Aastra with Pjsip Unreachable crash; upgraded to Asterisk 16 seems to crash faster


(Busy Bee) #1

I have a few Aastra 6739i phones a polycom vvx311 and vvx 610 and yealink t20

Originally, I thought how hard can this be to set up a pbx system to replace a key system programmed with switches and leds.

Two months later and I know the answer. Not happening; or become a phone expert.

My set up, new cable modem with built in router, level 3 cisco 12 port poe, before mentioned phones.

I have made errors; and I can’t find any more. I called some people and was recommended to try asterisk 16. It didn’t help and before updating, my polycom phone wouldn’t reboot after a bunch of the Unreachable errors in the asterisk log. Now even polycom reboots. Aastra weathers some errors but always ends up unresponsive. Aastra watchdog logs nothing with debug 1 - 4 or 7 mode

FreePBX log

[2019-08-01 19:03:42] VERBOSE[9821] res_pjsip/pjsip_options.c: Contact abc/sip:abc@xxx.xxx.xxxx:5060 is now Unreachable. RTT: 0.000 msec

Polycom has some phone side logs;

All the number of packets are used!! Packet tossed

At this point. I have tried session timer off and qualify off and aoe 160sec. All phone are internal network. With asterisk 13.2.2 it would take maybe 10-12 hours after a server restart for the errors to cause a phone crash.

Freepbx has firewall set with internal network open and dns 127.0.0.1

Aastra (mitel) phones last had a firmware update in 2016.

I set up a phone with chan sip and it almost never has a moment of Unreachable.

Have I run into a first time setup that messes with incompatible technology? Aastra is too old to use pjsip with asterisk?

Cisco switch is setup with express settings and vlan set to special code that instructs ports to be level 2.

Aastra has 7 extension/lines programmed. And Polycom 3 extensions. I meant to try counting how many lines it take to crash a phone. Because I thought at some point I tried just one line and had better luck.

All soft buttons removed didn’t help.

I tried another pbx software to see how their extension manager set up the aastra phones. That is another story. Short: aastra with their settings on pjsip and freepbx crashes. Long: lightning struck while I was out and fried my 4 port testing poe switch, atx power supply, and more. Now my pbx with extension manager is offline till I remember where my spare atx psu was put. Can Ethernet surge? My power supplies were on a surge power strip off of a rack mount surge protector…

This has become a bit of a ramble. So should I assume aastra isn’t going to work with pjsip and a different extension on every line?

Well before i left and lightning struck, I noticed the status on a crashing aastra was reading 408 instead of registered. Back to buddy Google.


(Busy Bee) #2

Made all new pj-sip extensions with asterisk – just incase.

log says the following. Are these normal?

Set(“PJSIP/211-00000006”, “RT=15”) in new stack
[2019-08-01 23:35:54] WARNING[5254][C-00000005] chan_sip.c: This function can only be used on SIP channels.
[2019-08-01 23:35:54] VERBOSE[5254][C-00000005] pbx.c: Executing [s@macro-exten-vm:6] ExecIf(“PJSIP/211-00000006”, “0?Macro(vm,202,DIRECTDIAL,)”) in new stack
[2019-08-01 23:35:54] WARNING[5254][C-00000005] chan_sip.c: This function can only be used on SIP channels.
[2019-08-01 23:35:54] WARNING[5254][C-00000005] chan_sip.c: This function can only be used on SIP channels.
[2019-08-01 23:35:54] VERBOSE[5254][C-00000005] pbx.c: Executing [s@macro-exten-vm:7] ExecIf(“PJSIP/211-00000006”, “0?MacroExit()”) in new stack
[2019-08-01 23:35:54] WARNING[5254][C-00000005] chan_sip.c: This function can only be used on SIP channels.
[2019-08-01 23:35:54] WARNING[5254][C-00000005] chan_sip.c: This function can only be used on SIP channels.
[2019-08-01 23:35:54] VERBOSE[5254][C-00000005] pbx.c: Executing [s@macro-exten-vm:8] ExecIf(“PJSIP/211-00000006”, “0?Gosub(ext-intercom,*80202,1())”) in new stack
[2019-08-01 23:35:54] WARNING[5254][C-00000005] chan_sip.c: This function can only be used on SIP channels.
[2019-08-01 23:35:54] WARNING[5254][C-00000005] chan_sip.c: This function can only be used on SIP channels.
[2019-08-01 23:35:54] VERBOSE[5254][C-00000005] pbx.c: Executing [s@macro-exten-vm:9] ExecIf(“PJSIP/211-00000006”, “0?MacroExit()”) in new stack
[2019-08-01 23:35:54] WARNING[5254][C-00000005] chan_sip.c: This function can only be used on SIP channels.
[2019-08-01 23:35:54] WARNING[5254][C-00000005] chan_sip.c: This function can only be used on SIP channels.
[2019-08-01 23:35:54] VERBOSE[5254][C-00000005] pbx.c: Executing [s@macro-exten-vm:10] ExecIf(“PJSIP/211-00000006”, “0?ChanSpy(SIP/202,q)”) in new stack
[2019-08-01 23:35:54] WARNING[5254][C-00000005] chan_sip.c: This function can only be used on SIP channels.
[2019-08-01 23:35:54] WARNING[5254][C-00000005] chan_sip.c: This function can only be used on SIP channels.
[2019-08-01 23:35:54] VERBOSE[5254][C-00000005] pbx.c: Executing [s@macro-exten-vm:11] ExecIf(“PJSIP/211-00000006”, “0?MacroExit()”) in new stack
[2019-08-01 23:35:54] WARNING[5254][C-00000005] chan_sip.c: This function can only be used on SIP channels.
[2019-08-01 23:35:54] VERBOSE[5254][C-00000005] pbx.c: Executing [s@macro-exten-vm:12] ExecIf(“PJSIP/211-00000006”, “0?Macro(vm,202,DIRECTDIAL,)”) in new stack


(Lorne Gaetz) #3

Nothing I see here is outside the ordinary, except for the 7 registrations for a single phone. But that wouldn’t cause Asterisk to crash. Are you using the FreePBX distro?

These warnings are normal, just ignore them.

edit - A colleague has pointed out that your phones are crashing, not Asterisk. Aside from just buggy phone firmware, check System Admin, Intrusion Detection for IP bans. While in the testing phase, you probably want to whitelist the IP range of your devices.


(Dave Burgess) #4

One of your questions has one of your answers. You are setting up phone as “Chan-SIP” and connecting them to the PJ-SIP port.

There’s no reason to stop using Chan-SIP if your phone likes it. Just point the phone to 5160 and go to town.

I’d avoid using VLANs with this panoply of phones. For a four-phone network, the complexity and fragility that’s added isn’t worth the price. Just use a basic LAN set up.


(Busy Bee) #5

It is good to know this should work. I forgot with all my typing to mention lines 1-3 were a solo pj-sip extension and 6-9 were repeated pj-sip extension -solo and repeated extensions have same behavior. I was under the assumption pj-sip was made for this sort of application. Our company has many inbound numbers that I was planning to direct with DID’s and ring groups. I had hesitated to use the forum because so much has been published. Last night I tried fresh (though the same settings) extension that were created with asterisk 16 freepbx 15. I also tried 6 digit extension passwords because of one google hit for a story on long passwords. Not good to combine test; but, I did a double change.

New extensions have no logs whatsoever for 10 hours and in just 4 hours, a past setup phone, running solo (no shared extensions) has just gotten 30+ Unreachable and Reachable lines in the log.

I will look into whitelisting ip’s. Though in the firewall I did list my ip range with /24 as local traffic and eventually even each ip separately with /32.

Since I assume the original extensions I have been learning on for some time will keep up the same behavior, at some point today I will downgrade them to 6 digit passwords to settle my curiosity.


(Dave Burgess) #6

From the sound of your latest description, you might be overthinking this stuff.

  1. Asterisk as a back to back User Agent. That means that calls come in from the outside world and you PBX essentlally calls your phone and bridges to two calls. This has the effect of changing how calls are treated logically. So, for example, having a phone with 6 copies of the same number doesn’t really gain you much. If you phone is busy, it’s busy (call waiting notwithstanding).

  2. You are trying to do some really complicated stuff right out of the gate. Take a step back and set the phones up one thing at a time. Start with getting a single line on each phone working. Once you have that working, you know the network and firewall infrastructure is solid and you can move on to crazy stuff.

The fact that your phones on the local network are cycling from reachable to not implies that your network is a larger problem. I’d start with that.


(Busy Bee) #7

I am aware freepbx defaults pj-sip to the legacy 5060 channel and chan-sip 5160-5161. I have the phones set up to listen on the right ports.

I admit I wasn’t pleased when I realized I purchased a level 3 switch. The end setup would be 10 Aastra phones with poe. Unless I have really mixed up terms, I have one vlan set to static ip used for logging into the unit. I don’t remember much from a one time setup. Should have printed the setup listing.


(Dave Burgess) #8

Not really an issue. VLAN tagging is an option that is a “nice to have” to reduce collisions domains. With 10 phones and a good admin password, you have a perfectly reasonable network set up.

The other problem with VLANs is that you have to use them everywhere once you start. It’s not a half-measure thing, so you have to set up DHCP, switches, routers, the PBX Ethernet(s), and the phones so that the VLANs are being used. Anything not in the VLAN is not in the LAN, and now you have a device that “should be” there and isn’t.

I’ve tried to use VLANs a bunch of times (I’ve been doing this kind of work since the '80s) and unless I really have a serious need to use them, I just avoid it. Of course, there are places and times where they are required, and in those cases I spend the dozens of wasted hours required to get it working eventually. Buy me a beer and I’ll tell you the story of the two YEARS we spent trying to get a VLAN working though a TACLANE.


(Busy Bee) #9

I will keep your message in mind; especially, if I get an outside phone request (keeping my mouth shut) but I am not sure the ports are on a vlan, just the console. fastethernet 1-12 was set level2 with some code (another 1000 page manual to consider). Dhcp was left with router.

But it seems I have put the last thing to try on the wrong end of the trouble shooting list. The phones aren’t crashing/ logs empty, so I searched the aastra admin 1000 page pdf manual {20 alphanumeric characters} Sorry to trouble the forum but I really am at the end of two months of tinkering with this. (learned the hard way why you don’t repeat chan-sip… who will re-register first… seemed like a virus before I caught on to the random dropped lines)

Aastra manual
Password Password
(Global and
Per-Line)
sip password

Password used to register the IP phone
with the SIP proxy. Valid values are up to
20 alphanumeric characters. Passwords
are encrypted and display as asterisks
when entering.

Polycom has 2019 firmware so it must be 32 digit compatible.

Thanks for all the post and topics that answer questions.


(Busy Bee) #10

No happy camping. 20 digits didn’t work for old extensions even after remaking them and 10 digits isn’t stable.

Was getting ready to make due with chan-sip and found even changing the port can’t work right . Phone has every reference to 5060 moved to 5260 and yet there is a mix match. An older firmware phone doesn’t do this.

<— Transmitting SIP request (422 bytes) to UDP:192.168.1.208:5060 —>
OPTIONS sip:314@192.168.1.208:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.200:5260

<— Transmitting SIP request (420 bytes) to UDP:192.168.1.87:5260 —>
OPTIONS sip:314@192.168.1.87:5260 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.200:5260


(Dave Burgess) #11

In the forum, we’ve talked about phones that do this. The “BYE” packet (for example) on some phones will not use the designated port and always reverts to 5060.

From the sounds of it, you’re going to need to set up Chan-SIP on 5060 (and if you want to use it, PJ-SIP on 5160) and block external access from the Internet against 5060. Your VLAN tagging (if you are still using that) kind of obviates that anyway, so you might be boxed in.

If you decide to go this route, you can tell your provider that your end of the connection is on 5160 (even if they require 5060). Remember - inbound and outbound calling are largely separate, so you just need to keep that in mind when you are setting up your service selections.


(Jared Busch) #12

Those Aastra phones work just fine with PJSIP, I have a few dozen of them at a site, along with a few hundred 6737i all on PJSIP.

FreePBX 14, distro install. Asterisk 16.

All using firmware group 1.13 in EPM.


(Busy Bee) #13

I had found a newer firmware then yours on mitel’s website. 3.3.1.4365 So there is a firmware difference.

I had thought of purchasing the endpoint manager; figuring, there could be something wrong with my user generated config file.


(Busy Bee) #14

So I should read further on this cisco vlan… even if i use chan sip. Chan-sip phone on port 5160 has been running fine. I was using pj-sip on 5060 and today was moving it; figuring, I should move chan sip to 5060. My trunk provider prefers pj-sip on port 6000 and their online freepbx instructions didn’t work for me and they said to add one of their servers Outbound Proxy’s to my trunk.

I have some power supplies so I could always see how 3 phones hold out on a unmanaged switch vs cisco.


(Busy Bee) #15

I needed to make a text file of my config. This is what I thought was a proper config. xxx is self filled in, because, I don’t under stand security enough to just paste the file as-is. My fastethernet has no vlan association right?

poe-server#sh run
Building configuration…

Current configuration : 3097 bytes
!
! Last configuration change at 20:38:05 edt Thu Jul 25 2019
! NVRAM config last updated at 20:38:07 edt Thu Jul 25 2019
!
version 12.2
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
!
hostname poe-server
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxx
!
no aaa new-model
clock timezone est -5
clock summer-time edt recurring
system mtu routing 1500
ip subnet-zero
ip name-server 75.75.75.75
ip name-server 192.168.xxx.xxx
ip name-server 75.75.76.76
ip name-server 192.168.xxx.xxx
!
!
!
!
crypto pki trustpoint TP-self-signed-xxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxx
revocation-check none
rsakeypair TP-self-signed-xxx
!
!
crypto pki certificate chain xxx
quit
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface GigabitEthernet0/1
!
interface Vlan1
ip address 192.168.xxx.xxx 255.255.255.0
!
ip default-gateway 192.168.xxx.xxx
ip classless
ip http server
ip http secure-server
!
!
control-plane
!
!
line con 0
line vty 0 4
password 7 xxx
login
line vty 5 15
password 7 xxx
login
!
ntp clock-period 36029437
ntp server 128.138.141.172
end


(Busy Bee) #16

I set the fastethernet to switchport (just for reference)


(Busy Bee) #17

You were right. It was the switch. My setup just didn’t effect the one chain-sip phone

I am now over 24 hours Unreachable error free. 40 hours error free!!!

All because i knew i needed an unmanaged switch, so I set up an unmanaged switch, literally. But a unmanaged switch really should be called an unmanage-able switch. Because it is actually pre-programmed (aka unmanaged smart switches) and that set up is needed on the layer 3 switch even in layer 2 mode.

A engineer over at cisco answered a past forum request how to make a basic switch and there was a few things to add to mine. Yes, I know I don’t have qos and voip traffic priority over data with this setup.

Here are the setup differences; everything else is the same. I will have to read up on using a log to clone a backup switch. Probably easier to re create and make good notes.

spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 61440
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport mode access


(system) closed #18

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.