Thursday, May 14, 2015

SSH blocks on 'expecting SSH2_MSG_KEX_DH_GEX_GROUP'

Recently I have updated one of the server to CentOS 7. It have access to several network. With the previous CentOS version, it had SSH access to those networks. But with the server upgrade the server was not able to access via SSH.

To troubleshoot the issue I have run ssh with the the verbose mode.
#ssh -vvv <Remote server IP> -l <user name>

Then session got stuck in SSH2_MSG_KEX_DH_GEX_GROUP message.

If I briefly explain the network setup, there is a intermediate firewall which is controlling all the network traffic between those VLANS. I found by googling that it's something related to the packet fragmentation.
By default Network card MTU ( Maximum transfer unit ) is 1500. Then I have run the below command to change the MTU of the network card.

#ifconfig <network_device_name> mtu 576 ( You can try with different MTU 1000, 1472, or 567 )

Then I tried to ssh from the other network, It worked. If you want more details then you can refer the below link.


Cacti web access redirect from http to https

By default cacti can access using both http and https traffic. But due to the security reasons it should recommended to access cacti via https. Therefore you should change the index.php which is located in /usr/share/cacti folder.

So here is the tip on how to deploy in your Linux Machine:

1. Edit the index.php located on cacti's root folder
#cd /usr/share/cacti
#vi index.php

copy the PHP code below and insert it on the first line of index.php

<?php
if ($_SERVER['SERVER_PORT']!=443)
{
$url = "https://". $_SERVER['SERVER_NAME'] . ":443".$_SERVER['REQUEST_URI'];
header("Location: $url");
}
?>

Then restart the apache server.
Open your cacti using http://your-server-ip/cacti, this will redirect you to https://your-server-ip/cacti and ask you to verify and confirm web certificate on the first use. Just proceed and complete the process and you are good to go.

Wednesday, May 13, 2015

Secure connection failed accessing Apache 2.4 web server by using Windows 7 machine


Error : When Windows 7 user try to access web site running on Apache 2.4 Web server it produce SSL Secure connection failure error message on the browser.

I have logged into the server and then check the ssl.conf file. There it found the below configuration in the file.
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
#SSLProtocol all -SSLv2
SSLProtocol all -SSLv2 -SSLv3

It has by default disabled the SSL v2 and SSL v3 support. Then I have enable the SSL v3 support by editing Above line. It's seems like this after the changes.

# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2
#SSLProtocol all -SSLv2 -SSLv3

With the changes then restart the apache server. It has solved the problem.

Friday, February 6, 2015

VOIP server migration issues

I have migrated FreePBX 2.10 32 bit server to FreePBX 2.11 64 bit server. Then restored the backup. But after the reboot SIP does not response properly to its clients.
Check the asterisk logs and found some warning messages. It state that some modules can not be found.
loader.c: Error loading module 'pbx_config.so': /usr/lib/asterisk/modules/pbx_config.so: cannot open shared object file: No such file or directory
loader.c: Error loading module 'chan_local.so': /usr/lib/asterisk/modules/chan_local.so: cannot open shared object file: No such file or directory
loader.c: Error loading module 'res_mwi_blf.so': /usr/lib/asterisk/modules/res_mwi_blf.so: cannot open shared objec t file: No such file or directory loader.c: Error loading module 'pbx_config.so': /usr/lib/asterisk/modules/pbx_config.so: cannot open shared object file: No such file or directory

I have found that those modules are in the /usr/lib64/asterisk/ modules directory. Therefore I need to change the asterisk module directory path. It has located in /etc/asterisk/asterisk.conf file. Once the asterisk.conf file changed reboot the server. Then above errors are gone and server has responded to its clients properly.

The second issue was mysql connection error for CDR reports. I have checked the cdr configuration file for mysql. It is in /etc/asterisk/cdr_mysql.conf and it used previous server credentails. The new mysql user details can be taken from /etc/freepbx.conf and then it just a matter of copy and paste correct credentails to cdr_mysql.conf file.

Once you have migrated please keep continuous monitoring for at least one day. Cheers......