Incomming calls stop working after 10 or so minutes

My sip account with phonepower seems to be dropping registration or something after Asterisk starts but then suddenly after about 10-15 minutes or so incomming calls just never come through. Phonepower directs them directly to voicemail and I get nothing in my asterisk logs, however all sip peers are fine and check out OK when the calls are not working. It’s bizarre. Anyone experience this?

This is a 1.8 Asterisk server running on pfsense. I have nat set to never, I have asterisk running on a non-gateway internal IP with a static 1-to-1 NAT with an external IP assigned to it. I’ve tried experimenting with Asterisk NAT but it seems to break more than it fixes, especially in my situation, but if an Asterisk NAT pro knows how to fix it then I’m all ears.

could it be a fail2ban parameter that is blocking out your sip provider ip after a few tries? can you check if you have fail2ban enabled? When the calls are going to voicemail on the provider side, are you getting the invites in your asterisk log? if you aren’t receiving the invites at all, could be a firewall/fail2ban misconfigured issue.

Generally Fail2ban block an IP address based on incoming failed registration request. For example :

NOTICE.* .: Registration from '.’ failed for ‘’ - Wrong password
NOTICE.* .: Registration from '.’ failed for ‘’ - No matching peer found
NOTICE.* .: Registration from '.’ failed for ‘’ - Username/auth name mismatch
NOTICE.* failed to authenticate as ‘.’$
NOTICE.
.: No registration for peer '.’ (from )
NOTICE.* .: Host failed MD5 authentication for '.’ (.)
NOTICE.
.: Registration from '.’ failed for ‘’ - Device does not match ACL
NOTICE.* .: Registration from '." .* failed for ‘’ - Peer is not supposed to register
VERBOSE.*SIP/-.*Received incoming SIP connection from unknown peer

I don’t think his provider will register against asterisk. a sip trace would be helpful. Anyway disable iptables temporarily could help in the debugging process

Ugh yeah it was a fiewall issue. I was trying to lock down phonepower to just the register SIP server but they use a ton of IPs. Sucks I have to open this up to everything since they don’t publish a list of their IP networks.

Now I just hope I don’t get hacked. :frowning:

glad you figured it out … i wouldn’t open to all. call the tech team from the provider and they should be able to give you a list of IPs from where you can expect traffic from them (SIP and RTP). worst case, run the traces and gather up all the ips that you see coming in and then whiltelist those. if you encounter problems, you can check the logs and add those new valid ips too. this is time consuming, but if the provider isn’t helping themselves and you can’t change providers, this can be an option.

i would not under any circumstances leave your boxes without a firewall.

Heh yeah about that…

[quote]
Dear Cody,

This is a follow up email regarding the ticket you recently opened with us about SIP proxy IPs. The only one we have is sip.phonepower.com that forwards to any available IPs on our network. We do not give out IPs anymore since they can differ depending on the current location and the traffic of these servers.

Thank you,

Thomas C.
Support Technician[/quote]

I remember broadvoice being good, too bad Phonepower bought them out and now they could not give 2 hoots about customer service/security anymore.

I still don’t like the idea of leaving the box open on the net.

i would go through by keeping the logs running for a day and capturing all the IPs from which you receive traffic from the provider. yes they may have a quite few IPs, but not an unlimited amount, so you will most likely see the same dozen IPs, maybe two dozen IPs. its tiresome work, but will save you major headaches from having your box left open.

you can reduce the amount of time to leave it open, by running a whole bunch of test calls while you are running logs and then shutting down the firewall.

Yeah it seems like that’s the best solution to this. :frowning: I’ve setup pfsense to start logging SIP traffic so I can hopefully compile a list. I’ve even checked their ASN but it appears they have multiple ASN numbers which doesn’t help in this case.

Don’t forget to also log the IP for RTP traffic, since the RTP can be coming from a different IP than the SIP traffic. or storing the SIP packets, so you can extract the RTP ip from it as well.

Hmm, well now I’m allowing everything to my SIP IP and for some reason after 15 minutes it’s still not working again…

In fact it’s not only incomming calls but outbound calls stop working too. When I try and place an outbound call when it stops working this is what it says:

chan_sip.c: Received response: "Forbidden" from '"Wireless Phone" ;tag=as52463bd7'

can you provide the full sip log,

sip set debug on

when doing that call.

Could it be a NAT misconfig?

 
21
Incomming calls stop working after 10 or so minutes
Asterisk
Asterisk Support
Incomming calls stop working after 10 or so minutes 
Asterisk
Asterisk Support
12 / 12
 

zermus3h
My sip account with phonepower seems to be dropping registration or something after Asterisk starts but then suddenly after about 10-15 minutes or so incomming calls just never come through. Phonepower directs them directly to voicemail and I get nothing in my asterisk logs, however all sip peers are fine and check out OK when the calls are not working. It's bizarre. Anyone experience this?

This is a 1.8 Asterisk server running on pfsense. I have nat set to never, I have asterisk running on a non-gateway internal IP with a static 1-to-1 NAT with an external IP assigned to it. I've tried experimenting with Asterisk NAT but it seems to break more than it fixes, especially in my situation, but if an Asterisk NAT pro knows how to fix it then I'm all ears.


Reply

created
3 hours
last reply
just now 10
replies
9
views
3
users
4 4  

AdnanAhmed3h
could it be a fail2ban parameter that is blocking out your sip provider ip after a few tries? can you check if you have fail2ban enabled? When the calls are going to voicemail on the provider side, are you getting the invites in your asterisk log? if you aren't receiving the invites at all, could be a firewall/fail2ban misconfigured issue.


Reply

ambiorixg121h
Generally Fail2ban block an IP address based on incoming failed registration request. For example :

NOTICE.* .: Registration from '.' failed for '' - Wrong password
NOTICE.* .: Registration from '.' failed for '' - No matching peer found
NOTICE.* .: Registration from '.' failed for '' - Username/auth name mismatch
NOTICE.* failed to authenticate as '.*'$
NOTICE.* .: No registration for peer '.' (from )
NOTICE.* .: Host failed MD5 authentication for '.' (.*)
NOTICE.* .: Registration from '.' failed for '' - Device does not match ACL
NOTICE.* .: Registration from '." .* failed for '' - Peer is not supposed to register
VERBOSE.SIP/-.Received incoming SIP connection from unknown peer
I don't think his provider will register against asterisk. a sip trace would be helpful. Anyway disable iptables temporarily could help in the debugging process


Reply

zermus1h
Ugh yeah it was a fiewall issue. I was trying to lock down phonepower to just the register SIP server but they use a ton of IPs. Sucks I have to open this up to everything since they don't publish a list of their IP networks.

Now I just hope I don't get hacked. :frowning:

Reply

AdnanAhmed1h
glad you figured it out ... i wouldn't open to all. call the tech team from the provider and they should be able to give you a list of IPs from where you can expect traffic from them (SIP and RTP). worst case, run the traces and gather up all the ips that you see coming in and then whiltelist those. if you encounter problems, you can check the logs and add those new valid ips too. this is time consuming, but if the provider isn't helping themselves and you can't change providers, this can be an option.

i would not under any circumstances leave your boxes without a firewall.


Reply

zermus44m
Heh yeah about that...

Dear Cody,

This is a follow up email regarding the ticket you recently opened with us about SIP proxy IPs. The only one we have is sip.phonepower.com that forwards to any available IPs on our network. We do not give out IPs anymore since they can differ depending on the current location and the traffic of these servers.

Thank you,

Thomas C.
Support Technician
I remember broadvoice being good, too bad Phonepower bought them out and now they could not give 2 hoots about customer service/security anymore.

Reply

AdnanAhmed35m
I still don't like the idea of leaving the box open on the net.

i would go through by keeping the logs running for a day and capturing all the IPs from which you receive traffic from the provider. yes they may have a quite few IPs, but not an unlimited amount, so you will most likely see the same dozen IPs, maybe two dozen IPs. its tiresome work, but will save you major headaches from having your box left open.

you can reduce the amount of time to leave it open, by running a whole bunch of test calls while you are running logs and then shutting down the firewall.


Reply

zermus32m
AdnanAhmed:
I still don't like the idea of leaving the box open on the net.

i would go through by keeping the logs running for a day and capturing all the IPs from which you receive traffic from the provider. yes they may have a quite few IPs, but not an unlimited amount, so you will most likely see the same dozen IPs, maybe two dozen IPs. its tiresome work, but will save you major headaches from having your box left open.

you can reduce the amount of time to leave it open, by running a whole bunch of test calls while you are running logs and then shutting down the firewall.
Yeah it seems like that's the best solution to this. :frowning: I've setup pfsense to start logging SIP traffic so I can hopefully compile a list. I've even checked their ASN but it appears they have multiple ASN numbers which doesn't help in this case.

Reply

AdnanAhmed30m
Don't forget to also log the IP for RTP traffic, since the RTP can be coming from a different IP than the SIP traffic. or storing the SIP packets, so you can extract the RTP ip from it as well.


Reply

zermus14m
Hmm, well now I'm allowing everything to my SIP IP and for some reason after 15 minutes it's still not working again...

In fact it's not only incomming calls but outbound calls stop working too. When I try and place an outbound call when it stops working this is what it says:

chan_sip.c: Received response: "Forbidden" from '"Wireless Phone" ;tag=as52463bd7'

Reply

AdnanAhmed12m
can you provide the full sip log,

sip set debug on

when doing that call.


Reply

zermus1m
Could it be a NAT misconfig?

SIP Debugging enabled
<--- SIP read from UDP:10.9.9.2:5060 --->
INVITE sip:469540xxxx@10.9.9.15 SIP/2.0
Via: SIP/2.0/UDP 10.9.9.2:5060;branch=z9hG4bK-438dba3d
From: "Wireless Phone" <sip:302@10.9.9.15>;tag=c4e9ba17ecd8261bo0
To: <sip:469540xxxx@10.9.9.15>
Remote-Party-ID: "Wireless Phone" <sip:302@10.9.9.15>;screen=yes;party=calling
Call-ID: ce2496c7-e173712b@10.9.9.2
CSeq: 101 INVITE
Max-Forwards: 70
Contact: "Wireless Phone" <sip:302@10.9.9.2:5060;ref=302>
Expires: 240
User-Agent: Cisco/SPA112-1.4.1(002)
Content-Length: 325
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Supported: replaces
Content-Type: application/sdp
v=0
o=- 5684935 5684935 IN IP4 10.9.9.2
s=-
c=IN IP4 10.9.9.2
t=0 0
m=audio 16458 RTP/AVP 0 18 2 8 100 101
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729a/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:100 NSE/8000
a=fmtp:100 192-193
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:30
a=sendrecv
<------------->
--- (15 headers 16 lines) ---
Sending to 10.9.9.2:5060 (no NAT)
Using INVITE request as basis request - ce2496c7-e173712b@10.9.9.2
Found peer '302' for '302' from 10.9.9.2:5060
Found RTP audio format 0
Found RTP audio format 18
Found RTP audio format 2
Found RTP audio format 8
Found RTP audio format 100
Found RTP audio format 101
Found audio description format PCMU for ID 0
Found audio description format G729a for ID 18
Found audio description format G726-32 for ID 2
Found audio description format PCMA for ID 8
Found unknown media description format NSE for ID 100
Found audio description format telephone-event for ID 101
Capabilities: us - 0x80000008000e (gsm|ulaw|alaw|h263|testlaw), peer - audio=0x90c (ulaw|alaw|g726|g729)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0xc (ulaw|alaw)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event|), peer - 0x1 (telephone-event|), combined - 0x1 (telephone-event|)
Peer audio RTP is at port 10.9.9.2:16458
Looking for 469540xxxx in my-phones (domain 10.9.9.15)
list_route: hop: <sip:302@10.9.9.2:5060;ref=302>
<--- Transmitting (no NAT) to 10.9.9.2:5060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.9.9.2:5060;branch=z9hG4bK-438dba3d;received=10.9.9.2
From: "Wireless Phone" <sip:302@10.9.9.15>;tag=c4e9ba17ecd8261bo0
To: <sip:469540xxxx@10.9.9.15>
Call-ID: ce2496c7-e173712b@10.9.9.2
CSeq: 101 INVITE
Server: Asterisk PBX 1.8.32.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Contact: <sip:469540xxxx@10.9.9.15:5060>
Content-Length: 0
<------------>
Audio is at 10006
Adding codec 0x4 (ulaw) to SDP
Reliably Transmitting (no NAT) to 206.15.150.6:12060:
INVITE sip:469540xxxx@sip.phonepower.com SIP/2.0
Via: SIP/2.0/UDP 10.9.9.15:5060;branch=z9hG4bK36b87ed0
Max-Forwards: 70
From: "Wireless Phone" <sip:469443xxxx@sip.phonepower.com>;tag=as5d5040f8
To: <sip:469540xxxx@sip.phonepower.com>
Contact: <sip:469443xxxx@10.9.9.15:5060>
Call-ID: 36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com
CSeq: 102 INVITE
User-Agent: Asterisk PBX 1.8.32.1
Date: Mon, 15 Feb 2016 18:47:54 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 200
v=0
o=root 626114613 626114613 IN IP4 10.9.9.15
s=Asterisk PBX 1.8.32.1
c=IN IP4 10.9.9.15
t=0 0
m=audio 10006 RTP/AVP 0
a=rtpmap:0 PCMU/8000
a=silenceSupp:off - - - -
a=ptime:20
a=sendrecv
---
<--- SIP read from UDP:206.15.150.6:12060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.9.9.15:5060;received=71.170.36.243;branch=z9hG4bK36b87ed0;rport=5060
From: "Wireless Phone" <sip:469443xxxx@sip.phonepower.com>;tag=as5d5040f8
To: <sip:469540xxxx@sip.phonepower.com>
Call-ID: 36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com
CSeq: 102 INVITE
<------------->
--- (6 headers 0 lines) ---
<--- SIP read from UDP:206.15.150.6:12060 --->
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 10.9.9.15:5060;received=71.170.36.243;branch=z9hG4bK36b87ed0;rport=5060
From: "Wireless Phone" <sip:469443xxxx@sip.phonepower.com>;tag=as5d5040f8
To: <sip:469540xxxx@sip.phonepower.com>;tag=aprqngfrt-j20f2j10000c6
Call-ID: 36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com
CSeq: 102 INVITE
<------------->
--- (6 headers 0 lines) ---
Transmitting (no NAT) to 206.15.150.6:12060:
ACK sip:469540xxxx@sip.phonepower.com SIP/2.0
Via: SIP/2.0/UDP 10.9.9.15:5060;branch=z9hG4bK36b87ed0
Max-Forwards: 70
From: "Wireless Phone" <sip:469443xxxx@sip.phonepower.com>;tag=as5d5040f8
To: <sip:469540xxxx@sip.phonepower.com>;tag=aprqngfrt-j20f2j10000c6
Contact: <sip:469443xxxx@10.9.9.15:5060>
Call-ID: 36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com
CSeq: 102 ACK
User-Agent: Asterisk PBX 1.8.32.1
Content-Length: 0
---
[Feb 15 12:47:54] WARNING[-1]: chan_sip.c:21062 handle_response_invite: Received response: "Forbidden" from '"Wireless Phone" <sip:469443xxxx@sip.phonepower.com>;tag=as5d5040f8'
Scheduling destruction of SIP dialog '36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com' in 6400 ms (Method: INVITE)
<--- Reliably Transmitting (no NAT) to 10.9.9.2:5060 --->
SIP/2.0 503 Service Unavailable
Via: SIP/2.0/UDP 10.9.9.2:5060;branch=z9hG4bK-438dba3d;received=10.9.9.2
From: "Wireless Phone" <sip:302@10.9.9.15>;tag=c4e9ba17ecd8261bo0
To: <sip:469540xxxx@10.9.9.15>;tag=as5dce394d
Call-ID: ce2496c7-e173712b@10.9.9.2
CSeq: 101 INVITE
Server: Asterisk PBX 1.8.32.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
X-Asterisk-HangupCause: Call Rejected
X-Asterisk-HangupCauseCode: 21
Content-Length: 0
<------------>
<--- SIP read from UDP:10.9.9.2:5060 --->
ACK sip:469540xxxx@10.9.9.15 SIP/2.0
Via: SIP/2.0/UDP 10.9.9.2:5060;branch=z9hG4bK-438dba3d
From: "Wireless Phone" <sip:302@10.9.9.15>;tag=c4e9ba17ecd8261bo0
To: <sip:469540xxxx@10.9.9.15>;tag=as5dce394d
Call-ID: ce2496c7-e173712b@10.9.9.2
CSeq: 101 ACK
Max-Forwards: 70
Contact: "Wireless Phone" <sip:302@10.9.9.2:5060;ref=302>
User-Agent: Cisco/SPA112-1.4.1(002)
Content-Length: 0
<------------->
--- (10 headers 0 lines) ---
Really destroying SIP dialog 'ce2496c7-e173712b@10.9.9.2' Method: ACK
Really destroying SIP dialog '36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com' Method: INVITE
Reliably Transmitting (no NAT) to 206.15.150.6:12060:
OPTIONS sip:sip.phonepower.com SIP/2.0
Via: SIP/2.0/UDP 10.9.9.15:5060;branch=z9hG4bK4c9cca39
Max-Forwards: 70
From: "Unknown" <sip:469443xxxx@10.9.9.15>;tag=as54e8a850
To: <sip:sip.phonepower.com>
Contact: <sip:469443xxxx@10.9.9.15:5060>
Call-ID: 07cf60b14903d75e2d041cdf3c963215@10.9.9.15:5060
CSeq: 102 OPTIONS
User-Agent: Asterisk PBX 1.8.32.1
Date: Mon, 15 Feb 2016 18:48:07 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0

Reply
BookmarkShareReply
 Watching
You will receive notifications because you created this topic.

Suggested Topics
Topic	Category	Replies	Views	Activity
Forward to cell phone?	
Asterisk Support
1	1	Mar '07
Noob question on use of Asterix to solve a problem	
Asterisk Support
2	1	May '07
Service Providers section	
Asterisk Support
0	1	Dec '07
Dtmf/ touch tone disable per call?	
Asterisk Support
0	1	Apr '08
Can this be done	
Asterisk Support
8	1	Sep '05
Want to read more? Browse other topics in 
Asterisk Support
 or view latest topics.
Editing post 12  zermus (add edit reason)
           

Could it be a NAT misconfig?

[code]SIP Debugging enabled

<--- SIP read from UDP:10.9.9.2:5060 --->
INVITE sip:469540xxxx@10.9.9.15 SIP/2.0
Via: SIP/2.0/UDP 10.9.9.2:5060;branch=z9hG4bK-438dba3d
From: "Wireless Phone" <sip:302@10.9.9.15>;tag=c4e9ba17ecd8261bo0
To: <sip:469540xxxx@10.9.9.15>
Remote-Party-ID: "Wireless Phone" <sip:302@10.9.9.15>;screen=yes;party=calling
Call-ID: ce2496c7-e173712b@10.9.9.2
CSeq: 101 INVITE
Max-Forwards: 70
Contact: "Wireless Phone" <sip:302@10.9.9.2:5060;ref=302>
Expires: 240
User-Agent: Cisco/SPA112-1.4.1(002)
Content-Length: 325
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Supported: replaces
Content-Type: application/sdp

v=0
o=- 5684935 5684935 IN IP4 10.9.9.2
s=-
c=IN IP4 10.9.9.2
t=0 0
m=audio 16458 RTP/AVP 0 18 2 8 100 101
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729a/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:100 NSE/8000
a=fmtp:100 192-193
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:30
a=sendrecv
<------------->
--- (15 headers 16 lines) ---
Sending to 10.9.9.2:5060 (no NAT)
Using INVITE request as basis request - ce2496c7-e173712b@10.9.9.2
Found peer '302' for '302' from 10.9.9.2:5060
Found RTP audio format 0
Found RTP audio format 18
Found RTP audio format 2
Found RTP audio format 8
Found RTP audio format 100
Found RTP audio format 101
Found audio description format PCMU for ID 0
Found audio description format G729a for ID 18
Found audio description format G726-32 for ID 2
Found audio description format PCMA for ID 8
Found unknown media description format NSE for ID 100
Found audio description format telephone-event for ID 101
Capabilities: us - 0x80000008000e (gsm|ulaw|alaw|h263|testlaw), peer - audio=0x90c (ulaw|alaw|g726|g729)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0xc (ulaw|alaw)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event|), peer - 0x1 (telephone-event|), combined - 0x1 (telephone-event|)
Peer audio RTP is at port 10.9.9.2:16458
Looking for 469540xxxx in my-phones (domain 10.9.9.15)
list_route: hop: <sip:302@10.9.9.2:5060;ref=302>

<--- Transmitting (no NAT) to 10.9.9.2:5060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.9.9.2:5060;branch=z9hG4bK-438dba3d;received=10.9.9.2
From: "Wireless Phone" <sip:302@10.9.9.15>;tag=c4e9ba17ecd8261bo0
To: <sip:469540xxxx@10.9.9.15>
Call-ID: ce2496c7-e173712b@10.9.9.2
CSeq: 101 INVITE
Server: Asterisk PBX 1.8.32.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Contact: <sip:469540xxxx@10.9.9.15:5060>
Content-Length: 0


<------------>
Audio is at 10006
Adding codec 0x4 (ulaw) to SDP
Reliably Transmitting (no NAT) to 206.15.150.6:12060:
INVITE sip:469540xxxx@sip.phonepower.com SIP/2.0
Via: SIP/2.0/UDP 10.9.9.15:5060;branch=z9hG4bK36b87ed0
Max-Forwards: 70
From: "Wireless Phone" <sip:469443xxxx@sip.phonepower.com>;tag=as5d5040f8
To: <sip:469540xxxx@sip.phonepower.com>
Contact: <sip:469443xxxx@10.9.9.15:5060>
Call-ID: 36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com
CSeq: 102 INVITE
User-Agent: Asterisk PBX 1.8.32.1
Date: Mon, 15 Feb 2016 18:47:54 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 200

v=0
o=root 626114613 626114613 IN IP4 10.9.9.15
s=Asterisk PBX 1.8.32.1
c=IN IP4 10.9.9.15
t=0 0
m=audio 10006 RTP/AVP 0
a=rtpmap:0 PCMU/8000
a=silenceSupp:off - - - -
a=ptime:20
a=sendrecv

---

<--- SIP read from UDP:206.15.150.6:12060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.9.9.15:5060;received=71.170.36.243;branch=z9hG4bK36b87ed0;rport=5060
From: "Wireless Phone" <sip:469443xxxx@sip.phonepower.com>;tag=as5d5040f8
To: <sip:469540xxxx@sip.phonepower.com>
Call-ID: 36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com
CSeq: 102 INVITE

<------------->
--- (6 headers 0 lines) ---

<--- SIP read from UDP:206.15.150.6:12060 --->
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 10.9.9.15:5060;received=71.170.36.243;branch=z9hG4bK36b87ed0;rport=5060
From: "Wireless Phone" <sip:469443xxxx@sip.phonepower.com>;tag=as5d5040f8
To: <sip:469540xxxx@sip.phonepower.com>;tag=aprqngfrt-j20f2j10000c6
Call-ID: 36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com
CSeq: 102 INVITE

<------------->
--- (6 headers 0 lines) ---
Transmitting (no NAT) to 206.15.150.6:12060:
ACK sip:469540xxxx@sip.phonepower.com SIP/2.0
Via: SIP/2.0/UDP 10.9.9.15:5060;branch=z9hG4bK36b87ed0
Max-Forwards: 70
From: "Wireless Phone" <sip:469443xxxx@sip.phonepower.com>;tag=as5d5040f8
To: <sip:469540xxxx@sip.phonepower.com>;tag=aprqngfrt-j20f2j10000c6
Contact: <sip:469443xxxx@10.9.9.15:5060>
Call-ID: 36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com
CSeq: 102 ACK
User-Agent: Asterisk PBX 1.8.32.1
Content-Length: 0


---
[Feb 15 12:47:54] WARNING[-1]: chan_sip.c:21062 handle_response_invite: Received response: "Forbidden" from '"Wireless Phone" <sip:469443xxxx@sip.phonepower.com>;tag=as5d5040f8'
Scheduling destruction of SIP dialog '36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com' in 6400 ms (Method: INVITE)

<--- Reliably Transmitting (no NAT) to 10.9.9.2:5060 --->
SIP/2.0 503 Service Unavailable
Via: SIP/2.0/UDP 10.9.9.2:5060;branch=z9hG4bK-438dba3d;received=10.9.9.2
From: "Wireless Phone" <sip:302@10.9.9.15>;tag=c4e9ba17ecd8261bo0
To: <sip:469540xxxx@10.9.9.15>;tag=as5dce394d
Call-ID: ce2496c7-e173712b@10.9.9.2
CSeq: 101 INVITE
Server: Asterisk PBX 1.8.32.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
X-Asterisk-HangupCause: Call Rejected
X-Asterisk-HangupCauseCode: 21
Content-Length: 0


<------------>

<--- SIP read from UDP:10.9.9.2:5060 --->
ACK sip:469540xxxx@10.9.9.15 SIP/2.0
Via: SIP/2.0/UDP 10.9.9.2:5060;branch=z9hG4bK-438dba3d
From: "Wireless Phone" <sip:302@10.9.9.15>;tag=c4e9ba17ecd8261bo0
To: <sip:469540xxxx@10.9.9.15>;tag=as5dce394d
Call-ID: ce2496c7-e173712b@10.9.9.2
CSeq: 101 ACK
Max-Forwards: 70
Contact: "Wireless Phone" <sip:302@10.9.9.2:5060;ref=302>
User-Agent: Cisco/SPA112-1.4.1(002)
Content-Length: 0

<------------->
--- (10 headers 0 lines) ---
Really destroying SIP dialog 'ce2496c7-e173712b@10.9.9.2' Method: ACK
Really destroying SIP dialog '36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com' Method: INVITE
Reliably Transmitting (no NAT) to 206.15.150.6:12060:
OPTIONS sip:sip.phonepower.com SIP/2.0
Via: SIP/2.0/UDP 10.9.9.15:5060;branch=z9hG4bK4c9cca39
Max-Forwards: 70
From: "Unknown" <sip:469443xxxx@10.9.9.15>;tag=as54e8a850
To: <sip:sip.phonepower.com>
Contact: <sip:469443xxxx@10.9.9.15:5060>
Call-ID: 07cf60b14903d75e2d041cdf3c963215@10.9.9.15:5060
CSeq: 102 OPTIONS
User-Agent: Asterisk PBX 1.8.32.1
Date: Mon, 15 Feb 2016 18:48:07 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0

Could it be a NAT misconfig?

SIP Debugging enabled
<— SIP read from UDP:10.9.9.2:5060 —>
INVITE sip:469540xxxx@10.9.9.15 SIP/2.0
Via: SIP/2.0/UDP 10.9.9.2:5060;branch=z9hG4bK-438dba3d
From: “Wireless Phone” sip:302@10.9.9.15;tag=c4e9ba17ecd8261bo0
To: sip:469540xxxx@10.9.9.15
Remote-Party-ID: “Wireless Phone” sip:302@10.9.9.15;screen=yes;party=calling
Call-ID: ce2496c7-e173712b@10.9.9.2
CSeq: 101 INVITE
Max-Forwards: 70
Contact: “Wireless Phone” sip:302@10.9.9.2:5060;ref=302
Expires: 240
User-Agent: Cisco/SPA112-1.4.1(002)
Content-Length: 325
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
Supported: replaces
Content-Type: application/sdp
v=0
o=- 5684935 5684935 IN IP4 10.9.9.2
s=-
c=IN IP4 10.9.9.2
t=0 0
m=audio 16458 RTP/AVP 0 18 2 8 100 101
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729a/8000
a=rtpmap:2 G726-32/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:100 NSE/8000
a=fmtp:100 192-193
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:30
a=sendrecv
<------------->
— (15 headers 16 lines) —
Sending to 10.9.9.2:5060 (no NAT)
Using INVITE request as basis request - ce2496c7-e173712b@10.9.9.2
Found peer ‘302’ for ‘302’ from 10.9.9.2:5060
Found RTP audio format 0
Found RTP audio format 18
Found RTP audio format 2
Found RTP audio format 8
Found RTP audio format 100
Found RTP audio format 101
Found audio description format PCMU for ID 0
Found audio description format G729a for ID 18
Found audio description format G726-32 for ID 2
Found audio description format PCMA for ID 8
Found unknown media description format NSE for ID 100
Found audio description format telephone-event for ID 101
Capabilities: us - 0x80000008000e (gsm|ulaw|alaw|h263|testlaw), peer - audio=0x90c (ulaw|alaw|g726|g729)/video=0x0 (nothing)/text=0x0 (nothing), combined - 0xc (ulaw|alaw)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event|), peer - 0x1 (telephone-event|), combined - 0x1 (telephone-event|)
Peer audio RTP is at port 10.9.9.2:16458
Looking for 469540xxxx in my-phones (domain 10.9.9.15)
list_route: hop: sip:302@10.9.9.2:5060;ref=302
<— Transmitting (no NAT) to 10.9.9.2:5060 —>
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.9.9.2:5060;branch=z9hG4bK-438dba3d;received=10.9.9.2
From: “Wireless Phone” sip:302@10.9.9.15;tag=c4e9ba17ecd8261bo0
To: sip:469540xxxx@10.9.9.15
Call-ID: ce2496c7-e173712b@10.9.9.2
CSeq: 101 INVITE
Server: Asterisk PBX 1.8.32.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Contact: sip:469540xxxx@10.9.9.15:5060
Content-Length: 0
<------------>
Audio is at 10006
Adding codec 0x4 (ulaw) to SDP
Reliably Transmitting (no NAT) to 206.15.150.6:12060:
INVITE sip:469540xxxx@sip.phonepower.com SIP/2.0
Via: SIP/2.0/UDP 10.9.9.15:5060;branch=z9hG4bK36b87ed0
Max-Forwards: 70
From: “Wireless Phone” sip:469443xxxx@sip.phonepower.com;tag=as5d5040f8
To: sip:469540xxxx@sip.phonepower.com
Contact: sip:469443xxxx@10.9.9.15:5060
Call-ID: 36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com
CSeq: 102 INVITE
User-Agent: Asterisk PBX 1.8.32.1
Date: Mon, 15 Feb 2016 18:47:54 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 200
v=0
o=root 626114613 626114613 IN IP4 10.9.9.15
s=Asterisk PBX 1.8.32.1
c=IN IP4 10.9.9.15
t=0 0
m=audio 10006 RTP/AVP 0
a=rtpmap:0 PCMU/8000
a=silenceSupp:off - - - -
a=ptime:20
a=sendrecv

<— SIP read from UDP:206.15.150.6:12060 —>
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.9.9.15:5060;received=71.170.36.243;branch=z9hG4bK36b87ed0;rport=5060
From: “Wireless Phone” sip:469443xxxx@sip.phonepower.com;tag=as5d5040f8
To: sip:469540xxxx@sip.phonepower.com
Call-ID: 36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com
CSeq: 102 INVITE
<------------->
— (6 headers 0 lines) —
<— SIP read from UDP:206.15.150.6:12060 —>
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 10.9.9.15:5060;received=71.170.36.243;branch=z9hG4bK36b87ed0;rport=5060
From: “Wireless Phone” sip:469443xxxx@sip.phonepower.com;tag=as5d5040f8
To: sip:469540xxxx@sip.phonepower.com;tag=aprqngfrt-j20f2j10000c6
Call-ID: 36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com
CSeq: 102 INVITE
<------------->
— (6 headers 0 lines) —
Transmitting (no NAT) to 206.15.150.6:12060:
ACK sip:469540xxxx@sip.phonepower.com SIP/2.0
Via: SIP/2.0/UDP 10.9.9.15:5060;branch=z9hG4bK36b87ed0
Max-Forwards: 70
From: “Wireless Phone” sip:469443xxxx@sip.phonepower.com;tag=as5d5040f8
To: sip:469540xxxx@sip.phonepower.com;tag=aprqngfrt-j20f2j10000c6
Contact: sip:469443xxxx@10.9.9.15:5060
Call-ID: 36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com
CSeq: 102 ACK
User-Agent: Asterisk PBX 1.8.32.1
Content-Length: 0

[Feb 15 12:47:54] WARNING[-1]: chan_sip.c:21062 handle_response_invite: Received response: “Forbidden” from '“Wireless Phone” sip:469443xxxx@sip.phonepower.com;tag=as5d5040f8’
Scheduling destruction of SIP dialog ‘36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com’ in 6400 ms (Method: INVITE)
<— Reliably Transmitting (no NAT) to 10.9.9.2:5060 —>
SIP/2.0 503 Service Unavailable
Via: SIP/2.0/UDP 10.9.9.2:5060;branch=z9hG4bK-438dba3d;received=10.9.9.2
From: “Wireless Phone” sip:302@10.9.9.15;tag=c4e9ba17ecd8261bo0
To: sip:469540xxxx@10.9.9.15;tag=as5dce394d
Call-ID: ce2496c7-e173712b@10.9.9.2
CSeq: 101 INVITE
Server: Asterisk PBX 1.8.32.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
X-Asterisk-HangupCause: Call Rejected
X-Asterisk-HangupCauseCode: 21
Content-Length: 0
<------------>
<— SIP read from UDP:10.9.9.2:5060 —>
ACK sip:469540xxxx@10.9.9.15 SIP/2.0
Via: SIP/2.0/UDP 10.9.9.2:5060;branch=z9hG4bK-438dba3d
From: “Wireless Phone” sip:302@10.9.9.15;tag=c4e9ba17ecd8261bo0
To: sip:469540xxxx@10.9.9.15;tag=as5dce394d
Call-ID: ce2496c7-e173712b@10.9.9.2
CSeq: 101 ACK
Max-Forwards: 70
Contact: “Wireless Phone” sip:302@10.9.9.2:5060;ref=302
User-Agent: Cisco/SPA112-1.4.1(002)
Content-Length: 0
<------------->
— (10 headers 0 lines) —
Really destroying SIP dialog ‘ce2496c7-e173712b@10.9.9.2’ Method: ACK
Really destroying SIP dialog ‘36aed8902b47273d3cb5fc314eea3cde@sip.phonepower.com’ Method: INVITE
Reliably Transmitting (no NAT) to 206.15.150.6:12060:
OPTIONS sip:sip.phonepower.com SIP/2.0
Via: SIP/2.0/UDP 10.9.9.15:5060;branch=z9hG4bK4c9cca39
Max-Forwards: 70
From: “Unknown” sip:469443xxxx@10.9.9.15;tag=as54e8a850
To: sip:sip.phonepower.com
Contact: sip:469443xxxx@10.9.9.15:5060
Call-ID: 07cf60b14903d75e2d041cdf3c963215@10.9.9.15:5060
CSeq: 102 OPTIONS
User-Agent: Asterisk PBX 1.8.32.1
Date: Mon, 15 Feb 2016 18:48:07 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0
« hide previewsaved Save Edit cancel
[/code]

sip.conf

[general]
context=from-trunk                 ; Default context for incoming calls
allowguest=no ;by pfSense ;
allowoverlap=yes
tcpenable=no
transport=udp
srvlookup=yes
bindaddr=10.9.9.15
;localnet=10.9.9.0/255.255.255.0
;externaddr=xxx.xxx.xxx.243
nat=never
directmedia=no
defaultexpiry=3600
registerattempts=0

register => 469443xxxx:xxxx@sip.phonepower.com/469443xxxx

[301]
;Office Desk phone
type=friend
qualify=yes
defaultuser=301
insecure=port,invite
secret=xxx
regexten=301
host=dynamic
context=my-phones
dtmfmode=rfc2833
maillbox=301@default
callerid=<301>

[302]
;ATA line 1 - Cordless phone
type=friend
qualify=yes
defaultuser=302
insecure=port,invite
secret=xxx
regexten=302
host=dynamic
context=my-phones
maillbox=302@default
callerid=<302>

[303]
;Ata line 2 - Fax
type=friend
qualify=yes
defaultuser=303
insecure=port,invite
secret=xxx
regexten=303
host=dynamic
context=my-phones

[phonepower-sip]
type=peer
context=from-trunk
qualify=yes
insecure=port,invite
dtmfmode=inband
defaultuser=469443xxxx
secret=xxxxxxxxxxxxxxx
authuser=469443xxxx
host=sip.phonepower.com
fromdomain=sip.phonepower.com
fromuser=469443xxx
maxexpiry=3600
minexpiry=30
disallow=all
allow=uLaw

I’ve tried varying nat configs but this is the best I’ve managed to get it to work. It works… for 15 minutes, then no more lol. Keep in mind Asterisk is running on pfsense, so it’s running on the same box as the firewall on the network (I thought BSD packet filter would be handling the NAT, not asterisk, and a static 1 to 1 NAT should handle it, but apparently not)

filter the register line of sip.conf, you have included your username and password in there.

Ahh yes! Thank you for that

let’s break down what I see …

extension 302 is at 10.9.9.2
asterisk is at 10.9.9.15

ext 302 made an outbound call to a 469540xxxx number, INVITE received.
TRYING sent to ext 302
INVITE sent to the provider at ip 206.15.150.6 … but on port 12060?
TRYING received from provider
FORBIDDEN received from provider

if the username and password are correct, you shouldn’t be getting the forbidden message from them. can you pull up the sip trace for when the call goes through and compare the two?

Yeah all your info is correct. its the same user/pass that works for the first 15 mins :slightly_smiling:

I’m not sure about that 12060 port. It shows up on my sip peers when I register with them:

Name/username             Host                                    Dyn Forcerport ACL Port     Status     
301/301                   (Unspecified)                            D   N             0        UNKNOWN    
302/302                   10.9.9.2                                 D   N             5060     OK (50 ms) 
303/303                   10.9.9.2                                 D   N             5061     OK (52 ms) 
phonepower-sip/469443xxxx 206.15.150.6                                               12060    OK (37 ms) 
4 sip peers [Monitored: 3 online, 1 offline Unmonitored: 0 online, 0 offline] 

I’ll restart Asterisk again and try a SIP trace before and after and compare.

Ok I believe this was NAT.

I’ve set my global option for NAT=yes and set my externhost and localnets and somehow it’s magically working this time. Maybe I thought I tried this combo but didn’t. Funny cause it seems like the most straight forward config so I probably assumed I already tried it first but never did. Just my luck. :slight_smile:

1 Like

If you can switch provider, try GCI Comms… They only have 2 IP’s that need allowing through your firewall, it makes it so much easier…

I am having same issue and aforementioned solution is not working for me!