Vodafone pjsip trunk

johnbittner · August 4, 2023, 7:10pm

I am pulling my hair out on this one…
I have spend hours trying to get this to work.
Have a vodafone sip trunk…

Can someone please send me a sample PJSIP.conf file that should work with these settings.
Any help is much appreciated.

FYI… I have TLS working on my asterisk server with softphones with no issues.

Thanks

John

david551 · August 4, 2023, 8:13pm

This forum works best if you provide your initial attempt and any error messages. For one thing, it is easy to forget something when trying to create a configuration which can’t be tested.

TheMark · August 4, 2023, 10:09pm

also try use this tool, to check for minoer errors

johnbittner · August 4, 2023, 10:58pm

[xaccel]
type = endpoint
aors = xaccel
transport=transport-tls-ipv4
outbound_auth = xaccel-auth
context = did
allow=ulaw
media_encryption=sdes
outbound_proxy=sip:23b.Z5.srtp.entvoice.vodafone.co.uk;lr
dtls_cert_file=/etc/ssl/asterisk/vodafone.crt
from_user=sip049092943
from_domain=entvoice.vodafone.co.uk

[xaccel]
type = aor
contact = sip:sip049092943@entvoice.vodafone.co.uk
qualify_frequency = 15

[xaccel-auth]
type = auth
auth_type = userpass
username = sip049092943
password = Do34eQFXXXX

[xaccel-reg]
type = registration
outbound_auth = xaccel-auth
server_uri = sip:sip049092943@entvoice.vodafone.co.uk
client_uri = sip:entvoice.vodafone.co.uk
outbound_proxy=sip:23b.Z5.rtp.entvoice.vodafone.co.uk;lr

[xaccel-identify]
type = identify
endpoint = xaccel
match = 23b.Z5.srtp.entvoice.vodafone.co.uk
srv_lookups=yes

This is one of 50 that I tried… I dont even know if I have the client cert in the right place.

johnbittner · August 4, 2023, 11:01pm

This page will not show \ in
outbound_proxy=sip:23b.Z5.srtp.entvoice.vodafone.co.uk;lr

but it is in my config

david551 · August 4, 2023, 11:28pm

Marked up properly:

[xaccel]
type = endpoint
aors = xaccel
transport=transport-tls-ipv4
outbound_auth = xaccel-auth
context = did
allow=ulaw
media_encryption=sdes
outbound_proxy=sip:23b.Z5.srtp.entvoice.vodafone.co.uk\;lr
dtls_cert_file=/etc/ssl/asterisk/vodafone.crt
from_user=sip049092943
from_domain=entvoice.vodafone.co.uk

[xaccel]
type = aor
contact = sip:sip049092943@entvoice.vodafone.co.uk
qualify_frequency = 15

[xaccel-auth]
type = auth
auth_type = userpass
username = sip049092943
password = Do34eQFXXXX

[xaccel-reg]
type = registration
outbound_auth = xaccel-auth
server_uri = sip:sip049092943@entvoice.vodafone.co.uk
client_uri = sip:entvoice.vodafone.co.uk
outbound_proxy=sip:23b.Z5.rtp.entvoice.vodafone.co.uk\;lr

[xaccel-identify]
type = identify
endpoint = xaccel
match = 23b.Z5.srtp.entvoice.vodafone.co.uk
srv_lookups=yes

johnbittner · August 4, 2023, 11:59pm

Hi David,

I tried that config before… just tried it again…
Get

No response received from ‘sip:entvoice.vodafone.co.uk’ on registration attempt to ‘sip:sip049092943@entvoice.vodafone.co.uk’, retrying in ‘60’

Then this.

ssl0x55d67b77fa40 Error reading CA certificates from buffer

Is this correct for setting a client TLS cert ?

dtls_cert_file=/etc/ssl/asterisk/vodafone.crt

I put the cert they gave me there.

John Bittner

From “david551 via Asterisk Community” <notifications@asterisk.discoursemail.com>
To “John Bittner” <john@xaccel.net>
Date 8/4/2023 7:39:26 PM
Subject [Asterisk Community] [Asterisk/Asterisk SIP] Vodafone pjsip trunk

david551 · August 4, 2023, 11:59pm

You need to start with disallow=all, or there can be problems.

Also, you seem to be in London, England, but the UK and European PSTN systems use A-law.

I think you need the proxy in the type=aor section, as well.

I don’t think you ever want to send the account name in the request URI; it should be the destination phone number, so drop the whole user part.

These are the wrong way round.

johnbittner:

match = 23b.Z5.srtp.entvoice.vodafone.co.uk
Insufficient information to know if this is correct. They might use different addresses when acting as client.

johnbittner:

dtls_cert_file=/etc/ssl/asterisk/vodafone.crt

If I understand this, this should be ca_list_file and should be in the type=transport section (or use the ca_cert_path mechanism). I’m not sure it will actually be used unless you have the relevant verify_{client|server} setting, but I’m not sure exactly what verification these enable.

You need to define this transport. You also need to include any settings as the result of running behind NAT in that section.

I may have missed something, so please provide logging after any failure.

johnbittner · August 5, 2023, 12:29am

Everyone thanks for help…

It turned out to be a missing cipher that vodafone needed.
I originally only had one… I found a list on the web and added them… its registered !!!

cipher : ADH-AES256-SHA, ADH-AES128-SHA, ECDHE-RSA-AES256-GCM-SHA384, ECDHE-RSA-CHACHA20-POLY1305, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA, ECDHE-RSA-AES128-SHA, AES256-GCM-SHA384, AES128-GCM-SHA256, AES256-SHA

Hope this helps the next person.

David, I had to add few things to get it up.

Again thanks.

John Bittner

Working config

[xaccel]
type = endpoint
aors = xaccel
transport=transport-tls-ipv4
outbound_auth = xaccel-auth
context = did
allow=ulaw
media_encryption=sdes
outbound_proxy=sip:23b.Z5.srtp.entvoice.vodafone.co.uk;transport=tls;lr
dtls_cert_file=/etc/ssl/asterisk/vodafone.crt
from_user=sip049092999
from_domain=entvoice.vodafone.co.uk

[xaccel]
type = aor
contact = sip:sip049092999@entvoice.vodafone.co.uk
qualify_frequency = 15

[xaccel-auth]
type = auth
auth_type = userpass
username = sip049092999
password = Do34eXXXXXX

[xaccel-reg]
type = registration
outbound_auth = xaccel-auth
server_uri = sip:entvoice.vodafone.co.uk;transport=tls
client_uri = sip:sip049092999@entvoice.vodafone.co.uk
outbound_proxy=sip:23b.Z5.srtp.entvoice.vodafone.co.uk;transport=tls;lr
contact_user=sip049092999

[xaccel-identify]
type = identify
endpoint = xaccel
match = 23b.Z5.srtp.entvoice.vodafone.co.uk
srv_lookups=yes

From “david551 via Asterisk Community” <notifications@asterisk.discoursemail.com>
To “John Bittner” <john@xaccel.net>
Date 8/4/2023 8:10:23 PM
Subject [Asterisk Community] [Asterisk/Asterisk SIP] Vodafone pjsip trunk

david551 · August 5, 2023, 10:57am

I don’t think your certificate is actually being used.

johnbittner · August 5, 2023, 7:03pm

One more note…

To get support for AES256 I had to compile asterisk for it. Its not on by default.

make distclean
CFLAGS=‘-DENABLE_SRTP_AES_256’ ./configure

John Bittner

From “johnbittner via Asterisk Community” <notifications@asterisk.discoursemail.com>
To “John Bittner” <john@xaccel.net>
Date 8/4/2023 8:40:40 PM
Subject [Asterisk Community] [Asterisk/Asterisk SIP] Vodafone pjsip trunk

system · September 4, 2023, 7:04pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.