2 way call between servers

Asterisk Asterisk Support
1

Hi,

I have 1 asterisk servers and other vicidial, both having sip port 5020. I’m trying to make a trunk so that both can dial extensions on each servers. Issue I’m facing is, server A can dial server B but not vice versa.
When I dial I get

[Jul 9 18:36:45] NOTICE[3011][C-00026c1e]: chan_sip.c:23237 handle_response_invite: Failed to authenticate on INVITE to ‘“2222” sip:2222@176.9.XXX.XXX:5020;tag=as2d1bfaa5’
– SIP/VoipA-0002e2af is circuit-busy
== Everyone is busy/congested at this time (1:0/1/0)

Server A VICIDIAL

[VoipA]
type=friend
port=5020
host=176.9.XXX.XXX
context=trunkinbound

[VoipB]
type=peer
host=5.9.XXX.XXX
context=trunkinbound
port=5020


exten => _9591999X.,1,AGI(agi://127.0.0.1:4577/call_log)
exten => _9591999X.,2,NoOp(${CALLERID(all)})
exten => _9591999X.,3,Dial(sip/${EXTEN:3}@VoipB,55,tTor)
exten => _9591999X.,4,NoOp(DialStatus="${DIALSTATUS}")
exten => _9591999X.,5,Hangup()

exten => _9591998X.,1,AGI(agi://127.0.0.1:4577/call_log)
exten => _9591998X.,2,NoOp(${CALLERID(all)})
exten => _9591998X.,3,Dial(sip/${EXTEN:3}@VoipA,55,tTor)
exten => _9591998X.,4,NoOp(DialStatus="${DIALSTATUS}")
exten => _9591998X.,5,Hangup()

Server B ASTERISK

[VoipA]
type=friend
host=5.9.XXX.XXX
port=5020
context=inserverB


[inserverB]

exten => _1998XXXX,1,Dial(SIP/${EXTEN:4},40,Tt)
exten => _1998XXXX,n,HangUp()

exten => _1999X.,1,Dial(sip/${EXTEN}@VoipA,55,tTor)
exten => _1999X.,2,NoOp(DialStatus="${DIALSTATUS}")
exten => _1999X.,3,Hangup()
2

I assume that XXX.XXX is not the same as XXX.XXX, and that VoIPA on the first one is really the service provider.

I don’t think you have provided the complete sip.conf on server B, as you haven’t got anything that would require authentication, or something like always auth reject.

I suspect this will resolve when you change the missing local device entries on B to use type=peer.

3

Yes XXX.XXX are not same on both servers but extensions are same like 2222 on both servers exist.
This is the complete sip.conf

How can I authenticate?

4

Assuming you are misusing “extensions” in the common way it is misused, you haven’t provided the complete sip.conf; the problem lies with an “extension” entry in sip.conf, not the trunk one. You haven’t provided any sip.conf entries for “extensions”.

I’m even more certain the problem is the overuse of friend.

5

Oh okay, my bad…I only posted related trunks info before. Here is other configs and an extension

[general]
allowguest=no
context=public                  
allowoverlap=no                
udpbindaddr=0.0.0.0         
tcpenable=no                    
tcpbindaddr=0.0.0.0             
transport=udp                  
fallback to UDP.
srvlookup=yes                 
bindport=5020                   
alwaysauthreject=yes

[basic-options](!)               
        dtmfmode=rfc2833
        context=from-office
        type=friend

[natted-phone](!,basic-options)  
        directmedia=no
        host=dynamic

[public-phone](!,basic-options)   
        directmedia=yes



[2222]
username=2222
secret=xxxxxxxx
context=inserverB
type=friend
host=dynamic
dtmfmode=rfc2833
canreinvite=Yes
nat=force_rport,comedia
qualify=yes
6

enable the sip debug here, also changing the type peer would auth the sip peer based on the IP address, sometimes is also needed add the fromuser assuming you have sip peers with the same name on both servers

7

I’d definitely say change type=friend to type=peer.

Why does 2222 need NAT work arounds?

8

The server is denying

SIP/2.0 401 Unauthorized

    -- Executing [19991055@invoip:1] Dial("SIP/2222-0002e47f", "sip/19991055@Voipips,55,tTor") in new stack
  == Using SIP RTP CoS mark 5
Audio is at 15008
Adding codec 100002 (gsm) to SDP
Adding codec 100003 (ulaw) to SDP
Adding codec 100004 (alaw) to SDP
Adding codec 100017 (testlaw) to SDP
Adding non-codec 0x1 (telephone-event) to SDP
Reliably Transmitting (no NAT) to 176.9.xxx.xxx:5020:
INVITE sip:19991055@5.9.xxx.xxx:5020 SIP/2.0
Via: SIP/2.0/UDP 176.9.xxx.xxx:5020;branch=z9hG4bK3858aee4
Max-Forwards: 70
From: "2222" <sip:2222@176.9.xxx.xxx:5020>;tag=as583cf51e
To: <sip:19991055@5.9.xxx.xxx:5020>
Contact: <sip:2222@176.9.xxx.xxx:5020>
Call-ID: 246750647b4803fe3d9458327ec19caa@176.9.xxx.xxx:5020
CSeq: 102 INVITE
User-Agent: Asterisk PBX 11.25.1
Date: Fri, 10 Jul 2020 18:34:52 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 283

v=0
o=root 910918162 910918162 IN IP4 176.9.xxx.xxx
s=Asterisk PBX 11.25.1
c=IN IP4 176.9.xxx.xxx
t=0 0
m=audio 15008 RTP/AVP 3 0 8 101
a=rtpmap:3 GSM/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=sendrecv

---
    -- Called sip/19991055@Voipips

<--- Transmitting (NAT) to 202.59.xxx.xxx:1024 --->
SIP/2.0 180 Ringing
Via: SIP/2.0/UDP 202.59.xxx.xxx:1025;branch=z9hG4bK0561c1df;received=202.59.xxx.xxx;rport=1024
From: "2222" <sip:2222@176.9.xxx.xxx>;tag=001bd46046592a186956a2ba-71cff9b8
To: <sip:19991055@176.9.xxx.xxx>;tag=as1e6664f1
Call-ID: 001bd460-4659003b-2a16e944-338baa8f@192.168.32.102
CSeq: 102 INVITE
Server: Asterisk PBX 11.25.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Contact: <sip:19991055@176.9.xxx.xxx:5020>
Content-Length: 0


<------------>

<--- SIP read from UDP:176.9.xxx.xxx:5020 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 176.9.xxx.xxx:5020;branch=z9hG4bK3858aee4;received=176.9.xxx.xxx
From: "2222" <sip:2222@176.9.xxx.xxx:5020>;tag=as583cf51e
To: <sip:19991055@5.9.xxx.xxx:5020>;tag=as129f9b7c
Call-ID: 246750647b4803fe3d9458327ec19caa@176.9.xxx.xxx:5020
CSeq: 102 INVITE
Server: Asterisk PBX 11.25.1-vici
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="12f34b10"
Content-Length: 0

<------------->
--- (11 headers 0 lines) ---
Transmitting (no NAT) to 176.9.xxx.xxx:5020:
ACK sip:19991055@5.9.xxx.xxx:5020 SIP/2.0
Via: SIP/2.0/UDP 176.9.xxx.xxx:5020;branch=z9hG4bK3858aee4
Max-Forwards: 70
From: "2222" <sip:2222@176.9.xxx.xxx:5020>;tag=as583cf51e
To: <sip:19991055@5.9.xxx.xxx:5020>;tag=as129f9b7c
Contact: <sip:2222@176.9.xxx.xxx:5020>
Call-ID: 246750647b4803fe3d9458327ec19caa@176.9.xxx.xxx:5020
CSeq: 102 ACK
User-Agent: Asterisk PBX 11.25.1
Content-Length: 0


---
[Jul 10 14:34:52] NOTICE[3011][C-00026e5a]: chan_sip.c:23237 handle_response_invite: Failed to authenticate on INVITE to '"2222" <sip:2222@176.9.xxx.xxx:5020>;tag=as583cf51e'
    -- SIP/Voipips-0002e480 is circuit-busy
  == Everyone is busy/congested at this time (1:0/1/0)
    -- Executing [19991055@invoip:2] NoOp("SIP/2222-0002e47f", "DialStatus="CONGESTION"") in new stack
    -- Executing [19991055@invoip:3] Hangup("SIP/2222-0002e47f", "") in new stack
  == Spawn extension (invoip, 19991055, 3) exited non-zero on 'SIP/2222-0002e47f'
Scheduling destruction of SIP dialog '001bd460-4659003b-2a16e944-338baa8f@192.168.32.102' in 20224 ms (Method: INVITE)

<--- Reliably Transmitting (NAT) to 202.59.xxx.xxx:1024 --->
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 202.59.xxx.xxx:1025;branch=z9hG4bK0561c1df;received=202.59.xxx.xxx;rport=1024
From: "2222" <sip:2222@176.9.xxx.xxx>;tag=001bd46046592a186956a2ba-71cff9b8
To: <sip:19991055@176.9.xxx.xxx>;tag=as1e6664f1
Call-ID: 001bd460-4659003b-2a16e944-338baa8f@192.168.32.102
CSeq: 102 INVITE
Server: Asterisk PBX 11.25.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0
9

“I’d definitely say change type=friend to type=peer.”

Tried this as well, same issue

10

Did you change it on 2222? As I said, the problem is in your “extension” configuration, not your trunk configuration.

401 is not a refusal; it is a request to authenticate, which will happen if Asterisk thinks the endpoint is one that needs a authentication. I believe that Asterisk believes the trunk is your local extension 2222, because it originated on a remote extension 2222, and you have set type=friend on the local 2222.

I assume you reloaded the configuration after changing it.

11

Yes, I changed “type = peer” for both trunk as well as extension 2222 and did reloaded asterisk

12

insecure=invite will fix it , is good to have the fromuser parameter on each of the trunk , to avoid auth issue if there re SIP devices with the same [xxx] name.

13

Tried “insecure=invite” as well on trunk as well as extension but weirdly its still giving “Failed to authenticate on INVITE to”

14

[T2]
type=peer
disallow=all
allow=ulaw
allow=alaw
insecure=port,invite
directmedia=no
context=from-trunk
qualify=yes
dtmfmode=rfc2833
trustrpid=yes
sendrpid=yes
nat=force_rport,comedia
port=5060
fromuser=PBXB
host=Y.Y.Y.Y

[T1]
type=peer
disallow=all
allow=ulaw
allow=alaw
insecure=port,invite
directmedia=no
context=from-trunk
qualify=yes
dtmfmode=rfc2833
trustrpid=yes
sendrpid=yes
nat=force_rport,comedia
port=5060
fromuser=PBXA
host=X.X.X.X

1 Like
15

Thank you, this worked

1 Like
16

Could you explain why you have:

insecure=port

and

nat=force_rport,comedia

I can’t think of any reason why an Asterisk to Asterisk UDP trunk would need the former, and Asterisk should be able to add rport at the source end if it is needed. As this sounds like a symmetric connection, comedia won’t help. Either the media addresses will already be correct or both will be wrong. If they are both wrong, there will be no way to find the actual address from incoming traffic.

17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.