FreePBX 15 distro with 2 IP addresses in same network (for HA) with chan_sip

pdraganov · September 1, 2020, 12:43pm

I am trying to migrate a FreePBX 13 HA setup (not with commercial module, but with the same software - corosync/drbd) to a new FreePBX 15 distro. There are 2 servers each with its own static IP address and a virtual IP address in the same network as the other 2, which is setup on active server. Everything works with one exception: I cannot register an extension to the virtual IP because Asterisk replies with its static IP address instead of the virtual one.
Here are IP addresses of active server:
[FPBX15]# ip a l
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:25:90:bd:8a:a8 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.4/20 brd 192.168.15.255 scope global bond0:1
valid_lft forever preferred_lft forever
inet 192.168.3.16/20 brd 192.168.15.255 scope global secondary bond0
valid_lft forever preferred_lft forever

I intentionally configured the static IP address 192.168.3.4/20 on a different interface bond0:1 then the virtual one 192.168.3.16/20 (on bond0).
The original FreePBX 13 setup is similar:
[FPBX13]# ip a l
3: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 00:15:5d:82:bf:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.130.14/24 brd 192.168.130.255 scope global bond0:1
inet 192.168.130.11/24 brd 192.168.130.255 scope global secondary bond0

192.168.130.14/24 is the static IP and 192.168.130.11/24 is the virtual one.

I compared sip_general_additional.conf on both FreePBXes and found out that there is an additional line in FreePBX 15:
[FPBX15]# grep bind /etc/asterisk/sip_general_additional.conf
tlsbindaddr=[::]:5160
udpbindaddr=0.0.0.0:5060

[FPBX13]# grep bind /etc/asterisk/sip_general_additional.conf
tlsbindaddr=[::]:5061

I didn’t find a way to remove this line from GUI, so I commented out udpbindaddr=0.0.0.0:5060 and restarted asterisk with fwconsole stop/start, but I still have the same results:

[FPBX15]# tcpdump -xXvvvnni any host 192.168.15.100 and port 5060
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
16:22:03.132093 IP (tos 0x0, ttl 128, id 11169, offset 0, flags [none], proto UDP (17), length 597)
192.168.15.100.52117 > 192.168.3.16.5060: [udp sum ok] SIP, length: 569
REGISTER sip:192.168.3.16 SIP/2.0
Via: SIP/2.0/UDP 192.168.15.100:52117;rport;branch=z9hG4bKPj8d9947419a384faf880c6c0565bc249f
Route: sip:192.168.3.16;lr
Max-Forwards: 70
From: “2189” sip:[email protected];tag=29303cfb563a442c820d76d120a930c6
To: “2189” sip:[email protected]
Call-ID: 79f11f436e6e4aec82b9adfe853b7169
CSeq: 45894 REGISTER
User-Agent: MicroSIP/3.19.31
Contact: “2189” sip:[email protected]:52117;ob
Expires: 300
Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
Content-Length: 0

16:22:03.132574 IP (tos 0x60, ttl 64, id 61111, offset 0, flags [none], proto UDP (17), length 620)
192.168.3.4.5060 > 192.168.15.100.52117: [bad udp cksum 0x9622 -> 0xaf91!] SIP, length: 592
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.15.100:52117;branch=z9hG4bKPj8d9947419a384faf880c6c0565bc249f;received=192.168.15.100;rport=52117
From: “2189” sip:[email protected];tag=29303cfb563a442c820d76d120a930c6
To: “2189” sip:[email protected];tag=as10d72844
Call-ID: 79f11f436e6e4aec82b9adfe853b7169
CSeq: 45894 REGISTER
Server: FPBX-15.0.16.73(13.32.0)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce=“39410619”
Content-Length: 0

I also changed asterisk version from 16 to 13, also downgraded asterisk 13.32.0 to 13.29.2 (the same as on FreePBX 13 one) without success.
Do you have any idea what else can I do in order to make Asterisk to answer from 192.168.3.16 instead of 192.168.3.4?

pdraganov · September 2, 2020, 9:04am

I just wondered how Asterisk chan_sip driver decides which IP address and interface to use for its replies. It should be as simple as “the same as it receives the initiating packet on”, but it does not. Most probably the decision is dependent on CentOS/SangomaOS version or kernel. Obviously I have to migrate all extensions to PJSIP where I can specify which IP addresses/interfaces should be enabled.

avayax · September 2, 2020, 11:27am

In SIP Settings/Advanced General Settings you can set bind address for chansip.
Set it to the floating IP instead of 0.0.0.0.

jcolp · September 2, 2020, 11:54am

The chan_sip module doesn’t. It has a single listening socket, it’s either bound to a specific IP address or to 0.0.0.0. When bound to 0.0.0.0 it is given to the underlying operating system, who decides where it should go out on depending on its own determination.

pdraganov · September 2, 2020, 12:22pm

I have 2 more VLANs with own IP addresses/interfaces, so this does not work. According to http://www.asteriskdocs.org/en/3rd_Edition/asterisk-book-html-chunk/DeviceConfig_id216341.html:
Currently in Asterisk the udpbindaddr and tcpbindaddr options are an all-or-one proposition. In other words, if you have three NICs in your system, you can’t restrict VoIP traffic to two of them: it’s either one only, or all of them.

pdraganov · September 2, 2020, 12:23pm

So I have to forget about chan_sip on CentOS 7

avayax · September 2, 2020, 12:36pm

Then you need to use pjsip.
There you can configure transports that bind to different IP addresses/ports/protocols.

system · October 3, 2020, 12:36pm

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.