2 sip trunks from one provider (different accounts) not staying connected

natem1414 · June 25, 2018, 4:15am

so iver searched for this for a while and haven’t found anything

ive got 2 different sip trunks from the same provider under 2 different accounts. this is because of accounting reasons.

i can get both sip trunks working with no problem. incoming and outgoing calls work and are getting routed correctly.

after a while (sometimes after 6-12 hours) one or both of the trunks go down. when i do “sip show peers” both trunks say they are up, however when i try to call from outside i get a generic “not available at this time” from my cell phone provider. when doing a “asterisk -rvvv” before i make the call i see nothing displayed that would suggest asterisk is getting any notification that there is an incoming call.

when i do a sip show peers heres what i get. could it be the problem that they both have the same IP and Port?

Name/username Host Dyn Forcerport Comedia ACL Port Status Description
DIDforsale/1001918938 209.216.2.203 Yes Yes 5060 OK (72 ms)
DIDforsale_16513582871/10 209.216.2.203 Yes Yes 5060 OK (77 ms)

thanks for your help

cynjut · June 25, 2018, 2:16pm

For our purposes, it’s important to remember that the inbound trunk and outbound trunk are largely separate. Your inbound connection from the iTSP is passive - it relies on your provider keeping it awake. Your outbound connection, even though it’s to the same place and from the same server, is handled from your end.

Tell us more about your registration methodology (channel driver, configuration minus passwords and user names) and any other pertinent information you can think of.

At this point, it could be a network issue, a config issue, or a hardware issues anywhere along the delivery chain. With what we’ve got right now, there are only about 200 questions we’d need to ask you to get an idea where to look.

Stewart1 · June 25, 2018, 3:07pm

I’ll tentatively accept that the incoming INVITE did not reach Asterisk. If it came from 209.216.2.203, it could have been blocked by a lost NAT association, a faulty SIP ALG in your router/firewall, or inappropriately by a dynamic firewall. It’s also possible that it was sourced from another server of your provider, which was not properly accounted for in your firewall and trunk configuration. If you can capture traffic on the WAN interface, you should be able to see whether the INVITE is hitting your public IP and why it isn’t properly forwarded to Asterisk.

If you can’t easily find the trouble, please post:

PBX in the cloud or on-site?
PBX on a public IP or behind a NAT?
If behind NAT, what special settings (port forwarding, ALG, etc.)?
If on-site and behind NAT, router/firewall make and model? Does router get a public IP on WAN side? If not, please explain (ISP gateway, ISP does NAT, etc.)?
What firewall software are you running on the PBX? Related software such as fail2ban?
Is PBX installed from a Distro (which)? If not, OS version, PBX version, Asterisk version?

Are these ‘register’ trunks, or using ‘IP authentication’?
If registering, does the provider use DNS SRV or NAPTR and if so, do the DNS records enumerate all the IP addresses from which they can send calls?
If IP auth, does the provider’s site list all addresses from which they send calls, and have you properly allowed for them in your firewall and trunk setup?

When the trouble occurs, do outbound calls still work?
Did the trouble begin (for no apparent reason, after you added the second trunk, since initial setup)?
When the trouble occurs, what makes inbound calls work again (waiting for next registration, reloading Asterisk, restarting Asterisk, rebooting the entire server, rebooting your router)?

What have you already tried to resolve the issue?

Anything else that may be relevant?

natem1414 · June 26, 2018, 12:06pm

Ill try capturing the WAN interface tomorrow night if i have time after my other job

until then ill reply to the other things you asked. sorry i cant believe i didn’t describe the networking situation before, and the other stuff you asked.

PBX is on site, behind a ubiquiti security gateway with the below ports forwarded. the ubiquiti has a real world IP.
443,5001,5160,5161,60000-61000,10000-20000,9000-9500(i need to do some more testing, but i dont think i need all of those ports.)
firewall: freePBX(fail2ban) and i have tested with turning it off, with no luck
These are register trunks (im not sure what IP authentication is, but i was looking at our provider and i believe it allows something like that)
this is what the incoming trunk looks like:
USER:[email protected]
outgoing calls on both trunks all ways work (even if the incoming doesn’t work) thanks dave for letting me know that the in and out are completely separate
These are chan_sip trunks
i believe the trouble started when i added the second trunk(although it was a day till i noticed but disabling the new truck fixed it right away)
I havent tried just reloading asterisk, but thats a good idea(ill have to give it a try, im guessing that would make it work again for a short time)

i was just thinking, i can try adding a network interface that has a public IP, therefore bypassing any possible router issues. see if that works(i originally had one, but disabled it because it was causing problems with the VPN)

Stewart1 · June 26, 2018, 5:50pm

Given your hard forwarding of port 5160 (which I assume is your chan_sip UDP bind port), I’m now suspecting that registration is being intermittently lost, perhaps because separate requests from the same IP / port are confusing the provider’s rate limiting or other filtering logic. Have you tried
sip show registry
when incoming is failing? If possible, set up both incoming trunks as ‘public IP’ as shown in http://www.didforsale.com/test-did-number/configure-ip-sip-account . (Although they say “if the PBX system is behind firewall” is a contraindication, with your port forwarding and proper setting of External Address and Local Networks in Asterisk SIP Settings, it should work fine.) If they reject using the same IP and port for both accounts, try leaving one as a ‘SIP Account’. For outgoing, keep using SIP Accounts; otherwise calls won’t be billed to the proper account.

If you still have trouble, post some details and there may be a good workaround, e.g. using both chan_sip and pjsip trunks (on different ports).

In case this proves difficult, another provider (at least for incoming) may be a better fit. In what countries are your DIDs? Estimated number of channels? Monthly minutes? Flat rate or metered?

natem1414 · June 27, 2018, 6:01pm

i set up the public IP (on just one of them right now) and im gettin " no matching endpoint found. i added the following into incoming on the same trunk as outgoing(i didnt know ware else to put it) one think i noticed was maybe odd is that its comming in as port 5060, although i changed it to 5161 on the provider’s website so it would match the port for chan_sip(and not pj_sip)

USERcontext: DIDForSale_out
type=identify
endpoint=DIDForSale_out
match=209.216.2.212&212.83.130.209&209.216.2.211&209.216.15.70&216.221.154.251

here is what is happening when i make a call: (i was trying this using my personal google voice number)
[2018-06-27 12:51:47] NOTICE[30178]: res_pjsip/pjsip_distributor.c:649 log_failed_request: Request ‘INVITE’ from ‘“GrandCentral” sip:[email protected]’ failed for ‘209.216.15.70:5060’ (callid: [email protected]) - No matching endpoint found
[2018-06-27 12:51:48] NOTICE[30178]: res_pjsip/pjsip_distributor.c:649 log_failed_request: Request ‘INVITE’ from ‘“GrandCentral” sip:[email protected]’ failed for ‘209.216.15.70:5060’ (callid: [email protected]) - No matching endpoint found
[2018-06-27 12:51:49] NOTICE[30178]: res_pjsip/pjsip_distributor.c:649 log_failed_request: Request ‘INVITE’ from ‘sip:[email protected]’ failed for ‘209.216.15.70:5060’ (callid: [email protected]) - No matching endpoint found

and here is the info they sent me:(i think they sent me more than i need)
[transport-udp]
type=transport
protocol=udp
bind=0.0.0.0

[DIDForSale_in1]
type=aor
qualify_frequency=60
contact=sip:209.216.2.211:5060

[DIDForSale_in2]
type=aor
qualify_frequency=60
contact=sip:209.216.15.70:5060

[DIDForSale_out]
type=aor
qualify_frequency=60
contact=sip:209.216.2.212:5060

[DIDForSale_out]
type=identify
endpoint=DIDForSale_out
match=209.216.2.212

[DIDForSale_in1]
type=identify
endpoint=DIDForSale_in1
match=209.216.2.211

[DIDForSale_in2]
type=identify
endpoint=DIDForSale_in2
match=209.216.15.70

[DIDForSale_in1]
type=endpoint
transport=transport-udp
context=didforsale
disallow=all
allow=ulaw
aors=DIDForSale_in1

[DIDForSale_in2]
type=endpoint
transport=transport-udp
context=didforsale
disallow=all
allow=ulaw
aors=DIDForSale_in2

[DIDForSale_Out]
type=endpoint
transport=transport-udp
context=didforsale
disallow=all
allow=ulaw
aors=DIDForSale_out

Stewart1 · June 28, 2018, 4:13pm

I suspect that the & are causing some trouble. The GUI’s tool tip for Match says ‘comma delimited’ and when you enter in that format, the pjsip.identity.conf file is written with comma delimited entries (and works). I hope that fixing the syntax will get rid of the ‘no matching endpoint’, though I don’t have much confidence that it’s the only problem. Please report any errors that remain.

system · June 28, 2019, 4:14pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.