Asterisk 13.15.0 not responding to SIP Register requests


#1
  • Ubuntu 16.0.4 LTS x64 [Linux pluto 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux]
  • Asterisk Source: asterisk-13.15.0.tar.gz

Long time Asterisk user (since Asterisk 1.0 / FreeWorld Dialup), Asterisk skill level low-moderate, never had these problems before. Need help defining what I don’t know, but should so I can fix this issue. Trying to say more than just “Help!”

  • Asterisk 11.25.1 LTS quit working last week, so I installed “Asterisk 13.15.0 built by root @ pluto on a x86_64 running Linux on 2017-04-15 16:24:43 UTC”.
  • Then started fresh with “SimplePBX”.
  • Discovered PJSIP required more source than was included with download, so reverted back to familair SIP [chan_sip.so, sip.conf] using previously working sip.conf and extensions.conf files in new setup.
  • Security is becoming a concern, so trying minimalist setup required to allow Asterisk to work.

==> Problem: Asterisk is not responding to any SIP Register requests coming from WAN or LAN ethernet ports. <==
(side effect; -no- debug output to consider)

Debug Data (sensitive data modified slightly):

tcpdump -vni any -s0 port 5060

11:51:19.780199 IP (tos 0x0, ttl 241, id 50532, offset 0, flags [none], proto UDP (17), length 494)
71.231.50.252.5060 > 50.47.120.250.5060: SIP, length: 466
REGISTER sip:MyDomain.com SIP/2.0
Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-b18b3d6e
From: “ABC VoIP” sip:ABC@MyDomain.com;tag=3dd02a29ad5e7857o0
To: “ABC VoIP” sip:ABC@MyDomain.com
Call-ID: 9c8a30ea-97d9a87b@10.4.5.235
CSeq: 60451 REGISTER
Max-Forwards: 70
Contact: “ABC VoIP” sip:ABC@10.4.5.235:5060;expires=3600
User-Agent: Linksys/SPA942-5.1.15(a)
Content-Length: 0
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Supported: replaces

10:07:24.568781 IP (tos 0x68, ttl 250, id 14868, offset 0, flags [none], proto UDP (17), length 522)
192.168.90.15.5060 > 192.168.90.3.5060: SIP, length: 494
REGISTER sip:pluto.MyDomain.com SIP/2.0
Via: SIP/2.0/UDP 192.168.90.15:5060;branch=z9hG4bK-272eda89
From: Home 1 sip:EXT1@pluto.MyDomain.com;tag=f5d5d3091ef9d50co0
To: Home 1 sip:EXT1@pluto.MyDomain.com
Call-ID: b06a9248-f30e8565@192.168.90.15
CSeq: 28491 REGISTER
Max-Forwards: 70
Contact: Home 1 sip:EXT1@192.168.90.15:5060;expires=3600
User-Agent: Linksys/SPA2100-3.3.9
Content-Length: 0
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Supported: x-sipura, replaces

Asterisk does not respond to these SIP requests. Verified requests using Wireshark.

sip.conf

[general]
alwaysauthreject=yes ;Setting this to “yes” will reject bad authentication requests on
; valid usernames with the same rejection information as with invalid
; usernames, denying remote attackers the ability to detect existing
; extensions with brute-force guessing attacks.
; http://blogs.digium.com/2009/03/28/sip-security/
context=home ; Default context for incoming calls
allowguest=no ; Allow or reject guest calls (default is yes, this can also be set to ‘osp’.
; http://blogs.digium.com/2009/03/28/sip-security/
; if asterisk was compiled with OSP support.
realm=MyDomain.com ; Realm for digest authentication
; defaults to “asterisk”
; Realms MUST be globally unique according to RFC 3261
; Set this to your host name or domain name
bindport=5060 ; UDP Port to bind to (SIP standard port is 5060)
bindaddr=0.0.0.0 ; IP address to bind to (0.0.0.0 binds to all)
srvlookup=yes ; Enable DNS SRV lookups on outbound calls
; Note: Asterisk only uses the first host
; in SRV records
; Disabling DNS SRV lookups disables the
; ability to place SIP calls based on domain
; names to some other SIP users on the Internet

pedantic=no ; Enable slow, pedantic checking for Pingtel
; and multiline formatted headers for strict
; SIP compatibility (defaults to “no”)
tos=lowdelay ; lowdelay,throughput,reliability,mincost,none
tos_sip=cs3
tos_audio=ef
tos_video=af41

defaultexpiry=3600

[EXT1] ;spa2100.MyDomain.com - Ext 1
host=192.168.90.15
;host=dynamic
type=peer
callerid=“MyName” <51>
defaultuser=MyName
secret=MySecret
insecure=port,invite
dtmfmode=rfc2833 ;dtmfmode, dtmf, and toneduration affect touch tones {rfc2833=digital, inband=audio}
dtmf=rfc2833
relaxdtmf=no ;NO=Don’t interpret DTMF tones during a call. NOTE: Try with VoiceMail passwords during a call
toneduration=150 ;Should have no effect on "inband"
canreinvite=no
nat=no ;At home, so no NAT between SPA2100 and Asterisk
port=5060
;mailbox=${USERNAME}

CLI Console: Produces lots of output, here is edited output to show only relevant error/notice messages (I configured/cleared as many as I can):

sudo -u asterisk asterisk -vvvvvdddc


== Parsing ‘/etc/asterisk/cdr.conf’: Found
[Apr 15 11:49:39] NOTICE[24003]: cdr.c:4180 cdr_toggle_runtime_options: CDR simple logging enabled.
== Parsing ‘/etc/asterisk/modules.conf’: Found
[Apr 15 11:49:39] NOTICE[24003]: loader.c:1446 load_modules: 34 modules will be loaded.

Loading chan_sip.so.
SIP channel loading…
== Parsing ‘/etc/asterisk/sip.conf’: Found
== SIP Listening on 0.0.0.0:5060
== Using SIP TOS bits 96
== Using SIP CoS mark 4
[Apr 15 11:49:39] WARNING[24003]: chan_sip.c:31950 display_nat_warning: !!! PLEASE NOTE: Setting ‘nat’ for a peer/user that differs from the global setting can make
[Apr 15 11:49:39] WARNING[24003]: chan_sip.c:31951 display_nat_warning: !!! the name of that peer/user discoverable by an attacker. Replies for non-existent peers/users
[Apr 15 11:49:39] WARNING[24003]: chan_sip.c:31952 display_nat_warning: !!! will be sent to a different port than replies for an existing peer/user. If at all possible,
[Apr 15 11:49:39] WARNING[24003]: chan_sip.c:31953 display_nat_warning: !!! use the global ‘nat’ setting and do not set ‘nat’ per peer/user.
[Apr 15 11:49:39] WARNING[24003]: chan_sip.c:31954 display_nat_warning: !!! (config category=‘BOB-HTC’ global force_rport=‘No’ peer/user force_rport=‘Yes’)
– Message technology ‘sip’ registered.
== Registered channel type ‘SIP’ (Session Initiation Protocol (SIP))
== Registered RTP glue ‘SIP’
== Registered application ‘SIPDtmfMode’
== Registered application ‘SIPAddHeader’
== Registered application ‘SIPRemoveHeader’
== Registered custom function ‘SIP_HEADER’
== Registered custom function ‘SIPPEER’
== Registered custom function ‘CHECKSIPDOMAIN’
== Manager registered action SIPpeers
== Manager registered action SIPshowpeer
== Manager registered action SIPqualifypeer
== Manager registered action SIPshowregistry
== Manager registered action SIPnotify
== Manager registered action SIPpeerstatus
== chan_sip.so => (Session Initiation Protocol (SIP))

== Parsing ‘/etc/asterisk/confbridge.conf’: Found
[Apr 15 11:49:40] NOTICE[24003]: confbridge/conf_config_parser.c:2072 verify_default_profiles: Adding default_bridge profile to app_confbridge
[Apr 15 11:49:40] NOTICE[24003]: confbridge/conf_config_parser.c:2083 verify_default_profiles: Adding default_user profile to app_confbridge
[Apr 15 11:49:40] NOTICE[24003]: confbridge/conf_config_parser.c:2094 verify_default_profiles: Adding default_menu menu to app_confbridge

Asterisk Ready.
*CLI> sip set debug on
SIP Debugging enabled
*CLI>
(no debugging output shows except my 1 hour interval PhonePower SIP registration, which is successful)

==> /var/log/asterisk/messages <== [Nothing logged; errors or boot text]

==> /var/log/asterisk/queue_log <==
1492238411|NONE|NONE|NONE|QUEUESTART|

lsmod | grep sip

nf_nat_sip 20480 0
nf_conntrack_sip 28672 1 nf_nat_sip
nf_nat 24576 8 nf_nat_ftp,nf_nat_irc,nf_nat_sip,nf_nat_ipv4,nf_nat_ipv6,xt_nat,nf_nat_masquerade_ipv4,nf_nat_masquerade_ipv6
nf_conntrack 106496 15 nf_nat_ftp,nf_nat_irc,nf_nat_sip,xt_helper,nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,nf_nat_masquerade_ipv4,nf_nat_masquerade_ipv6,nf_conntrack_ftp,nf_conntrack_irc,nf_conntrack_sip,nf_conntrack_ipv4,nf_conntrack_ipv6

Modules loaded:

*CLI> module show
Module Description Use Count Status Support Level
app_authenticate.so Authentication Application 0 Running core
app_bridgewait.so Place the channel into a holding bridge 0 Running core
app_confbridge.so Conference Bridge Application 0 Running core
app_dial.so Dialing Application 0 Running core
app_directory.so Extension Directory 0 Running core
app_playback.so Sound File Playback Application 0 Running core
app_queue.so True Call Queueing 0 Running core
app_stack.so Dialplan subroutines (Gosub, Return, etc 0 Running core
app_verbose.so Send verbose output 0 Running core
app_voicemail.so Comedian Mail (Voicemail System) 0 Running core
bridge_builtin_features.so Built in bridging features 1 Running core
bridge_builtin_interval_features.so Built in bridging interval features 0 Running core
bridge_holding.so Holding bridge module 0 Running core
bridge_native_rtp.so Native RTP bridging module 0 Running core
bridge_simple.so Simple two channel bridging module 0 Running core
bridge_softmix.so Multi-party software based channel mixin 0 Running core
cdr_custom.so Customizable Comma Separated Values CDR 0 Running core
chan_bridge_media.so Bridge Media Channel Driver 0 Running core
chan_sip.so Session Initiation Protocol (SIP) 0 Running core
codec_g722.so ITU G.722-64kbps G722 Transcoder 0 Running core
codec_gsm.so GSM Coder/Decoder 0 Running core
codec_resample.so SLIN Resampling Codec 0 Running core
codec_ulaw.so mu-Law Coder/Decoder 0 Running core
format_gsm.so Raw GSM data 0 Running core
format_pcm.so Raw/Sun uLaw/ALaw 8KHz (PCM,PCMA,AU), G. 0 Running core
format_wav.so Microsoft WAV/WAV16 format (8kHz/16kHz S 0 Running core
format_wav_gsm.so Microsoft WAV format (Proprietary GSM) 0 Running core
func_callerid.so Party ID related dialplan functions (Cal 0 Running core
func_cdr.so Call Detail Record (CDR) dialplan functi 0 Running core
func_devstate.so Gets or sets a device state in the dialp 0 Running core
func_sorcery.so Get a field from a sorcery object 0 Running core
func_strings.so String handling dialplan functions 0 Running core
pbx_config.so Text Extension Configuration 0 Running core
res_musiconhold.so Music On Hold Resource 0 Running core
34 modules loaded

I’m stumped. Any ideas why Asterisk doesn’t see my SIP phones trying to register? There is no LAN firewall, and WAN uses debugged firewall and QoS setup.

Thanks in advance


#2

Is Asterisk listenning on the ports?? Run the command: netstat -punta to see if it is listenning


#3

Please mark the logs (and configuration) as unformatted text. As currently present all of the From, To and Contact headers are invalid. Moreover, you have either tried to compensate on the From and To, but not the Contact, or the From and To will still be invalid when correctly presented.

Also it is better to provide the SIP or PJSIP protocol logs form Asterisk. If Asterisk is not outputting to those logs, it does suggest the request isn’t reaching Asterisk.


#4

Good suggestion!

This is what I get:

tcp        0      0 127.0.0.1:5038          0.0.0.0:*               LISTEN      20712/asterisk  
udp        0      0 0.0.0.0:5060            0.0.0.0:*                           20712/asterisk  

As long as Asterisk understands 0.0.0.0 means all addresses, then the answer is yes.


#5

I’m not clear what this means. Do you mean “when posting messages here”? Or is this something I don’t know about in the Asterisk configuration files themselves? There is no “Unformated text” in the composition window. There is a “Preformatted text” and “Block Quote” option in the composition window. Other than this, the output text I see is what I posted above, formatted correctly or not.

As I said above, there is nothing to post or debug in either of the two Asterisk log files. In fact Asterisk didn’t even post that it started, which is unusual, unless by default Asterisk is logging to a different location than /var/log/asterisk /var/log/asterisk/messages /var/log/asterisk/queue_log.

Here are the Asterisk config log files:

root@pluto:/etc/asterisk# cat cdr.conf 
[general]
enable=yes

[custom]
; We log the unique ID as it can be useful for troubleshooting any issues
; that arise.
loguniqueid=yes

root@pluto:/etc/asterisk# cat cdr_custom.conf 
[mappings]
; Our CDR log will be written to /var/log/asterisk/cdr-custom/Master.csv
; with the following schema.
Master.csv => ${CSV_QUOTE(${CDR(clid)})},${CSV_QUOTE(${CDR(src)})},${CSV_QUOTE(${CDR(dst)})},${CSV_QUOTE(${CDR(dcontext)})},${CSV_QUOTE(${CDR(channel)})},${CSV_QUOTE(${CDR(dstchannel)})},${CSV_QUOTE(${CDR(lastapp)})},${CSV_QUOTE(${CDR(lastdata)})},${CSV_QUOTE(${CDR(start)})},${CSV_QUOTE(${CDR(answer)})},${CSV_QUOTE(${CDR(end)})},${CSV_QUOTE(${CDR(duration)})},${CSV_QUOTE(${CDR(billsec)})},${CSV_QUOTE(${CDR(disposition)})},${CSV_QUOTE(${CDR(amaflags)})},${CSV_QUOTE(${CDR(accountcode)})},${CSV_QUOTE(${CDR(uniqueid)})},${CSV_QUOTE(${CDR(userfield)})},${CDR(sequence)}
root@pluto:/etc/asterisk#

#6

That was the call record, here is logger.conf:

root@pluto:/etc/asterisk# cat logger.conf 
[general]

[logfiles]

console = verbose,notice,warning,error

;messages = notice,warning,error
;full = verbose,notice,warning,error,debug
;security = security

#7

Tried uncommenting lines in /etc/asterisk/logger.conf and a /var/log/asterisk/full showed up.

Inside /var/log/asterisk/full I find:

[Apr 15 15:46:19] VERBOSE[25232] loader.c: Loading chan_sip.so.
[Apr 15 15:46:19] VERBOSE[25232] chan_sip.c: SIP channel loading...
[Apr 15 15:46:19] DEBUG[25232] logger.c: Registered dynamic logger level 'SIP_HISTORY' with index 17.
[Apr 15 15:46:19] DEBUG[25232] config.c: Parsing /etc/asterisk/sip.conf
[Apr 15 15:46:19] VERBOSE[25232] config.c: Parsing '/etc/asterisk/sip.conf': Found
[Apr 15 15:46:19] DEBUG[25232] config.c: extract addr from 0.0.0.0 gives 0.0.0.0:0(0)
[Apr 15 15:46:19] VERBOSE[25232] chan_sip.c: SIP Listening on 0.0.0.0:5060
[Apr 15 15:46:19] VERBOSE[25232] netsock2.c: Using SIP TOS bits 96
[Apr 15 15:46:19] VERBOSE[25232] netsock2.c: Using SIP CoS mark 4
[Apr 15 15:46:19] DEBUG[25232] tcptls.c: Nothing changed in SIP TCP server
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: SIP TCP server started
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port.
[Apr 15 15:46:19] DEBUG[25232] db.c: Unable to find key 'LINE2' in family 'SIP/Registry'
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port.
[Apr 15 15:46:19] DEBUG[25232] db.c: Unable to find key 'OFFICE' in family 'SIP/Registry'
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot get port.
[Apr 15 15:46:19] DEBUG[25232] chan_sip.c: Not an IPv4 nor IPv6 address, cannot set port.

Apparently, 0.0.0.0 isn’t parsed by sip_chan.so. So I’ll see what I can do in the /etc/asterisk/sip.conf file so Asterisk will recognize both dynamically configured /dev/eth0 and static /dev/eth1.

This would seem to be a bug since sip.conf [general] bindaddr=0.0.0.0 worked in Asterisk 11.


#8

I meant mark the it on the forum, i.e. use </>. You need to enable sip debugging.

0.0.0.0 is recognized by the OS, not Asterisk, as meaning all interfaces. To Asterisk it should be just another, dotted quad, IPv4 address.

As a general rule, you should ignore debug messages, unless you know exactly what them mean. The number of debug messages indicates that they relate to individual sections, which you appear to have edited out.


#9
  1. SIP debugging is enabled on the CLI with the command “sip set debug on” combined with Asterisk launch as “asterisk -vvvvvdddc”.

  2. I didn’t include the entire log file in the posting because it is 150K and 1569 lines, and could contain sensitive information. Though after looking at the file it seems passwords are noticeably absent, so maybe it isn’t such a big deal. There are references to the two IP addresses represented by both Ethernet cards in this file, and I understand this doesn’t mean 0.0.0.0 parsed properly.

  3. I am concerned that “netstat -punta” suggested by navaismo doesn’t have a LISTEN next to 0.0.0.0:5060, where 127.0.0.1:5038 does. (about 4-5 posts back)

  4. Looks like < / > refers to “Preformatted text (Ctrl + Shift + C)”. I figured this out after my first post, but thanks.

It is possible there is a configuration problem with my Ubuntu installation, even though it so far works for everything else; email, web server for multiple domains, Subversion and Git servers, Samba, NFS, etc., and until recently, Asterisk 11.25.1. The only thing which might have changed is the Kernel version with auto-magically applied security updates from canonical-livepatch service. https://insights.ubuntu.com/2016/10/20/live-kernel-patching-from-canonical-now-available-for-ubuntu/ (why I posted the Kernel version in my first posting).

What’s next? If you are in a position to help, I could email the file to you.


#10

That relates to the settings in manager.conf, not sip.conf, and only affects AMI.


#11

Without those parts of the log, it is difficult to be sure what these represent, but Asterisk will not be dealing with the 0.0.0.0 address once the socket is bound, so most of the addresses logged will be actual addresses.


#12

Is IPTABLES running? Can you stop it and then try again with the output of iptables -nL


#13

Now we’re getting somewhere. After stopping FireHOL/iptables local and remote devices are able to register using Asterisk 13.15.0.

This is starting to look like a change in behavior with FireHOL 2.0.3/iptables 1.6.0/Kernel 4.4.0-72-generic in combination with Asterisk 11.25.1 and 13.15.0.

I’m still in the middle of investigating, but thought I’d report some progress. I still don’t understand why the LAN side of Asterisk, which should not be firewalled is acting like it is firewalled from Asterisk’s point of view. Nothing else is experiencing this issue… for instance Samba still works.

Since you asked for output with iptables off, here is a slightly altered dump (to protect domain names and external IP’s) of what I saw:

root@pluto:/etc/asterisk# ./debug   
Broadcast message from systemd-journald@pluto (Sun 2017-04-16 09:43:37 PDT):

FireHOL[19697]: Firewall has been stopped. Policy is ACCEPT EVERYTHING!


Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)



target     prot opt source               destination         
tcp        0      0 127.0.0.1:5038          0.0.0.0:*               LISTEN      19718/asterisk  
udp        0      0 0.0.0.0:5060            0.0.0.0:*                           19718/asterisk  




tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
09:44:00.898711 IP (tos 0x68, ttl 250, id 47986, offset 0, flags [none], proto UDP (17), length 522)
    192.168.90.15.5060 > 192.168.90.3.5060: SIP, length: 494
        REGISTER sip:pluto.MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 192.168.90.15:5060;branch=z9hG4bK-d013ae43
        From: Home 1 <sip:LINE1@pluto.MyDomain.com>;tag=f5d5d3091ef9d50co0
        To: Home 1 <sip:LINE1@pluto.MyDomain.com>
        Call-ID: b06a9248-f30e8565@192.168.90.15
        CSeq: 31233 REGISTER
        Max-Forwards: 70
        Contact: Home 1 <sip:LINE1@192.168.90.15:5060>;expires=3600
        User-Agent: Linksys/SPA2100-3.3.9
        Content-Length: 0
        Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
        Supported: x-sipura, replaces

09:44:00.899296 IP (tos 0x60, ttl 64, id 30148, offset 0, flags [none], proto UDP (17), length 567)
    192.168.90.3.5060 > 192.168.90.15.5060: SIP, length: 539
        SIP/2.0 401 Unauthorized
        Via: SIP/2.0/UDP 192.168.90.15:5060;branch=z9hG4bK-d013ae43;received=192.168.90.15
        From: Home 1 <sip:LINE1@pluto.MyDomain.com>;tag=f5d5d3091ef9d50co0
        To: Home 1 <sip:LINE1@pluto.MyDomain.com>;tag=as6f2616e6
        Call-ID: b06a9248-f30e8565@192.168.90.15
        CSeq: 31233 REGISTER
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        WWW-Authenticate: Digest algorithm=MD5, realm="MyDomain.com", nonce="6698cf37"
        Content-Length: 0

09:44:00.908702 IP (tos 0x68, ttl 250, id 47987, offset 0, flags [none], proto UDP (17), length 519)
    192.168.90.15.5061 > 50.47.12.250.5060: SIP, length: 491
        REGISTER sip:MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 192.168.90.15:5061;branch=z9hG4bK-e278cab3
        From: Craig Line2 <sip:LINE2@MyDomain.com>;tag=72025b21718d2bd4o1
        To: Craig Line2 <sip:LINE2@MyDomain.com>
        Call-ID: eb393311-e74ab330@192.168.90.15
        CSeq: 44722 REGISTER
        Max-Forwards: 70
        Contact: Craig Line2 <sip:LINE2@192.168.90.15:5061>;expires=3600
        User-Agent: Linksys/SPA2100-3.3.9
        Content-Length: 0
        Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
        Supported: x-sipura, replaces

09:44:00.909200 IP (tos 0x60, ttl 64, id 30151, offset 0, flags [none], proto UDP (17), length 565)
    192.168.90.3.5060 > 192.168.90.15.5061: SIP, length: 537
        SIP/2.0 401 Unauthorized
        Via: SIP/2.0/UDP 192.168.90.15:5061;branch=z9hG4bK-e278cab3;received=192.168.90.15
        From: Craig Line2 <sip:LINE2@MyDomain.com>;tag=72025b21718d2bd4o1
        To: Craig Line2 <sip:LINE2@MyDomain.com>;tag=as1d315455
        Call-ID: eb393311-e74ab330@192.168.90.15
        CSeq: 44722 REGISTER
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        WWW-Authenticate: Digest algorithm=MD5, realm="MyDomain.com", nonce="065d3466"
        Content-Length: 0

09:44:00.918988 IP (tos 0x68, ttl 250, id 47988, offset 0, flags [none], proto UDP (17), length 679)
    192.168.90.15.5060 > 192.168.90.3.5060: SIP, length: 651
        REGISTER sip:pluto.MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 192.168.90.15:5060;branch=z9hG4bK-f06e11c4
        From: Home 1 <sip:LINE1@pluto.MyDomain.com>;tag=f5d5d3091ef9d50co0
        To: Home 1 <sip:LINE1@pluto.MyDomain.com>
        Call-ID: b06a9248-f30e8565@192.168.90.15
        CSeq: 31234 REGISTER
        Max-Forwards: 70
        Authorization: Digest username="LINE1",realm="MyDomain.com",nonce="6698cf37",uri="sip:pluto.MyDomain.com",algorithm=MD5,response="f8d90f9d0ec2658a3e522900e0bec26c"
        Contact: Home 1 <sip:LINE1@192.168.90.15:5060>;expires=3600
        User-Agent: Linksys/SPA2100-3.3.9
        Content-Length: 0
        Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
        Supported: x-sipura, replaces

09:44:00.919298 IP (tos 0x60, ttl 64, id 30152, offset 0, flags [none], proto UDP (17), length 488)
    192.168.90.3.5060 > 192.168.90.15.5060: SIP, length: 460
        SIP/2.0 403 Forbidden
        Via: SIP/2.0/UDP 192.168.90.15:5060;branch=z9hG4bK-f06e11c4;received=192.168.90.15
        From: Home 1 <sip:LINE1@pluto.MyDomain.com>;tag=f5d5d3091ef9d50co0
        To: Home 1 <sip:LINE1@pluto.MyDomain.com>;tag=as6f2616e6
        Call-ID: b06a9248-f30e8565@192.168.90.15
        CSeq: 31234 REGISTER
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Content-Length: 0

09:44:00.921520 IP (tos 0x68, ttl 250, id 47989, offset 0, flags [none], proto UDP (17), length 670)
    192.168.90.15.5061 > 50.47.12.250.5060: SIP, length: 642
        REGISTER sip:MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 192.168.90.15:5061;branch=z9hG4bK-63215527
        From: Craig Line2 <sip:LINE2@MyDomain.com>;tag=72025b21718d2bd4o1
        To: Craig Line2 <sip:LINE2@MyDomain.com>
        Call-ID: eb393311-e74ab330@192.168.90.15
        CSeq: 44723 REGISTER
        Max-Forwards: 70
        Authorization: Digest username="LINE2",realm="MyDomain.com",nonce="065d3466",uri="sip:MyDomain.com",algorithm=MD5,response="ebf6cbac14298ab112e60bfb5305d94a"
        Contact: Craig Line2 <sip:LINE2@192.168.90.15:5061>;expires=3600
        User-Agent: Linksys/SPA2100-3.3.9
        Content-Length: 0
        Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
        Supported: x-sipura, replaces

09:44:00.922431 IP (tos 0x60, ttl 64, id 30153, offset 0, flags [none], proto UDP (17), length 585)
    192.168.90.3.5060 > 192.168.90.15.5061: SIP, length: 557
        SIP/2.0 200 OK
        Via: SIP/2.0/UDP 192.168.90.15:5061;branch=z9hG4bK-63215527;received=192.168.90.15
        From: Craig Line2 <sip:LINE2@MyDomain.com>;tag=72025b21718d2bd4o1
        To: Craig Line2 <sip:LINE2@MyDomain.com>;tag=as1d315455
        Call-ID: eb393311-e74ab330@192.168.90.15
        CSeq: 44723 REGISTER
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Expires: 3600
        Contact: <sip:LINE2@192.168.90.15:5061>;expires=3600
        Date: Sun, 16 Apr 2017 16:44:00 GMT
        Content-Length: 0

09:44:03.173972 IP (tos 0x0, ttl 241, id 29991, offset 0, flags [none], proto UDP (17), length 494)
    71.231.50.252.5060 > 50.47.12.250.5060: SIP, length: 466
        REGISTER sip:MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-2b18f613
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: "LCM VoIP" <sip:LCM@MyDomain.com>
        Call-ID: 9c8a30ea-97d9a87b@10.4.5.235
        CSeq: 63875 REGISTER
        Max-Forwards: 70
        Contact: "LCM VoIP" <sip:LCM@10.4.5.235:5060>;expires=3600
        User-Agent: Linksys/SPA942-5.1.15(a)
        Content-Length: 0
        Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
        Supported: replaces

09:44:03.174624 IP (tos 0x60, ttl 64, id 13093, offset 0, flags [none], proto UDP (17), length 564)
    50.47.12.250.5060 > 71.231.50.252.5060: SIP, length: 536
        SIP/2.0 401 Unauthorized
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-2b18f613;received=71.231.50.252;rport=5060
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=as2232b67e
        Call-ID: 9c8a30ea-97d9a87b@10.4.5.235
        CSeq: 63875 REGISTER
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        WWW-Authenticate: Digest algorithm=MD5, realm="MyDomain.com", nonce="50eef235"
        Content-Length: 0

09:44:03.206541 IP (tos 0x0, ttl 241, id 29992, offset 0, flags [none], proto UDP (17), length 643)
    71.231.50.252.5060 > 50.47.12.250.5060: SIP, length: 615
        REGISTER sip:MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-72924458
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: "LCM VoIP" <sip:LCM@MyDomain.com>
        Call-ID: 9c8a30ea-97d9a87b@10.4.5.235
        CSeq: 63876 REGISTER
        Max-Forwards: 70
        Authorization: Digest username="LCM",realm="MyDomain.com",nonce="50eef235",uri="sip:MyDomain.com",algorithm=MD5,response="a9a89c225c32cdf4918e190215d44fd3"
        Contact: "LCM VoIP" <sip:LCM@10.4.5.235:5060>;expires=3600
        User-Agent: Linksys/SPA942-5.1.15(a)
        Content-Length: 0
        Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
        Supported: replaces

09:44:03.207448 IP (tos 0x60, ttl 64, id 13094, offset 0, flags [none], proto UDP (17), length 579)
    50.47.12.250.5060 > 71.231.50.252.5060: SIP, length: 551
        SIP/2.0 200 OK
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-72924458;received=71.231.50.252;rport=5060
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=as2232b67e
        Call-ID: 9c8a30ea-97d9a87b@10.4.5.235
        CSeq: 63876 REGISTER
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Expires: 3600
        Contact: <sip:LCM@10.4.5.235:5060>;expires=3600
        Date: Sun, 16 Apr 2017 16:44:03 GMT
        Content-Length: 0

09:44:03.659500 IP (tos 0x0, ttl 241, id 29993, offset 0, flags [none], proto UDP (17), length 351)
    71.231.50.252.5060 > 50.47.12.250.5060: SIP, length: 323
        NOTIFY sip:MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-d83842e6
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165535 NOTIFY
        Max-Forwards: 70
        Event: keep-alive
        User-Agent: Linksys/SPA942-5.1.15(a)
        Content-Length: 0

09:44:03.659990 IP (tos 0x60, ttl 64, id 13107, offset 0, flags [none], proto UDP (17), length 462)
    50.47.12.250.5060 > 71.231.50.252.5060: SIP, length: 434
        SIP/2.0 200 OK
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-d83842e6;received=71.231.50.252;rport=5060
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>;tag=as6aa54b23
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165535 NOTIFY
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Content-Length: 0

09:44:18.687526 IP (tos 0x0, ttl 241, id 29996, offset 0, flags [none], proto UDP (17), length 351)
    71.231.50.252.5060 > 50.47.12.250.5060: SIP, length: 323
        NOTIFY sip:MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-d6c24076
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165536 NOTIFY
        Max-Forwards: 70
        Event: keep-alive
        User-Agent: Linksys/SPA942-5.1.15(a)
        Content-Length: 0

09:44:18.687857 IP (tos 0x60, ttl 64, id 15134, offset 0, flags [none], proto UDP (17), length 462)
    50.47.12.250.5060 > 71.231.50.252.5060: SIP, length: 434
        SIP/2.0 200 OK
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-d6c24076;received=71.231.50.252;rport=5060
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>;tag=as6aa54b23
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165536 NOTIFY
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Content-Length: 0

09:44:33.751589 IP (tos 0x0, ttl 241, id 29999, offset 0, flags [none], proto UDP (17), length 351)
    71.231.50.252.5060 > 50.47.12.250.5060: SIP, length: 323
        NOTIFY sip:MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-d0955299
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165537 NOTIFY
        Max-Forwards: 70
        Event: keep-alive
        User-Agent: Linksys/SPA942-5.1.15(a)
        Content-Length: 0

09:44:33.751845 IP (tos 0x60, ttl 64, id 15279, offset 0, flags [none], proto UDP (17), length 462)
    50.47.12.250.5060 > 71.231.50.252.5060: SIP, length: 434
        SIP/2.0 200 OK
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-d0955299;received=71.231.50.252;rport=5060
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>;tag=as6aa54b23
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165537 NOTIFY
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Content-Length: 0

09:44:48.770576 IP (tos 0x0, ttl 241, id 30003, offset 0, flags [none], proto UDP (17), length 351)
    71.231.50.252.5060 > 50.47.12.250.5060: SIP, length: 323
        NOTIFY sip:MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-d84cacf1
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165538 NOTIFY
        Max-Forwards: 70
        Event: keep-alive
        User-Agent: Linksys/SPA942-5.1.15(a)
        Content-Length: 0

09:44:48.770922 IP (tos 0x60, ttl 64, id 18323, offset 0, flags [none], proto UDP (17), length 462)
    50.47.12.250.5060 > 71.231.50.252.5060: SIP, length: 434
        SIP/2.0 200 OK
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-d84cacf1;received=71.231.50.252;rport=5060
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>;tag=as6aa54b23
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165538 NOTIFY
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Content-Length: 0

09:45:03.833472 IP (tos 0x0, ttl 241, id 30006, offset 0, flags [none], proto UDP (17), length 351)
    71.231.50.252.5060 > 50.47.12.250.5060: SIP, length: 323
        NOTIFY sip:MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-457b1a3d
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165539 NOTIFY
        Max-Forwards: 70
        Event: keep-alive
        User-Agent: Linksys/SPA942-5.1.15(a)
        Content-Length: 0

09:45:03.833798 IP (tos 0x60, ttl 64, id 21630, offset 0, flags [none], proto UDP (17), length 462)
    50.47.12.250.5060 > 71.231.50.252.5060: SIP, length: 434
        SIP/2.0 200 OK
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-457b1a3d;received=71.231.50.252;rport=5060
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>;tag=as6aa54b23
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165539 NOTIFY
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Content-Length: 0

09:45:16.317159 IP (tos 0x68, ttl 250, id 48096, offset 0, flags [none], proto UDP (17), length 886)
    192.168.90.15.5061 > 50.47.12.250.5060: SIP, length: 858
        INVITE sip:2062035640@MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 192.168.90.15:5061;branch=z9hG4bK-a1c418d3
        From: Craig Line2 <sip:LINE2@MyDomain.com>;tag=5411ac631cd60087o1
        To: <sip:2062035640@MyDomain.com>
        Remote-Party-ID: Craig Line2 <sip:LINE2@MyDomain.com>;screen=yes;party=calling
        Call-ID: ac2ace93-f5ebc417@192.168.90.15
        CSeq: 101 INVITE
        Max-Forwards: 70
        Contact: Craig Line2 <sip:LINE2@192.168.90.15:5061>
        Expires: 240
        User-Agent: Linksys/SPA2100-3.3.9
        Content-Length: 259
        Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
        Supported: x-sipura, replaces
        Content-Type: application/sdp

        v=0
        o=- 12240655 12240655 IN IP4 192.168.90.15
        s=-
        c=IN IP4 192.168.90.15
        t=0 0
        m=audio 16468 RTP/AVP 0 100 101
        a=rtpmap:0 PCMU/8000
        a=rtpmap:100 NSE/8000
        a=fmtp:100 192-193
        a=rtpmap:101 telephone-event/8000
        a=fmtp:101 0-15
        a=ptime:20
        a=sendrecv
09:45:16.317896 IP (tos 0x60, ttl 64, id 33173, offset 0, flags [none], proto UDP (17), length 475)
    192.168.90.3.5060 > 192.168.90.15.5061: SIP, length: 447
        SIP/2.0 403 Forbidden
        Via: SIP/2.0/UDP 192.168.90.15:5061;branch=z9hG4bK-a1c418d3;received=192.168.90.15
        From: Craig Line2 <sip:LINE2@MyDomain.com>;tag=5411ac631cd60087o1
        To: <sip:2062035640@MyDomain.com>;tag=as33263270
        Call-ID: ac2ace93-f5ebc417@192.168.90.15
        CSeq: 101 INVITE
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Content-Length: 0

09:45:16.325215 IP (tos 0x68, ttl 250, id 48097, offset 0, flags [none], proto UDP (17), length 419)
    192.168.90.15.5061 > 50.47.12.250.5060: SIP, length: 391
        ACK sip:2062035640@MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 192.168.90.15:5061;branch=z9hG4bK-a1c418d3
        From: Craig Line2 <sip:LINE2@MyDomain.com>;tag=5411ac631cd60087o1
        To: <sip:2062035640@MyDomain.com>;tag=as33263270
        Call-ID: ac2ace93-f5ebc417@192.168.90.15
        CSeq: 101 ACK
        Max-Forwards: 70
        Contact: Craig Line2 <sip:LINE2@192.168.90.15:5061>
        User-Agent: Linksys/SPA2100-3.3.9
        Content-Length: 0

09:45:18.850841 IP (tos 0x0, ttl 241, id 30009, offset 0, flags [none], proto UDP (17), length 351)
    71.231.50.252.5060 > 50.47.12.250.5060: SIP, length: 323
        NOTIFY sip:MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-8433674d
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165540 NOTIFY
        Max-Forwards: 70
        Event: keep-alive
        User-Agent: Linksys/SPA942-5.1.15(a)
        Content-Length: 0

09:45:18.851123 IP (tos 0x60, ttl 64, id 25287, offset 0, flags [none], proto UDP (17), length 462)
    50.47.12.250.5060 > 71.231.50.252.5060: SIP, length: 434
        SIP/2.0 200 OK
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-8433674d;received=71.231.50.252;rport=5060
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>;tag=as6aa54b23
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165540 NOTIFY
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Content-Length: 0

09:45:33.915034 IP (tos 0x0, ttl 241, id 30012, offset 0, flags [none], proto UDP (17), length 351)
    71.231.50.252.5060 > 50.47.12.250.5060: SIP, length: 323
        NOTIFY sip:MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-c9b0db6a
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165541 NOTIFY
        Max-Forwards: 70
        Event: keep-alive
        User-Agent: Linksys/SPA942-5.1.15(a)
        Content-Length: 0

09:45:33.915300 IP (tos 0x60, ttl 64, id 26530, offset 0, flags [none], proto UDP (17), length 462)
    50.47.12.250.5060 > 71.231.50.252.5060: SIP, length: 434
        SIP/2.0 200 OK
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-c9b0db6a;received=71.231.50.252;rport=5060
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>;tag=as6aa54b23
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165541 NOTIFY
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Content-Length: 0

09:45:48.932583 IP (tos 0x0, ttl 241, id 30015, offset 0, flags [none], proto UDP (17), length 351)
    71.231.50.252.5060 > 50.47.12.250.5060: SIP, length: 323
        NOTIFY sip:MyDomain.com SIP/2.0
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-42bf1bbf
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165542 NOTIFY
        Max-Forwards: 70
        Event: keep-alive
        User-Agent: Linksys/SPA942-5.1.15(a)
        Content-Length: 0

09:45:48.932861 IP (tos 0x60, ttl 64, id 27875, offset 0, flags [none], proto UDP (17), length 462)
    50.47.12.250.5060 > 71.231.50.252.5060: SIP, length: 434
        SIP/2.0 200 OK
        Via: SIP/2.0/UDP 10.4.5.235:5060;branch=z9hG4bK-42bf1bbf;received=71.231.50.252;rport=5060
        From: "LCM VoIP" <sip:LCM@MyDomain.com>;tag=3dd02a29ad5e7857o0
        To: <sip:MyDomain.com>;tag=as6aa54b23
        Call-ID: 45859dd1-3f0b58cf@10.4.5.235
        CSeq: 165542 NOTIFY
        Server: Asterisk PBX 13.15.0
        Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
        Supported: replaces, timer
        Content-Length: 0

^C
31 packets captured
31 packets received by filter
0 packets dropped by kernel

root@pluto:/etc/asterisk#

#14

Well then you need to check your firewall rules, I mean if your rules are not allowing LAN access to port 5060 and the RTP defined then it will not work.


#15

Yeah, I know this. Asterisk worked for over a year with my current firewall settings, port 5060 open, etc. I even got QoS setup and Asterisk calls were smooth as glass even when the internet connection was 95%+ utilized.

My point is the firewall rules worked and were vetted for more than a year. Then just stopped working at 6:54pm 10-Apr-2017 (when registrations at my VoIP-PSTN provider stopped). Nothing was actively updated on my end. This is not a new installation, or even a changing installation.

So why shutting down the firewall would make things suddenly work when nothing in the firewall changed for a year is a mystery. But now I have a place to start looking. Thanks.

Probably the thing to do is strip the firewall down to bare minimum to see if it works. Then start adding rules back in to see where it breaks. I have some things in there which work extremely well, like http://www.star2billing.com/securing-asterisk/ that I’d like to keep.

I have a bunch of other things I need to get done today, like taxes, yard work (finally, a day without rain in Seattle), before I can get back to this high priority task.


#16

Got Asterisk 11.25.1 LTS working again!

This was totally my fault (and yes, I feel bad). The problem was my Firewall rules. My Asterisk system was seeing more script type attacks and I added an iptables rule to detect and block the attack. The “failure” caused by this new rule didn’t happen immediately.

Once that rule was removed and firewall+asterisk reset, service returned. BTW I do highly recommend the Star2Billing script blocking formulas pointed to in my last message. They work and are effective.

Thank you navaisma and david551 for all your help and support!


#17

if you are seeing script atacks have a look at a piece wrote some years ago

Ian