Using Trying to Register both a Hard Phone and Cisco Jabber / Installing Updates

[David-McGuire]

When Trying to Register both a Hard Phone and Cisco Jabber. i am not able to get to the "Service Doman" the CIsco MRA uses the following protocols and associated services:

Protocol Security Service
SIP TLS Session establishment – Register, Invite etc.
HTTPS TLS Logon, provisioning/configuration, directory, visual voicemail
RTP SRTP Media - audio, video, content sharing.

Network topology is as follows:

Network Cable Modem -> OpenWrt on a Raspberry Pi on interface eth1 (Wan) -> eth0 (Lan) -> unmanaged Gig switch -> unmanaged Gig switch -> Cisco 8841 phone if that helps.

I have included the following output from the OpenWrt as well below.

I am not sure if this is a issue with the code or not but when posting this on the "OpenWrt" " there has been the suggestion of upgrading this to the current code of 21.02.3 and i do not believe that this has been ported to the supported to our 52Pi CM4routerboard, or if this will.

One item i did notice was that when under "Software" there are alot of Updates listed but none would install I would get the followig error when truing to upgrade "base-files | 1-r0-0765466 » 1491-r20091-9f1d622328"

Error "umount: tmpfs busy - remounted read-only
umount: can't remount tmpfs read-only
umount: proc busy - remounted read-only
Collected errors:

• copy_file: unable to open `/etc/group-opkg.backup': Read-only file system.
• file_copy: Failed to copy file /etc/group to /etc/group-opkg.backup.
• backup_make_backup: Failed to copy /etc/group to /etc/group-opkg.backup
• opkg_install_cmd: Cannot install package base-files.
• pkg_write_filelist: Failed to open //usr/lib/opkg/info/base-files.list: Read-only file system."

Not sure if this also is an open issue or not, but it seems to happen to all the updates.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2022.07.12 00:37:10 =~=~=~=~=~=~=~=~=~=~=~=
login as: 
[email protected]'s password: 


BusyBox v1.35.0 (2022-01-13 23:46:39 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r0-0765466
 -----------------------------------------------------
e]0;root@OpenWrt: ~aroot@OpenWrt:~# ubus call system board; uci export dhcp; uci export network; uci

 export firewall; ip route show default
{
	"kernel": "5.10.90",
	"hostname": "OpenWrt",
	"system": "ARMv8 Processor rev 3",
	"model": "Raspberry Pi Compute Module 4 Rev 1.0",
	"board_name": "raspberrypi,4-compute-module",
	"rootfs_type": "ext4",
	"release": {
		"distribution": "OpenWrt",
		"version": "SNAPSHOT",
		"revision": "r0-0765466",
		"target": "bcm27xx/bcm2711",
		"description": "OpenWrt SNAPSHOT r0-0765466"
	}
}
package dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option confdir '/tmp/dnsmasq.d'
	option quietdhcp '1'
	option filterwin2k '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'SEPxxxxxxxxx4976'
	option ip '192.168.1.214'
	option mac 'xx:xx:xx:xx:49:76'

package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'XXXX:XXXX:1ed3::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'eth1'
	option device 'eth1'
	option proto 'dhcp'

package firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'
	list network 'eth1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled 'false'

config include
	option path '/etc/firewall.user'

default via x.x.240.1 dev eth1  src x.x.242.69 
x.x.240.0/21 dev eth1 scope link  src x.x.242.69 
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1 
e]0;root@OpenWrt: ~aroot@OpenWrt:~# ubus call system board; uci export dhcp; uci export network; uci

export firewall; ip route show default