IAX2 peers go unreachable until Asterisk restarted (FreeBSD 10.1, Asterisk 11.21.2)

i do this about twice a day now. anybody know why asterisk isn’t discovering that the peer is reachable and restarting these connections on its own?

pbxCLI> iax2 show peers
Name/Username Host Mask Port Status Description
pbx-tcomeng-out 209.234.97.130 (S) 255.255.255.255 4569 (T) (E) UNREACHABLE
pbx-fried 199.168.88.123 (S) 255.255.255.255 4569 (E) UNREACHABLE
asterisk_isc/vi 149.20.32.15 (S) 255.255.255.255 4569 (T) (E) UNREACHABLE
demo/asterisk 216.207.245.47 (S) 255.255.255.255 4569 (E) Unmonitored Demo System At Digium
4 iax2 peers [0 online, 3 offline, 1 unmonitored]
pbx
CLI> quit
Asterisk cleanly ending (0).
Executing last minute cleanups
root@pbx:/home/vixie # /usr/local/etc/rc.d/asterisk restart
Stopping asterisk
Starting asterisk.
root@pbx:/home/vixie # !ast
asterisk -R
Asterisk 11.21.2, Copyright © 1999 - 2013 Digium, Inc. and others.
Created by Mark Spencer markster@digium.com
Asterisk comes with ABSOLUTELY NO WARRANTY; type ‘core show warranty’ for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type ‘core show license’ for details.

Connected to Asterisk 11.21.2 currently running on pbx (pid = 1278)
pbxCLI> iax2 show peers
Name/Username Host Mask Port Status Description
pbx-tcomeng-out 209.234.97.130 (S) 255.255.255.255 4569 (T) (E) OK (21 ms)
pbx-fried 199.168.88.123 (S) 255.255.255.255 4569 (E) OK (81 ms)
asterisk_isc/vi 149.20.32.15 (S) 255.255.255.255 4569 (T) (E) OK (21 ms)
demo/asterisk 216.207.245.47 (S) 255.255.255.255 4569 (E) Unmonitored Demo System At Digium
4 iax2 peers [3 online, 0 offline, 1 unmonitored]
pbx
CLI> quit

Disable call token in each peer. requirecalltoken=no to disable it. Put it inside each iax extension or trunk.

thanks! i already have requirecalltoken=no, both globally and per-trunk. so whatever is causing these trunks to drop (which could just be network fadeouts) and whatever is causing the trunks to not try to reconnect after they drop (which is a mystery, and the log files are silent on the matter) is not related to the setting of requirecalltoken.

You can try the following instructions

https://wiki.asterisk.org/wiki/display/AST/IAX2+Security

The quick start part.

I found the same issue whenever peers reside on an external IP-Adress (not on all servers, but on some). What You may do (instead of restarting asterisk) is

asterisk -rx "module unload chan_iax2.so"
asterisk -rx “module load chan_iax2.so”

The unload will only be processed when no call is active.
Just check the state of the IAX-connections for UNREACHABLE and whenever a peer gots UNREACHABLE which should not You may use the logic above. Helped me out when integrating the check into cron.

Well I had made also a script with the same logic but I kept having trouble. As a tip I would suggest you to put an echo with the date in your script to log how often the error happens. Might worth something as information.

requirecalltoken=no did not help. i think there’s something deeper going on here.

pbx*CLI> iax2 show peers
Name/Username Host Mask Port Status Description
pbx-tcomeng-out 209.234.97.130 (S) 255.255.255.255 4569 (T) (E) UNREACHABLE
pbx-fried 199.168.88.123 (S) 255.255.255.255 4569 (E) UNREACHABLE
asterisk_isc/vi 149.20.32.15 (S) 255.255.255.255 4569 (T) (E) UNREACHABLE

i’m assuming that these became unreachable at some point due to network instability either at my house or in comcast, my IP transit provider. i’ll certainly try wiring up an unload and reload in my cron-based monitoring script, but that’s a bandaid.

the underlying problem is that once these connections go UNREACHABLE, no code path within asterisk is causing a reconnection attempt to be made. the documentation promises that this will happen. it’s not happening.

is it just broken on freebsd, or is it broken for all of you, regardless of platform?

this is a huge issue for something like my PBX which i expect resiliency from. i can accept unreliability, since it’s tcp/ip. but it must automatically reconnect to peers after an outage.

what am i missing?

here is my current monitoring, by the way.

root@pbx:/home/vixie # crontab -l
MAILTO=vixie@tisf.net
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

4 * * * * asterisk -R -x ‘iax2 show peers’ | grep ‘iax2 peers’ | grep -v ‘0 offline’

Consider using the qualifyfreqnotok to check your peers, details in the following link

http://www.voip-info.org/wiki/view/Asterisk+iax+qualify

Hi I did a write up on this some years ago its at http://www.cyber-cottage.co.uk/?p=994

But we also not that if you have dnsmgr.conf set to enabled, (As it is in Freepbx) you can also get IAX trunks going offline if you have defined them with the host as a domain name and not an IP address.

Ian

@ianplain does this also cover iax extensions? I had this issue with some extensions that stopped working and the only way to fix this issue was to reload the iax module.

with respect to ianplain’s writeup on cyber-cottage.co.uk, i don’t want a better cron job, i want to know why the code doesn’t work. i will dive into the code if it’s working for nobody, or working for everybody except freebsd. and as to this:

qualifysmoothing=yes
qualifyfreqnotok=30000
qualifyfreqok=120000
qualify=yes

i have it, thanks to previous respondents on this thread. it made no difference, just like everything else i’ve tried has made no difference.

i have no iax extensions. i’m using cisco 7960’s in their SIP mode. they’re working fine. my only iax is to peers, and the basic problem is, when they go UNREACHABLE, they stay that way. going UNREACHABLE is probably because comcast is flakey. staying that way is a code or configuration error in asterisk.

I too am encountering this issue. It is usually only one side of the trunk that has issues. A reboot always solves it. I wish there was a solution provided as it is clear there is an issue in the IAX2 code.

It’s 2020, this is apparently still happening.
I am doing tests with a freepbx(centos) distro and have stumbled upon this issue.

For me this is my pathless crontab entry to circumvent this.
It assumes having anything else than 0 offline iax2 trunks warrants cycling the module.

`

* * * * * if [ $(/usr/sbin/asterisk -R -x 'iax2 show peers' | /bin/grep 'iax2 peers' | /bin/grep -q -v '0 offline' ; /bin/echo $?) = 0 ]; then /usr/sbin/asterisk -rx 'module unload chan_iax2.so'; /bin/sleep 2; /usr/sbin/asterisk -rx 'module load chan_iax2.so'; /bin/logger -t CheckIAX2 IAX2 trunk down, reloading iax modules; fi

`

This is a single line. Watch out for single quotes being formated as ´ and ` instead of ’ when copying and pasting.

To test if the line works on your system you can call sh with it as an option:
/bin/sh -c "if [ $(/usr/sbin/asterisk -R -x 'iax2 show peers' | /bin/grep 'iax2 peers' | /bin/grep -q -v '0 offline' ; /bin/echo $?) = 0 ]; then /usr/sbin/asterisk -rx 'module unload chan_iax2.so'; /bin/sleep 2; /usr/sbin/asterisk -rx 'module load chan_iax2.so'; /bin/logger -t CheckIAX2 IAX2 trunk down, reloading iax modules; fi"

To test the other branch of the if you can change the “= 0” part to “= 1” , this will, for one time unload and load the module when trunks are up and running. This should of course not be the entry in your crontab, just do this once to see if the line works for your system:

/bin/sh -c "if [ $(/usr/sbin/asterisk -R -x 'iax2 show peers' | /bin/grep 'iax2 peers' | /bin/grep -q -v '0 offline' ; /bin/echo $?) = 1 ]; then /usr/sbin/asterisk -rx 'module unload chan_iax2.so'; /bin/sleep 2; /usr/sbin/asterisk -rx 'module load chan_iax2.so'; /bin/logger -t CheckIAX2 IAX2 trunk down, reloading iax modules; fi"

Good luck.

Hello
Any news about that?
I’ve 2 PBXes connected together trough a VPN. The VPN is rock solid (the 2 buildings are on the same ISP and 300m away each other) and I get 300Mbps bidirectional speed, quite 0 downtimes and 10ms latency. The problem is… The 2 PBXes usually turn the IAX trunk unreachable or offline, even if ping flows smmothly between them!

you should set keepalive on this trunk

If you mean the qualify=yes, I already enabled it. I tried even to play with the qualify options, but no luck. It always needs to be restarted to keep it working.
NB: the VPN doesn’t have any firewall rule or NAT rule on it. It’s a simple site to site ipsec routed VPN. Every packet with the ip address of the other site internal network is simply thrown trough the tunnel to the other site. No NAT to be “kept alive” then.
NB2: I already tried those tips:
qualifysmoothing=yes
qualifyfreqnotok=30000
qualifyfreqok=120000
qualify=yes
Even to disable the requiretoken (but I thought it was unuseful cause both pbxes have asterisk 18)
The running config is without registration cause I use type=friend, host=x.x.x.x, context=from-internal. I don’t remember exactly the whole configuration cause I’m afk and writing from cell phone.

These are the 2 pbxes configs:

type=friend
trunk=yes
qualify=yes
host=192.168.0.XXX
deny=all
context=from-internal
allow=alaw
type=friend
trunk=yes
qualify=yes
host=172.25.0.XXX
deny=all
context=from-internal
allow=alaw

As I told, I tried with and without the
trunk=yes
and the

qualifysmoothing=yes
qualifyfreqnotok=30000
qualifyfreqok=120000

options too, but the behavior remains the same…
Any advice?
Thank you