Fixed - Inbound calls not working with United World Telecom

Hi.

I have a vitual phone number (from United World Telecom) which fowards to sip:180@xxx.xxx.xxx.xxx (My external IP).

I tried to allow inbound call from my provider. But when i call the phone number i get no answer, no tone, no message… nothing happens. After 30 seconds (around) the call is drop.

First of all i show you all the info:

FreePBX-2.10.1(1.8.13.0)
Asterisk 1.8.13.0

Fresh installed FreePBX distro Stable-1.813.210.58 Release Date-06/08/12 64Bits

[code]Global Settings:

UDP Bindaddress: 0.0.0.0:5060
TCP SIP Bindaddress: Disabled
TLS SIP Bindaddress: Disabled
Videosupport: No
Textsupport: No
Ignore SDP sess. ver.: No
AutoCreate Peer: No
Match Auth Username: No
Allow unknown access: Yes
Allow subscriptions: Yes
Allow overlap dialing: Yes
Allow promisc. redir: No
Enable call counters: No
SIP domain support: No
Realm. auth: No
Our auth realm asterisk
Use domains as realms: No
Call to non-local dom.: Yes
URI user is phone no: No
Always auth rejects: Yes
Direct RTP setup: No
User Agent: FPBX-2.10.1(1.8.13.0)
SDP Session Name: Asterisk PBX 1.8.13.0
SDP Owner Name: root
Reg. context: (not set)
Regexten on Qualify: No
Legacy userfield parse: No
Caller ID: Unknown
From: Domain:
Record SIP history: Off
Call Events: Off
Auth. Failure Events: Off
T.38 support: No
T.38 EC mode: Unknown
T.38 MaxDtgrm: -1
SIP realtime: Disabled
Qualify Freq : 60000 ms
Q.850 Reason header: No
Store SIP_CAUSE: No

Network QoS Settings:

IP ToS SIP: CS3
IP ToS RTP audio: EF
IP ToS RTP video: AF41
IP ToS RTP text: CS0
802.1p CoS SIP: 4
802.1p CoS RTP audio: 5
802.1p CoS RTP video: 6
802.1p CoS RTP text: 5
Jitterbuffer enabled: No

Network Settings:

SIP address remapping: Enabled using externaddr
Externhost:
Externaddr: xxx.xxx.xxx.xxx:0 (MI EXTERNAL IP)
Externrefresh: 10
Localnet: 10.142.138.0/255.255.255.0

Global Signalling Settings:

Codecs: 0xe (gsm|ulaw|alaw)
Codec Order: ulaw:20,alaw:20,gsm:20
Relax DTMF: No
RFC2833 Compensation: No
Symmetric RTP: Yes
Compact SIP headers: No
RTP Keepalive: 0 (Disabled)
RTP Timeout: 30
RTP Hold Timeout: 300
MWI NOTIFY mime type: application/simple-message-summary
DNS SRV lookup: No
Pedantic SIP support: Yes
Reg. min duration 60 secs
Reg. max duration: 3600 secs
Reg. default duration: 120 secs
Outbound reg. timeout: 20 secs
Outbound reg. attempts: 0
Notify ringing state: Yes
Include CID: No
Notify hold state: Yes
SIP Transfer mode: open
Max Call Bitrate: 384 kbps
Auto-Framing: No
Outb. proxy:
Session Timers: Accept
Session Refresher: uas
Session Expires: 1800 secs
Session Min-SE: 90 secs
Timer T1: 500
Timer T1 minimum: 100
Timer B: 32000
No premature media: Yes
Max forwards: 70

Default Settings:

Allowed transports: UDP
Outbound transport: UDP
Context: from-sip-external
Force rport: Yes
DTMF: rfc2833
Qualify: 0
Use ClientCode: No
Progress inband: Never
Language:
MOH Interpret: default
MOH Suggest:
Voice Mail Extension: *97


[/code]

Allow SIP Guests: YES
Allow Anonymous Inbound SIP Calls? YES

Thes extension 180 is assigned to the provider for registration.
I configured the extension: 180 as follow (extracted from Mysql sip table):

keyword	data	
account	180	
accountcode		
allow	ulaw&alaw&gsm	
callerid	device <180>	
callgroup		
canreinvite	yes	
context	from-internal	
deny		
dial	SIP/180	
disallow		
dtmfmode	rfc2833	
encryption	no	
host	dynamic	
mailbox	180@device	
nat	yes	
permit		
pickupgroup		
port	5060	
qualify	yes	
qualifyfreq	30	
secret	A_PASS	
sendrpid	no	
transport	udp	
trustrpid	no	
type	friend

I tried with 2 Incoming routes,
the first incoming route - for ext 180

Did Number: 180
all by default
set destination: Extension 115 

mi personal extension is 115, i am logged and i can do internal calls to other extensions
When incoming route works i will change the destination to Ring Group.

The second incoming route
it is to catch up all. No did number, no cid. I also set destionation to ext 115. I tried to receive all incoming call for testing purposes.

I read a post about to config a trunk with the provider IP to avoid anonymous calls, but as i cannot do outbound calls with this provider i was not sure if i did a correct config. As this option did not work, i deleted the trunk and i am at same point again.

My network context is:

Public fixed IP.

Wifi router with foward ports:
10000-20000	My Internal PBX ip	ALL
5060-5082	My Internal PBX ip	ALL
5090	My Internal PBX ip	ALL
As i got many problems, i changed UDP ports to UPD + TCP, for testing purposes

I cleaned rules and temporaly disconnected IPTABLES service at PBX.

I can connect from outside the office and connect an extension for internal calls, i supose NAT and port foward is running.

Asterisk console VERBOSE

When is go into console and increase VERBOSE level (i tested above 20) or if i enable sip debug:
I only see other SIP accounts.
But i did not see any information about extension 180 or provider IP 65.218.172.35

I run TCPDUMP and processed it with WireShark.
After filtering data, I only got a repeated inbound packet from IP 65.218.172.35 (i receive this packet only while i try to call to virtual number).
But there is no packet in response from local PBX.
This is the packet:

97	16.095806	65.218.172.35	10.142.138.3	IPv4	1514	Fragmented IP protocol (proto=UDP 0x11, off=0, ID=b8d5)
INVITE sip:180@MI_EXTERNAL_IP SIP/2.0
Via: SIP/2.0/UDP 65.218.172.35;rport;branch=z9hG4bK5703cd6bed1-a50f1836-b7a72436
Via: SIP/2.0/UDP  172.16.10.59:5060;x-route-tag="tgrp:VOIP_DD";branch=z9hG4bK3D8B3EF;rport=49666
From: <sip:THE_PHONE_I_USED_TO_CALL_THE_VIRTUAL_NUMBER@65.218.172.35>;tag=290F6038-1874
To: <sip:180@MI_EXTERNAL_IP>
Date: Thu, 19 Jul 2012 06:34:53 GMT
Call-ID: AF06D25B-D0A211E1-9DCD8CC3-B33BA7C3@172.16.10.59
Supported: 100rel,timer
Min-SE: 1800
Cisco-Guid: 2936419891-3500282337-2318008340-1766112416
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO, UPDATE, REGISTER
CSeq: 101 INVITE
Max-Forwards: 69
Remote-Party-ID: <sip:THE_PHONE_I_USED_TO_CALL_THE_VIRTUAL_NUMBER@172.16.10.59>;party=calling;screen=yes;privacy=off
Timestamp: 1342679693
Contact: <sip:THE_PHONE_I_USED_TO_CALL_THE_VIRTUAL_NUMBER@65.218.172.35>
Call-Info: <sip:172.16.10.59:5060>;method="NOTIFY;Event=telephone-event;Duration=2000"
Expires: 180
Allow-Events: telephone-event
Record-Route: <sip:65.218.172.35;lr>
Content-Type: application/sdp
Content-Length: 487

v=0
o=CiscoSystemsSIP-GW-UserAgent 5461 7675 IN IP4 65.218.172.35
s=SIP Call
c=IN IP4 65.218.172.35
t=0 0
m=audio 63286 RTP/AVP 18 4 3 98 99 2 0 8 101 19
c=IN IP4 65.218.172.35
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=yes
a=rtpmap:4 G723/8000
a=fmtp:4 annexa=yes
a=rtpmap:3 GSM/8000
a=rtpmap:98 G726-16/8000
a=rtpmap:99 G726-24/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCM

I spent a week trying to figure the problem. I will appreciate any help.

Thanks.

[UPDATE]Marked as fixed[UPDATED]

What is the outgoing response to this packet? You should either get ICMP port unreachable, or a response from Asterisk. If you get neither, the chances are you have a firewall configured to DROP, rather than REJECT, and which is not allowing 5060/UDP through.

However, just in case, you should use “sip set debug on” on Asterisk, to see if it is actually reaching Asterisk. If it is reaching Asterisk, but the sip set debug output shows now response, you will need to turn up debugging on chan_sip, to see how Asterisk is interpreting the packet. If Asterisk is logging a response, you will need to find out where your OS is losing it.

You seem to be relying on allowguest, rather than a specific sip.conf entry, so you are putting yourself at risk from hackers, unless you have secured the system in other ways.

Hi, thanks for reply.

I cannot capture any response packet from Asterisk.
I have stopped IPTABLES service, now i have no firewall (i hope).

When i turn on sip debug and i increase verbose to see chain_sip at full log, i cannot see any packet. There is no movement.

Also i have started again IPTABLES and i increase log level at IPTABLES and i send all traffic to a custom log file. There is many traffic but no one related to external IP.

I only get the traffic at TCPDUMP.

The response packet is ICMP:
136 47.637676 10.142.138.3 65.218.172.35 ICMP 590 Time-to-live exceeded (Fragment reassembly time exceeded)

I think my problem is related to firewall (althought i tested with it stopped).

I was looking for info regarding the ICMP response, but only found the protocol standard, no more info.

Anybody know if FreePBX distro has other firewall demon or any other service which can drop/reject packets?

thanks again.

That ICMP means that the packet was too large to send all in one go on at least one hop, so the packet had to be split up, but only part (first part?) of the packet actually arrived. I would guess at some firewall or NAT device that doesn’t properly understand IP fragmentation.

Looking at your capture, you can actually see it got cut off in the middle of PCM[A].

You need to either find and fix the component that has broken IP fragmentation support, or reduce the packet length. Reducing the number of codecs offered at the other end may help, although it is possible that something else will hit the same problem.

The problem is not to do with Asterisk. It is happening before anything gets as far as Asterisk.

Hi,

david thanks you for the approach.
I tested the pbx at other ISP and it worked fine.
I called the ISP support and i asked if they updated the firmware of cable router… yes, they updated one day before i became to experience the problem.
So i have re-installed the PBX, re-configured all and i spent 1 week reading and testing all because the ISP technician had the fantastic idea of update the firmware of my cable modem :frowning:

There is only 1 advantage, now i know much more about Asterisk. 1 week reading posts, documents and testing in PBX :smile:

I want ask again about anonymous calls, but i will do it at a separate post.

Thanks again.