Azure freepbx behind nat doesn't register extension

letal1609 · December 8, 2015, 1:24pm

Hello,

I have a freepbx installed on a azure virtual machine. The server is behind a nat but it doesn’t register sip extensions. It receive the request tough. I’ve checked that with tcpdump.

In the extension configuration on the web gui, i have activated the nat with the yes (force…) option. I don’t what config to do after that to allow the extension registration.

Thank you.

dineshvg · December 10, 2015, 9:42am

What kind of NAT router is there ?
If it is symmetric NAT you would need something like TURN server, for others you might need a STUN server.

letal1609 · December 11, 2015, 1:38pm

I don’t know what kind of nat it is.
Does what you say mean that i need obligatarely a stun or stun server if my freepbx server is behind a nat ?

BlazeStudios · December 11, 2015, 2:00pm

@letal1609 Can you post the SIP trace from tcpdump? Even though it receives the request is it sending a reply to the request?

letal1609 · December 11, 2015, 2:03pm

There is the tcptrace below

13:47:18.694110 IP (tos 0x0, ttl 47, id 0, offset 0, flags [DF], pro
229-52-228-91.static.first-root.com.38437 > 10.4.0.4.sip: SIP, l
REGISTER sip:40.78.159.4;transport=UDP SIP/2.0
Via: SIP/2.0/UDP 91.228.52.229:38437;branch=z9hG4bK-d8754z-b
Max-Forwards: 70
Contact: <sip:[email protected]:38437;rinstance=83746de85c3f
To: sip:[email protected];transport=UDP
From: sip:[email protected];transport=UDP;tag=442a123a
Call-ID: Nzg2OTE2ZmIwMTZiNTM2MjkwNmUxMzY3YWEzZDgwODE.
CSeq: 2 REGISTER
Expires: 70
Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPT
Supported: replaces, norefersub, extended-refer, timer, X-ci
User-Agent: Z 3.3.25608 r25552
Authorization: Digest username=“101”,realm=“asterisk”,nonce= ort=UDP",response=“f8fd780e50d1d91098ffdfc7c20462a0”,cnonce="3f017e0 8d5a72219fc1b"
Allow-Events: presence, kpml
Content-Length: 0

13:47:18.695960 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], pro
10.4.0.4.sip > 229-52-228-91.static.first-root.com.38437: SIP, l
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 91.228.52.229:38437;rport=38437;received=91 UDP
Call-ID: Nzg2OTE2ZmIwMTZiNTM2MjkwNmUxMzY3YWEzZDgwODE.
From: sip:[email protected];tag=442a123a
To: sip:[email protected];tag=z9hG4bK-d8754z-b25cc1aa986e0e5
CSeq: 2 REGISTER
WWW-Authenticate: Digest realm=“asterisk”,nonce="1449841638 5,qop="auth"
Server: FPBX-12.0.76.2(13.6.0)
Content-Length: 0

BlazeStudios · December 11, 2015, 2:15pm

@letal1609 That’s your issue right there. It is sending a reply and telling you the registration attempt is Unauthorized. Can you run “sip set debug on” from the Asterisk CLI and attempt a register from there then post the results?

letal1609 · December 11, 2015, 2:18pm

That is the result. Why is it searching the endpoint in pjsip/pjsip ?

[2015-12-11 14:16:55] NOTICE[46359]: res_pjsip/pjsip_distributor.c:347 log_unidentified_request: Request from ‘sip:[email protected]’ failed for ‘91.228.52.229:38437’ (callid: YjU1YzkxMzQxODY2NWFiNzcwMTNkZGEyNTAzYjk0ZmE.) - No matching endpoint found
[2015-12-11 14:16:55] NOTICE[46359]: res_pjsip/pjsip_distributor.c:347 log_unidentified_request: Request from ‘sip:[email protected]’ failed for ‘91.228.52.229:38437’ (callid: YjU1YzkxMzQxODY2NWFiNzcwMTNkZGEyNTAzYjk0ZmE.) - No matching endpoint found

BlazeStudios · December 11, 2015, 2:25pm

@letal1609 Are you using PJSIP? It’s looking like the extension is setup as a PJSIP extension instead of a SIP extension.

Can you show the extension settings either via screenshot of the GUI or the details in sip_additional.conf?

letal1609 · December 11, 2015, 2:29pm

I’ve set the extension a SIP one.
There is the config below:

[101]
deny=0.0.0.0/0.0.0.0
secret=1234test
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
mediaencryption=no
sendrpid=no
type=friend
nat=force_rport,comedia
port=5060
qualify=yes
qualifyfreq=60
transport=udp,tcp,tls
avpf=no
force_avp=no
icesupport=no
encryption=no
callgroup=
pickupgroup=
dial=SIP/101
permit=0.0.0.0/0.0.0.0
callerid=John Doe <101>
callcounter=yes
faxdetect=no
cc_monitor_policy=generic

letal1609 · December 11, 2015, 2:33pm

I was using zoiper on a centos. When a create a PJSIP extension, it connected successfully. But, the SIP extension is not registering.

BlazeStudios · December 11, 2015, 2:38pm

@letal1609 So you do have PJSIP enabled? PJSIP uses port 5060 and Chan_SIP uses 5061. If you have your device trying to register on port 5060 it’s going to use the PJSIP driver and thus give you that error.

Try changing the port to 5061 on the extension, save config and update your phone to use 5061 and give it a try.