We are currently going to upgrade our FreePBX server to the latest version. I installed FreePBX 14.0.1.20 with Asterisk 13.18.0. We had an old Elastix FreePBX previously. I copied every single configuration detail from the older PBX system to the newer one. Including ext, ring groups, SIP settings, trunk, inbound and outbound routes etc.
We tried making a phone call before office hours, and we found out that we could call internally to externally(e.g. office phone to my mobile), however, we couldn’t call externally to internally(e.g. mobile to office phone). We have been in touch we’ve our providers (Astro who work on behalf of Timico) and they have provided me with the following
“Attached is a trace showing us INVITING the call to the PBX however we see a 401 - Unauthorised message back from the PBX”.
I don’t know how to view the SIP logs, I don’t know even if I can? I’m stuck on the 401 - Unauthorised message? I’m not sure what that means? Any help/advice please would be truly appreciative!
You have a blank secret, or so it appears. Also, you might need to configure this as a “type=friend” so that the inbound and outbound configurations are the same.
The log /var/log/asterisk/full will give you a lot of information about the incoming calls.
In general, if you are expecting the call from a specific IP address, you should be using the IP Address of the provider in the peer configuration. This way, you don’t need to be concerned about the inbound connection logging in (no username and password required).
When this configuration was first set up years ago, it was running the older Elastix PBX system with FreePBX 2.X.X.X I believe. We are still running that system right now for our phone system, and everything works fine, even without the secret password. Is it because I’m upgrading the system that I would now need the secret?
My expectation is that if you tell the system “password=” without a password, the system is going to go through the registration motions and expect a password that isn’t there.
If you remove the registration requirement and just authenticate by IP address (do away with the username and password on the trunk), your connections will still be reasonably secure and it should simplify your trunk settings.
Just had a response from Timico regarding the secret. They have mentioned there SIP Trunks need to be setup with a Proxy Address of IP_ADDRESS and with registration turned off. They have asked me Is there a way in which you can check and turn any registrations off? In all honesty, I’m brand new to this, do you have any idea what they are asking for?
Sorry, just to elaborate. Timico does not believe their SIP trunks use the “secret” feature as their trunks need to be setup with a Proxy and with registration turned off.
OK, first your trunk is pretty much fine with some changes.
They are most likely not behind NAT, so nat=no
Remove the secret= setting
You may need to set a fromuser= in the trunk so they know who you are.
Basically this is a case where the provider has no interop settings for Asterisk. Without know the exact settings they sent you, no clue on what you need and/or is missing from this trunk.
You’ve configured everything here for the chan_sip stack but could it be that you are listening on port 5060 with pjsip? Since you haven’t shown any logs this is just a hunch, but if you can dig into your logs you will see right away if pjsip is handling the traffic. Anyway, if so, and you don’t care about pjsip, just disable it and set chan_sip to use port 5060.
@BlazeStudios - thank you for your suggestion. I tried it and I’m still receiving the 401 unauthorized message. We do have a secret set in the extensions, however, when I set the secret in the SIP settings, I still receive the 401 message?