Hello everyone,
I’m migrating to a Asterisk 16 on a different machine and using PJSIP instead of SIP. I have a problem when configuring the line on the VoIP gateways. I managed to create their extensions in the pjsip.conf, but on an incoming call, Asterisk says:
[May 2 15:26:35] NOTICE[100172]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'INVITE' from '<sip:33578974XX@172.16.1.222>' failed for '172.16.1.222:5060' (callid: 35e7c625e8645442) - No matching endpoint found
[May 2 15:26:35] NOTICE[100172]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'INVITE' from '<sip:33578974XX@172.16.1.222>' failed for '172.16.1.222:5060' (callid: 35e7c625e8645442) - No matching endpoint found
[May 2 15:26:35] NOTICE[100172]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'INVITE' from '<sip:33578974XX@172.16.1.222>' failed for '172.16.1.222:5060' (callid: 35e7c625e8645442) - Failed to authenticate
How are you expecting calls from it to match an endpoint? It doesn’t look like you can match based on username since I think that’s callerid in it, so you’d need to match based on IP address which is not configured I believe.
@jcolp@david551
I’m sorry, I’ll try to explain more the situation. Tiscali and Messagenet are VoIP providers, configured correctly (even though Tiscali does not work for a problem on their end they’re now solving). I can receive the calls from the Messagenet trunk just fine.
Now I’m trying to configure the other line we have, which is converted to VoIP by 2 VoIP gateways (Patton). I converted the old working sip.conf to the new pjsip.conf I included, both manually and then with the use of the built-in script, but the line carried by the patton is not working as intended now. Reading jcolp’s answer, this might be because I would need to include a [identify] section for this provider, which was not into the sip.conf. But since the VoIP packets are coming from the Pattons, should I match based on the Pattons IP? What would be a basic example of configurations?
I thought of adding to pjsip.conf something like:
Thanks, I understand what you’re trying to tell me. What I’m not getting is how can I specify what endpoint to use when a call is received on the line converted to VoIP by the Patton gateways.
This is the SIP configuration of one Patton:
Your numbers in your log do not seem to match the numbers in your configuration. One can guess what could be what, or it could be because your numbers simply do not match. You could post a complete SIP trace, i.e. with pjsip set logger on.
There are multiple errors in your chan_sip configuration, so the translator may well have been confused, but if you also have allowguest=yes in the general section, where it is actually valid, you may be handling the Pattons as anonymous callers.
The endpoints in your identify sections should be 10004 and 10005.
I guess the Pattons are only using From user as their ID in the register and then using the caller ID, and that is why the default user/password match wasn’t matching.
Are the Pattons actually registering - you might have got away without that with allowguest in general. I can’t see any options to register in your screenshot. If they don’t have to register, and you know their addresses, it is better not to use dynamic hosts.
Thanks @david551 ,
I can post the pjsip.conf that is the result of the translation and the pjsip.conf that I made up from scratch. I did not have the occasion to test the translated one, I only used to correct some things in the one I created myself.
PJSIP_translated.conf :
;--
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Non mapped elements start
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[general]
port = 5060
[base]
limitonpeers = yes
[0115849478]
port = 5061
[messagenet]
auth = md5
[10001]
insecure = port,invite
[10002]
insecure = port,invite
[10003]
insecure = port,invite
[10004]
insecure = port,invite
[10005]
insecure = port,invite
[10008]
insecure = port,invite
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Non mapped elements end
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
--;
[transport-udp]
type = transport
protocol = udp
bind = 0.0.0.0
external_media_address = 188.218.155.110
external_signaling_address = 188.218.155.110
local_net = 172.16.0.0/255.255.0.0
local_net = 192.168.255.0/255.255.255.0
[reg_sip.messagenet.it]
type = registration
retry_interval = 20
max_retries = 10
contact_user = 01119115XXX
expiration = 120
transport = transport-udp
outbound_auth = auth_reg_sip.messagenet.it
client_uri = sip:5406371XXX@sip.messagenet.it:5061
server_uri = sip:sip.messagenet.it:5061
[auth_reg_sip.messagenet.it]
type = auth
password = hKASXuM4
username = 5406371555
[reg_ims.tiscali.net]
type = registration
retry_interval = 20
max_retries = 10
contact_user = 00390115849XXX
expiration = 120
transport = transport-udp
outbound_auth = auth_reg_ims.tiscali.net
client_uri = sip:00390115849XXX@ims.tiscali.net
server_uri = sip:ims.tiscali.net
[auth_reg_ims.tiscali.net]
type = auth
password = 2017111532XXX
username = 00390115849XXX
[0115849XXX] ; this is Tiscali.
type = aor
contact = sip:00390115849478@ims.tiscali.net:5061
default_expiration = 180
[0115849XXX]
type = identify
endpoint = 0115849XXX
match = ims.tiscali.net
[0115849XXX]
type = auth
username = 0115849XXX
password = 2017111532XXX
[0115849XXX]
type = endpoint
context = incoming
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
outbound_proxy = 94.32.130.112
direct_media = yes
trust_id_inbound = yes
from_user = 00390115849XXX
from_domain = ims.tiscali.net
language = it
allow_subscribe = yes
auth = 0115849XXX
outbound_auth = 0115849XXX
aors = 0115849XXX
[messagenet]
type = aor
contact = sip:5406371555@sip.messagenet.it:5061
default_expiration = 180
[messagenet]
type = identify
endpoint = messagenet
match = sip.messagenet.it
[messagenet]
type = auth
username = messagenet
password = hKASXuM4
[messagenet]
type = endpoint
context = voipin
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
from_user = 5406371XXX
language = it
allow_subscribe = yes
auth = messagenet
outbound_auth = messagenet
aors = messagenet
[200]
type = aor
max_contacts = 1
default_expiration = 180
[200]
type = auth
username = 200
password = M4c0mXXX
[200]
type = endpoint
context = int
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
language = it
allow_subscribe = yes
auth = 200
outbound_auth = 200
aors = 200
[201]
type = aor
max_contacts = 1
default_expiration = 180
[201]
type = auth
username = 201
password = 201
[201]
type = endpoint
context = int
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
language = it
allow_subscribe = yes
auth = 201
outbound_auth = 201
aors = 201
[202]
type = aor
max_contacts = 1
default_expiration = 180
[202]
type = auth
username = 202
password = 202
[202]
type = endpoint
context = int
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
language = it
allow_subscribe = yes
auth = 202
outbound_auth = 202
aors = 202
[203]
type = aor
max_contacts = 1
default_expiration = 180
[203]
type = auth
username = 203
password = 203
[203]
type = endpoint
context = int
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
language = it
allow_subscribe = yes
auth = 203
outbound_auth = 203
aors = 203
[204]
type = aor
max_contacts = 1
default_expiration = 180
[204]
type = auth
username = 204
password = 204
[204]
type = endpoint
context = int
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
language = it
allow_subscribe = yes
auth = 204
outbound_auth = 204
aors = 204
[205]
type = aor
max_contacts = 1
default_expiration = 180
[205]
type = auth
username = 205
password = 205
[205]
type = endpoint
context = int
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
language = it
allow_subscribe = yes
auth = 205
outbound_auth = 205
aors = 205
[206]
type = aor
max_contacts = 1
default_expiration = 180
[206]
type = auth
username = 206
password = 206
[206]
type = endpoint
context = int
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
language = it
allow_subscribe = yes
auth = 206
outbound_auth = 206
aors = 206
[207]
type = aor
max_contacts = 1
default_expiration = 180
[207]
type = auth
username = 207
password = 207
[207]
type = endpoint
context = int
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
language = it
allow_subscribe = yes
auth = 207
outbound_auth = 207
aors = 207
[208]
type = aor
max_contacts = 1
default_expiration = 180
[208]
type = auth
username = 208
password = 208
[208]
type = endpoint
context = int
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
language = it
allow_subscribe = yes
auth = 208
outbound_auth = 208
aors = 208
[209]
type = aor
max_contacts = 1
default_expiration = 180
[209]
type = auth
username = 209
password = 209
[209]
type = endpoint
context = int
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
language = it
allow_subscribe = yes
auth = 209
outbound_auth = 209
aors = 209
[210]
type = aor
max_contacts = 1
default_expiration = 180
[210]
type = auth
username = 210
password = 210
[210]
type = endpoint
context = int
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
language = it
allow_subscribe = yes
auth = 210
outbound_auth = 210
aors = 210
[801]
type = aor
max_contacts = 1
default_expiration = 180
[801]
type = auth
username = 801
password = 801
[801]
type = endpoint
context = fax
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
language = it
allow_subscribe = yes
auth = 801
outbound_auth = 801
aors = 801
[10001]
type = aor
max_contacts = 1
default_expiration = 180
[10001]
type = auth
username = 10001
password = 10001
[10001]
type = endpoint
context = incoming
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
direct_media = no
language = it
allow_subscribe = yes
auth = 10001
outbound_auth = 10001
aors = 10001
[10002]
type = aor
max_contacts = 1
default_expiration = 180
[10002]
type = auth
username = 10002
password = 10002
[10002]
type = endpoint
context = incoming
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
direct_media = no
language = it
allow_subscribe = yes
auth = 10002
outbound_auth = 10002
aors = 10002
[10003]
type = aor
max_contacts = 1
default_expiration = 180
[10003]
type = auth
username = 10003
password = 10003
[10003]
type = endpoint
context = gsm
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
direct_media = no
language = it
allow_subscribe = yes
auth = 10003
outbound_auth = 10003
aors = 10003
[10004]
type = aor
max_contacts = 1
default_expiration = 180
[10004]
type = auth
username = 10004
password = 10004
[10004]
type = endpoint
context = vodafone
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
direct_media = no
language = it
allow_subscribe = yes
auth = 10004
outbound_auth = 10004
aors = 10004
[10005]
type = aor
max_contacts = 1
default_expiration = 180
[10005]
type = auth
username = 10005
password = 10005
[10005]
type = endpoint
context = vodafone
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
direct_media = no
language = it
allow_subscribe = yes
auth = 10005
outbound_auth = 10005
aors = 10005
[10008]
type = aor
max_contacts = 1
default_expiration = 180
[10008]
type = auth
username = 10008
password = 10008
[10008]
type = endpoint
context = incoming
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
direct_media = no
language = it
allow_subscribe = yes
auth = 10008
outbound_auth = 10008
aors = 10008
Regarding the Patton’s situation on the old and functioning PBX, running the command “sip show peers” shows that they’re actually registered. I would expect the same behaviour when migrating to the new PBX with PJSIP (can’t make another try right now as we need our lines up and running for a bit).
The chan_sip configuration was broken, as you have insecure=port, but the only thing that distinguished 10004 and 10005 is the port! Chances are that they were both being treated as the first matching peer, for incoming calls.
This means any IP match needs to include the port in chan_pjsip.
There is a subtle difference between how the two drivers handle registrations. chan_sip automatically creates the equivalent of identify/match for the IP and port from the registration, so type=peer will work after registration. chan_pjsip does not, so if something registers, it expects it have a from user that matches the account name. If the Pattons actually put the caller ID there, that will cause problems. Looking at your original errors, it is providing 33578974XX, which isn’t 100004 or 100005, so I assume it is sending the caller ID.
Whilst you can match by IP and have registration, that is normally pointless, as the point of registration is to tell you the IP and port, when you only know the address of record URI.
chan_pjsip has various matching options, but the simplest is probably to try and configure everything for IP matching and forget registration. You can still authenticate. Registration isn’t intended as an authentication mechanism.
As I said before, a match on ims.tiscali.net is not going to work as there are no IP addresses associated with that domain. The match for them needs to be on the addresses, or address ranges, from which they actually originate calls.
Hello @david551 ,
That was a helpful comment. I understand now the difference you mentioned between PJSIP and SIP in terms of matching. Since I’m using PJSIP and I know the IP of the pattons, I decided to match by IP; the problem is that each patton registers with 2 endpoints on the PBX, and like you said the only thing that differentiates 10004 and 10005 is the port, but I don’t know how to get it.
I’ve now made a modification in the pjsip.conf file, in oder to do IP matching:
; (1000x endpoint definitions start)
[endpoint-10x]
dtmf_mode = rfc4733
disallow = all
allow = alaw
allow = ulaw
rtp_symmetric = yes
force_rport = yes
rewrite_contact = yes
rtp_timeout = 20
direct_media = no
language = it
allow_subscribe = yes
[10001](endpoint-10x)
auth = 10001
outbound_auth = 10001
aors = 10001
context = incoming
[10001]
type = aor
max_contacts = 1
default_expiration = 180
[10001]
type = auth
username = 10001
password = 10001
[10001]
type = identify
endpoint = 10001
match = 172.16.1.235 ; IP Patton01
;========================================================
[10002](endpoint-10x)
auth = 10002
outbound_auth = 10002
aors = 10002
context = incoming
[10002]
type = aor
max_contacts = 1
default_expiration = 180
[10002]
type = auth
username = 10002
password = 10002
[10002]
type = identify
endpoint = 10002
match = 172.16.1.235 ; IP Patton01
;========================================================
[10003](endpoint-10x)
auth = 10003
outbound_auth = 10003
aors = 10003
context = gsm
[10003]
type = aor
max_contacts = 1
default_expiration = 180
[10003]
type = auth
username = 10003
password = 10003
[10003]
type = identify
endpoint = 10003
;match = ip_patton , no patton for this endpoint.
;========================================================
[10004](endpoint-10x)
auth = 10004
outbound_auth = 10004
aors = 10004
context = vodafone
[10004]
type = aor
max_contacts = 1
default_expiration = 180
[10004]
type = auth
username = 10004
password = 10004
[10004]
type = identify
endpoint = 10004
match = 172.16.1.222 ; IP Patton02
;========================================================
[10005](endpoint-10x)
auth = 10005
outbound_auth = 10005
aors = 10005
context = vodafone
[10005]
type = aor
max_contacts = 1
default_expiration = 180
[10005]
type = auth
username = 10005
password = 10005
[10005]
type = identify
endpoint = 10005
match = 172.16.1.222 ; IP Patton02
Now, running a test, I get these errors:
[May 5 14:04:44] WARNING[4156]: res_pjsip_endpoint_identifier_ip.c:290 common_identify: Identify '10004' points to endpoint '10004' but endpoint could not be found
[May 5 14:04:44] NOTICE[4156]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'INVITE' from '<sip:33578974XX@172.16.1.222>' failed for '172.16.1.222:5060' (callid: c8e384e2ef3989ea) - No matching endpoint found
How is Asterisk not finding the endpoint? This is the output of the 'pjsip show ’ command:
Endpoint: 200/200 Unavailable 0 of 1
InAuth: auth200/200
Aor: 200 1
Endpoint: 201/201 Not in use 0 of 1
InAuth: auth201/201
Aor: 201 1
Contact: 201/sip:201@172.16.0.96:5060;registering_a 19336d013c NonQual nan
Endpoint: 202/202 Unavailable 0 of 1
InAuth: auth202/202
Aor: 202 1
Endpoint: 203/203 Unavailable 0 of 1
InAuth: auth203/203
Aor: 203 1
Endpoint: 204/204 Unavailable 0 of 1
InAuth: auth204/204
Aor: 204 1
Endpoint: 205/205 Unavailable 0 of 1
InAuth: auth205/205
Aor: 205 1
Endpoint: 206/206 Unavailable 0 of 1
InAuth: auth206/206
Aor: 206 1
Endpoint: 207/207 Unavailable 0 of 1
InAuth: auth207/207
Aor: 207 1
Endpoint: 208/208 Unavailable 0 of 1
InAuth: auth208/208
Aor: 208 1
Endpoint: 209/209 Unavailable 0 of 1
InAuth: auth209/209
Aor: 209 1
Endpoint: 210/210 Unavailable 0 of 1
InAuth: auth210/210
Aor: 210 1
Endpoint: 801 Unavailable 0 of inf
OutAuth: 801/801
InAuth: 801/801
Aor: 801 1
Endpoint: messagenet-endpoint Unavailable 0 of inf
OutAuth: messagenet-auth/5406371555
Aor: messagenet-aor 0
Contact: messagenet-aor/sip:5406371555@sip.messagen 84de84a03f Unavail nan
Identify: messagenet-identify/messagenet-endpoint
Match: 212.97.59.76/32
Endpoint: tiscali-endpoint Not in use 0 of inf
OutAuth: tiscali-auth/00390115849478
Aor: tiscali-aor 0
Contact: tiscali-aor/sip:00390115849478@ims.tiscali 9a230d56aa NonQual nan
Identify: tiscali-identify/tiscali-endpoint
Match: 94.32.130.112/32
As you can see, I can’t see the 1000x endpoints listed…
You’re absolutely right, I just noticed it a minute before reading your comment!
Yes, I made the change and reloaded the cfg, but I’m still getting this in the CLI when testing:
[May 5 14:25:37] WARNING[4156]: res_pjsip_endpoint_identifier_ip.c:290 common_identify: Identify '10004' points to endpoint '10004' but endpoint could not be found
[May 5 14:25:37] NOTICE[4156]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'INVITE' from '<sip:33578974XX@172.16.1.222>' failed for '172.16.1.222:5060' (callid: 96cd2b2c7256c250) - No matching endpoint found
[May 5 14:25:37] NOTICE[4156]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'INVITE' from '<sip:33578974XX@172.16.1.222>' failed for '172.16.1.222:5060' (callid: 96cd2b2c7256c250) - Failed to authenticate
[May 5 14:25:37] WARNING[4156]: res_pjsip_endpoint_identifier_ip.c:290 common_identify: Identify '10004' points to endpoint '10004' but endpoint could not be found
And there still isn’t any of the 1000x endpoints in the output of “pjsip show endpoints”.
To be more specific, this is a piece of the SIP configuration of one SIP identity of one of the pattons (Patton02), which authenticates to the PBX through the identitities 10004 and 10005:
Literally all I’m changing from the entire patton’s cfg is the remote IP of the machine, the PBX using chan_sip has IP .232 , while the new PBX I’m migrating to implements res_pjsip and it has IP .233 . Port is not explicitly specified for any SIP identity of any of the pattons…
I’d suggest setting an explicit local port number, that you can then use in the match and contact lines. (You could also do it with a remote port number and two transports in Asterisk.)
