Asterisk 16 PJSIP Multiple IP Addresses . Answer from wrong network interface

Asterisk Asterisk SIP
1

Hello!

OS: debian 10  (virtual machine) 
Asterisk 16  (PJSIP channel driver) 
Asterisk was install from standard repositories ( apt install asterisk)

ast1*CLI> core show version 
Asterisk 16.2.1~dfsg-1+deb10u1 built by nobody @ buildd.debian.org on a unknown running Linux on 2019-08-20 20:31:36 UTC

Virtual machine has 3 virtual network card:

ens18   192.168.129.33/24 – internal network , connect 1 IP phone for test purposes, default route
ens19   10.16.6.2/30 – connect to sip provider №1 , sip trunk by IP address
ens20   10.26.2.2/30 – connect to sip provider №2 , sip trunk by IP address

root@ast1:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether c2:cc:da:c8:6a:24 brd ff:ff:ff:ff:ff:ff
    inet 192.168.129.33/24 brd 192.168.129.255 scope global ens18
       valid_lft forever preferred_lft forever
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 3e:1f:7c:7e:a6:a2 brd ff:ff:ff:ff:ff:ff
    inet 10.16.6.2/30 brd 10.16.6.3 scope global ens19
       valid_lft forever preferred_lft forever
4: ens20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 7a:90:cd:94:28:fb brd ff:ff:ff:ff:ff:ff
    inet 10.26.2.2/30 brd 10.26.2.3 scope global ens20
       valid_lft forever preferred_lft forever

root@ast1:~# ip route
default via 192.168.129.1 dev ens18 onlink 
10.16.6.0/30 dev ens19 proto kernel scope link src 10.16.6.2 
10.26.2.0/30 dev ens20 proto kernel scope link src 10.26.2.2 
172.27.240.192/30 via 10.16.6.1 dev ens19 
192.168.129.0/24 dev ens18 proto kernel scope link src 192.168.129.33

I have 2 problems:
1 Problem . Asterisk was receive OPTIONS package from 10.26.2.1 to interface ens20 10.26.2.2 . Asterisk should respond with the same interface ens20 , but transmit package from another interface ens18 192.168.129.33 to 10.26.2.1 . This is not correct. Screenshots was attached.

OPTIONS
OPTIONS1912×823 130 KB

OPTIONS-FLOW
OPTIONS-FLOW1167×579 36 KB

Where the condition is configured that, for example, the OPTIONS request came from the address 10.26.2.1 to the address 10.26.2.2, so you need to respond 200 OK from the address 10.26.2.2 to the address 10.26.2.1, but not from the address 192.168.129.33 to the address 10.26.2.1 , through another network card?

  1. Problem. INVITE are not correct . When I try to make send call from 10.26.2.2 to 10.26.2.1 - call working (SIP & RTP) , but in INVITE pcap not all correct. IP addresses in fields FROM and TO is correct. But IP addresses in fields VIA and Contact are not correct , for some reason, IP addresses are not substituted from the transport interface , they are substituted from the another interface , from 1-st network card (default route). This is not correct. Also, when call was end , final packet 200 OK was transmit from wrong interface , from 1-st network card (default route).
    Screenshots was attached.
    CALL
    CALL1490×437 57 KB

    pcap-INVITE
    pcap-INVITE1915×800 142 KB

I try to repeat instruction https://wiki.asterisk.org/wiki/display/AST/PJSIP+Transport+Selection (Section IPv4 Only (Multiple Interfaces)) . But it seems to me that either I configured something incorrectly, or it’s some kind of bug .

At the same time, the routes are configured correctly, the vast majority of packets go through the necessary interfaces.

2

There have been changes and fixes since that version of Asterisk, I’d suggest updating. If that still doesn’t work then the actual PJSIP configuration in Asterisk will also be needed.

3

Hello, @jcolp .

At your advice, I setup staging server debian10 , and install Asterisk from source.

ast-staging*CLI> core show version
Asterisk 16.9.0 built by root @ ast-staging on a x86_64 running Linux on 2020-04-26 13:46:47 UTC
ast-staging*CLI> pjsip show version
PJPROJECT version currently running against: 2.9

Transfer pjsip.conf and extentions.conf to stagiing server and begin to test .

1 Problem . Asterisk answer to OPTIONS request from wrong interface - was unresolved.
Pcap screnshot was attached.

OPTIONS
OPTIONS1871×871 45.4 KB

OPTIONS-FLOW
OPTIONS-FLOW1363×636 14.7 KB

2 Problem . Wrong VIA and Contact fileds in INVITE request. And final response 200 OK answer from wrong interface - was resolved. Thanks! =) . Pcap screnshot was attached.

INVITE
INVITE1750×864 49.2 KB

INVITE-FLOW
INVITE-FLOW1106×650 9.82 KB

4

What do you mean by the wrong interface? The resilience of IP comes from the ability to use any interface, at any hop, that has a route to the destination IP address. IP addresses were originally global, and even now there should be no ambiguity between public and private addresses

5

Network card in virtual machine.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens18
iface ens18 inet static
	address 192.168.129.33/24
	gateway 192.168.129.1
	# dns-* options are implemented by the resolvconf package, if installed
	dns-nameservers 77.88.8.8 77 77.88.8.1 8.8.8.8

# Interface for Provider №2  #VLAN 1002
allow-hotplug ens19
iface ens19 inet static
        address 10.16.6.2/30
        #Static routes for Provider 2 SIP Server
        up ip route add 172.27.240.192/30 via 10.16.6.1
        down ip route del 172.27.240.192/30 via 10.16.6.1

# Interface for Provider №1 LOCAL SIP traffic #VLAN 2000
allow-hotplug ens20
iface ens20 inet static
        address 10.26.2.2/30

@jcolp , also paste here pjsip.conf .

[global]
user_agent=smg_pa_sip 3.17.1.5
keep_alive_interval=90

; Transport for provider 1
[transport-provider1-udp]
type=transport
protocol=udp
bind=10.26.2.2:5060
local_net=10.26.2.0/30
symmetric_transport=yes
tos=cs3
cos=3

;AOR for provider 1
[aor-provider1]
type=aor
contact=sip:10.26.2.1:5060

;Identyfy for provider 1
[identify-provider1]
type=identify
endpoint=endpoint-provider1
match=10.26.2.1 ;SIP&RTP Provider Server

; Endpoint for provider 1
[endpoint-provider1]
type=endpoint
transport=transport-provider1-udp
context=provider1-in
disallow=all
allow=alaw
allow=ulaw
allow=g729
aors=aor-provider1
from_domain=10.26.2.2
media_address=10.26.2.2
bind_rtp_to_media_address=yes
direct_media=no
inband_progress=yes
user_eq_phone=yes
force_rport=no
rtp_symmetric=no
rewrite_contact=no
100rel=no
tos_audio=ef
cos_audio=5


; Transport for provider 2
[transport-provider2-udp]
type=transport
protocol=udp
bind=10.16.6.2:5060
tos=cs3
cos=3

;AOR for provider 2
[aor-provider2]
type=aor
contact=sip:172.27.240.193:5060 ;SIP Provider Server

;Identyfy for provider 2
[identify-provider2]
type=identify
endpoint=endpoint-provider2
match=172.27.240.193 ;SIP Server
match=172.27.240.194 ;RTP Server

; Endpoint for provider 2
[endpoint-provider2]
type=endpoint
transport=transport-provider2-udp
context=provider2-in
disallow=all
allow=alaw
allow=ulaw
allow=g729
aors=aor-provider2
from_domain=10.16.6.2
media_address=10.16.6.2
direct_media=no
send_diversion=yes
tos_audio=ef
cos_audio=5

; Transport for test purpuses . Connect 1 IP phone system administrator
[transport-service-network-udp]
type=transport
protocol=udp
bind=192.168.129.33:5060
local_net=192.168.129.0/24
local_net=192.168.64.0/24
local_net=192.168.77.0/24
tos=cs3
cos=3

;AOR for local IP phone. For test purposes. Connect 1 IP phone system administrator
[aor-4957777777]
type=aor
contact=sip:4957777777@192.168.77.230:5060

;Identify for test number 4957777777 . Connect 1 IP phone system administrator 
[identify-4957777777]
type=identify
endpoint=4957777777
match=192.168.77.230 ;SIP&RTP


; Endpoint for test number 4957777777 Connect 1 IP phone system administrator 
[4957777777]
type=endpoint
transport=transport-service-network-udp
context=service-network-in
disallow=all
allow=alaw
allow=ulaw
allow=g729
aors=aor-4957777777
from_domain=192.168.129.33
media_address=192.168.129.33
direct_media=no
tos_audio=ef
cos_audio=5
6

Hello!

Today (04/29/2020) I installed Asterisk 17 from the source code.

ast-staging*CLI> core show version
Asterisk 17.3.0 built by root @ ast-staging on a x86_64 running Linux on 2020-04-28 13:04:08 UTC
ast-staging*CLI> pjsip show version
PJPROJECT version currently running against: 2.9

The problem is when the Asterisk responds to OPTIONS with the wrong interface saved.

The problem can be divided into 2 cases:

  1. When my Asterisk is the initiator of OPTIONS requests ( qualify_frequency=30 in contact section ) . In this case, everything works correctly.

    OPTIONS_REQUEST
    OPTIONS_REQUEST1914×892 48.5 KB

  2. When the provider sends me an OPTIONS request (provider - initiator of OPTIONS requests ) . Astersik was answer from wrong interface.

    OPTIONS_RESPONSE
    OPTIONS_RESPONSE1905×873 55.7 KB

pcap logs was attached .Please change extension txt -> pcap. And open in wireshark.
dump-ens20.txt (7.6 KB)

7

@jcolp , Hello .
You tried to repeat my scheme?
This behavior Asterisk is a bug or feature ?

8

I didn’t reproduce the issue. If you believe there is one you can file an issue[1]. Note there is no timeframe on if or when it would be looked into or resolved.

[1] https://issues.asterisk.org/jira

9

Hello, @jcolp . I was resolved problem . The problem was in transport section.
I read instruction https://wiki.asterisk.org/wiki/display/AST/PJSIP+Transport+Selection
And try to repeat this

transport
transport1328×103 2.14 KB

I try to configure a transport for each interface . This is very big mistake. This is the root of all the problem. This is not work normaly.
Then I try to configure one transport for all interfaces, all started working fine.
Below is an example of a working config.

[transport-all-udp]
type=transport
protocol=udp
bind=0.0.0.0:5060
local_net=192.168.129.0/24 ; Network on 1-st network card
local_net=192.168.64.0/24  ; Network on 1-st network card
local_net=192.168.77.0/24  ; Network on 1-st network card 
local_net=10.16.2.0/30 ; Network on 2-st network card  (Provider №1)
local_net=10.26.2.0/30  ; Network on 3-st network card (Provider №2)
local_net=172.27.240.192/30  ; Network on 2-st network card  (Provider №1)
allow_reload=yes
symmetric_transport=yes
tos=cs3
cos=3

Below is an example of a NON-WORKING config

; Transport for local clients
[transport-local-service-network-udp]
type=transport
protocol=udp
bind=192.168.129.33:5060
domain=192.168.129.33
local_net=192.168.129.0/24
local_net=192.168.64.0/24
local_net=192.168.77.0/24
symmetric_transport=yes
tos=cs3
cos=3

; Transport for provider №1
[transport-provider1-fmn-udp]
type=transport
protocol=udp
bind=10.16.6.2:5060
domain=10.16.6.2
local_net=10.16.2.0/30
local_net=172.27.240.192/30
symmetric_transport=yes
tos=cs3
cos=3

;Transport for provider №2 
[transport-provider2-local-udp]
type=transport
protocol=udp
bind=10.26.2.2:5060
local_net=10.26.2.0/30
symmetric_transport=yes
tos=cs3
cos=3
1 Like
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.