Cisco 7941G gets a "Registration rejected"

Sure,

<?xml version="1.0" encoding="UTF-8"?>
<device>
    <fullConfig>true</fullConfig>
    <deviceProtocol>SIP</deviceProtocol>
    <sshUserId>admin</sshUserId>
    <sshPassword>cisco</sshPassword>
    <devicePool>
        <dateTimeSetting>
            <dateTemplate>D/M/Y</dateTemplate>
 
    <timeZone>Central Europe Standard/Daylight Time</timeZone>
                    <ntps>
                <ntp>
                    <name>pool.ntp.org</name>
      				<ntpMode>unicast</ntpMode>
    			</ntp>
            </ntps>
                    </dateTimeSetting>
        <callManagerGroup>
            <members>
                <member priority="0">
                    <callManager>
                        <name>192.168.50.201</name>
						<description>FreePBX</description>
                        <ports>
                            <ethernetPhonePort>2000</ethernetPhonePort>
                            <sipPort>5060</sipPort>
                            <securedSipPort>5061</securedSipPort>
                        </ports>
                        <processNodeName>192.168.50.201</processNodeName>
                    </callManager>
                </member>
            </members>
        </callManagerGroup>
				<connectionMonitorDuration>120</connectionMonitorDuration>
	</devicePool>
    <commonProfile>
        <phonePassword></phonePassword>
        <backgroundImageAccess>true</backgroundImageAccess>
        <callLogBlfEnabled>1</callLogBlfEnabled>
    </commonProfile>
    <loadInformation>SIP41.9-2-1S</loadInformation>
    <vendorConfig>
        <disableSpeaker>false</disableSpeaker>
        <disableSpeakerAndHeadset>false</disableSpeakerAndHeadset>
        <pcPort>0</pcPort>
        <settingsAccess>1</settingsAccess>
        <garp>0</garp>
        <voiceVlanAccess>0</voiceVlanAccess>
        <g722CodecSupport>2</g722CodecSupport>
        <handsetWidebandEnable>1</handsetWidebandEnable>
        <headsetWidebandEnable>0</headsetWidebandEnable>
        <headsetWidebandUIControl>0</headsetWidebandUIControl>
        <handsetWidebandUIControl>0</handsetWidebandUIControl>
        <videoCapability>1</videoCapability>
        <autoSelectLineEnable>0</autoSelectLineEnable>
        <daysDisplayNotActive>1,2,3,4,5,6,7</daysDisplayNotActive>
        <displayOnTime></displayOnTime>
        <displayOnDuration></displayOnDuration>
        <displayIdleTimeout>00:05</displayIdleTimeout>
        <webAccess>0</webAccess>
        <spanToPCPort>0</spanToPCPort>
        <loggingDisplay>1</loggingDisplay>
        <displayOnWhenIncomingCall>1</displayOnWhenIncomingCall>
        <loadServer></loadServer>
        <sshAccess>0</sshAccess>
    </vendorConfig>
   <userLocale>
 <name>Danish_denmark</name>
<uid>1</uid>
 <langCode>da_dk</langCode>
<version>1.0.0.0-1</version>
 <winCharSet>iso-8859-1</winCharSet>
</userLocale>
    <networkLocale>Danish_denmark</networkLocale>
<networkLocaleInfo>
 <name>Denmark</name>

 <version>1.0.0.0-1</version>
</networkLocaleInfo>
    <deviceSecurityMode>1</deviceSecurityMode>
    <authenticationURL></authenticationURL>
    <directory></directory>
    <idleTimeout>0</idleTimeout>
    <idleURL></idleURL>
    <informationURL></informationURL>
    <messagesURL></messagesURL>
    <proxyServerURL></proxyServerURL>
    <servicesURL></servicesURL>
    <dscpForSCCPPhoneConfig>96</dscpForSCCPPhoneConfig>
    <dscpForSCCPPhoneServices>0</dscpForSCCPPhoneServices>
    <dscpForCm2Dvce>96</dscpForCm2Dvce>
    <transportLayerProtocol>1</transportLayerProtocol>
    <dndCallAlert>5</dndCallAlert>
    <capfAuthMode>0</capfAuthMode>
    <capfList>
        <capf>
            <phonePort>3804</phonePort>
        </capf>
    </capfList>
    <certHash></certHash>
    <encrConfig>false</encrConfig>
    <sipProfile>
        <sipProxies>
        <backupProxy></backupProxy>
        <backupProxyPort></backupProxyPort>
        <emergencyProxy></emergencyProxy>
        <emergencyProxyPort></emergencyProxyPort>
        <outboundProxy></outboundProxy>
        <outboundProxyPort></outboundProxyPort>
        <registerWithProxy>true</registerWithProxy>
        </sipProxies>
        <sipCallFeatures>
            <cnfJoinEnabled>true</cnfJoinEnabled>
            <callForwardURI>x-cisco-serviceuri-cfwdall</callForwardURI>
            <callPickupURI>x-cisco-serviceuri-pickup</callPickupURI>
            <callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI>
            <callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI>
            <meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI>
            <abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI>
            <rfc2543Hold>false</rfc2543Hold>
            <callHoldRingback>2</callHoldRingback>
            <localCfwdEnable>true</localCfwdEnable>
            <semiAttendedTransfer>true</semiAttendedTransfer>
            <anonymousCallBlock>2</anonymousCallBlock>
            <callerIdBlocking>2</callerIdBlocking>
            <dndControl>0</dndControl>
            <remoteCcEnable>true</remoteCcEnable>
        </sipCallFeatures> 
        <sipStack>
            <sipInviteRetx>6</sipInviteRetx>
            <sipRetx>10</sipRetx>
            <timerInviteExpires>180</timerInviteExpires>
            <timerRegisterExpires>3600</timerRegisterExpires>
            <timerRegisterDelta>5</timerRegisterDelta>
            <timerKeepAliveExpires>120</timerKeepAliveExpires>
            <timerSubscribeExpires>120</timerSubscribeExpires>
            <timerSubscribeDelta>5</timerSubscribeDelta>
            <timerT1>500</timerT1>
            <timerT2>4000</timerT2>
            <maxRedirects>70</maxRedirects>
            <remotePartyID>false</remotePartyID>
            <userInfo>None</userInfo>  
        </sipStack>
        <autoAnswerTimer>0</autoAnswerTimer>
        <autoAnswerAltBehavior>false</autoAnswerAltBehavior>
        <autoAnswerOverride>true</autoAnswerOverride>
        <transferOnhookEnabled>true</transferOnhookEnabled>
        <enableVad>false</enableVad>
        <preferredCodec>g711alaw</preferredCodec>
        <dtmfAvtPayload>101</dtmfAvtPayload>
        <dtmfDbLevel>3</dtmfDbLevel>
        <dtmfOutofBand>avt</dtmfOutofBand>
        <alwaysUsePrimeLine>false</alwaysUsePrimeLine>
        <alwaysUsePrimeLineVoiceMail>false</alwaysUsePrimeLineVoiceMail>
        <kpml>3</kpml>
        <stutterMsgWaiting>0</stutterMsgWaiting>
        <callStats>false</callStats>
        <silentPeriodBetweenCallWaitingBursts>10</silentPeriodBetweenCallWaitingBursts>
        <disableLocalSpeedDialConfig>false</disableLocalSpeedDialConfig>
        <startMediaPort>16384</startMediaPort>
        <stopMediaPort>32766</stopMediaPort>
        <voipControlPort>5060</voipControlPort>
        <dscpForAudio>184</dscpForAudio>
        <ringSettingBusyStationPolicy>0</ringSettingBusyStationPolicy>
        <dialTemplate>dialplan.xml</dialTemplate>
        <softKeyFile>softkeys.xml</softKeyFile>
        <phoneLabel>3103</phoneLabel>
        <natEnabled>true</natEnabled>
        <natAddress>83.137.122.199</natAddress>

        <sipLines>
            <line button="1">
                <featureID>9</featureID>
                <featureLabel>Linje 1</featureLabel>
                <name>3103</name>
                <displayName>3103</displayName>
                <contact>3103</contact>
                <proxy>USECALLMANAGER</proxy>
                <port>5060</port>
                <autoAnswer>
                    <autoAnswerEnabled>0</autoAnswerEnabled>
                </autoAnswer>
                <callWaiting>1</callWaiting>
                <authName>3103</authName>
                <authPassword>31033103</authPassword>
                <sharedLine>false</sharedLine>
                <messageWaitingLampPolicy>3</messageWaitingLampPolicy>
                <messagesNumber>*97</messagesNumber>
                <ringSettingIdle>4</ringSettingIdle>
                <ringSettingActive>5</ringSettingActive>
                <forwardCallInfoDisplay>
                    <callerName>true</callerName>
                    <callerNumber>false</callerNumber>
                    <redirectedNumber>false</redirectedNumber>
                    <dialedNumber>true</dialedNumber>
                </forwardCallInfoDisplay>
            </line>

            </sipLines>
    </sipProfile>

<commonProfile>
        <phonePassword></phonePassword>
        <backgroundImageAccess>true</backgroundImageAccess>
        <callLogBlfEnabled>1</callLogBlfEnabled>
    </commonProfile>
</device>

Kind regards,
Mr. Rüdiger

That doesn’t look bad, I’ve seen that particular variation before. It’s missing the IPv6 stuff but the 7941G probably does not support IPv6 in the first place. I kind of suspect a configuration issue with pjsip. If you go into Asterisk SIP settings in FreePBX and then go to the pjsip configuration do you have both TCP and UDP enabled?

Also, just a FYI with the 7940 Cisco phones, NAT has to be turned ON or the symptom is the phone can make calls but not receive them. I don’t know about the 7941 but maybe. The XML for this is:

    <natEnabled>false</natEnabled>
    <natReceivedProcessing>false</natReceivedProcessing>
    <natAddress></natAddress>

All of the SEPMAC example files bouncing around the Internet seem to have been generated from a handful of originals, that probably were copied out of an old version of a Cisco UCM. I don’t know if the current Cisco UCM produces ASCII SEPMAC config files anymore, or if it generates them on the fly from templates when it gets a TFTP request, but I’m sure originally it did generate ASCII ones.

You can take a look at this documentation:

SEPMAC.cnf.xml (usecallmanager.nz)

and go through your SEPMAC config line by line to verify it.

Another source of SEPMAC config files is from posts here:

chan-sccp-b-discussion Mailing List for Chan-SCCP channel driver for Asterisk (sourceforge.net)

You will have to go back about 10 years in those archives for the most activity.

One thing about these Cisco phones is that all of them from the 7941 onwards use the same SEPMAC files. The older phones seem to ignore directives in the SEPMAC files that their firmware does not support - so in general you can use newer SEPMAC files with older phones without trouble. The one thing the phones cannot abide is an xml error such as a directive that then lacks a closing / directive.

Here’s my SEPMAC config for a Cisco 8941 - this is a later phone than the 7941 so the phone’s firmware supports more stuff - which is why my config file is larger.

<?xml version="1.0" encoding="UTF-8"?>
<device>
  <fullConfig>true</fullConfig>
  <deviceProtocol>SIP</deviceProtocol>
  <ipAddressMode>0</ipAddressMode>
  <allowAutoConfig>true</allowAutoConfig>
  <dadEnable>true</dadEnable>
  <redirectEnable>false</redirectEnable>
  <echoMultiEnable>false</echoMultiEnable>
  <ipPreferenceModeControl>0</ipPreferenceModeControl>
  <ipMediaAddressFamilyPreference>0</ipMediaAddressFamilyPreference>
  <devicePool>
    <dateTimeSetting>
      <dateTemplate>M/D/YYA</dateTemplate>
      <timeZone>Pacific Standard/Daylight Time</timeZone>
      <ntps>
        <ntp>
          <name>172.16.1.1</name>
          <ntpMode>unicast</ntpMode>
        </ntp>
      </ntps>
    </dateTimeSetting>
    <callManagerGroup>
      <members>
        <member priority="0">
          <callManager>
            <ports>
              <sipPort>5160</sipPort>
              <securedSipPort>5161</securedSipPort>
            </ports>
            <processNodeName>172.16.1.16</processNodeName>
          </callManager>
        </member>
      </members>
    </callManagerGroup>
  </devicePool>
  <!-- <TVS>
    <members>
      <member priority="0">
        <port>2445</port>
        <address></address>
      </member>
    </members>
  </TVS> -->
  <!-- <vpnGroup>
    <mtu>1290</mtu>
    <failConnectTime>30</failConnectTime>
    <authMethod>0</authMethod>
    <pswdPersistent>1</pswdPersistent>
    <autoNetDetect>1</autoNetDetect>
    <enableHostIDCheck>0</enableHostIDCheck>
    <addresses>
      <url1></url1>
    </addresses>
    <credentials>
      <hashAlg>0</hashAlg>
      <certHash1></certHash1>
    </credentials>
  </vpnGroup> -->
  <sipProfile>
    <sipProxies>
      <registerWithProxy>true</registerWithProxy>
    </sipProxies>
    <sipCallFeatures>
      <cnfJoinEnabled>true</cnfJoinEnabled>
      <callForwardURI>x-cisco-serviceuri-cfwdall</callForwardURI>
      <callPickupURI>x-cisco-serviceuri-pickup</callPickupURI>
      <callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI>
      <callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI>
      <meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI>
      <abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI>
      <rfc2543Hold>false</rfc2543Hold>
      <callHoldRingback>1</callHoldRingback>
      <localCfwdEnable>true</localCfwdEnable>
      <semiAttendedTransfer>true</semiAttendedTransfer>
      <anonymousCallBlock>0</anonymousCallBlock>
      <callerIdBlocking>2</callerIdBlocking>
      <dndControl>0</dndControl>
      <remoteCcEnable>true</remoteCcEnable>
      <retainForwardInformation>false</retainForwardInformation>
      <uriDialingDisplayPreference>1</uriDialingDisplayPreference>
    </sipCallFeatures>
    <sipStack>
      <sipInviteRetx>6</sipInviteRetx>
      <sipRetx>10</sipRetx>
      <timerInviteExpires>180</timerInviteExpires>
      <timerRegisterExpires>3600</timerRegisterExpires>
      <timerRegisterDelta>5</timerRegisterDelta>
      <timerKeepAliveExpires>120</timerKeepAliveExpires>
      <timerSubscribeExpires>120</timerSubscribeExpires>
      <timerSubscribeDelta>5</timerSubscribeDelta>
      <timerT1>500</timerT1>
      <timerT2>4000</timerT2>
      <maxRedirects>70</maxRedirects>
      <remotePartyID>true</remotePartyID>
      <userInfo>Phone</userInfo>
    </sipStack>
    <autoAnswerTimer>1</autoAnswerTimer>
    <autoAnswerAltBehavior>false</autoAnswerAltBehavior>
    <autoAnswerOverride>true</autoAnswerOverride>
    <transferOnhookEnabled>true</transferOnhookEnabled>
    <enableVad>false</enableVad>
    <preferredCodec>none</preferredCodec>
    <dtmfAvtPayload>101</dtmfAvtPayload>
    <dtmfDbLevel>3</dtmfDbLevel>
    <dtmfOutofBand>avt</dtmfOutofBand>
    <alwaysUsePrimeLine>false</alwaysUsePrimeLine>
    <alwaysUsePrimeLineVoiceMail>false</alwaysUsePrimeLineVoiceMail>
    <kpml>0</kpml>
    <phoneLabel>827</phoneLabel>
    <stutterMsgWaiting>0</stutterMsgWaiting>
    <callStats>true</callStats>
    <offhookToFirstDigitTimer>15000</offhookToFirstDigitTimer>
    <silentPeriodBetweenCallWaitingBursts>10</silentPeriodBetweenCallWaitingBursts>
    <disableLocalSpeedDialConfig>false</disableLocalSpeedDialConfig>
    <startMediaPort>16384</startMediaPort>
    <stopMediaPort>32766</stopMediaPort>
    <natEnabled>false</natEnabled>
    <natReceivedProcessing>false</natReceivedProcessing>
    <natAddress></natAddress>
    <sipLines>
      <line button="1" lineIndex="1">
        <featureID>9</featureID>
        <featureLabel>827 Beach Main</featureLabel>
        <proxy>USECALLMANAGER</proxy>
        <port>5160</port>
        <name>827</name>
        <displayName>827</displayName>
        <autoAnswer>
          <autoAnswerEnabled>0</autoAnswerEnabled>
        </autoAnswer>
        <callWaiting>3</callWaiting>
        <authName>827</authName>
        <authPassword>fa054</authPassword>
        <contact></contact>
        <sharedLine>false</sharedLine>
        <messageWaitingLampPolicy>3</messageWaitingLampPolicy>
        <messageWaitingAMWI>0</messageWaitingAMWI>
        <messagesNumber></messagesNumber>
        <ringSettingIdle>4</ringSettingIdle>
        <ringSettingActive>5</ringSettingActive>
        <forwardCallInfoDisplay>
          <callerName>true</callerName>
          <callerNumber>true</callerNumber>
          <redirectedNumber>true</redirectedNumber>
          <dialedNumber>true</dialedNumber>
        </forwardCallInfoDisplay>
        <maxNumCalls>5</maxNumCalls>
        <busyTrigger>4</busyTrigger>
        <recordingOption>enable</recordingOption>
      </line>
      <line button="2">
        <featureID>23</featureID>
        <featureLabel>828 Intercom</featureLabel>
        <proxy>USECALLMANAGER</proxy>
        <port>5160</port>
        <name>828</name>
        <displayName>828</displayName>
        <autoAnswer>
          <autoAnswerEnabled>3</autoAnswerEnabled>
          <autoAnswerMode>Auto Answer with Speakerphone</autoAnswerMode>
        </autoAnswer>
        <callWaiting>3</callWaiting>
        <maxNumCalls>1</maxNumCalls>
        <busyTrigger>1</busyTrigger>
      </line>
      <line button="3">
        <featureID>21</featureID>
        <featureLabel>821 Beach Master Br</featureLabel>
        <speedDialNumber>821</speedDialNumber>
        <featureOptionMask>1</featureOptionMask>
      </line>
      <line button="4">
        <featureID>21</featureID>
        <featureLabel>822 Beach Basement Br</featureLabel>
        <speedDialNumber>822</speedDialNumber>
        <featureOptionMask>1</featureOptionMask>
      </line>
    </sipLines>
    <externalNumberMask></externalNumberMask>
    <voipControlPort>5160</voipControlPort>
    <dscpForAudio>184</dscpForAudio>
    <dscpVideo>136</dscpVideo>
    <ringSettingBusyStationPolicy>0</ringSettingBusyStationPolicy>
    <dialTemplate></dialTemplate>
    <softKeyFile></softKeyFile>
  </sipProfile>
  <MissedCallLoggingOption>1</MissedCallLoggingOption>
  <featurePolicyFile></featurePolicyFile>
  <commonProfile>
    <phonePassword></phonePassword>
    <backgroundImageAccess>true</backgroundImageAccess>
    <callLogBlfEnabled>2</callLogBlfEnabled>
  </commonProfile>
  <vendorConfig>
    <defaultWallpaperFile></defaultWallpaperFile>
    <disableSpeaker>false</disableSpeaker>
    <disableSpeakerAndHeadset>false</disableSpeakerAndHeadset>
    <enableMuteFeature>false</enableMuteFeature>
    <enableGroupListen>true</enableGroupListen>
    <holdResumeKey>1</holdResumeKey>
    <recentsSoftKey>1</recentsSoftKey>
    <dfBit>1</dfBit>
    <pcPort>0</pcPort>
    <spanToPCPort>1</spanToPCPort>
    <garp>0</garp>
    <eapAuthentication>1</eapAuthentication>
    <rtcp>1</rtcp>
    <videoRtcp>1</videoRtcp>
    <voiceVlanAccess>0</voiceVlanAccess>
    <videoCapability>1</videoCapability>
    <hideVideoByDefault>0</hideVideoByDefault>
    <separateMute>0</separateMute>
    <ciscoCamera>1</ciscoCamera>
    <usb1>1</usb1>
    <usb2>1</usb2>
    <usbClasses>0,1,2</usbClasses>
    <sdio>1</sdio>
    <wifi>1</wifi>
    <bluetooth>1</bluetooth>
    <bluetoothProfile>0,1</bluetoothProfile>
    <btpbap>0</btpbap>
    <bthfu>0</bthfu>
    <ehookEnable>0</ehookEnable>
    <autoSelectLineEnable>1</autoSelectLineEnable>
    <autoCallSelect>1</autoCallSelect>
    <incomingCallToastTimer>10</incomingCallToastTimer>
    <dialToneFromReleaseKey>0</dialToneFromReleaseKey>
    <joinAndDirectTransferPolicy>0</joinAndDirectTransferPolicy>
    <minimumRingVolume></minimumRingVolume>
    <simplifiedNewCall>0</simplifiedNewCall>
    <actionableAlert>0</actionableAlert>
    <showCallHistoryForSelectedLine>0</showCallHistoryForSelectedLine>
    <kemOneColumn>0</kemOneColumn>
    <lineMode>0</lineMode>
    <lowerYourVoiceAlert>0</lowerYourVoiceAlert>
    <markCallAsSpam>1</markCallAsSpam>
    <callParkMonitor>1</callParkMonitor>
    <allCallsOnPrimary>0</allCallsOnPrimary>
    <softKeyControl>1</softKeyControl>
    <webProtocol>0</webProtocol>
    <tls12Only>0</tls12Only>
    <webAccess>0</webAccess>
    <webAdmin>1</webAdmin>
    <adminPassword></adminPassword>
    <sshAccess>0</sshAccess>
    <detectCMConnectionFailure>0</detectCMConnectionFailure>
    <disableTLSCiphers></disableTLSCiphers>
    <adminConfigurableRinger>0</adminConfigurableRinger>
    <g722CodecSupport>1</g722CodecSupport>
    <handsetWidebandEnable>2</handsetWidebandEnable>
    <headsetWidebandEnable>2</headsetWidebandEnable>
    <headsetWidebandUIControl>1</headsetWidebandUIControl>
    <handsetWidebandUIControl>1</handsetWidebandUIControl>
    <daysDisplayNotActive></daysDisplayNotActive>
    <displayOnTime>08:00</displayOnTime>
    <displayOnDuration>10:00</displayOnDuration>
    <displayIdleTimeout>00:60</displayIdleTimeout>
    <displayOnWhenIncomingCall>1</displayOnWhenIncomingCall>
    <displayRefreshRate>0</displayRefreshRate>
    <daysBacklightNotActive></daysBacklightNotActive>
    <backlightOnTime>08:00</backlightOnTime>
    <backlightOnDuration>10:00</backlightOnDuration>
    <backlightIdleTimeout>00:60</backlightIdleTimeout>
    <backlightOnWhenIncomingCall>1</backlightOnWhenIncomingCall>
    <recordingTone>0</recordingTone>
    <recordingToneLocalVolume>100</recordingToneLocalVolume>
    <recordingToneRemoteVolume>50</recordingToneRemoteVolume>
    <recordingToneDuration></recordingToneDuration>
    <moreKeyReversionTimer>5</moreKeyReversionTimer>
    <peerFirmwareSharing>0</peerFirmwareSharing>
    <loadServer></loadServer>
    <problemReportUploadURL></problemReportUploadURL>
    <enableCdpSwPort>1</enableCdpSwPort>
    <enableCdpPcPort>0</enableCdpPcPort>
    <enableLldpSwPort>1</enableLldpSwPort>
    <enableLldpPcPort>0</enableLldpPcPort>
    <cdpEnable>true</cdpEnable>
    <powerNegotiation>0</powerNegotiation>
    <outOfRangeAlert>0</outOfRangeAlert>
    <scanningMode>2</scanningMode>
    <applicationURL></applicationURL>
    <appButtonTimer>0</appButtonTimer>
    <appButtonPriority>0</appButtonPriority>
    <specialNumbers></specialNumbers>
    <sendKeyAction>0</sendKeyAction>
    <powerOffWhenCharging>0</powerOffWhenCharging>
    <homeScreen>0</homeScreen>
    <accessContacts>1</accessContacts>
    <accessFavorites>1</accessFavorites>
    <accessVoicemail>1</accessVoicemail>
    <accessApps>1</accessApps>
  </vendorConfig>
  <versionStamp>d902ed5a-c1e5-4233-b1d6-a960d53d1c3a</versionStamp>
  <loadInformation>SIP8941_8945.9-3-2SR1-2</loadInformation>
  <inactiveLoadInformation></inactiveLoadInformation>
  <!-- <addOnModules>
    <addOnModule idx="1">
      <deviceType></deviceType>
      <deviceLine></deviceLine>
      <loadInformation></loadInformation>
    </addOnModule>
  </addOnModules> -->
  <phoneServices useHTTPS="false">
    <provisioning>2</provisioning>
    <phoneService type="1" category="0">
      <name>Missed Calls</name>
      <url>Application:Cisco/MissedCalls</url>
      <vendor></vendor>
      <version></version>
    </phoneService>
    <phoneService type="1" category="0">
      <name>Received Calls</name>
      <url>Application:Cisco/ReceivedCalls</url>
      <vendor></vendor>
      <version></version>
    </phoneService>
    <phoneService type="1" category="0">
      <name>Placed Calls</name>
      <url>Application:Cisco/PlacedCalls</url>
      <vendor></vendor>
      <version></version>
    </phoneService>
    <phoneService type="2" category="0">
      <name>Voicemail</name>
      <url>Application:Cisco/Voicemail</url>
      <vendor></vendor>
      <version></version>
    </phoneService>
    <phoneService type="1" category="0">
            <name>Contacts</name>
            <!-- set the URL below to match your server DNS name, and edit the extension to match the correct extension for this
file -->
            <url>http://172.16.1.16/cisco/directory.php?xtn=827</url>
            <vendor></vendor>
            <version></version>
     </phoneService>
  </phoneServices>
  <userLocale>
    <name></name>
    <uid>1</uid>
    <langCode>en_US</langCode>
    <version></version>
    <winCharSet>utf-8</winCharSet>
  </userLocale>
  <networkLocale></networkLocale>
  <networkLocaleInfo>
    <name></name>
    <version></version>
  </networkLocaleInfo>
  <deviceSecurityMode>1</deviceSecurityMode>
  <idleTimeout>0</idleTimeout>
  <authenticationURL></authenticationURL>
  <messagesURL></messagesURL>
  <servicesURL></servicesURL>
  <directoryURL></directoryURL>
  <idleURL></idleURL>
  <informationURL></informationURL>
  <proxyServerURL></proxyServerURL>
  <secureAuthenticationURL></secureAuthenticationURL>
  <secureMessagesURL></secureMessagesURL>
  <secureServicesURL></secureServicesURL>
  <secureDirectoryURL></secureDirectoryURL>
  <secureInformationURL></secureInformationURL>
  <secureIdleURL></secureIdleURL>
  <transportLayerProtocol>1</transportLayerProtocol>
  <TLSResumptionTimer>3600</TLSResumptionTimer>
  <phonePersonalization>1</phonePersonalization>
  <autoCallPickupEnable>true</autoCallPickupEnable>
  <blfAudibleAlertSettingOfIdleStation>0</blfAudibleAlertSettingOfIdleStation>
  <blfAudibleAlertSettingOfBusyStation>0</blfAudibleAlertSettingOfBusyStation>
  <dndCallAlert>1</dndCallAlert>
  <dndReminderTimer>5</dndReminderTimer>
  <advertiseG722Codec>1</advertiseG722Codec>
  <rollover>0</rollover>
  <joinAcrossLines>0</joinAcrossLines>
  <capfAuthMode>0</capfAuthMode>
  <!-- <capfList>
    <capf>
      <phonePort>3804</phonePort>
      <processNodeName></processNodeName>
    </capf>
  </capfList> -->
  <certHash></certHash>
  <encrConfig>false</encrConfig>
  <userId></userId>
  <ownerId></ownerId>
  <sshUserId>cisco</sshUserId>
  <sshPassword>cisco</sshPassword>
</device>

Hi Mathis,

I received my Cisco 7961G phone yesterday and set it up. It was running very antique firmware so I had to take it through multiple TFTP firmware updates. Anyway, I used your SEPMAC file as close as possible as a template and it registered fine and I was able to send and receive calls to it to other Cisco desktop phones on my FreePBX system. However when I tried using Linphone on my cell phone I was able to call the phone from Linphone but when I tried calling the Linphone extension from the 7961 it rang but voice did not go through. So there’s a bit more tweaking that needs to be done. Here’s my 7961G SEPMAC config:

<?xml version="1.0" encoding="UTF-8"?>
<device>
    <fullConfig>true</fullConfig>
    <deviceProtocol>SIP</deviceProtocol>
    <ipAddressMode>0</ipAddressMode>
    <sshUserId>cisco</sshUserId>
    <sshPassword>cisco</sshPassword>
    <devicePool>
        <dateTimeSetting>
            <dateTemplate>M/D/YYA</dateTemplate>
            <timeZone>Pacific Standard/Daylight Time</timeZone>
                <ntps>
                    <ntp>
                        <name>172.16.1.1</name>
                        <ntpMode>unicast</ntpMode>
                    </ntp>
                </ntps>
        </dateTimeSetting>
        <callManagerGroup>
            <members>
                <member priority="0">
                    <callManager>
                        <name>172.16.1.16</name>
                        <description>FreePBX</description>
                        <ports>
                            <ethernetPhonePort>2000</ethernetPhonePort>
                            <sipPort>5160</sipPort>
                            <securedSipPort>5161</securedSipPort>
                        </ports>
                        <processNodeName>172.16.1.16</processNodeName>
                    </callManager>
                </member>
            </members>
        </callManagerGroup>
        <connectionMonitorDuration>120</connectionMonitorDuration>
    </devicePool>
    <commonProfile>
        <phonePassword></phonePassword>
        <backgroundImageAccess>true</backgroundImageAccess>
        <callLogBlfEnabled>1</callLogBlfEnabled>
    </commonProfile>
    <loadInformation>SIP41.9-2-1S</loadInformation>
    <vendorConfig>
        <disableSpeaker>false</disableSpeaker>
        <disableSpeakerAndHeadset>false</disableSpeakerAndHeadset>
        <pcPort>0</pcPort>
        <settingsAccess>1</settingsAccess>
        <garp>0</garp>
        <voiceVlanAccess>0</voiceVlanAccess>
        <g722CodecSupport>2</g722CodecSupport>
        <handsetWidebandEnable>1</handsetWidebandEnable>
        <headsetWidebandEnable>0</headsetWidebandEnable>
        <headsetWidebandUIControl>0</headsetWidebandUIControl>
        <handsetWidebandUIControl>0</handsetWidebandUIControl>
        <videoCapability>1</videoCapability>
        <autoSelectLineEnable>0</autoSelectLineEnable>
        <daysDisplayNotActive>1,2,3,4,5,6,7</daysDisplayNotActive>
        <displayOnTime></displayOnTime>
        <displayOnDuration></displayOnDuration>
        <displayIdleTimeout>00:05</displayIdleTimeout>
        <webAccess>0</webAccess>
        <spanToPCPort>0</spanToPCPort>
        <loggingDisplay>1</loggingDisplay>
        <displayOnWhenIncomingCall>1</displayOnWhenIncomingCall>
        <loadServer></loadServer>
        <sshAccess>0</sshAccess>
        <sshPort>22</sshPort>
    </vendorConfig>
    <phoneServices useHTTPS="false">
        <provisioning>2</provisioning>
        <phoneService type="1" category="0">
            <name>Contacts</name>
            <url>http://172.16.1.16/cisco/directory.xml</url>
            <vendor></vendor>
            <version></version>
        </phoneService>
    </phoneServices>
    <userLocale>
        <name>United_States</name>
        <uid>1</uid>
        <langCode>en_US</langCode>
        <version>1.0.0.0-1</version>
        <winCharSet>iso-8859-1</winCharSet>
    </userLocale>
    <networkLocale>United_States</networkLocale>
        <networkLocaleInfo>
        <name>United_States</name>
        <version>1.0.0.0-1</version>
    </networkLocaleInfo>
    <deviceSecurityMode>1</deviceSecurityMode>
    <authenticationURL></authenticationURL>
    <directory></directory>
    <idleTimeout>0</idleTimeout>
    <idleURL></idleURL>
    <informationURL></informationURL>
    <messagesURL></messagesURL>
    <proxyServerURL></proxyServerURL>
    <servicesURL></servicesURL>
    <dscpForSCCPPhoneConfig>96</dscpForSCCPPhoneConfig>
    <dscpForSCCPPhoneServices>0</dscpForSCCPPhoneServices>
    <dscpForCm2Dvce>96</dscpForCm2Dvce>
    <transportLayerProtocol>1</transportLayerProtocol>
    <dndCallAlert>5</dndCallAlert>
    <capfAuthMode>0</capfAuthMode>
    <capfList>
        <capf>
            <phonePort>3804</phonePort>
        </capf>
    </capfList>
    <certHash></certHash>
    <encrConfig>false</encrConfig>
    <sipProfile>
        <sipProxies>
        <backupProxy></backupProxy>
        <backupProxyPort></backupProxyPort>
        <emergencyProxy></emergencyProxy>
        <emergencyProxyPort></emergencyProxyPort>
        <outboundProxy></outboundProxy>
        <outboundProxyPort></outboundProxyPort>
        <registerWithProxy>true</registerWithProxy>
        </sipProxies>
        <sipCallFeatures>
            <cnfJoinEnabled>true</cnfJoinEnabled>
            <callForwardURI>x-cisco-serviceuri-cfwdall</callForwardURI>
            <callPickupURI>x-cisco-serviceuri-pickup</callPickupURI>
            <callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI>
            <callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI>
            <meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI>
            <abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI>
            <rfc2543Hold>false</rfc2543Hold>
            <callHoldRingback>2</callHoldRingback>
            <localCfwdEnable>true</localCfwdEnable>
            <semiAttendedTransfer>true</semiAttendedTransfer>
            <anonymousCallBlock>2</anonymousCallBlock>
            <callerIdBlocking>2</callerIdBlocking>
            <dndControl>0</dndControl>
            <remoteCcEnable>true</remoteCcEnable>
        </sipCallFeatures>
        <sipStack>
            <sipInviteRetx>6</sipInviteRetx>
            <sipRetx>10</sipRetx>
            <timerInviteExpires>180</timerInviteExpires>
            <timerRegisterExpires>3600</timerRegisterExpires>
            <timerRegisterDelta>5</timerRegisterDelta>
            <timerKeepAliveExpires>120</timerKeepAliveExpires>
            <timerSubscribeExpires>120</timerSubscribeExpires>
            <timerSubscribeDelta>5</timerSubscribeDelta>
            <timerT1>500</timerT1>
            <timerT2>4000</timerT2>
            <maxRedirects>70</maxRedirects>
            <remotePartyID>false</remotePartyID>
            <userInfo>None</userInfo>
        </sipStack>
        <autoAnswerTimer>0</autoAnswerTimer>
        <autoAnswerAltBehavior>false</autoAnswerAltBehavior>
        <autoAnswerOverride>true</autoAnswerOverride>
        <transferOnhookEnabled>true</transferOnhookEnabled>
        <enableVad>false</enableVad>
        <preferredCodec>g711alaw</preferredCodec>
        <dtmfAvtPayload>101</dtmfAvtPayload>
        <dtmfDbLevel>3</dtmfDbLevel>
        <dtmfOutofBand>avt</dtmfOutofBand>
        <alwaysUsePrimeLine>false</alwaysUsePrimeLine>
        <alwaysUsePrimeLineVoiceMail>false</alwaysUsePrimeLineVoiceMail>
        <kpml>3</kpml>
        <stutterMsgWaiting>0</stutterMsgWaiting>
        <callStats>false</callStats>
        <silentPeriodBetweenCallWaitingBursts>10</silentPeriodBetweenCallWaitingBursts>
        <disableLocalSpeedDialConfig>false</disableLocalSpeedDialConfig>
        <startMediaPort>16384</startMediaPort>
        <stopMediaPort>32766</stopMediaPort>
        <voipControlPort>5160</voipControlPort>
        <dscpForAudio>184</dscpForAudio>
        <ringSettingBusyStationPolicy>0</ringSettingBusyStationPolicy>
        <dialTemplate>dialplan.xml</dialTemplate>
        <softKeyFile>softkeys.xml</softKeyFile>
        <phoneLabel>770</phoneLabel>
        <natEnabled>true</natEnabled>
        <natAddress>83.137.122.199</natAddress>

        <sipLines>
            <line button="1">
                <featureID>9</featureID>
                <featureLabel>770 Line 1</featureLabel>
                <name>770</name>
                <displayName>770</displayName>
                <contact>770</contact>
                <proxy>USECALLMANAGER</proxy>
                <port>5160</port>
                <autoAnswer>
                    <autoAnswerEnabled>0</autoAnswerEnabled>
                </autoAnswer>
                <callWaiting>1</callWaiting>
                <authName>770</authName>
                <authPassword>abb6bfed</authPassword>
                <sharedLine>false</sharedLine>
                <messageWaitingLampPolicy>3</messageWaitingLampPolicy>
                <messagesNumber>*98</messagesNumber>
                <ringSettingIdle>4</ringSettingIdle>
                <ringSettingActive>5</ringSettingActive>
                <forwardCallInfoDisplay>
                    <callerName>true</callerName>
                    <callerNumber>false</callerNumber>
                    <redirectedNumber>false</redirectedNumber>
                    <dialedNumber>true</dialedNumber>
                </forwardCallInfoDisplay>
            </line>

      <line button="2">
        <featureID>21</featureID>
        <featureLabel>801 Office</featureLabel>
        <speedDialNumber>801</speedDialNumber>
        <featureOptionMask>1</featureOptionMask>
      </line>

            </sipLines>
    </sipProfile>

    <commonProfile>
        <phonePassword></phonePassword>
        <backgroundImageAccess>true</backgroundImageAccess>
        <callLogBlfEnabled>1</callLogBlfEnabled>
    </commonProfile>
</device>

Hi Ted,

It seems like the phone only appears as online in Asterisk logs and on the FreePBX dashboard when i’ve got an call ongoing on the phone. But as soon as i finish the call and call the phone again it goes to voicemail and is marked as offline/unvail in Asterisk.

Kind regards,
Mr. Rüdiger

What version of FreePBX and Asterisk are you running?

Did you set the phone up with chan_sip or pj_sip?

Is there any kind of network address translator or router in between your FreePBX system and the phone itself?

Hi Ted,

My installation of FreePBX doesn’t even support chan_sip, it only supports chan_pjsip.

The only thing between my phone is a router. The phone and the FreePBX server are even on the same switch. (If that matters)

Kind regards,
Mr. Rüdiger

All versions of FreePBX even 17 support chan_sip. If you want to run chan_sip under FreePBX 17 you just need to go to the cli and run the change asterisk version command and move it from Asterisk 21 to 20.

But no, don’t do this for your setup. I’ll try running my test 7961G on a chan_pjsip extension and see what happens.

I suspect in your (and in my) case the problem is defined here:

Note the following:

“…These are the UDP ports that the phone expects to see RTP streams (UDP traffic) coming in and going out on. These values below are probably the defaults anyway. If you are running your phone behind a non SIP aware router you may want to narrow this range down to say 16384 and 16390, and then map UDP ports 16384 through to 16390 to your phone from the outside. This will allow your phone to receive inbound RTP voice streams. If your router is SIP aware then likely you do not need to change this from the defaults…”

“…Note that as of version 8.0(2)SR1 the phone sends UDP SIP requests from a high source port. This means that it will send from (for example) source port 50116 to SIP port 5060 on the SIP server. This is acceptable behaviour as per the SIP RFC, but it is different to the Cisco ATA and 7940 SIP software (and many but not all phones) and may have ramifications on your firewall rules…”

“… If your phone is stuck on registering. You have probably used a configuration file from one of the other Wiki’s, for a different line of phones. The configuration options are similar, but not exact. Your best bet is to start over from scratch and follow this Wiki step by step. Note: Older firmware versions appear to work with some of these broken configuration files. This can lead to the misconception that it is a firmware issue.…”

Anyway, what this boils down to is that this phone is among the first Cisco produced that used the new XML config file and I think that the XML parser they used is “more broken” than in later phone models. That is, that with later phone models if they encounter a tag in the XML they can’t digest or don’t know about, the parser just ignores it until the end tag and then continues reading. But with this phone, I think when it hits a tag it does not understand - it scotches the remainder of the XML file.

So, if it digests enough of the XML file to register then the phone can SEEM to register but it leaves the phone half-provisioned, and it won’t register properly or won’t complete registration. I think this may be happening here and that there’s a tag in your config file that the phone isn’t digesting.

The other issue is that there’s things RFC3581 allows and then there’s “how everyone normally does SIP on a phone”

For example on the predecessor phone, the Cisco 7940, in order to get that to register on a chan_pjsip extension under older FreePBX versions you had to set force_rport=no

With older FreePBX versions you would have to edit pjsip.endpoint_custom_post.conf

for example if you had one of these phones on extension 233:

233
force_rport=no

This was because with these older phones they did not send rport in the SIP request.

However, in FreePBX 17 - this problem disappeared. Why did it disappear? Did it change because Asterisk was modified, or did it change because chan_pjsip was modified, or did it change because FreePBX is now silently setting this option?

When this is enabled, it forces Asterisk to send SIP responses back to the same port from which the SIP requests were received, even if the rport parameter is not present in the request. Presumably, setting it to “no” makes it work “the old way” whatever that is. Most likely, what that means is setting it to “no” allows Asterisk to do “the thing with SIP that is the defacto standard” setting it to “yes” means “follow RFC 3581 even if the phone doesn’t tell you to follow RFC 3581”

chan_sip did not need this to work with the 7940 but chan_sip was also written before it became super-common to put a FreePBX system on the other side of a NAT. And then you have NAT devices with ALG turned on by default (Application Level Gateway) which reaches inside the SIP packet and “attempts to do the right thing” which may either “work” or further screw up what’s already a screwed up situation.

Companies will ALWAYS violate standards like RFC3581 in favor of doing it “how everyone else does SIP on a phone” when they make products, because then the dummies can buy a brand new router from someone like Netgear, a brand new phone from someone like Sangoma, and plug it all in together and it “just works” even if that “just working” means that behind the scenes the phone is hacking up SIP and ALG router is further hacking up SIP and the PBX in the cloud the phone is registering into is yet further hacking up SIP. Then that means the dummies won’t be making an expensive support call to Netgear or Sangoma which chews up most of the profit made on the sale of the gear.

Unfortunately, some of the dummies then get on forums like here and start telling everyone they know how SIP works because they were able to plug tab A into slot B and it all worked, even though if a real engineer made a wireshark capture of what was actually going on on their network they would find a dozen violations of RFC 3581

The 79xx series was manufactured back in an era when the dummies weren’t buying VoIP gear and a real man owned a computer with a real serial port in it and would solder up a serial cable and plug it into the AUX port on the 7941G, and examine the debug data coming from the phone to see where the XML parser upchucked, (in order to fix the XML config file) and then fire up wireshark on their FreePBX system (which at one time came installed on the FreePBX distros) to see what the phone and what Asterisk were doing during the SIP handshake and then modify the config file as needed and modify Asterisk as needed in order to make the stuff work together.

Unfortunately, in these latter retrograde days, we don’t see that as often. Sigh. But, I digress.

Using

only allows 3 concurrent channels and further, statistically 25% of media streams (ones that started on 16390 ) would have ‘a problem’

Exactly, which is why running SIP though NAT is always problematical.

The config I posted lists:

    <startMediaPort>16384</startMediaPort>
    <stopMediaPort>32766</stopMediaPort>

as does the config posted on the voip-info.org site. Interestingly, that config itself has a flaw:

.
.
.

<transferOnhookEnabled>false</transferOnhookEnabled>
<enableVad>false</enableVad>
g711ulaw<dtmfAvtPayload>101</dtmfAvtPayload>
<dtmfDbLevel>3</dtmfDbLevel>

the g711ulaw is not enclosed in the correct tags. I suppose the fact that that post was made 18 years ago and nobody (apparently) reported the problem back to the site maintainers is a good reason why you don’t trust configs posted on sites that don’t permit updates to posts…lol

Mathis,

I took the config I posted, changed the extension numbers from 770 to 771, changed the port from 5160 to 5060, created an extension using chan_pjsip, rebooted the phone and it came up and registered in to FreePBX 17 running Asterisk 21 just fine. I was able to make calls to 2 other extensions, and the reverse, one of them a Linksys SPA 942, the other a Cisco 8945, with no problems. The 8945 was on chan_sip the SPA 942 on chan_pjsip.

Calls to it from Linphone worked. Calls to the Linphone extension weren’t even answered when tapping the “answer” button on the Linphone popup, not only from that phone but from other phones, until the clue phone rang for me and I did a force stop on Cisco Jabber version 15 which I also have running on that cell phone. Clearly those apps conflict with each other - understandable since they are both soft phones. After that I set the app permissions on both Linphone and Jabber to “Pause app activity if unused” Probably something to be aware of if you are using the free Linphone for testing. (the reality is that unless you are paying a subscription service for push notifications for a mobile softphone app, you gain nothing other than your battery being sucked dry in 8 hours, so this setting should always be turned on if you aren’t using a mobile softphone app with a paid subscription push service)

not forwarding an even number of ports starting of with the lowest even number of defined open ports is guaranteed to be problematic, asterisk is a back to back user agent so most calls take up two streams that is 4 ports , having only provisioned 7 correctly is not a solution I would suggest.

You can, if you wish, change

<startMediaPort>10000</startMediaPort>

and the phone will still provision and work.

FreePBX itself seems to have a default in General SIP settings of RTP port ranges Start
10000 and end 20000

According to this link:

The Beginners Guide to RTP Ports (crazyegg.com)

Cisco Unified Communications Manager (CUCM) uses UDP ports in the range of 24576 and 32767

I don’t know if that’s true, of course or if that was just a specific version.

This link

SIP Port Numbers used by Providers (whichvoip.com)

claims: 10000 to 30000

According to the following:

RTP ports - VoIP- Info

16384-32767

is the “standard”

So I don’t know in this case if the “phone config” is “right” or FreePBX is “right” or what it “should” be set to. But I suspect this is mainly a “how do I get my SIP through a NAT” issue.

Of course I won’t even dive into the fact that using a firewall that requires access to the SIP conversation to open “pinholes” completely scotches the idea of encrypting your phone calls. Which is another reason NAT’s are bad news.

I COULD speculate that SIP was designed with the “assistance” aka “interference” of the US Government so they could preserve the ability to electronically wiretap but of course, we all know they would NEVER do that…

OK lets speak slowly and clearly here, the SDP session resulting from your SIP INVITE offers to use an even port for media (RTP) , The RTCP responds on the next incremental port which will be odd, so every channel needs a sequentil pair of ports starting on an even number, if your range is 16384-32767 or 10000-19999 you satisfy your math 101 as it is what we call %2 (mod 2) , if you use 10000-20000 or 1000-30000 or 16384-16390 you all simply failed your 2nd grade math test because none of them are Mod2 (%2) :wink:

The NAT problem would be forwarding that non-conforming range back to the server without adding 1 to the ending port

Now I haven’t examined that part of the code, and it is quite possible that Asterisk might already have caught that, personally I will just use a rational %2 range but 7 ports might be a good example o examine the real effect of that misunderstanding, maybe only one successfully bridged call, maybe two but one without far end media if the same

Hmm…let’s look at this from the border conditions which might provide more understanding. I think the disconnect here is looking at how a port range is applied to an end node device vs an intermediary device.

When the FreePBX range in it’s default config in general SIP settings 10000 and 20000 what does that mean, exactly? Is that telling Asterisk to only process a SIP INVITE that comes into the PBX from a phone that lists an RTP port within that range and just assume RTCP is always a +1? Which would make sense since if the INVITE is only ever going to use an even port - port # 10000 is even and 20000 is even and every other number in between is even - so that will be satisfied.

You push the VM button on the phone - a SIP INVITE goes to Asterisk and the media session is between the phone and the PBX. You dial another extension - the media session is then eventually setup between the 2 phones - the PBX is only handling the invite, ringing and OK - RTP is going from phone to phone - thus what does the FreePBX range apply to? Calls from the PBX to the phone? Or calls from the phone to another phone? And how is it applied? To the initial RTP port selected? Or to ANY media on UDP which would include RTCP?

Or, is the 10000-20000 range apply in some other manner?

Similarly, if the phone is configured with 16384-32766 what does that mean? If it only applies to originating SIP INVITES from the phone - then no issue. If it applies to calls terminating on the extension - as a sort of filter - then there’s a problem.

As for NAT port forwarding - in general if you specify a range of ports to forward - then a range ending in an even number would be a problem because the RTCP for the even port # of 32766 would be 32767 and would not be forwarded. Ranges in NATs particularly “port forward ranges” are almost always interpreted as a filter.

Possibly in the code of the phone, a configuration of

<startMediaPort>16384</startMediaPort>
<stopMediaPort>32766</stopMediaPort>

means “never issue a SIP invite specifying an RTP port higher than 32766 or lower than 16384” which would then mean the phone would handle a call originating elsewhere with an invite of 32766 and RTCP of 32767 If the call was going through a NAT then that NAT would have to port forward ranges from 16384 to 32767 Thus the disconnect and difference in the “phone configuration range” and the “NAT port forward range” with the NAT range being +1

Or possibly, it means “never allow a call that has any RTP port specified outside of this range”

I don’t know in any of these cases. The range 16384-32767 that I linked to goes to an old document from 2007 that cites the following as “authoritative”

"the multicast (version 3.5 and later) kernel sources use the following port ranges:

from to application priority
0 16383 unclassified lowest
16384 32767 audio highest
32768 49151 whiteboard medium
49152 65535 video low
"

Meaning, that the document author ran into the same thing I ran into - which I asked you to make a statement on (which you didn’t, BTW) which is what is correct? In other words, what’s the standard?

So the document author, being unable to find anything authoritative, resorted to grubbing around in some 20 year old (from today’s date) kernel code. Code that mainly applies to RTP either sent or received from processes ON THAT UNIX system! And yet, even in the early 2000 - PCs were heavily distributed and the dumb terminal distributed computing model had disappeared, and you did not have crowds of users logged into a single UNIX system sending and receiving phone calls! So, ultimately, the UNIX systems of the day - 20 years ago - were STILL being treated almost exactly the same as an end user PC - or a phone.

So today, we have a discussion here of the dog chasing it’s tail. I’m looking for “what is the correct port range” to specify for a phone first manufactured in 2002, finding a website referring to an old document which was created by essentially looking at the UNIX kernel code dating from 2002 - and probably ultimately used in that phone itself, somewhere, by it’s original firmware authors.

In other words - some programmer years ago when faced with the question of “what range of UDP ports do I specify in the UDP code I’m writing to handle RTP audio” just pulled 16384-32767 out of his ass and ran with it. No reason that range was selected. And my guess is that this pulled-out-of-ass range had 1 subtracted from it when another programmer was writing the firmware for the phone and someone said “it might be a good idea to allow the user to narrow down the port range if there’s a NAT involved and they are only going to allow a limited number of ports” and after deciding that was a Good Thing, the programmer decided to make the range specifier apply to only the RTP port specified in the INVITE because it’s a configuration setting - not a filter setting.

Now the question is why did the programmer who stuck in the default range for FreePBX not use the same pulled-out-of-ass range that’s been bouncing around since before FreePBX was written and instead pull 10000-20000 out of his ass?

And, the other question is - do any of the admins writing NAT port forward range configuration statements even understand any of this? And if they do would they even allow that large of a port range? And if they wouldn’t, and are relaying on ALG code - is that code even “right”?

Hi Ted,
I’m getting a bit confused on what to do now? Y’all wrote so much.
Kind regards,
Mr. Rüdiger

2 Likes

Mathis,

As I said, I was able to make calls to 2 other extensions, and calls from those extensions to my phone, one of them a Linksys SPA 942, the other a Cisco 8945, with no problems.

In other words, your XML config that the phone is using is fine.

You said you were using chan_pjsip and that’s what I tested my Cisco 7961G with.

We are going to need the version of FreePBX you are using. Also, how “stock” is this? My test FrePBX system is version 17 using Asterisk 21. I configured the allowable SIP IP address ranges in the Asterisk SIP configuration and created the test extension by clicking Extensions, create chan_pjsip extension, typing in 771, and shortening the secret to 8 characters (since the phone will not take more than that) and then clicking Submit and Apply.

We also need at least a few of the phone models you are trying to make calls to and from from this phone.

Note also I’m on a multi-subnet network my FreePBX system is on a 172.16.1.0/24 subnet and my phone is on a 192.168.1.0/24 subnet. There is no NAT between them just plain old routing.

In some other manner. It is the range of port numbers, on the machine running Asterisk, on which it can choose to receive RTP from the peer. As symmetric media is used, the selected port number is also used as the source port for media going to the peer. The peer can choose any valid and free even port number as that on which it wants to receive media from Asterisk (or when direct media is used, from the other party).

Your firewall needs to forward the whole of the specified range, incoming to Asterisk, and place no restrictions on the destination port number, for media outgoing from Asterisk. Although not generally useful, it could restrict outgoing source port numbers to that range.

Hi again,

I’m on FreePBX 16 with Asterisk 18.
The phones are currently only softphones. One on my PC and one one my mobile phone.

Kind regards,
Mr. Rüdiger

If Asterisk specifies 10000 to 10007, the first phone specifies 20000 to 20003 and the third phone 30000 to 30015, Asterisk will offer to receive RTP on port 10000, 100002, 10004, or 10006, and will transmit from the same one. The first phone will offer to receive on 20000, or 20002, and may or may not transmit from that one. The third one will offer to receive on 30000, 30002,…30012, or 30014, and, again, may or may not transmit from the same one.

If direct media is enabled, the phones will be told to replace the 1000x port number with the appropriate one from the other phone.

RTCP uses the odd port number one higher than that in use for RTP.

The ranges can overlap, and it is not invalid to have the same port number for both parties.

That doesn’t seem to agree with this answer:

asterisk - SIP Customer Devices under NAT - Stack Overflow

which states:

“When the SIP call is negotiated, the PBX and the Phone will chat back and forth and establish what ports that the RTP stream should be sent to. You don’t have to worry about that”

In other words, I can use the Asterisk default of 10000-20000 on the PBX and the Cisco phone default of 16384-32766 on the phone, and the SIP call negotiation will select ports within 16384-20000 that both peers will be happy with.

Interestingly,

Asterisk config rtp.conf - VoIP-Info

seems to indicate the 10000-20000 config IS WRONG as it states:

“The first port of the range should be even , so 10001 won’t be used (use 10000 or 10002 instead); the last port must be uneven , and if you specify e.g. 10017 as last in range asterisk will actually use 10018, so be aware!”

So in actuality Asterisk is going to use 10000-20001 if 10000-20000 is specified.

Most of what I could turn up via Google on the 10000-20000 port range thing seems to be statements by Jcolp head Asterisk dev to use that. Which seems to be incorrect according to what voip-info.org and dicko are saying.

I would also like to know why 10000-20000 even became a thing since the 16384-32767 range seems to have been bouncing around prior to Asterisk using 10000-20000

In Googling I run across the following on asteriskdocs.org:

SIP, which has separate signaling and voice data protocols and ports, requires port 5060 for signaling, and at least two RTP ports for every active call for voice. By default, Asterisk uses ports 5060 for SIP and 10,000 through 20,000 for RTP, although that can be tuned with the rtp.conf file."

So the 20000 limit is something from Asterisk. WHY was it chosen? Why does this even exist as a tuning knob - other than to support antique NAT code that doesn’t use ALG and opens giant swaths of UDP ports to the crumblies on the Internet - something that no responsible admin today would ever permit on a NAT/firewall?