Sip Trunk cycles between inbound unavailable and working


#1

Hi!

Issue: inbound calls to the SIP Trunk are, intermittently, not coming through to the Asterisk server. I believe due to some weird trunk state.

When using ‘sip set debug on’ I notice the SIP Trunk does a REGISTER to the VoIP provider and getting a 200 OK. At this state, the Asterisk server properly receives inbound calls.

A couple of seconds later, Asterisk does an OPTIONS to the VoIP provider. It receives a 401 Unauthorized. At THIS state, the Asterisk server CAN NOT receive inbound calls.

The Asterisk server cycles between these states: REGISTER + OK, then OPTIONS + Unauthorized. In order for the Asterisk to see an inbound call from the VoIP provider, it needs to be in the REGISTER + OK state.

Is there some configuration missing? The server is non-NAT.


I also notice a couple of seconds after the SIP Trunk has registered that Asterisk debug is telling me it is “Scheduling destruction of SIP dialog X”, where X is the trunk REGISTER dialog. Perhaps this is normal behavior?

Regards,
Ulf
Sweden


#2

Looks like there is a nice DoS vulnerability with that service provider!

The sending of OPTIONS is controlled by the qualify option in sip.conf.


#3

Ah! So simply setting ‘qualify=no’ should do it?

/ Ulf


#4

I tried using qualify=no. If used, the SIP trunk availabiliy dies immediately after the SIP dialog has been scheduled&destroyed.

Is this rather an issue with the VoIP provider? Should qualify=yes work, e.g. responding with something more useful than 401 Unauthorized?

Regards,
Ulf
Sweden


#5

Here is the actual output when using qualify=no:

170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170*CLI>
> doing dnsmgr_lookup for 'VOIP-PROVIDER.ADDRESS’
REGISTER 11 headers, 0 lines
Reliably Transmitting (no NAT) to VOIP-PROVIDER.IP-ADDRESS:5060:
REGISTER sip:VOIP-PROVIDER.ADDRESS SIP/2.0
Via: SIP/2.0/UDP MY.ASTERISK.IP-ADDRESS:5060;branch=z9hG4bK297223d9
Max-Forwards: 70
From: sip:MY.SIP.TRUNK.USER@VOIP-PROVIDER.ADDRESS;tag=as253b2b62
To: sip:MY.SIP.TRUNK.USER@VOIP-PROVIDER.ADDRESS
Call-ID: 1ed3625f0411691e51697d10060798f2@MY.ASTERISK.IP-ADDRESS
CSeq: 106 REGISTER
User-Agent: FPBX-2.9.0(1.8.4.4)
Authorization: Digest username=“MY.SIP.TRUNK.USER”, realm=“VOIP-PROVIDER”, algorithm=MD5, uri=“sip:VOIP-PROVIDER.ADDRESS”, nonce="…
Expires: 180
Contact: sip:s@MY.ASTERISK.IP-ADDRESS:5060
Content-Length: 0


<— SIP read from UDP:VOIP-PROVIDER.IP-ADDRESS:5060 —>
SIP/2.0 200 OK
Via: SIP/2.0/UDP MY.ASTERISK.IP-ADDRESS:5060;branch=z9hG4bK297223d9;received=MY.ROUTER.IP;rport=3071
Contact: sip:s@MY.ROUTER.IP:64789;expires=180
Contact: sip:s@MY.ROUTER.IP:3071;expires=180
To: sip:MY.SIP.TRUNK.USER@VOIP-PROVIDER.ADDRESS;tag=6a6ce505
From: sip:MY.SIP.TRUNK.USER@VOIP-PROVIDER.ADDRESS;tag=as253b2b62
Call-ID: 1ed3625f0411691e51697d10060798f2@MY.ASTERISK.IP-ADDRESS
CSeq: 106 REGISTER
Date: Fri, 09 Sep 2011 16:13:50 GMT
Content-Length: 0

<------------->
— (10 headers 0 lines) —
Scheduling destruction of SIP dialog '1ed3625f0411691e51697d10060798f2@MY.ASTERISK.IP-ADDRESS’ in 32000 ms (Method: REGISTER)
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI> ------ so, here inbound works ------------
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
Really destroying SIP dialog '1ed3625f0411691e51697d10060798f2@MY.ASTERISK.IP-ADDRESS’ Method: REGISTER
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI> ------- here inbound does NOT work ---------------
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170*CLI>
> doing dnsmgr_lookup for 'VOIP-PROVIDER.ADDRESS’
REGISTER 11 headers, 0 lines
Reliably Transmitting (no NAT) to VOIP-PROVIDER.IP-ADDRESS:5060:
REGISTER sip:VOIP-PROVIDER.ADDRESS SIP/2.0
Via: SIP/2.0/UDP MY.ASTERISK.IP-ADDRESS:5060;branch=z9hG4bK3501f7a2
Max-Forwards: 70
From: sip:MY.SIP.TRUNK.USER@VOIP-PROVIDER.ADDRESS;tag=as14b019e0
To: sip:MY.SIP.TRUNK.USER@VOIP-PROVIDER.ADDRESS
Call-ID: 1ed3625f0411691e51697d10060798f2@MY.ASTERISK.IP-ADDRESS
CSeq: 107 REGISTER
User-Agent: FPBX-2.9.0(1.8.4.4)
Authorization: Digest username=“MY.SIP.TRUNK.USER”, realm=“VOIP-PROVIDER”, algorithm=MD5, uri=“sip:VOIP-PROVIDER.ADDRESS”, nonce="…
Expires: 180
Contact: sip:s@MY.ASTERISK.IP-ADDRESS:5060
Content-Length: 0


<— SIP read from UDP:VOIP-PROVIDER.IP-ADDRESS:5060 —>
SIP/2.0 200 OK
Via: SIP/2.0/UDP MY.ASTERISK.IP-ADDRESS:5060;branch=z9hG4bK3501f7a2;received=MY.ROUTER.IP;rport=12881
Contact: sip:s@MY.ROUTER.IP:3071;expires=180
Contact: sip:s@MY.ROUTER.IP:12881;expires=180
To: sip:MY.SIP.TRUNK.USER@VOIP-PROVIDER.ADDRESS;tag=87e45325
From: sip:MY.SIP.TRUNK.USER@VOIP-PROVIDER.ADDRESS;tag=as14b019e0
Call-ID: 1ed3625f0411691e51697d10060798f2@MY.ASTERISK.IP-ADDRESS
CSeq: 107 REGISTER
Date: Fri, 09 Sep 2011 16:16:35 GMT
Content-Length: 0

<------------->
— (10 headers 0 lines) —
Scheduling destruction of SIP dialog '1ed3625f0411691e51697d10060798f2@MY.ASTERISK.IP-ADDRESS’ in 32000 ms (Method: REGISTER)
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI> ---- and we’re up again, it keeps cycling like this --------
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>
170CLI>
170
CLI>


#6

Interesting - I notice the IP of my non-NAT firewall/router is seen in the SIP messages. Could this be a reason for things failing? I woulda thought my public-IP Asterisk server would be the one visible.

Regards,
Ulf
Sweden


#7

Hi

Have you got the localnet and externip set correctly ?

also has the router got a sip alg option ? I have seen this if enabled cause very odd problems.

Ian


#8

Update: it was indeed the NAT translation that caused havoc. Disabling NAT solved the issue!

/ Ulf