ACK frames not recognized by Asterisk

Asterisk Asterisk SIP
1

Hello

FreePBX 17.x with Asterisk 22.8 on RPI4B.

Cannot understand why ACKs (from OpenSIP) in response to 200 OK (INVITE) frames aren’t recognized by Asterisk.

TCP dump on Asterisk ethernet interfacce show that frames, Asterisk debug log not.

Asterisk continue to send 200 OK until hangup.

Which details can I post here, to have a suggestion/hint about ?

pcap capture must be anonimyzed ?

Already verified frame headers, looks like all fields are matching between 200 OK and ACK.

I’m in doubt about not appearing in Asterisk logs.

Are there special settings to provide to Asterisk to have more detailed info in logs ?

Thanks,

Rob

2

These are different sides of the Asterisk firewall, so the initial suspicion is that that is blocking them.

Otherwise, check that the port number hasn’t been modified.

3

Hi

Some ACK comes from OpenSIP (to the BYE, for example).

How to investigate if Asterisk firewall is doing something wrong on incoming packets ?

Server has only one interface and on loopback interface there are no packets.

Porta are correct, as said some ACK are accepted.

There’s an accepted format to upload traces ?

I guess that standard Asterisk logging would be ok, but tcpdump traces ?

4

BYE never produces an ACK!

ACK goes in the same direction as the request, but to the address in the Contact header of the request.

5

You’re right. Just to describe better than words, I’ll upload an image

7

capture from asterisk interface
capture from asterisk interface1887×711 40.7 KB

This is captured from Asterisk eth interface

8

capture from firewall external
capture from firewall external1883×863 50.5 KB

This is captured from firewall WAN interface

9

The INVITE captured from the router isn’t going to the expected port on Asterisk, and the OK from Asterisk isn’t coming from the correct port. I’d assume a broken SIP ALG, although I don’t understand how the downstream capture is showing the correct port.

10

Sorry for error: in external capture, word “ASTERISK” must be read as “FIREWALL”.
Being a NATed device, Asterisk server cannot be visible, directly from firewall external interface, where capture was done.

No ALG in place. OPNsense was installed without ALG plugin.

11

You need to change the router configuration so that it doesn’t change the port number, 5060, when forwarding from the Asterisk machine. Asterisk includes the port number in the Contact header, and won’t know that the router mangled it.

If there is a conflict for 5060, you can change that. Preferably that is done in Asterisk, but you can also add an explicit NAT rule, but in the latter case, you must configure the external port number in Asterisk.

I don’t understand how the router learned the translated number for the incoming request.

12

Sorry for very long delay in update the topic.
Relying on fact that OpenSIPS 1.9.x was sending an ACK not as asterisk expect it, being in release 22.8.0, I’ve set ignore_uri_user_options=yes in asterisk config.
This has solved the problem.

Now, after update asterisk from 22.8.0 to 22.8.2, looks like that setting isn’t anymore usable, even if it’s described as deprecated only from release 23.x

I’m still not able to understand why asterisk is not accepting ACK from OpenSIPS, but considering that ignore_uri_user_options=yes has “temporary” fixed the issue, what could be the real issue ?

TIA
Robert

13

Nothing has happened with that option between those versions. There were no changes to ANY of the SIP code between them and it hasn’t been deprecated.

14

Digging into wireshark trace, I’ve found these (real numbers and data are obfuscated):
In 200 OK frame, To: header field:
sip:085123456789@1.2.3.4;tag=603f9263-ea23-4c6d-b445-cf1cc9723cef
In ACK frame, To: header field:
sip:085123456789@1.2.3.4:5060;tag=603f9263-ea23-4c6d-b445-cf1cc9723cef

all other header fields are the same between 200 OK and ACK:

From:
200 OK: sip:3359876543@8.7.6.5;tag=as35a5bfbf
ACK: sip:3359876543@8.7.6.5;tag=as35a5bfbf
Call-ID:
200 OK: 4b47f14c3c9a367f39d223d764238a44@1.2.3.5:5060
ACK: 4b47f14c3c9a367f39d223d764238a44@1.2.3.5:5060

Can this difference in ACK force asterisk to ignore the ACK ?

15

I can’t find anything called OpenSIP. Are you sure this is not OpenSIPs?

I will point out that MicroSIP supposedly uses OpenSIPs and it seems to run fine with my FreePBX install. Are you absolutely sure this is an OpenSIPs issue and not coming from the application you wrote that is using it?

There’s a mailing list:

openSIPS | Support / MailingLists

Maybe you should post there - it would be rather stunning if they stated point blank that OpenSIPs doesn’t work with Asterisk, IMHO.

16

Yes. It is OpenSIPS.
I’ll post also in the suggested forum.
Thanks for hint !

17

I’ve used OpenSIPS with Asterisk extensively in the past and they work perfectly together. I am guessing that Asterisk can’t find which call this ACK is for and silently drops it. I think that if you enable debug on the asterisk side you’ll probably see it. It’s something wrong on the configuration on the opensips side