I had setup an external extension using ddns which worked fine for a couple three days. Now I cannot connect to my FPBX via this extension. I tried checking for port 5060 availability and it shows as stealth by one application then closed from another, both were used outside of the LAN with no other firewall or router changes. How can I see if 5060 is listening and how can I access it from inside and outside of my network? What is the best way to diagnose this? I am wondering if my ISP is blocking it. Should I try a VPN first?
Dont worry if yours looks a little different, this is my test box behind a NAT, hardware firewall with no outside extensions so didn’t need to worry about security too much… what you are looking for is a local address in the list ending :5060
to check ISP blocking:
Try changing it to something like 5065 submit and apply, make sure your router is port forwarding port 5065 to the asterisk box and then tell the external handset to connect to your ddns:5065 instead… see if it then registers.
VPN is always a good secure way to go, but not all handset support this… The grandstreams i’m setting up for a new client don’t which means I have had to order some yealink ones for home workers that support openVPN
HTH
Mike,
Thank you so much for your quick and informative reply.
I know netstat is a powerful informational tool and I can never seem to find the command and/or switches to find what I want. So thanks very much for the command. I found 5060 must be listening since it opened up with all ip attached to it (0.0.0.0). So I am good there, plus I have installed internal extensions. By the way, I am running all this on Virtual Box. I have an internal Ubiquiti phone, One Grandstream BT 100 and one BT 200, then the external extension I have is a BT 100 that I had setup internally before I brought off location.
After changing the SIP port to 5065 in ChanSIP and all the extensions, I cannot terminate anywhere. I’ll change back to 5060 tomorrow to see if I get my local phones working again. Plus, I will see if I missed any other settings elsewhere.
I am having trouble creating a share between my VB and my mac in order to copy/export a text or log file so I can post. That another issue I will address somewhere else.
I am using two older lynxsys routers with DDWRT so the natting and firewall are pretty straight forward.
I’ll keep plugging away here to see what else I can find. I dont want to start changing any rules at the external site because I plan on setting up extensions to hand out phones to a bunch of people so we can communicate (maybe I will get started with a voip service afterwards). So testing now is important.
My netstat results showed that port 5060 is listening using 0.0.0.0 and not a specific IP. I assume this is a correct result…
When I change the bind port to 5065 nothing works external or internal. I suspect I need to do more than just change the bind port. I did not add a bind address as the GUI suggests to leave blank. I did change the port in a local extension to 5065 which works fine. But my outside/external extension still does not register. Made the necessary changes in router.
This makes no sense since at one point - in the Reports/Asterisk Info/Peers I saw the extension with the correct Host IP with the public IP listed. I was able to call from extension to extension and retrieve VM. Frustrating. Of course I am trying to think what changes were made but I don’t think any changes were made.
How can I trace route or do further diagnosing by watching how this phone tries to register from where it is to my FPBX location?
“tcp dump port 5060” and “netstat -na |grep 5060” confirm the port is there and listening/communicating.
Out of nowhere the extension at my remote location is working. I cannot see where the issue was or what change was made for this extension to work again. I went through details with the ISP on both ends, ddns provider, routers on both ends, extension and server configurations to try to remedy this.
Now and as before, when I use my local network utility and also use an external port scan, they show port 5060 closed…which I guess is a good thing…but how do I diagnose a communications failure between an extension and server if I cannot follow the port path? How can I trace where the problem may be locally or externally?
I use tcpdump at the bottom end on every point of the network, when the routing is working, then sip set debug on can be helpful at a higher level to watch how the SDP session is being negotiated.
Dicko, can you tell me how I would implement monitoring every point on my network using tcpdump “at the bottom end”? Can I use an older desktop to dedicate to this task?
Linux machines can easily go into “promiscuous” mode to monitor network traffic on that segment, even a ten dollar craigslist thingy, if “switches” are involved then you will need to do that also on the “switch” to make sure the traffic is bridged onto your network .It’s a matter of having a linux box on each segment or something that can be as utilitarian.
