Syed Jahanzaib Personal Blog to Share Knowledge !

November 21, 2014

Kannel auto startup problem with System error 13 Permission Denied

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 12:04 PM

[with reference to following ]

Recently I configured KANNEL (again) for a client in KARBALA/IRAQ. The OS was UBUNTU 12.04.When we run the Bearerbox and SMSBOX manually in terminal, KANNEL HTTP API works fine. But when the box is restarted, SMS goes in QUEUE.

Result for manually executed bearerbox and smsbox in terminal (separate terminal for each command) like

bearerbox -v 0 /etc/kannel/kannel.conf

smsbox -v 0 /etc/kannel/kannel.conf

Sms via web works fine.

But when the system is rebooted ,  and I tried to send SMS , all messages were going in QUEUE and following message appear on browser.

3: Queued for later delivery

All kannel related services were starting properly, like bearerbox, smsbox etc. As showed below …

root@rm:~# ps aux |grep kannel
kannel    2964  0.0  0.0   7424   720 ?        Ss   09:47   0:00 /usr/sbin/run_kannel_box --pidfile /var/run/kannel/ --no-extra-args /usr/sbin/bearerbox -v 4 -- /etc/kannel/kannel.conf
kannel    2966  0.0  0.2  82652  2784 ?        Sl   09:47   0:00 /usr/sbin/bearerbox -v 4 -- /etc/kannel/kannel.conf
kannel    2975  0.0  0.0   7424   720 ?        Ss   09:47   0:00 /usr/sbin/run_kannel_box --pidfile /var/run/kannel/ --no-extra-args /usr/sbin/wapbox -v 4 -- /etc/kannel/kannel.conf
kannel    2978  0.0  0.0   7424   724 ?        Ss   09:47   0:00 /usr/sbin/run_kannel_box --pidfile /var/run/kannel/ --no-extra-args /usr/sbin/smsbox -v 4 -- /etc/kannel/kannel.conf
kannel    2980  0.0  0.2  65948  2644 ?        Sl   09:47   0:00 /usr/sbin/smsbox -v 4 -- /etc/kannel/kannel.conf
root      2993  0.0  0.0   3328   876 pts/2    S+   09:47   0:00 grep --color=auto kannel

After checking the bearerbox.log, I saw following error

tail -f /var/log/kannel/bearerbox.log
2014-11-21 10:41:55 [1912] [6] INFO: AT2[/dev/ttyACM0]: opening device
2014-11-21 10:41:55 [1912] [6] ERROR: AT2[/dev/ttyACM0]: open failed! ERRNO=13
2014-11-21 10:41:55 [1912] [6] ERROR: System error 13: Permission denied
2014-11-21 10:41:55 [1912] [6] ERROR: AT2[/dev/ttyACM0]: at2_device_thread: open_at2_device failed.
2014-11-21 10:41:55 [1912] [6] ERROR: System error 13: Permission denied
2014-11-21 10:41:55 [1912] [6] ERROR: AT2[/dev/ttyACM0]: Couldn't connect (retrying in 10 seconds).


With the help of kannel users mailing list, I found that KANNEL user must be allowed to write access /dev/ttyACM0 (or your modem device name).

For ubuntu, simply add the user KANNEL to DIALOUT group.

usermod -a -G dialout kannel
chown  kannel  /dev/ttyACM0

Also remove the comment sign from START_SMSBOX in /etc/default/kannel so that smsbox may also start on system boot.

Alhamdolillah Problem Solved!

2014-11-21 11.38.05

I am sharing this info because it took around 1 days of head banging with the wall, and I surely dont want anyone else to stuck in the same situation (if the issue is same)

Sample of config files

root@rm:/etc/kannel# cat /etc/default/kannel

my /etc/kannel/kannel.conf FILE

cat /etc/kannel/kannel.conf

# Syed Jahanzaib
# aacable [at]

group = core
admin-port = 13000
smsbox-port = 13001
admin-password = zaibadmin
status-password = zaibstatus
log-file = "/var/log/kannel/bearerbox.log"
log-level = 0
box-deny-ip = "*.*.*.*"
box-allow-ip = ""

group = smsc
smsc = at
modemtype = teltonika
device = /dev/ttyACM0
# Change above port to match your port, it could ACM1 or USB0, if you dont set it correctly,  it will not work and you will get error in logs that unable to connect to device)
speed = 19200
my-number = 0333302100000 # (put your sim number, not necessary)

# for teltonkia only, if you are using other brand you may need to get there INIT strings
group = modems
id = teltonika
name = "Teltonika E12"
detect-string = "Undefined"
enable-mms = true
init-string = "AT+CNMI=2,2,0,1,1"
speed = 115200

# for Huawei USB/GSM modem e155 i guess, remove hashes from below lines if u r using this model.
#group = modems
#id = huawei
#name = "Huawei"
#detect-string = "huawei"
#enable-mms = true
#init-string = "ATZ"
#init-string = "ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0"

group = smsbox
bearerbox-host = localhost
sendsms-port = 13013
global-sender = 13013
sendsms-chars = "0123456789 +-"
log-file = "/var/log/kannel/smsbox.log"
log-level = 0
access-log = "/var/log/kannel/access.log"

group = sendsms-user
username = kannel
password = kannel
concatenation = true
max-messages = 3

group = sms-service
keyword = default
get-url = "http://localhost/kannel/receivesms.php?sender=%p&text=%b"
accept-x-kannel-headers = true
max-messages = 3
concatenation = true
catch-all = true


Syed Jahanzaib

November 18, 2014

VPN/PPTP Static Routes Loose gateway when client reconnects

Filed under: Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:14 PM


Recently i configured a site to site vpn connectivity (Head office to Branch office) at some place. Everything was working fine , both end clients could access each other with direct access as proper routes were setup, But strange issue was happening that if the branch office mikrotik goes offline or Re connects the pptp dialer,    static route at head office mikrotik becomes un-reachable

(manual route was added at H.O mikrotik to access branch offices via dynamic pptp interface).

As showed in the image below … (head office router) routeunreachable

It was happening because the route is looking at a dynamic interface. When the dynamic interface goes away (branch office mikrotik pptp disconnect-reconnect) the Route does not know which interface to point to. . To sort this issue, I added ROUTE in ppp/secret section @ Head Office mikrotik.

As showed in the image below ….

pptp_secret .

The above subnet is branch office clients subnet. now whenever the branch will re connect the pptp, a dynamic route will add each time on H.O mikrotik, so it will know that from which route it should access B.O clients.

As showed in the image below.



You can do it manually too by assigning static ip, and in route use that ip in gateway, But I prefer to use dynamic route , because the route will be created dynamically each time when user connected to the router and disappear when user disconnect. And so the route will work transparently even if changes are made in other sections.


Syed Jahanzaib

November 13, 2014

Howto add SEARCH/EDIT button on main page in Radius Manager

Filed under: Radius Manager — Tags: — Syed Jahanzaib / Pinochio~:) @ 4:29 PM

Following is a small tip to add SEARCH or EDIT function for DMASOFTLAB Radius Manager admin page , by Syed Jahanzaib.

Ideally you should have HTML editor software, I use Ms FRONTPAGE, but if you know the basics of html, you can even use any good text editor like NOTEPAD++

in /var/www/radiusmanager folder, open the adminmain_tpl.htm file in the html editor.
(for centos , use /var/www/html/radiusmanager/)

You will see something like following.


Now search for word {CONTENT} and after this line, paste the following html code

&nbsp;<table border="1" width="100%">
<td><table width="100%" border="0" cellpadding="5" cellspacing="0" class="tb-bg">
<td><form name="form2" method="post" action="admin.php?cont=list_users">
<p class="title2"><font color="#FF0000">{FNDUSR23} User
Database by Syed Jahanzaib</font></p>
<table border="0" align="center" cellpadding="2" cellspacing="2" width="421">
<td nowrap class="normal" width="112"><div align="left">
<td class="normal">&nbsp;<input name="username" type="text" class="normal" id="username" size="29" maxlength="32"></td>
<p align="center">
<input type="submit" name="Submit2" value="{FNDUSR23}">
</form> </td>


Now it will look like following after the edition.


Save this file. (If you are saving from windows, then after saving, upload the file backup to /var/www/radiusmanager/ folder [if you have Ubuntu.
[ If you have centos then copy to /var/www/html/radiusmanager/ ]


Now reload the admin page and you will see some thign like as below …



Syed Jahanzaib

SIP Poblem with Mikrotik

Filed under: Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 10:37 AM




Yesterday I was configuring a site to site VPN/pptp connectivity at a remote location,  As showed in the above diagram. All connectivity and functions were working fine. Ping from client to client behind each mikrotik was working fine, clients could see each other directly without NATTING, but strangely SIP/VOIP packets were not passing through. upon running TORCH , I could see the SIP traffic on UDP port 5060 was working but in very low volume , in bits. After running some sniffing, I found out that the problem was with the poor implementation at SIP protocol level on most commercial routers and the fact that this technology is just useful for outgoing calls, but not for incoming calls

After turning off SIP ALG (SIP Helper) ,everything start working .

Either by GUI or via CLI


Goto IP > Firewall > Services > SIP [and disable it]



/ip fi service-port disable sip


Now VoIP calls are working perfectly. Writing this, just in case some one else may face this issue with banging his head on the wall 😉



Blog at