Asterisk, inbound routing and DNS SRV

Hello everyone. I am having an issue with Asterisk and Callcentric. I’ve been looking at this for a while now and so far I have come up with a solution but I’m not sure if it’s the best one.

Technical information:
Asterisk version = 1.2.13/freePBX 2.0
OS = Gentoo
Asterisk is bound to local IP (bindaddr=)

Callcentric trunk (sip_additional.conf):
[callcentric]
qualify=8000
auth=md5
context=from-pstn
fromdomain=callcentric.com
fromuser=1777XXXXXXX
host=callcentric.com
insecure=port,invite
secret=
type=peer
username=1777XXXXXXX

General settings (sip.conf):
[general]
srvlookup=yes
bindport=5060
bindaddr=
disallow=all
allow=ulaw
allow=alaw
context=from-trunk
tos=0x68

Ok so first the problem. I am using Callcentric with DNS SRV (srvlookup=yes). What happens is that when the registration changes between Callcentric’s servers (alpha1.callcentric.com/204.11.192.22 and alpha2.callcentric.com/204.11.192.22), and the current resolved IP (204.11.192.23 for example) is different from the one Asterisk originally registers to (204.11.192.22 for example), incoming calls fail.

I have found that setting the context directive (context-from-pstn) in sip.conf allows all incoming a calls to work. I am basically wondering:

1 - If there is another way around this as I am told that setting the context in the [general] section allows anonymous incoming calls.
2 - If this solution is secure and if it isn’t can I secure it more?
3 - That I was told I could add my DID to the end of my register string (1777XXXXXX:@callcentric.com/DID) to secure my setup a bit more. But what if I order more DIDs from Callcentric. How do I get around this?

I was also recommended to add their IP block (permit=204.11.192.0/24) to my trunk or in sip.conf but this didn’t work.

I hope I explained my problem properly :smile:. I have been having a headache with this and dunno where to turn.

Ok after some grueling testing and working with Callcentric they have come up with the following which seems to work so far. Can any one confirm this?

"Hello,

We have been testing this issue and have come up with some changes which we believe should keep your Asterisk secure and at the same time allow you to do DID based routing. You can follow the instructions below:

1 - You should add the “context=from-trunk” or “context=” to the sip.conf file.
2 - To secure your Asterisk setup further you can add your Callcentric 1777 number to the end of your register string to accept incoming calls only to your Callcentric account, including any DIDs on your account. For example:

register => 1777MYCCID:SUPERSECRET@callcentric.com/1777MYCCID

Then you can use the following to route based on the called number, you can name this context whatever you want, this can be done directly from the trixbox interface for editing configuration files:

[incoming]
exten => s,1,Set(Var_TO=${SIP_HEADER(TO)})
exten => s,2,GotoIf($["${Var_TO}" = “sip:1777MYCCID@callcentric.com”]?extension2,s,1:3)
exten => s,3,GotoIf($["${Var_TO}" = “sip:1646MYCCDID@ss.callcentric.com”]?extension1,s,1:4)
exten => s,4,GotoIf($["${Var_TO}" = “sip:44207MYCCDID@ss.callcentric.com”]?extension2,s,1:5)
exten => h,5,Macro(hangupcall)

The example above shows how to route based on the information returned by Callcentric’s servers.

If using trixbox you will then have to set your Callcentric inbound route to send incoming calls to the “Custom App” with a value of “incoming,s,1”.

We hope to have a guide for this done within the next two weeks. You can check back later with us for more information."