu → Settings → Advanced → admin → Accounts → Account 1: server 134.209.72.226, port 5080, auth/user 1000, password Xk9mPw3nQv7rLs2t

Key Commands

# Reload ACL without restart
fs_cli -x "reloadacl"
# Reload dialplan/XML config  
fs_cli -x "reloadxml"
# Restart external profile (drops registrations — avoid)
fs_cli -x "sofia profile external restart"
# Check registrations
fs_cli -x "sofia status profile external reg"
# Check gateway
fs_cli -x "sofia xmlstatus gateway"
# Clear dialplan cache
rm -f /var/cache/fusionpbx/dialplan.public.*
# Clear sofia profile cache
rm -f /var/cache/fusionpbx/fusion.configuration.sofia.conf

fail2ban Whitelist

  • 107.178.2.130 (office), 97.247.128.120 (home WAN — updated 2026-06-17, was 97.154.109.245)
  • sip-auth-ip iptables chain — can get the FortiGate IP blocked; check with iptables -L sip-auth-ip -n
Reference in New Issue View Git Blame Copy Permalink