Connecting two asterisk servers username mismatch

Asterisk Asterisk SIP
1

I have an existing openwrt gateway that works well with asterisk, I have an elderly relative that needs to be able to call me so I have set up a second openwrt gateway with asterisk with him.
Both have a wireguard tunnel connecting them.
I have successfully registered both boxes with each other. But can not get the phones to dial each other.
I have read ‘Connecting Two Asterisk Boxes Together via SIP’ in the document ‘Asterisk_ The Future of Telephony’ but I still cant get it to work.
I tried to make Server A (ME) dial 555 to call Server B (John) and Server B call 666 to call Server A.
‘Home’ is used to connect my gateway device (touch tone phone) to asterisk. Home is registered to asterisk as it is used for the other external sip providers.

I get the following errors when I try to make a call from Server A using 555-

== Using SIP RTP CoS mark 5
    -- Executing [555@phones:1] Dial("SIP/home-00000016", "SIP/John") in new stack
  == Using SIP RTP CoS mark 5
    -- Called SIP/John
[Feb 19 18:16:01] WARNING[14914][C-0000000d]: chan_sip.c:24127 handle_response_invite: Received response: "Forbidden" from '"home" <sip:home@172.23.14.1>;tag=as1b9d452f'
  == Everyone is busy/congested at this time (1:0/0/1)
    -- Executing [555@phones:2] Hangup("SIP/home-00000016", "") in new stack
  == Spawn extension (phones, 555, 2) exited non-zero on 'SIP/home-00000016'
    -- Unregistered SIP 'home'
    -- Registered SIP 'home' at xxx.xxx.xxx.x:5065
[Feb 19 18:16:02] NOTICE[14914]: chan_sip.c:28519 handle_request_subscribe: Received SIP subscribe for peer without mailbox: home

and Server B shows-

[Feb 19 17:13:53] WARNING[14914][C-0000000c]: chan_sip.c:17332 check_auth: username mismatch, have <home>, digest has <John>
[Feb 19 17:13:53] NOTICE[14914][C-0000000c]: chan_sip.c:26418 handle_request_invite: Failed to authenticate device "home" <sip:home@172.23.14.2>;tag=as752658ba
[Feb 19 17:15:17] NOTICE[14914]: chan_sip.c:28519 handle_request_subscribe: Received SIP subscribe for peer without mailbox: home

Calling from Server B to Server A dose the same thing.

Below are Server A and Server B’s sip.conf and extensions.conf
(I had to remove password form sip.conf for the connection as it was giving errors).
Server A-
sip.conf

register => ME:@172.23.14.2/John

; # Phones #
[home]
        type=friend
        context=phones
        allow=ulaw,alaw
        secret=secrethome
        host=dynamic
[mobile-home]
        type=friend
        context=phones
        allow=ulaw,alaw
        secret=secretmhome
        host=dynamic
[John]
        type=friend
        context=John
        allow=ulaw,alaw
        secret=
        host=dynamic
        insecure=invite
        defaultuser=John
; # Sip Providers details #
[Provider1]
        type=friend
        context=P1
        allow=ulaw,alaw
        secret=xxxxxxx
        host=voice.service.com
        nat=force_rport,comedia
        insecure=invite
        fromdomain=voice.service.com
        defaultuser=xxxxxxxxxx
[Provider2]
        type=friend
        context=P2
        allow=ulaw,alaw
        secret=yyyyyyyyy
        host=sip.serv.com
        nat=force_rport,comedia
        insecure=invite
        fromdomain=sip.serv.com
        defaultuser=xxxxxxxxxxxx

extensions.conf

; # Incoming #
[P1]
exten => xxxxxxx,1,Goto(phones,333,1)
[John]
exten => 666,1,Goto(phones,333,1)

; # Internal Devices #
[phones]
exten => 111,1,Dial(SIP/home)
same => n,Hangup

exten => 222,1,Dial(SIP/mobile-home)
same => n,Hangup

exten => 555,1,Dial(SIP/John)
same => n,Hangup

; # Block caller list #
exten => 333,1,NoOp(${CALLERID(num)})
same => n,GotoIf($["${DB(blockcaller/${CALLERID(num)})}" != "1"]?allowed)
same => n,Playback(Number_not_avaliable)
same => n,Hangup()
same => n(allowed),Ringing                          ;caller hears ringing tone
same => n,Queue(home)                               ;call Queue
same => n,Hangup()

; # Outgoing Dials #

; # Dial Extension Provider2 #
exten => _2X.,1,Goto(outgoing,${EXTEN:1},1)          ;press 2 for P2

; # Dial Extension Provider1 #
exten => _X.,1,NoOp(${CALLERID(num)})
same => n,Set(CALLERID(num)=xxxxxxxxx)
same => n,Goto(outgoing,${EXTEN},2)


; # Outgoing Providers #
[outgoing]
exten => _X.,1,Dial(SIP/P2/${EXTEN})
exten => _X.,2,Dial(SIP/P1/${EXTEN})

Server B-
sip.conf

register => John:@172.23.14.1/ME

[home]
        type=friend
        context=phones
        allow=ulaw,alaw
        secret=secrethome
        host=dynamic
[ME]
        type=friend
        context=John
        allow=ulaw,alaw
        secret=
        host=dynamic
        insecure=invite
        defaultuser=ME

extensions.conf

; # Incoming #
[ME]
exten => 555,1,Goto(phones,333,1)

; # Internal Devices #
[phones]
exten => 111,1,Dial(SIP/home)
same => n,Hangup

exten => 222,1,Dial(SIP/mobile-home)
same => n,Hangup

exten => 666,1,Dial(SIP/ME)
same => n,Hangup

exten => 333,1,NoOp()
same => n,Ringing                          ;caller hears ringing tone
same => n,Hangup()

Can someone tell me what I am doing wrong? Please :slight_smile:

2

chan_sip is no longer supported, and has been deprecated for a long time, so there is little knowledge of it amongst most contributors here. It has been completely removed from the latest two versions of Asterisk.

You are over using type=friend. It is likely that all should be type=peer. Having the same type=friend at both ends is asking for trouble.

It doesn’t make sense to have both sides dynamic. If you know the address for the register line, you know it for the host line.

There may be more, but I;ve had to scroll lots of times to get this far.

This is small enough that you should do a complete rework with the, currently supported, chan_pjsip.

3

Thanks for the fast reply David, I was hoping for a quick fix as I no nothing about pjsip and I read that sip can have less problems. I do volunteer work for the elderly and that is why I started to use asterisk as they all need landlines. I will try to do some reading on pjsip. In the meantime, maybe someone else here knows how I can fix what I have?

4

It would help if you could rearrange the information in the order in in which it is processed, and with just the relevant bit: outbound part of extensions.conf. outbound peer, inbound peer.

The likely cause is that the wrong peer is being matched at the remote end. It is trying to match the peer named “home”.

If there is a tunnel, there should be no need to match by name, at all, and no need to register, from either end.

Are you sure you actually need the Asterisk at the remote end? Can you not directly access the remote phone?

(If chan_sip is so easy to set up, why does nearly every (or every) provider get it wrong (meaningless options, obsolete names, excessive insecurity).)

5

It would help if you could rearrange the information in the order in in which it is processed, and with just the relevant bit: outbound part of extensions.conf. outbound peer, inbound peer.

Yes this might make it clear, I will try it.

The likely cause is that the wrong peer is being matched at the remote end. It is trying to match the peer named “home”.

It is trying to match ‘home’ with John and I don’t know why as home is the connection between the device (phone) and asterisk not the connection from asterisk ‘John’ to asterisk ME which has John extension. In my mind it looks like this=
Home(phone)=>asterisk(ME)[sip/John]==>asterisk(John)
so it should match sip/John with asterisk(John) not home.

If there is a tunnel, there should be no need to match by name, at all, and no need to register, from either end.

Are you sure you actually need the Asterisk at the remote end? Can you not directly access the remote phone?

I do not know how to get asterisk to connect to the phone on gateway B through the wireguard tunnel I just know the ends are ip’s 172.23.14.1 and 172.23.14.2. Maybe the problem is not the sip.conf and extensions.conf, maybe it acts differently through the tunnel. I am no expert in either asterisk or wireguard.
I will play with both the above and see if another approach will work.

(If chan_sip is so easy to set up, why does nearly every (or every) provider get it wrong (meaningless options, obsolete names, excessive insecurity).)

You are probably right, I am just an amateur. I will see if there is an easy way to convert my sip to pjsip, maybe ChatGTP can help me.
Although I am not sure if I have to add more packages if I am changing to pjsip on my device or if pjsip will work on my device. It gets complicated…

6

You really need to fix the chan_sip configuration before trying to do any automated conversion. The best way of configuring is to do it from first principles, or at least from res_pjsip Configuration Examples - Asterisk Documentation

7

Thanks for the link very helpful. I have a spare device I might try set up pjsip on it and see if it works, before I break the existing setup. :slight_smile:

8

I was able to figure out how to do this myself.
In sip.conf change the contex-
Server A-

; # Remote asterisk users #
[John]
        type=friend
        context=John_incoming       ;where to look in the extensions.conf file   
        allow=ulaw,alaw
        secret=
        host=172.23.14.4            ;wireguard tunnel, opposite end (johns end)

Server B-

; # Remote asterisk users #
[ME]
        type=friend
        context=ME_incoming         ;where to look in the extensions.conf file
        allow=ulaw,alaw
        secret=
        host=172.23.14.1            ;wireguard tunnel, opposite end (ME end)

In extensions.conf add the following which will allow one end to dial 2 and the other end to dial 555 for the opposite extensions.
Server A-

[incoming_calls]

[phones]
include => internal
include => remote

[internal]                                  ;incoming calls
exten => _2,1,NoOp()                        ;if 2 comes in from outside
exten => _2,n,Dial(SIP/home,30)        ;dial home phone
exten => _2,n,Hangup()                      ;hang up

[remote]                                    ;outgoing calls
exten => _555,1,NoOp()                      ;if 555 is dialled
exten => _555,n,Dial(SIP/John/${EXTEN})     ;go to sip.conf [John] where it connects to other box and sends dialled number 2
exten => _555,n,Hangup()                    ;hangup

[John_incoming]
include => internal

Server B-

[incoming_calls]

[phones]
include => internal
include => remote

[internal]                                      ;incoming calls
exten => _555,1,NoOp()                          ;if 555 comes in from outside
exten => _555,n,Dial(SIP/home,30)               ;dial home phone
exten => _555,n,Hangup()                        ;hangup

[remote]                                        ;outgoing calls
exten => _2,1,NoOp()                            ;if 2 is dialled
exten => _2,n,Dial(SIP/ME/${EXTEN})             ;go to sip.conf [ME] where it connects to other box and sends dialed number 2
exten => _2,n,Hangup()                          ;hangup

[KL_incoming]
include => internal

Hope this helps someone else.

9

I also did some reading about converting this to pjsip and have successfully created a pjsip file, which I will test soon. However after reading this in the pjsip.conf file-

; Anonymous Calls
;
; By default anonymous inbound calls via PJSIP are not allowed. If you want to
; route anonymous calls you’ll need to define an endpoint named “anonymous”.
; res_pjsip_endpoint_identifier_anonymous.so handles that functionality so it
; must be loaded. It is not recommended to accept anonymous calls.

I will not be using PJsip as the decision to block anonymous calls by default is wrong. I know many elderly people who have withheld numbers for the very reason that big company’s they call can not log their numbers and sell this on to spammers. Shame on whoever wrote this into asterisk. Sticking with sip for our small projects.

10

That’s not referring to callerid. It’s for unidentified anonymous incoming SIP requests. That is: A random person on the internet sends your system a SIP call. Commonly done to try to find ways to place phone calls for free. By default that is not permitted. It is known in chan_sip as “allowguest”.

You can still do outgoing calls with callerid withheld, or incoming calls with callerid withheld, provided Asterisk knows the entity you’re talking to - such as a VoIP provider.

11

To maybe clarify the last reply. In the context of calls from the PSTN, it relates to the IP address of the last hop sender, generally your SIP provider. Technically it relates to any call for which an endpoint cannot be determined, as a username match would also count as not anonymous, and is the normal case for calls originated from your own site (your “extensions”, although SIP does not use that term)

Anonymous isn’t really accurate. It really means that the immediate upstream source is not known. Their IP or From user may be known, but it is not known who they really are. The IP adress is typically that of a botnet machine.

12

@ jcolp, @ david551
Thank you both for clearing that up. It would have totally messed up our system if it was blocking callerid withheld, thank God for that. I can now keep going and test my pjsip version and see if it works or needs tweaking. :slight_smile: