Can not receive inbound calls from Flowroute

pjsip
Tags: #<Tag:0x00007f7027fc9bc8>

(Steve V) #1

Current Asterisk Version: 16.13.0
I’ve been successfully running a freePBX server for almost a year. I just have one pjsip trunk through Flowroute(FLRT). Starting on Monday morning Dec. 1st, inbound calls stopped flowing into the server. Outbound calls are working fine. Looking at variables that changed over the weekend, I updated a bunch of modules on Sunday and one of the users had forwarded all calls to her cell phone on Thursday. She reversed it on Monday morning. She might have hit other feature codes in the process. I also noticed on the security.log a weird message:

[2020-Nov-30 02:35:29] [freepbx_security.NOTICE]: [Restapps] WARNING!!! Unexpected activity has been detected from: 164.163.11.22

I have no idea what that means. My router is forwarding to the correct ports (5060). I have a successful registration with FLRT. I deleted the trunk and created a new one just to see if it would help. I changed FLRT’s server to a different one as they recommended. They said my pbx is throwing back a 401 unauthorized response to them. I turned on pjsip logger and captured data from the full log when I attempted to call our DID. Here is the capture:

https://pastebin.freepbx.org/view/ebd2a7df

I’m just not sure what to do next. I could really use some help as this is a business’ pbx and they’re not happy.

Thank you in advance,
Steve

Edit: I was on the phone with Flowroute today for an hour. As far as they can tell I configured everything correctly. They even had their senior tech look at it. They’re stumped


#2

For your pjsip Flowroute trunk, set Match (Permit) to 147.75.65.192/28

If you are using a chan_sip trunk or if pjsip is listening on a port other than 5060, please post details.

If you still have trouble, post router/firewall make/model.


(Steve V) #3

Hello Stewart1, I did have my match set to 147.75.65.192/28. Pjsip is listening on port 5060. Oddly enough, the pbx started taking inbound calls again. So weird. I have no idea how it rectified its self. Thank you for the reply


#4

If using Registration, it won’t harm to add all these networks (CIDR’s) as appropriate, described as |POP|CIDR, netrange| , generally you just need the POP you register against, If you are able, use IP auth it is much more secure

|PoP|IP Addresses|
| --- | --- |
|AP-East-HK|147.75.42.200/31, 147.75.42.200-147.75.42.201|
|AP-Southeast-SIN|3.0.5.12/30, 3.0.5.12-3.0.5.15|
|EU-West-AMS|147.75.81.150/31, 147.75.81.150-147.75.81.151|
|EU-West-LDN|3.8.37.20/30, 3.8.37.20-3.8.37.23|
|SA-East-SP|18.228.70.48/30, 18.228.70.48-18.228.70.51|
|US-East-NJ|147.75.65.192/28, 147.75.65.192-147.75.65.207|
|US-East-VA|34.226.36.32/28, 34.226.36.32-34.226.36.47|
|US-West-OR|34.210.91.112/28, 34.210.91.112-34.210.91.127|
|US-West-WA|147.75.60.160/28 147.75.60.160-147.75.60.175|


(Steve V) #5

Hi dicko, thanks for your response. In looking at this situation, the fact that it rectified itself lends more questions than answers. Last night I did an experiment. I blanked out the match(permit) field from the pjsip settings and took out the entries from the whitelist. Guess what, it still received inbound calls! So what was going on during those two days we couldn’t receive calls?

Looking at all of those log entries I posted of the pbx rejecting my call, now that its working today, I can’t see the pbx logs showing it accepting the call. I wanted to compare the two logs. How do I make that happen? Anyway, if either of you could shed some insight on this, I would appreciate it. I’d really like to learn more.


(Jared Busch) #6

Because the calls were coming from another IP.
FreePBX will automatically allow inbound connections from what the DNS resolves the server name to. If the DNS includes SRV records, it will also add those, so you would have no need to manually add things to the match/permit.

But if you use an IP address, well then you need to add everything.


(Steve V) #7

Thanks for your input. I must admit I only partially understand your answer. Are you saying it was a DNS failure that led to the two days of no inbound calls? I had all of the IPs whitelisted and in the match(permit) during those two days.