Local asterisk and SIP trunk

JBert · July 1, 2023, 5:13pm

Hello,
I’m trying to configure a new asterisk server (20.3.0). It’s the first time for me and I’m sure I have done some mistakes.

My asterisk server is a Linux/Devuan in a DMZ. All packets from WAN are redirected to this server.

WAN----modem(192.168.15.20)-----server(DMZ:192.168.15.18)----several SPA112’s

My ISP provides a SIP trunk.

In a first time, I have configured users.conf

[general]
        hasvoicemail=yes
        hassip=yes
        hasiax=no
        hasmanager=no
        callwaiting=yes
        threewaycalling=yes
        callwaitingcallerid=yes
        transfer=yes
        canpark=yes
        cancallforward=yes
        callreturn=yes
        callgroup=1
        pickupgroup=1

[SDA112](!)
        type=friend
        context=User-internal
        host=dynamic
        qualify=yes
        dtmfmode=auto
        disallow=all
        allow=alaw
        allow=g722
        nat=force_rport,comedia
        directmedia=update
        fromdomain=aaaa.com
        defaultexpirey=3600

[6001](SDA112)
        fullname=<>
        description=SDA112
        context=User-standard
        secret=<>
        email=<>

[6002](SDA112)
        fullname=<>
        description=SDA112
        context=User-standard
        secret=<>
        email=<>

and sip.conf:

[general]
        context=public
        allowoverlap=no
        udpbindaddr=192.168.1.1:5060
        tcpenable=no
        tcpbindaddr=0.0.0.0
        transport=udp
        srvlookup=yes
        language=fr
        register=> <registration>
        localnet=192.168.0.0/255.255.0.0
        directmedia=update,nonat
        nat=force_rport,comedia
        qualify=yes
        externrefresh=15
        directmediapermit=192.168.0.0/255.255.0.0
        externaddr=xxx.yyy.zzz.ttt
        externtlsport=5060

[authentication]

[basic-options](!)                ; a template
        dtmfmode=rfc2833
        context=from-office
        type=friend

[natted-phone](!,basic-options)   ; another template inheriting basic-options
        directmedia=no
        host=dynamic

[my-codecs](!)                    ; a template for my preferred codecs
        disallow=all
        allow=ilbc
        allow=g729
        allow=gsm
        allow=g723
        allow=alaw

All SPA112 are connected to my server, and server itself is registered to my SIP trunk.

I have add a extensions.conf:

[general]
        static=yes
        writeprotect=no
        autofallthrough=yes
        clearglobalvars=yes
        priorityjumping=no

[globals]
        dial_opts=g
        my_dial_status=answer
        timeout=45

[User-standard]
        exten => 6001,1,Dial(SIP/6001)
        exten => 6002,1,Dial(SIP/6002)

[public]
        exten => myexternalphonenumber1,1,Dial(SIP/6001)
        exten => myexternalphonenumber2,1,Dial(SIP/6002)

With this configuration, all local communications runs as expected. But inbound and outbound communications abort. In a first time, I only tried to establish a communication between a cellular phone and one of the local phones.

When I try to establish a communication from wan to internal phone (with myexternalphonenumber1), local phone rings but RTP packets only go from my server to WAN:

17:42:51.561774 IP rayleigh.systella.fr.14186 > 37.97.65.116.47638: UDP, length 172
17:42:51.591797 IP rayleigh.systella.fr.14186 > 37.97.65.116.47638: UDP, length 172
17:42:51.591820 IP rayleigh.systella.fr.14186 > 37.97.65.116.47638: UDP, length 172
17:42:51.622185 IP rayleigh.systella.fr.14186 > 37.97.65.116.47638: UDP, length 172
17:42:51.651741 IP rayleigh.systella.fr.14186 > 37.97.65.116.47638: UDP, length 172
17:42:51.651763 IP rayleigh.systella.fr.14186 > 37.97.65.116.47638: UDP, length 172
17:42:51.681767 IP rayleigh.systella.fr.14186 > 37.97.65.116.47638: UDP, length 172
17:42:51.711795 IP rayleigh.systella.fr.14186 > 37.97.65.116.47638: UDP, length 172

37.97.65.116 never sends packet to my server. Of course, I have tried without firewall. Same result. I suppose I have done a mistake somewhere. Help will be welcome.

Best regards,

JB

david551 · July 1, 2023, 8:26pm

There will be no chan_sip in Asterisk 21, coming out this October! Even with Asterisk 20 you have to override build and configuration options before you can use it. Your first step is to start over with chan_pjsip.

With chan_sip do not use type=friend unless you have multiple devices on the same address. This will not, however, cause your one way audio

JBert · July 1, 2023, 9:30pm

Thanks for your answer. I have tried to configure sip instead of pjsip as I unable obtain a registration with pjsip.

I have written in pjsip.conf:

[udp-transport]
        type=transport
        protocol=udp
        bind=192.168.1.1

[tcp-transport]
        type=transport
        protocol=tcp
        bind=192.168.15.18
        local_net=192.168.0.0/16
        external_media_address=62.212.98.88
        external_signaling_address=62.212.98.88

[SBSR]
        type=registration
        transport=tcp-transport
        outbound_auth=SBSR_auth
        server_uri=sip:37.97.65.186:5070
        client_uri=sip:trunk@sip_domain.eu
        retry_interval=60
        expiration=120

[SBSR_auth]
        type=auth
        auth_type=userpass
        password=<secret>
        username=trunk@sip_domain.eu

[SBSR]
        type=aor
        contact=sip:trunk@domain.eu

[SBSR]
        type=endpoint
        transport=udp-transport
        context=sbsr
        disallow=all
        allow=ilbc
        allow=g729
        allow=gsm
        allow=g723
        allow=alaw
        outbound_auth=SBSR_auth
        aors=SBSR
        from_user=SBSR
        from_domain=domain.eu
        direct_media=no

[SBSR]
        type=identify
        endpoint=SBSR
        match=37.97.65.186

[SDA112](!)
        type=endpoint
        transport=udp-transport
        context=from-internal
        disallow=all
        allow=ilbc
        allow=g729
        allow=gsm
        allow=g723
        allow=alaw
        language=fr

[auth_userpass](!)
        type=auth
        auth_type=userpass

[aor_dynamic](!)
        type=aor
        max_contacts=1

[6001](SDA112)
        auth=6001
        aors=6001

[6001](auth_userpass)
        username=6001
        password=<secret>

[6001](aor_dynamic)

...

I only obtain in log:
WARNING[17338]: res_pjsip_outbound_registration.c:1397 handle_registration_response: Fatal response ‘403’ received from ‘sip:37.97.65.186:5070’ on registration attempt to ‘sip:trunk@domain.eu’, stopping outbound registration

tcpdump shows:
23:28:01.468705 50:46:5d:72:ef:a2 (oui Unknown) > 60:a4:b7:73:c9:26 (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 47901, offset 0, flags [DF], proto TCP (6), length 52)
rayleigh.systella.fr.34875 > trunkfsc15.sewan.fr.5070: Flags [.], cksum 0x36fc (incorrect → 0x593f), seq 1553, ack 1171, win 251, options [nop,nop,TS val 3012271150 ecr 2779978915], length 0

Registration should be done on 5070/TCP with user trunk@domain.eu on server 37.97.65.186.

Best regards,

JB

david551 · July 1, 2023, 10:31pm

You didn’t say you were dual homed.

Please provide the verbose log output resulting from “pjsp set logger on”; there is far too little detail in the tcpdump output.

JBert · July 2, 2023, 7:56am

Dialog betwwen my server and ISP asterisk server:

type or prayleigh*CLI> pjsip set logger on
PJSIP Logging enabled
<--- Transmitting SIP request (619 bytes) to TCP:37.97.65.186:5070 --->
REGISTER sip:37.97.65.186:5070 SIP/2.0
Via: SIP/2.0/TCP 62.212.98.88:5060;rport;branch=z9hG4bKPj89f730bf-6c4b-49d7-8b7b-bfa0a126ec26;alias
From: <sip:trunk-sip@systella2.buroticstore.eu>;tag=558a73b3-04a0-4bed-bf0a-3ebd7df2c66e
To: <sip:trunk-sip@systella2.buroticstore.eu>
Call-ID: 2f4584fa-8d6c-47d2-9872-fc73513ae20c
CSeq: 61621 REGISTER
Contact: <sip:s@62.212.98.88:5060;transport=TCP>
Expires: 120
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, REFER, MESSAGE
Max-Forwards: 70
User-Agent: Asterisk PBX 20.3.0~dfsg+~cs6.13.40431413-1
Content-Length:  0

<--- Received SIP response (651 bytes) from TCP:37.97.65.186:5070 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/TCP 62.212.98.88:5060;rport=38505;branch=z9hG4bKPj89f730bf-6c4b-49d7-8b7b-bfa0a126ec26;alias
From: <sip:trunk-sip@systella2.buroticstore.eu>;tag=558a73b3-04a0-4bed-bf0a-3ebd7df2c66e
To: <sip:trunk-sip@systella2.buroticstore.eu>;tag=6BN84756y4gpj
Call-ID: 2f4584fa-8d6c-47d2-9872-fc73513ae20c
CSeq: 61621 REGISTER
User-Agent: Sewan_TRUNKFSC15
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, NOTIFY
Supported: path, replaces
WWW-Authenticate: Digest realm="systella2.buroticstore.eu", nonce="b3db0105-3932-45a7-9774-1bbd1b5dffec", algorithm=MD5, qop="auth"
Content-Length: 0

I’m not sure that realm should contain systella2.buroticstore.eu.

From: contains SIP login. 62.212.98.88 is one of my external IP addresses. Port, protocol and IP address of ISP asterisk server have been verified (and if I put these parameters in sip.conf, registration can be done without error).

<--- Transmitting SIP request (925 bytes) to TCP:37.97.65.186:5070 --->
REGISTER sip:37.97.65.186:5070 SIP/2.0
Via: SIP/2.0/TCP 62.212.98.88:5060;rport;branch=z9hG4bKPj17691687-a981-4008-9782-2cfc9f0754dc;alias
From: <sip:trunk-sip@systella2.buroticstore.eu>;tag=558a73b3-04a0-4bed-bf0a-3ebd7df2c66e
To: <sip:trunk-sip@systella2.buroticstore.eu>
Call-ID: 2f4584fa-8d6c-47d2-9872-fc73513ae20c
CSeq: 61622 REGISTER
Contact: <sip:s@62.212.98.88:5060;transport=TCP>
Expires: 120
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, REFER, MESSAGE
Max-Forwards: 70
User-Agent: Asterisk PBX 20.3.0~dfsg+~cs6.13.40431413-1
Authorization: Digest username="trunk-sip@systella2.buroticstore.eu", realm="systella2.buroticstore.eu", nonce="b3db0105-3932-45a7-9774-1bbd1b5dffec", uri="sip:37.97.65.186:5070", response="cc6547df4d818425f4a5e105b67853a7", algorithm=MD5, cnonce="6dc41e686762467a800572109794ad0a", qop=auth, nc=00000001
Content-Length:  0

<--- Received SIP response (515 bytes) from TCP:37.97.65.186:5070 --->
SIP/2.0 403 Forbidden
Via: SIP/2.0/TCP 62.212.98.88:5060;rport=38505;branch=z9hG4bKPj17691687-a981-4008-9782-2cfc9f0754dc;alias
From: <sip:trunk-sip@systella2.buroticstore.eu>;tag=558a73b3-04a0-4bed-bf0a-3ebd7df2c66e
To: <sip:trunk-sip@systella2.buroticstore.eu>;tag=7me162pavD78D
Call-ID: 2f4584fa-8d6c-47d2-9872-fc73513ae20c
CSeq: 61622 REGISTER
User-Agent: Sewan_TRUNKFSC15
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, NOTIFY
Supported: path, replaces
Content-Length: 0

Same question about realm.

[Jul  2 09:48:59] WARNING[20995]: res_pjsip_outbound_registration.c:1397 handle_registration_response: Fatal response '403' received from 'sip:37.97.65.186:5070' on registration attempt to 'sip:trunk-sip@systella2.buroticstore.eu', stopping outbound registration
rayleigh*CLI>

Best regards,

JB

jcolp · July 2, 2023, 9:08am

Try removing the domain from the username, and just leaving the username.

JBert · July 3, 2023, 6:43am

It runs better. Now, trunk is registered. Thanks.

system · August 2, 2023, 6:43am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
PROBLEM with SIP TRUNK BETWEEN 2 SERVERS Asterisk Support	0	218	March 1, 2011
Correct configurations for sip trunk and network Asterisk SIP	2	680	June 3, 2021
Sip Trunks Asterisk Support	5	223	March 26, 2012
Need help in setup of SIP users and trunk Asterisk SIP	14	805	May 29, 2020
Connecting Asterisk to Asterisknow using SIP Trunk is not Working Asterisk General	2	2061	September 7, 2016

Local asterisk and SIP trunk

Related topics