Pjsip: connecting asterisk servers: basic questions

murxmaster · March 24, 2023, 8:06pm

Quite new to asterisk, need some pointers…

What I have:

A SIP/DECT gateway (Mitel) with some handsets (SIP users)
one local server (A) is behind some ugly NAT-Setup in the same network as the DECT gateway and therefore probably cannot do SIP in a reliable way. (asterisk 1.16,Debian 11.6 aka bullseye).
One server (B) hosted at some provider has full IPv4 and IPv6 connectivity (asterisk 1.16,Debian 11.6 aka bullseye).
Some SIP accounts at easybell.
Server A and and B are interconnected by a VPN (wireguard)

What I want to achieve:

Every handset (sip user on the gateway) uses a different SIP account to do outgoing an inbound calls. The DECT gateway connects to Server A via SIP
Since server A is behind strange NAT I suppose I cannot communicate direct with the SIP provider, therefore I think I should talk to server B (via wireguard VPN) and server B connects to the SIP provoders(s).

I managed to call outbound from one DECT phone using a setup like this using chan_sip, after reading in this forum I think I should do this with pj_sip.

What would you suggest to configure?

The DECT gateway is probably an “endpoint” which I configure on server A. I suppose I need to configure a trunk like the configuration example “A SIP trunk to your service provider, including outbound registration” on server A to connect to server B

What to I need to configure on server B to enable the trunk from server A to connect to server B? Or do you recommend a different path to go?

Thank you very much for any input!

david551 · March 24, 2023, 8:13pm

The same sort of thing as used by daemon A to connect to it (SIP doesn’t actually define trunks or extensions). It is probably easiest to match by IP and not do registration. If you do registration, one side has to match by IP, and the other to accept registrations. Doing it by IP makes handling caller ID easiest.

murxmaster · March 24, 2023, 8:39pm

Sorry for possibly dumb questions but is there an example configuration in the wiki or somewhere else? I am not sure how to achieve this.

Thank you very much!

david551 · March 24, 2023, 10:25pm

You need to read and understand the documentation. Too much is done by blind copying on Asterisk, so most chan_sip configurations, for example, are poor.

You configure two provider type “trunks” back to back, but without type=registration sections and without outbound_auth’s. That’s the simplest IP based authentication configuration.

If you want to make it more secure, you add auth and outbound auth, based on usernames, or do it as TLS, rather than UDP.

ldo · March 25, 2023, 8:23am

Note that “authentication” and “registration” are two different things. I have a test setup here between two office machines; one side has an “auth =” line in its endpoint definition, while the other side has “outbound_auth =” to authenticate to the first one.

system · April 24, 2023, 8:23am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.