How to configure / deploy heplify on SIP Server

Download and install the latest Heplify release


wget https://github.com/sipcapture/heplify/releases/latest/download/heplify
chmod +x heplify
mv heplify /usr/bin/heplify


Create service file for heplify


cat > /etc/systemd/system/heplify.service <<EOF
[Unit]
Description=Captures packets from wire and sends them to Hepic
After=network.target

[Service]
Environment="HEP_ID=8888"
Environment="HEP_SERVER=homer.*****.com:9060"
Environment="HEP_PASSWORD=HEP-TOKEN-or-Password"
Environment="HEP_BUFFER_FILE=/root/HEP.dump"
Environment="HEP_LOG_LEVEL=info"
Environment="HEP_INTERFACE=any"
Environment="HEP_PORTRANGE=5060-6000"
Environment="HEP_PROM_STATS=0.0.0.0:8090"
ExecStart=/usr/bin/heplify -hep-buffer-activate -hep-buffer-file $HEP_BUFFER_FILE -l $HEP_LOG_LEVEL -sl -hi $HEP_ID -i $HEP_INTERFACE -pr $HEP_PORTRANGE -hs $HEP_SERVER -nt tcp -hp $HEP_PASSWORD -t af_packets -tcpsendretries 0 -tcpassembly -prometheus $HEP_PROM_STATS
ExecStop=/bin/kill ${MAINPID}
Restart=on-failure
RestartSec=10s
Type=simple

[Install]
WantedBy=multi-user.target
EOF


Reload unit file


systemctl daeon-reload


now start heplify as service


systemctl restart heplify


Enjoy 😉

How to create IPSec Tunnel Between Two Linux Machines

DEFAULT values

sysctl -a | grep "net.ipv4.ip_forward \|net.ipv6.conf.all.forwarding\|net.ipv4.conf.all.accept_redirects\|net.ipv4.conf.all.send_redirects"
net.ipv4.conf.all.accept_redirects = 1
net.ipv4.conf.all.send_redirects = 1
net.ipv4.ip_forward = 0
net.ipv6.conf.all.accept_redirects = 1


Update these params to the following values

sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.all.forwarding=1
sysctl net.ipv4.conf.all.accept_redirects=0
sysctl net.ipv4.conf.all.send_redirects=0


Check Values again

sysctl -a | grep "net.ipv4.ip_forward \|net.ipv6.conf.all.forwarding\|net.ipv4.conf.all.accept_redirects\|net.ipv4.conf.all.send_redirects"
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1


make them persistent

sysctl -p 


install iptables

apt install iptables


GATEWAY 1:

GATEWAY PUBLIC IP 192.168.0.194

Private IP: 192.168.100.3

Private Network: 192.168.100.1/24


Add rule as per the IP scheme

iptables -t nat -A POSTROUTING -s 10.124.0.0/20  -d 192.168.100.0/24 -j MASQUERADE
iptables -t nat --list


GATEWAT 2:

Public IP: 192.168.0.173

Private IP: 10.124.0.3

Private Network: 10.124.0.0/20


Add rule as per the IP scheme

iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.124.0.0/20 -j MASQUERADE
iptables -t nat --list


Strongswan configuration for the GATEWAY 1

config setup
        charondebug="all"
        uniqueids=yes
conn devgateway-to-prodgateway
        type=tunnel
        auto=start
        keyexchange=ikev2
        authby=secret
        left=10.20.20.1
        leftsubnet=192.168.0.101/24
        right=10.20.20.3
        rightsubnet=10.0.2.15/24
        ike=aes256-sha1-modp1024!
        esp=aes256-sha1!
        aggressive=no
        keyingtries=%forever
        ikelifetime=28800s
        lifetime=3600s
        dpddelay=30s
        dpdtimeout=120s
        dpdaction=restart


Command

head -c 24 /dev/urandom | base64


Strongswan configuration for the GATEWAY 2

config setup
        charondebug="all"
        uniqueids=yes
conn prodgateway-to-devgateway
        type=tunnel
        auto=start
        keyexchange=ikev2
        authby=secret
        left=10.20.20.3
        leftsubnet=10.0.2.15/24
        right=10.20.20.1
        rightsubnet=192.168.0.101/24 
        ike=aes256-sha1-modp1024!
        esp=aes256-sha1!
        aggressive=no
        keyingtries=%forever
        ikelifetime=28800s
        lifetime=3600s
        dpddelay=30s
        dpdtimeout=120s
        dpdaction=restart


Ref: https://www.tecmint.com/setup-ipsec-vpn-with-strongswan-on-debian-ubuntu/

Ref: https://www.cbui.dev/setting-up-an-aws-to-digital-ocean-site-to-site-vpn-with-strongswan/


Enjoy 😉

How to Configure Fail2Ban with FreeSwitch

Install fail2ban

apt install fail2ban

create the following file

vim /etc/fail2ban/jail.d/freeswitch.local

copy the following content in the file freeswitch.local


[freeswitch-tcp]
enabled = true

maxretry = 3
findtime  =  3600
bantime   =  300

Now create the following file


vim /etc/fail2ban/jail.conf

copy the following line in jail.conf


[freeswitch-tcp]
port     = 11110,11111
protocol = tcp
filter   = freeswitch
logpath  = /var/log/freeswitch/freeswitch.log
action   = iptables-allports[name=freeswitch-tcp, protocol=all]

[freeswitch-udp]
port     = 5060,5061,5080,5081
protocol = udp
filter   = freeswitch
logpath  = /var/log/freeswitch/freeswitch.log
action   = iptables-allports[name=freeswitch-udp, protocol=all]

create the following file


cat /etc/fail2ban/filter.d/freeswitch.conf

copy the following lines


[INCLUDES]

before = common.conf

[Definition]

_daemon = freeswitch

 mode = extra


failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
            \[WARNING\] sofia_reg.c:\d+ SIP auth failure \(INVITE\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
            \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
            \[WARNING\] sofia_reg.c:\d+ Can\'t find user \[.*\] from <HOST>

ignoreregex =


stop fail2ban


systemctl stop fail2ban


Start fail2ban in debug mode


fail2ban-server -xf -vvv


check fail2ban logs


tail -f /var/log/fail2ban.log


Check Status


fail2ban-client status
Status
|- Number of jail:      1
`- Jail list:   freeswitch-tcp

make some fail REGISTRATIONS

fail2ban-client status freeswitch-tcp
Status for the jail: freeswitch-tcp
|- Filter
|  |- Currently failed: 0
|  |- Total failed:     0
|  `- File list:        /var/log/freeswitch/freeswitch.log
`- Actions
   |- Currently banned: 1
   |- Total banned:     1
   `- Banned IP list:   103.122.158.34


Comand to unban the IPs


fail2ban-client -vvv set freeswitch banip 192.0.2.0
fail2ban-client -vvv set freeswitch unbanip 192.0.2.0
fail2ban-client -d
iptables -nL


Enjoy 😉

How to compile and run a next application ?

Install nodejs Use  this  link for further reading curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash nvm inst...