FreePBX IPv6 Trunk Failure


(Paul N) #1

Hi,

My server has been up and running for the past year without any issues and it is configured to use both IPv4 and IPv6 but I’m struggling to set up several trunks over IPv6 and hoping someone here will help point me in the right direction…

First, a little info about my server:

  • It’s a cloud-based VPS running Debian with the following FreePBX/Asterisk versions installed:

    • FreePBX 15.0.17.12
    • Asterisk Version 16.2.1

We use CHAN_PJSIP and we have the following extensions setup:

200, 201, 203, 204, 205, 206, 207, 208, 209, 210

Every extension except 203 utilises TLS over port 5061 with call encryption enabled. Extension 203 connects via IPv6 and utilises UDP over port 5060. Extensions work just fine, no issues there.

We have five trunks all setup, working and they register over IPv4, UDP and use port 5060.

Our pjsip.transports_custom file contains the following:

[ipv6-udp]
type=transport
protocol=udp
bind=[::]:5060
allow_reload=no
tos=cs3
cos=3

[ipv6-tls]
type=transport
protocol=tls
bind=[::]:5061
ca_list_file=/etc/ssl/certs/ca-certificates.crt
cert_file=/etc/asterisk/keys/domain.pem
priv_key_file=/etc/asterisk/keys/domain.key
method=tlsv1_2
verify_client=no
verify_server=yes
allow_reload=no
tos=cs3
cos=3

Our pjsip.endpoint_custom_post file contains the following:

[203](+)
transport=ipv6-udp

If we change the pjsip.endpoint_custom_post file to the following:

[203](+)
transport=ipv6-udp

[TRUNKNAME](+)
transport=ipv6-udp

The trunk TRUNKNAME fails to register. There is nothing in the log, it’s as if it’s not trying to register at all.

If we ping the SIP Server from our FreePBX server, we get a successful IPv6 result:
PING domain(domain (2001:8b0:0:30::5060:1)) 56 data bytes

Our pjsip show transports result is:

Transport: 0.0.0.0-tls tls 3 96 0.0.0.0:5061
Transport: 0.0.0.0-udp udp 3 96 0.0.0.0:5060
Transport: ipv6-tls tls 3 96 [::]:5061
Transport: ipv6-udp udp 3 96 [::]:5060

Extension 203 works just fine over IPv6 but no trunk will register if configured to use IPv6. I will try and grab some more data using tcpdump and pjsip set logger on but so far, am I missing something obvious?


(Paul N) #2

Hours later and much debugging and I found the cause…

The AOR Contact must not include :[port]

If I use the recommended format:

sip:[username]@[ip]:[port]

The trunk never registers via IPv6

When I use:

sip:[username]@[ip]

The trunk registers just fine via IPv6


#3

I’ve never needed to fill in AOR Contact in trunk settings. Are you saying that when left blank, the auto-generated value is incorrect and not parsed correctly (so you had to fill it in to make it work)?

It seems likely that the use of colon in both IPv6 address notation and as a port number indicator was causing the trouble. The question is whether this bug is in FreePBX, Asterisk or pjsip.

Somewhat unrelated, if your provider supports it, I recommend using IP authentication rather than registration. (Provider sends calls to the IP address you configure on their portal.) This is somewhat more robust on incoming (‘lost registration’ is not possible) and somewhat more secure on outgoing (no credentials to be stolen).


(Paul N) #4

Correct!

If left blank the trunk doesn’t register.
If filled in with the recommended format then again the trunk doesn’t register.
If filled in but you omit the :5060 the trunk registers

I have tested this with four different VoIP providers and got the same result with all of them.

This issue isn’t present when using IPv4, only IPv6.


#5

Thanks. It appears that the port ambiguity should be resolved with brackets around the address.

Could you please test that (I don’t have a trunk supporting IPv6)?

If adding the brackets (and port spec) works properly, then this is a simple bug just in FreePBX (and the supporting tool tip).


(Paul N) #6

Just tested…

Shows as registered:
sip:123456@[2001:ab7::7]:5060

Shows as unregistered:
123456@2001:ab7::7:5060

I need to test further though. I can make outbound calls but it says offline on the voip providers end and when I call the number inbound calls fail now.


(Paul N) #7

OK so something strange is going on…

If I use an IP address without brackets the trunk is shown as being “OFFLINE” but when if I use an IP address with brackets it’s shown as being “ONLINE”, but it isn’t really. The log shows:

[2021-01-29 09:43:54] WARNING[9103] res_pjsip_outbound_registration.c: No response received from 'sip:123456@2001:ab7:0:0:0:0:0:6:5060' on registration attempt to 'sip:123456@2001:ab7:0:0:0:0:0:6:5060', retrying in '20'

[2021-01-29 09:46:24] WARNING[13670] res_pjsip_outbound_registration.c: No response received from 'sip:123456@[2001:ab7:0:0:0:0:0:6]:5060' on registration attempt to 'sip:123456@[2001:ab7:0:0:0:0:0:6]:5060', retrying in '20'

If I enter sip:123456@domain.com:5060 the trunk is shown as being “OFFLINE” but if I enter sip:123456@domain.com the trunk is shown as being ONLINE and it is registered.

If I ping 2001:ab7:0:0:0:0:0:6 from my machine I get a successful result.

A PCAP trace confirms that I am registered and data is flowing over IPv6 on the trunk when using domain name less the port.

EDIT: So further PCAP traces reveal that outgoing calls are passed over IPv6 but inbound are passed over IPv4 and the trunk is showing as being registered with our IPv4 IP.


(Paul N) #8

OK I went with IP authentication rather than registration and now inbound and outbound go via IPv6.