Asterisk Manager Interface Not Working

zrabid · January 1, 2023, 2:07pm

Php AMI is working in terms of login and various commands such as sip show peers and etc. But when applying some ami actions such as Redirect/ Hangup and etc, its not working. Any idea on it? or maybe, where can i find AMI logs so that i can find the errors?

EkFudrek · January 2, 2023, 11:30am

You need to provide some technical information and diagnostic output (from the console) plus possibly the error log from your php server.

I am not sure, which PHP AMI package you are using, but I tested the most popular one a couple of years ago. This package required a lot of additional work to make it stable and run with current php versions. You might have a problem with your AMI requests, or a configuration problem, or a source code problem, or a php version problem, and, as usual, some other problem.

In the end I preferred to write my own little socket lib to communicate with AMI…

ambiorixg12 · January 4, 2023, 3:47pm

Stop using library, write your code from scratch is easier and you will have control of what you are doing. here you have a quick sample code.

<?php

//http:/127.0.0.1/cmd.php?cmd=queue%20show%20support

$command=$_GET['cmd'];


$socket = fsockopen("127.0.0.1","5038", $errno, $errstr,60);
      if (!$socket){
        echo "$errstr ($errno)\n";
        }else{
            fputs($socket, "Action: Login\r\n");
            fputs($socket, "UserName: arodrigue\r\n");
            fputs($socket, "Secret: mypass2\r\n\r\n");

            fputs($socket, "Action: Command\r\n");
            fputs($socket, "Command: $command\r\n\r\n");

            fputs($socket, "Action: Logoff\r\n\r\n");
           while (!feof($socket)){
               echo fgets($socket).'<br>';
            }
            fclose($socket);
            }
?>

gdraque · January 5, 2023, 11:32pm

Debugging AMI is pretty straight forward, just temporarily disable encryption [a] and capture the traffic between the host running the script and the Asterisk box on that port. Its plain text body messages, so it will be clear.

Same as others have said, to start, I suggest you write your own small library. It may sound couinter-intuitive, but it is the best way. Then you can use a more complete one and will have the chops to debug the library if you have to.

Cheers!

[a] manager.conf :: tlsenable=no

github.com

asterisk/asterisk/blob/4095a382da630f8af2aac2d223fcaa70c03b81ba/configs/samples/manager.conf.sample#L33


      
          ;webenabled = yes
          
          
port = 5038
          bindaddr = 0.0.0.0
          
          
; Parameters that control AMI over TLS. ("enabled" must be set too).
          ; You can open a connection to this socket with e.g.
          ;
          ;	openssl s_client -connect my_host:5039
          ;
          ;tlsenable=no		; set to YES to enable it
          ;tlsbindaddr=0.0.0.0:5039		; address and port to bind to, default to bindaddr and port 5039
          ;tlscertfile=/tmp/asterisk.pem	; path to the certificate.
          ;tlsprivatekey=/tmp/private.pem ; path to the private key, if no private given,
                                          ; if no tlsprivatekey is given, default is to search
          								; tlscertfile for private key.
          ;tlscipher=<cipher string>      ; string specifying which SSL ciphers to use or not use
          ;
          ;allowmultiplelogin = yes		; IF set to no, rejects manager logins that are already in use.
          ;                               ; The default is yes.
          ;

AustinH · January 6, 2023, 12:21am

No need to disable encryption. Wireshark can decrypt captured tls traffic if given the private key ```
tlsprivatekey=/tmp/private.pem

https://wiki.wireshark.org/TLS#tls-decryption

gdraque · January 6, 2023, 12:46am

Totally, I was just trying to make things simpler for him but you are correct. I was thinking about him using ngrep or something simple, but it he wants to use wireshark, then sure.

ldo · January 6, 2023, 1:43am

I thought this idea that the TLS private key is enough to decrypt the communication was too good to be true, and I was right. From the Wireshark Wiki :

Wireshark supports TLS decryption when appropriate secrets are provided. The two available methods are:

Key log file using per-session secrets (#Usingthe (Pre)-Master Secret).

Decryption using an RSA private key.

Basically, the second one is not very likely to work.

system · February 5, 2023, 1:44am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.