Hi
I’m considering using VOIP at home, instead of PSTN, and I want to do a quick ‘hello world’ test, to get a feel of this approach. I would greatly appreciate some help, as I’m new to this space.
For this test, I’m running FreePBX on a VM (standard installation), on a MacOS. MacOS Firewall disabled, VM running on host networking (no NAT). Seems to be running OK.
I have a Cisco 7945 phone.
So far, I’ve set up a TFTP on a NAS, successfully upgraded the phone (via TFTP) to SIP45.9-4-2SR3-1S.
Below is my SEP.cnf.xml - which according to FTP logs gets served to the phone. I’ve tried to keep it minimal.
I’ve added a user account to FreePBX (as reflected by the cnf.xml).
Phone tries to register, but nothing happens (not even an error) - it keeps trying to register, and I don’t know how to proceed.
Nothing on the phone logs (except failure to update locale - which is because I don’t have the locale files on tftp).
<?xml version="1.0" encoding="UTF-8"?>
<deviceProtocol>SIP</deviceProtocol>
<sshUserId>cisco</sshUserId>
<sshPassword>cisco</sshPassword>
<devicePool>
<dateTimeSetting>
<dateTemplate>D/M/Y</dateTemplate>
<timeZone>Jerusalem Standard/Daylight Time</timeZone>
<ntps>
<ntp>
<name>timeserver.iix.net.il</name>
<ntpMode>Unicast</ntpMode>
</ntp>
</ntps>
</dateTimeSetting>
<callManagerGroup>
<members>
<member priority="0">
<callManager>
<ports>
<sipPort>5060</sipPort>
</ports>
<processNodeName>127.0.0.1</processNodeName> <!-- I've also tried the FreePBX IP -->
</callManager>
</member>
</members>
</callManagerGroup>
</devicePool>
<sipProfile>
<natEnabled>false</natEnabled>
<natAddress></natAddress>
<sipProxies>
<backupProxy></backupProxy>
<backupProxyPort></backupProxyPort>
<emergencyProxy></emergencyProxy>
<emergencyProxyPort></emergencyProxyPort>
<outboundProxy></outboundProxy>
<outboundProxyPort></outboundProxyPort>
<registerWithProxy>true</registerWithProxy>
</sipProxies>
<preferredCodec>g711alaw</preferredCodec>
<phoneLabel>Y a r o n</phoneLabel>
<sipCallFeatures>
<cnfJoinEnabled>true</cnfJoinEnabled>
<callForwardURI>x--serviceuri-cfwdall</callForwardURI>
<callPickupURI>x-cisco-serviceuri-pickup</callPickupURI>
<callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI>
<callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI>
<meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI>
<abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI>
<rfc2543Hold>false</rfc2543Hold>
<callHoldRingback>2</callHoldRingback>
<localCfwdEnable>true</localCfwdEnable>
<semiAttendedTransfer>true</semiAttendedTransfer>
<anonymousCallBlock>2</anonymousCallBlock>
<callerIdBlocking>2</callerIdBlocking>
<dndControl>0</dndControl>
<remoteCcEnable>true</remoteCcEnable>
</sipCallFeatures>
<sipStack>
<sipInviteRetx>6</sipInviteRetx>
<sipRetx>10</sipRetx>
<timerInviteExpires>180</timerInviteExpires>
<timerRegisterExpires>180</timerRegisterExpires>
<!-- Force short registration timeout to keep NAT connection alive -->
<timerRegisterDelta>5</timerRegisterDelta>
<timerKeepAliveExpires>120</timerKeepAliveExpires>
<timerSubscribeExpires>120</timerSubscribeExpires>
<timerSubscribeDelta>5</timerSubscribeDelta>
<timerT1>500</timerT1>
<timerT2>4000</timerT2>
<maxRedirects>70</maxRedirects>
<remotePartyID>false</remotePartyID>
<userInfo>None</userInfo>
</sipStack>
<sipLines>
<!-- Add lines here -->
<line button="1">
<featureID>9</featureID>
<featureLabel>Line 1</featureLabel>
<!-- Displays next to Line Number -->
<name>0001</name>
<!-- SIP username -->
<displayName>Line 2 caller ID</displayName>
<!-- Name to display on outbound caller ID -->
<contact>1</contact>
<!-- SIP username again -->
<proxy>10.1.0.34</proxy>
<!-- SIP server -->
<port>5060</port>
<!-- AUTH -->
<authName>Yaron</authName>
<!-- auth SIP username same as <name>-->
<authPassword>*****</authPassword>
<messageWaitingLampPolicy>1</messageWaitingLampPolicy>
<messagesNumber>*97</messagesNumber>
</line>
<line button="2">
<featureID>2</featureID>
<featureLabel>Line 2</featureLabel>
<speedDialNumber>86555</speedDialNumber>
</line>
</sipLines>
<dialTemplate>dialplan.xml</dialTemplate>
</sipProfile>
And did you make a Chan_SIP or Chan_PJSIP extension? Because if you made a Chan_SIP extension then the PBX is listening on 5160 for the request not 5060.
Also, both <name> and <authName> should match your extension number. For testing use a short password, e.g. 8 random alphanumerics, so you can be sure that authPassword and the extension’s secret match.
If you still have trouble, confirm that you can ping the phone from a shell prompt on the PBX. If nothing appears in the Asterisk log, run tcpdump on the PBX (or on the Mac) and look for any REGISTER requests.
Do you mean that there are no errors but nothing at all appears related to an attempted registration?
Or, that it shows registered ok even though the phone says it’s not?
Or, that you are seeing errors related to registration?
At the Asterisk command prompt, type sip set debug on
then reboot phone and see whether REGISTER requests are displayed and if so what responses are given.
Have you tried connecting another device softphone, ATA, mobile SIP app, etc?
Asterix log doesn’t show anything that seems to be related to registration. The only thing I see is:
[2018-12-06 16:47:02] VERBOSE[2087] asterisk.c: Remote UNIX connection
[2018-12-06 16:47:02] VERBOSE[23654] asterisk.c: Remote UNIX connection disconnected
I’ve set the sip debug on. Restarted. Nothing.
I don’t think the packets are getting to Asterix.
I’ll try a SIP app as you suggested - good idea! If it connects, I can focus on phone config. If not, it’s not related to the phone.
Is ‘laptop’ the same machine as the MacOS system hosting the PBX VM? If so, your issue may be a network setup problem. From a shell prompt on the PBX, what does ifconfig
show for inet for the (virtual) Ethernet interface? That should match what you have in the phone (10.1.0.34). Does the phone also have a 10.1.0.x address? If not, please explain.
Does the phone show the correct time, i.e. can it access timeserver.iix.net.il ?
Holy crap, son. That’s not a “Hello World” setup. You have chosen all of the hardest components and methods you can. Good news - if you get this working, (which will be a miracle) you should be able to get the rest of the system working fine.
Hi Stewart
Laptop is the same machine where PBX VM runs.
ifconfig shows 10.1.0.34 (do you need the whole thing, or just the IP?)
phone is 10.1.0.33.
Regarding the time - in fact, no. I was meaning to ask about that too, but that seemed like a less important issue.
I know that the phone is accessing TFTP (on 10.1.0.2) and pulling the config files (I see the TFTP logs).
Check the /var/log/asterisk/full logs for the phone trying to log in. If you have all of the ports set correctly and the password is short enough (7940 series only allows 8-12 characters) you should see the phone trying to connect.
Sorry, I forgot that newer Cisco firmware supports only TCP for SIP. By default, this is disabled for chan_sip (I have no idea why). Go to Settings -> Asterisk SIP Settings -> Chan SIP Settings, enable TCP, Submit, Apply Config, restart Asterisk (or reboot entire server) and test. With luck you’ll at least see an error in the log.
I did that (thanks).
Still, Cisco 7945 fails to register and I see nothing in the verbose logs.
I also installed X-Lite on my laptop, and it was able to connect successfully to Asterix (including the relevant log files).
So I guess this narrows it down to - why doesn’t the phone communicate with Asterix, and probably - it doesn’t communicate at all (since it’s not updating the DateTime)… Any way I could verify this assumption from ssh to the phone? or the phone UI ?
Also, try running Wireshark on the Mac. I believe that if you capture on its Ethernet interface, you will see all packets to/from the VM. Set the display filter to ip.addr==10.1.0.33
and see whether anything shows up.
Possibly, the phone didn’t like something about the contents of the XML file (and therefore didn’t effect the registration settings), even though no error was logged. The debug commands may help.
Done. The only packet I see, is the phone’s DHCP request.
I am guessing this is either a config issue (my latest config below), OR - a Switch related issue (Cisco 3750G PoE).
All the switch ports are on the same VLAN.
(I’ve set FreePBX IP address to 10.1.0.22)
<?xml version="1.0" encoding="UTF-8"?>
<device xsi:type="axl:XIPPhone" ctiid="1566023366">
<fullConfig>true</fullConfig>
<deviceProtocol>SIP</deviceProtocol>
<sshUserId>cisco</sshUserId>
<sshPassword>cisco</sshPassword>
<devicePool>
<dateTimeSetting>
<dateTemplate>D-M-Y</dateTemplate>
<timeZone>Jerusalem Standard/Daylight Time</timeZone>
<ntps>
<ntp>
<name>timeserver.iix.net.il</name>
<ntpMode>Unicast</ntpMode>
</ntp>
</ntps>
</dateTimeSetting>
<callManagerGroup>
<members>
<member priority="0">
<callManager>
<ports>
<sipPort>5160</sipPort>
</ports>
<processNodeName>10.1.0.22</processNodeName>
</callManager>
</member>
</members>
</callManagerGroup>
</devicePool>
<sipProfile>
<natEnabled>false</natEnabled>
<natAddress></natAddress>
<sipProxies>
<backupProxy></backupProxy>
<backupProxyPort></backupProxyPort>
<emergencyProxy></emergencyProxy>
<emergencyProxyPort></emergencyProxyPort>
<outboundProxy></outboundProxy>
<outboundProxyPort></outboundProxyPort>
<registerWithProxy>true</registerWithProxy>
</sipProxies>
<preferredCodec>g711alaw</preferredCodec>
<!--phoneLabel>Y a r o n</phoneLabel-->
<sipCallFeatures>
<cnfJoinEnabled>true</cnfJoinEnabled>
<callForwardURI>x--serviceuri-cfwdall</callForwardURI>
<callPickupURI>x-cisco-serviceuri-pickup</callPickupURI>
<callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI>
<callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI>
<meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI>
<abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI>
<rfc2543Hold>false</rfc2543Hold>
<callHoldRingback>2</callHoldRingback>
<localCfwdEnable>true</localCfwdEnable>
<semiAttendedTransfer>true</semiAttendedTransfer>
<anonymousCallBlock>2</anonymousCallBlock>
<callerIdBlocking>2</callerIdBlocking>
<dndControl>0</dndControl>
<remoteCcEnable>true</remoteCcEnable>
</sipCallFeatures>
<sipStack>
<sipInviteRetx>6</sipInviteRetx>
<sipRetx>10</sipRetx>
<timerInviteExpires>180</timerInviteExpires>
<timerRegisterExpires>180</timerRegisterExpires>
<!-- Force short registration timeout to keep NAT connection alive -->
<timerRegisterDelta>5</timerRegisterDelta>
<timerKeepAliveExpires>120</timerKeepAliveExpires>
<timerSubscribeExpires>120</timerSubscribeExpires>
<timerSubscribeDelta>5</timerSubscribeDelta>
<timerT1>500</timerT1>
<timerT2>4000</timerT2>
<maxRedirects>70</maxRedirects>
<remotePartyID>false</remotePartyID>
<userInfo>None</userInfo>
</sipStack>
<sipLines>
<!-- Add lines here -->
<line button="1">
<featureID>9</featureID>
<featureLabel>Line 1</featureLabel>
<!-- Displays next to Line Number -->
<name>100</name>
<!-- SIP username -->
<displayName>Line 1</displayName>
<!-- Name to display on outbound caller ID -->
<!-- SIP username again -->
<proxy>10.1.0.22</proxy>
<!-- SIP server -->
<port>5160</port>
<!-- AUTH -->
<authName>100</authName>
<!-- auth SIP username same as <name>-->
<authPassword>********</authPassword>
<messageWaitingLampPolicy>1</messageWaitingLampPolicy>
<messagesNumber>*97</messagesNumber>
</line>
<line button="2">
<featureID>2</featureID>
<featureLabel>Line 2</featureLabel>
<speedDialNumber>86555</speedDialNumber>
</line>
</sipLines>
<dialTemplate>dialplan.xml</dialTemplate>
<voipControlPort>5160</voipControlPort>
</sipProfile>
<vendorConfig>
<sshAccess>0</sshAccess>
<sshPort>22</sshPort>
<pcPort>0</pcPort>
<settingsAccess>1</settingsAccess>
<garp>0</garp>
<webAccess>0</webAccess>
<spanToPCPort>1</spanToPCPort>
<loggingDisplay>2</loggingDisplay>
</vendorConfig>
<transportLayerProtocol>2</transportLayerProtocol>
</device>
That’s a broadcast packet which would show up anywhere on the LAN.
Confirm that the capture is working as expected, by pinging the phone from the VM and seeing the ICMP request and the reply in Wireshark.
Assuming that it is, your switch should be able to mirror all traffic to/from the phone to another port for analysis. Unfortunately, Cisco switches have a security feature (which can’t be disabled) that prevents the destination port from carrying normal traffic. Do you have another computer that can run Wireshark? Or, can you set up two NICs on the Mac, e.g. connect to your LAN by Wi-Fi and use the Ethernet port for the capture? See chapter 28 of https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_35_se/configuration/guide/scg.pdf .
I assume that you have Voice VLAN disabled, since that has its own complexity.
Just to explain my rational:
The thing is, I have a box of 20 new, never opened Cisco 7945.
If you buy them from me, I can afford to buy real sip phones that are not EOL
I am a hacker. Hacking for me is a way to satisfy curiosity, while learning a new space and having fun. And ideally, solving a practical problem. Last time I took a similar project, it ended up with me starting a new company and inventing a whole new way to manage cloud infrastructure.
BTW this setup is for my home, not for a business. Obviously for a business I would take a different approach.
