I have an NEC SV8100 sip line to FreePBX. I can call from the FreePBX to the NEC and get in and have audio both ways. works good. From the NEC to FreePBX I get a busy signal. The cli spit this out:
1978 is the extension making the call. 1900 is the user id on the NEC. I have no I idea why the NEC would send what appears to be it’s MAC address followed by zeros as callerid. When I set Anonymous Callers to yes; calls go through nicely. I would like to remedy this. This is my sip set-up out and in:
You need to post your complete SIP configuration plus a SIP trace and say a few words how your system is configured. The reason for this is that quite often we see posts here that basically say that FreePBX does not work and 20 messages later it turns out that it was a lousy container configuration, or something similar, that had nothing to do with Asterisk or FreePBX.
chan_sip is deprecated and no-one is supporting it.
I believe that the deprecated “very” option for insecure is no longer recognized by the code, “&” isn’t a valid delimiter in insecure, and very already included invite.
I don’t think you need an In section at all in this case, but most of its options, if present, should be the same as the out one. Given what is in the From header, only the out section could match, and I suspect that the garbled insecure is stopping that. (“insecure” only applies to inbound calls, but I think your out section is really both ways.)
username has no significance for inbound calls and is only relevant to outbound calls when the host is dynamic. It is a deprecated name for default user.
I am not aware that “user” exists at all as an option.
“trunk” doesn’t exist as an option.
“nat=” introduces various protocol violations; I doubt you need it, even if if rarely causes problems.
I have been looking at the the debug and this number ( (callid: [email protected] ) keeps coming up to be authenticated when I attempt a call from the Nec to Asterisk. It seems like my problem would be solved if I could authenicate that string. Can I authenticate that string ? If so, how would I do it?
I have two sip traces: one is from a call when the SIP settings allowed guest callers but not anonymous callers.
– Executing [3333@from-sip-external:1] NoOp(“PJSIP/anonymous-00000010”, “Received incoming SIP connection from unknown peer to 3333”) in new stack
– Executing [3333@from-sip-external:2] Set(“PJSIP/anonymous-00000010”, “DID=3333”) in new stack
– Executing [3333@from-sip-external:3] Goto(“PJSIP/anonymous-00000010”, “s,1”) in new stack
– Goto (from-sip-external,s,1)
– Executing [s@from-sip-external:1] GotoIf(“PJSIP/anonymous-00000010”, “1?setlanguage:checkanon”) in new stack
– Goto (from-sip-external,s,2)
– Executing [s@from-sip-external:2] Set(“PJSIP/anonymous-00000010”, “CHANNEL(language)=en”) in new stack
– Executing [s@from-sip-external:3] GotoIf(“PJSIP/anonymous-00000010”, “1?noanonymous”) in new stack
– Goto (from-sip-external,s,5)
– Executing [s@from-sip-external:5] Set(“PJSIP/anonymous-00000010”, “TIMEOUT(absolute)=15”) in new stack
– Channel will hangup at 2022-05-23 16:06:49.248 EDT.
– Executing [s@from-sip-external:6] Set(“PJSIP/anonymous-00000010”, “receveip=pjsip,remote_addr”) in new stack
– Executing [s@from-sip-external:7] Log(“PJSIP/anonymous-00000010”, "WARNING,“Rejecting unknown SIP connection from 50.242.24.137:6837"”) in new stack
[2022-05-23 16:06:34] WARNING[28043][C-0000000e]: Ext. s:7 @ from-sip-external: “Rejecting unknown SIP connection from 50.242.24.137:6837”
– Executing [s@from-sip-external:8] Answer(“PJSIP/anonymous-00000010”, “”) in new stack
> 0x7fe27c021160 – Strict RTP learning after remote address set to: 192.168.16.27:10026
> 0x7fe27c021160 – Strict RTP qualifying stream type: audio
> 0x7fe27c021160 – Strict RTP switching source address to 50.242.24.137:11462
– Executing [s@from-sip-external:9] Wait(“PJSIP/anonymous-00000010”, “2”) in new stack
– Executing [s@from-sip-external:10] Playback(“PJSIP/anonymous-00000010”, “ss-noservice”) in new stack
– <PJSIP/anonymous-00000010> Playing ‘ss-noservice.ulaw’ (language ‘en’)
> 0x7fe27c021160 – Strict RTP learning complete - Locking on source address 50.242.24.137:11462
– Executing [h@from-sip-external:1] Hangup(“PJSIP/anonymous-00000010”, “”) in new stack
== Spawn extension (from-sip-external, h, 1) exited non-zero on ‘PJSIP/anonymous-00000010’
The call failed. The next trace is from a call with SIP settings disallowing guest callers and anonymous callers. It is one line:
res_pjsip/pjsip_distributor.c:676 log_failed_request: Request ‘INVITE’ from ‘“1978” sip:[email protected]’ failed for ‘50.242.24.137:5813’ (callid: [email protected]) - Failed to authenticate.
The calls from the Asterisk to the NEC complete and sound great. Two way audio. I had thought that callerid was the same every time but it is not. The sip: [email protected] comes up in the debug every time; can I authenticate that string. All suggestions are appreciated!
That’s an opaque identifier for the call and is not used for authentication. 1900, or 50.242.24.137:5813 will be used for authentication. The former would be used against the sip.conf section name of your IN section. The latter against your host= setting. I would say that it is failing to authenticate because it is nothing like 192.168.16.26.
Can you explain the significance of that address. We need to know to understand your network well enough to give the correct configuration. Similarly for 192.168.16.26.
Are you sure that this is at all a regular call? The few log lines indicate that there is a call for an endpoint 3333, which you have not mentioned before, coming from an unknown IP. It could very well be someone trying to break into your system.
You need to be more precise in your descriptions and provide more meaningful logs. Otherwise it is difficult to help you. Using glass balls is deprecated, as is using chan_sip.
What is glass balls? I didn’t know I was using that!!
The call was to Ext. 3333 from Ext 1978 on the NEC SV8100. I can call from the Asterisk which has extensions 33XX to the NEC and get full audio, etc. From the NEC, extensions 19XX, to the Asterisk I get a busy signal. And this:
res_pjsip/pjsip_distributor.c:676 log_failed_request: Request ‘INVITE’ from ‘“1978” sip:[email protected]’ failed for ‘50.242.24.137:5813’ (callid: [email protected]) - Failed to authenticate.
Can I authenticate on sip:[email protected]? It seems that if I could the calls would complete. Would I use a register => command? and then put something in the register string in sip settings incoming?
Thank you for your time and replies. I appreciate it.
You would need a type=user section, in sip.conf, with a section name of [1900]. It could be the primary section, with type=friend, as I suspect that is the section that gets the trunk name, in FreePBX.
However, if you can work out what is happening with the IP addresses (which might point to other problems, as I suspect that the 50.* address indicates a misconfiguration at the remote side), you would be better creating an IN section, with type=peer, for the source address. Even better would be to move to chan_pjsip, and list it as a match (allow) address.
Until you understand why you are getting the 50 address for something you think has a 192 one, and seems to work, outbound with the latter, I don’t think anyone can give any guarantees.
The 50.242.24.137 is outside the address of for NEC. What should be IP address in that section? 192.168.16.26? I will configure a PJSIP trunk and see what happens.
You would expect the inside address, the same one as you have in your host= line. It might, as I say, work if you made the IN section be like the main section, a peer, with the same options, but with the outside address of the NEC, but that would depend on whether your router is prepared to bounce back packets addressed to the local public addresses onto the LAN, as Asterisk’s responses would go to that address.
I’m not clear how the NEC managed to send something to a private address, through an interface on a public address, or to get a source address that doesn’t match the interface used. Maybe you actually configured it with Asterisk’s public address, even though you configured Asterisk with its private address.
I’m back on this after being waylaid for a while. David, you said you would use a stripped down PJSIP trunk . Low security. Would you give me an example,please?